ASIS UK Winter Newsletter 2014

INTERNATIONALTMNewsletter

WINTER 2014UNITED KINGDOM CHAPTER 208

I have recently returned from the ASIS International60th Annual Seminar and Exhibition held at the WorldCongress Centre in Atlanta, Georgia betweenSeptember 29th and October 2nd. As with many eventsin the United States this was a major production andthe ASIS organisers are to be congratulated inorganising an event on this scale attracting 20,000attendees and many hundreds of exhibitors. Alongsidethe exhibition there was a full programme over thethree days of educational and networking events led byquality speakers, including former US Secretary ofState, Colin Powell and our own Martin Gill.

Arriving on Sunday my first task was to navigate themassive geography of the World Congress Centre,comprising three huge buildings and multiple floors, inorder to find the pitch to set up the TheSMA booth inthe vast exhibition hall – think IFSEC and multiply bytwo. It was fortunate that we were located close to theASIS stand with its prominent banner which helped todirect us to the booth site. The exhibition hallresembled what I imagine an explosion in an IKEAshowroom might look like with partly assembledfurniture and packaging strewn everywhere. What atransformation on Monday morning with all the boothsassembled and adorned with the exhibitorsmerchandising material and technology. The exhibitionwas populated by the usual array of providers of CCTV,alarm systems and guarding companies, but also someniche software providers and those identifyingcommercial applications for technology originated formilitary operations.

On Sunday evening Richard Widup, ASIS President for2014 and his wife, hosted a well attended receptionin the Atlanta Aquarium, a slightly surreal location fora networking event. I was grateful to Martin and

Karen Gill, who had been on the same flight fromLondon, for introducing me to some of the ASIS‘dignitaries’. However, it was not long before RupertReid and I were bumping into old friends amongst thewhales, sharks and multi-coloured sea creatures ondisplay. It was a pleasant surprise to meet withmembers from ASIS Chapters across the world,including a number of my former students fromUganda, Nigeria and Saudi Arabia.

With a regular footfall to the TheSMA booth, aided bythe presence of some friendly and attractive snifferdogs directly opposite, the three days passed quicklyand it was soon time to pack up to return home.

Although not able to participate in the educationsessions, feedback from those who had was verypositive, and overall the sessions adequately reflectedthe current and emerging security threats and theongoing challenges to address them. For TheSMA, wewere pleased to be able to exhibit our quality Britishsecurity management training products, andwelcomed the opportunity to meet with some of theASIS Headquarters team, and were encouraged byour discussions with some of the US Chapter leadsand others who expressed keen interest in ourtraining products.

On reflection, attending the Seminar served as a usefulreminder that as ASIS members we are all part of aglobal fellowship of participants and hopefullycontributors to a dynamic and continually evolvingsecurity industry with a major role to play in protectingour organisations and our society.

Barry Vincent CPP PCI is an independent securityconsultant and senior trainer for TheSMA Ltd.

60th Annual Seminar and ExhibitionBarry Vincent CPP

ASIS NEWSLETTER OF THE YEAR – WINNER 2013, 2012, 2008 & 2003 – HONOURABLE MENTION 2011, 2006.

ASIS nov14__ASIS_RiskUK_nov14 07/11/2014 16:54

www.asis.org.ukWINTER 20142

CHAIRMAN’S NOTES

As we approach the year end and the ChapterAGM and Winter Seminar on December 11thit’s perhaps worth looking at what we haveachieved, so far, in 2014.Launch of new Victim Support awareness initiative

Facilitated Project Griffin initiative in France and theNetherlands via ASIS European Chapters

Free CPE Days for CPPs, PSPs, PCIs and CSyPssupported by CPE Partner, Axis Communications

Engagement with Police and government bodies

Established and enhanced strategic partnerships withother industry bodies eg. SAMI/IHSM/LondonFirst/CSARN

We have re-launched the Women in Securityprogramme, thanks to Dawn Holmes CPP, Appointed aChapter Technology Lead, Dr Vibhor Gupta and a HotelSector Lead, Darren Carter.

Exhibition stands atSecurity TWENTY 14 (x3)Total Security Summit (x2)Counter Terror ExpoTransport Security ExpoWorld Cities ConferenceNational Association of Healthcare Security Conference(inc. a speaking slot)IFSEC (including a joint VIP networking lunch)

Represented at /attended BRC Retail Crime Conference ASIS CSO Roundtable / SASIG eventASIS European Advisory Council (The Hague andFrankfurt)ASIS European Conference Programme Committee(Frankfurt)MISTI CSO Summit and Roundtable (inc. place on apanel)Numerous Industry and Parliament Trust eventsSRA (Security Regulation Alliance)Chartered Security Professional Regulation Authority

Participated in CSSCJoint Security Associations Fundraising Event (raising£16,000 for two charities)Supplied judges at Security Excellence Awards & Women in Security Awards

PressMonthly article in Risk UK MagazineRegular ASIS column in Security News DeskCoverage in Professional Security MagazineASIS piece in LP EU magazine (quarterly)Regular ASIS feature in City Security Magazine

We are also extremely grateful for the support of oursponsors and exhibitors. Without them we would not beable to keep the price of events at their current levels,put on the free events we have, run the chapter officeor indeed publish this newsletter. So massive thanksgo to

Axis Communications Frontline Security Solutions Nedap SecurityARCBold CommunicationsBSICIS Security Counter Terror Expo EsotericISMILenelQCCQuantum Secure (from 2015)SecuritasTavcom TrainingTHESMAVSG Wilson James Others will be announced soon.

We also have exciting educational, charity and otherplans for 2015 including our first Northern Conference(organised by Dr Peter Speight CSyP) on the 9th April2015 which will be hosted at Leeds University.

Oh! Did we mention the 130 new and returningchapter members? This will have increased by theend of the year.

Onwards and upwards!

Mike Hurst & Graham Bassett

Vice Chairmen’snotes

Graham BassettMike Hurst


www.asis.org.uk WINTER 2014 3

CALENDAR

INSIDE THIS ISSUE:Chairman’s Notes 2

Diary 3

Project Griffin in Europe 4

Servator 6

Victims of Crime 8

ASIS Foundation 9

Offenders 10

New Members 11

CPP Coach Inn 12

Fundraising 13

Compliance 14

ESSENTIALINFORMATIONJOINT EDITOR – Helene Carlsson (07802 864485)[email protected]

JOINT EDITOR – Mike Hurst(0845 644 6893)[email protected]

ADVERTISING – Graham Bassett (07961 123763);[email protected]

Chapter Executive Officer – JudeAwdry,ASIS UK Chapter 208, PO Box 208,Princes Risborough, HP27 0YR.Tel: 01494 488599; Fax: 01494 488590;[email protected]

MEMBERSHIP ENQUIRIES – Nigel Flower, CPP (01276 684709 - [email protected])

PUBLISHERS – The 208 Newsletter ispublished by Chapter 208 of ASISInternational.

FREQUENCY – The 208 Newsletter ispublished four times per year, Spring,Summer, Autumn & Winter – pleasecontact the editorial team fordeadlines.

IN GENERAL – The 208 Newsletterwelcomes articles & photographs, butwhile every care is taken, cannot beheld responsible for any loss ordamage incurred while in transit or inour possession. Please send allmaterial to the editors. The Newslettermay publish articles in which theviews expressed by the author(s) arenot necessarily those of ASIS.

ISSN N0 – 1350-4045

Calendar EventsNovember 1413th Security Institute Remembrance Event14th National Association of Healthcare Security

ConferenceDecember 142nd–3rd Transport Security Expo7th–9th ASIS 8th Asia-Pacific Security Forum &

Exhibition, Singapore11th ASIS UK Winter Seminar and AGM16th Security Institute Curry Night

February 1515th–17th ASIS 6th Middle East Security Conference &

Exhibition, DubaiMarch 1512th March ASIS UK Spring Seminar16th–17th Total Security Summit, Stanstead 28th–31st ASIS 14th European Security Conference &

Exhibition, FrankfurtApril 159th ASIS UK Northern Seminar, Leeds21st–22nd Counter Terror Expo22nd–23rd ASIS 25th New York City Security Conference &

ExpoJune 1516th June ASIS UK Summer Seminar16th–18th IFSEC

July 157th Security IT Summit, London

September 15TBC ASIS UK Autumn Seminar28th–31st 61st Annual Seminar and Exhibits, Anaheim,

CaliforniaDecember 15TBC ASIS UK Winter Seminar and AGM

ASIS Christmas QuizOur Technology partners Frontline Security Solutionsare offering an ASIS member a chance to win agreat prize in this Winter’s edition of the Newsletter:Sony Action Cam HDR-AS30V 11.9mp Waterproof camcorder, rrp£180.00.

Simply answer the following questions and send your replysubject ASIS WINTER QUIZ to [email protected] winnerwill be drawn from the winning entries and announced prior to24th Dec. Please include your ASIS Membership number as well.

1. In what country did the Christmas tree originate?

2. Where was the original Santa Claus born?

3. What country did Poinsettias originate in?

4. When exactly is 12th night?

5. To the nearest 5, currently how many members are there inthe UK chapter of ASIS?



PROJECT GRIFFIN IN EUROPE

Mike Hurst and Graham Bassett at theIndustry and Parliament Trust AGM withASIS UK Patron Baroness Angela Harris.Graham also attended the IPT Diplomacy Receptionon 13th October, which given that the receptionwas on the 20th proved not to be his best decision.However the Ethiopian Trade Delegation who were

in the room at Westminster that evening made himfeel very welcome although the canapés wereapparently not what he had expected.

Never one to miss a networking opportunity Grahamexchanged details with numerous dignitaries andpromoted the ASIS International values.

We look forward to working closely with the AddisAbaba Chapter once it has been established.

FranceRecently Graham Bassett, ASIS Vice Chairman (andChairman of Project Griffin London Board) along with ASIScolleague, Don Randall MBE (Chair, Project Griffin ExecutiveBoard) and Ian Mansfield MBE (CoLP) hosted a Frenchdelegation at the Bank of England.

Nicholas Le Saux CPP (ASIS Regional Vice President)instigated this visit to explore the potential benefits andopportunities that Project Griffin can bring to aCity/Community.

The talks were deemed a resounding success with a futurevisit planned early 2015 to progress a pilot scheme in Paris.

Below (L-R) are Don Randall, Ian Mansfield, Thierry Coudert(Prefet, Head of Security Partnerships Ministry of Interior),Eric Davon (ASIS Chapter Chairman France), Graham Bassett,Stephanie Bergouignan CPP (Chapter Secretary and WISrepresentative, France) and Pascal Hurtault (Colonel, ProjectDirector, Security Partnerships, Ministry of Interior).

NetherlandsA few weeks after the meeting and talks with our guests fromFrance, Lucien Stopler from the Netherlands was also hostedat the Bank of England to discuss the potential of a pilotscheme in the Netherlands. Lucien works closely with theDutch Government, Police Force and business community tofacilitate closer links and co-operation.

Lucien also attended the City of London Police Project GriffinAwareness Day at Wood Street and spent time with AlexWilliams (CoLP) visiting Griffin sites in the City.

A successful couple of days and we look forward tosupporting the next stage of development for a pilot schemein the Netherlands.

Below (L-R) Alex Williams (CoLP), Graham Bassett, DonRandall and Lucien Stopler.

Project Griffin in Europe



GROWTH

More than 50 internationaldiplomats, politicians and industryguests attended a commercialdiplomacy reception andnetworking event hosted by theIndustry and Parliament Trust (IPT)in the CommonwealthParliamentary Association Room inthe historic Westminster Hall inthe House of Commons, London.The event was sponsored by theCity of London with the goal ofencouraging growth andinvestment in the UK. Speakersincluded the Right HonourableLord Mayor Elect Alan Yarrow, theRt Hon Mr Hugo Swire MP, Ministerof State at the Foreign andCommonwealth Office, and MrDavid Amis MP, Chairman of theIPT. A summary of the speeches ispresented next and ASISInternational members mayrecognise the common strands ofsecurity, trust and anti-corruptionas well as the potentialopportunities for medium-sizedbusinesses.

The Rt Hon Mr Hugo Swire said theIPT works with Her Majesty’sGovernment to build on the UK’sreputation for “selling the UKoverseas and attracting foreigndirect investment”, importantly, headded, “this is a matter of trust”.The Chancellor of the Exchequer’sstrategic goals were highlighted bythe Rt Hon Minister as “doublingexports to 1trillion by 2020,increasing foreign directinvestment to 1.5trillion andincreasing the number of

companies to over 100,000”. Hesaid there has been a culturalchange to promoting the UK andbusinesses, and “jobs and growthare the key to national security”.Recent successes have includedkey trade deals with Singapore,Korea and the EU. The EUTransatlantic Trade and InvestmentPartnership (TTIP) benefit to theUK is equivalent to £400 perhead. He said the UK also needsrules to tackle corruption so whenwe do business we make sure “theprice is the price”. He added;

“A key concern for us isEnergy Security.”The Rt Hon Mr Swire said the IPTalso works closely with the UKTrade and Investment departmenton plans to help medium-sizedcompanies, those with around 30staff. We want to help thesecompanies grow into largecompanies. We’ve been running a“grand campaign”, holding over 50events in 140 countries promotingBritish brands; “Jaguar and JamesBond” to increase recognition of“brand UK”. He said: “If you’reaware of this and perhaps are nowbored with it, then we know it’sworked.”

He said it is a competitive marketplace, a case of “Export or Die” -and the UK was an early starter:our history as former “buccaneersand pirates” equips us well. Weneed more joint ventures andmore trading: “We want to be the

‘Uber’ of inward investment.” Hesaid every partnership depends ontrust and we need to raiseawareness in Parliament thatcompanies and trade are theeconomic engine - “the cogs thatdrive the wheel” of the economyand of the public sector.

Mr David Amis MP, Chairman ofthe Board of the IPT, and BaronessProsser OBE, Board member of theIPT, thanked the Right HonourableLord Mayor Elect, Alan Yarrow andthe City of London for sponsoringthe event.

The Rt Hon Alan Yarrow, who onNovember 7th will be the 687thLord Mayor, highlighted the City’skey strengths as “both selling andservices”. Two crucial servicesinclude Law and Finance; EnglishLaw has an important internationalrole since it underpins most of thecontract law used around theworld. Financial services in the Cityof London include ForeignExchange, which produces 44% ofthe global trade, “twice the rate ofNew York”.

The Rt Hon Lord Mayor Electended by reinforcing the City’slong-standing commitment toeducation, “in 1878 the Cityestablished City and Guilds, theRoyal College of Science and theRoyal School of Mines - now knownas Imperial College” - adding,“apprenticeships are critical, now,more so than ever”.

For more details on the article,please email Allison [email protected]

Using Jaguar and James Bond to create jobs andgrowth – the key to national security” Allison Wylde

Report from the Industry andParliament Trust’s CommercialDiplomacy Reception, WestminsterHall, in the House of Commons

Allison Wylde FRGS DIC (Imperial) - ASISInternational Commission on Standards andGuidelines



SERVATOR

At first glance a highly visible policepresence on the streets of the SquareMile looks nothing out of the ordinary.And for our City of London Policeofficers, nothing is out of the ordinary.

Project Servator has become businessas usual for us in the City.

But look a bit harder and there aresome important differences. First ofall the new phase of Servator looksand feels a bit different. Our officersare jointly deploying with BritishTransport Police in transport hubsacross the City. We have the 300,000pairs of eyes and ears of our City ofLondon residents, workers, visitorsand businesses who we are callingupon to help keep the City safe and toreport anything suspicious. And, aspart of this effort, City of LondonPolice officers are out patrolling theCity with private, SIA licensed securityofficers from City-based businesses.

This is what the eye can see, butthere is also a strong presence ofcovert officers who work with ouruniformed police as part of thedeployments. Spearheaded by anadvertising campaign featuring, for

example, our plain clothes officers(see inset example of the posters),our messages will be highly visible attrain and tube stations, on phonekiosks and roadside hoardings and inthe press.

But let’s go back and review thegenesis of Project Servator. When welaunched back in February of thisyear, our goal was to replace the old“Ring of Steel” approach with moredynamic police deployments whichcould pop up anytime and anywherein the City of London. The key featuresof the deployments have been thelarge numbers of plain-clothed anduniformed officers and the use of arange of police assets, including dogs,horses and vehicles as well as CCTVand ANPR (Automatic Number PlateReader).

We’ve seen that the deploymentshave been highly successful, both interms of how our community hasengaged with them but also in termsof stopping crime. Research weconducted in February showed that69% of the public stated they wereprepared to report suspicious

Servator, Serving the City of LondonCommander Wayne Chance, City of London Police



SERVATOR

activity[1] and we’ve seen animpressive 76% increase in 101 callsrelated to public reports of suspiciousactivity. And since the official launchof Project Servator earlier this year we

have made 1,409 stops and 74

arrests.

We’ve also worked closely with Police

Scotland, learning from their

experience with Servator around theCommonwealth Games. The supportand assistance from large businessbased in, or operating from, Glasgowproved essential for the success ofProject Servator and for the Games.Behemoths such as Tesco and RoyalBank of Scotland (RBS) embracedServator Glasgow, training their staffto be vigilant back of house and incustomer-facing areas and providingquite literally a ‘shop window’ forServator messages.

We have integrated many of theseactivities in our new phase of Servatorin the City of London. We will seemany more businesses – large andsmall - coming on board with Servator,helping us get our message out to thecommunity, and being our extra pairsof eyes and ears on the ground todeter terrorists and to detectcriminals.

For further information on ProjectServator, see the City of LondonPolice website.

[1] When asked “How likely would you be to report a crime you have witnessed”, 69% stated that they were ‘very likely’ to report suspiciousbehaviours; 734 interviews were undertaken with City residents, workers and visitors in February/March 2014.



VICTIMS OF CRIME

One of the problems inanswering that questionin this country is the verymeaning of what peopleunderstand by the wordjustice, or hope that itmeans. For anyone facing criminal charges,there has always been (and alwayswill be) the paramount principle inlaw of respecting and protectingtheir rights to a fair trial.

For victims of crime however,justice as they experience it toooften means disappointment andfrustration. Depending on theseriousness of the crime, it canquite simply be life changing.

Only last year the government setup a new board which will attemptto improve a criminal justice systemthat it hopes will help tackle arange of problems, not least ofwhich are ‘unforgiveable delays’.The only surprise is how long it hastaken for this to happen when halfof all criminal court trials scheduledon a given day do not go ahead asplanned, taking up valuable courttime and contributing significantlyto the frustrations of victims andtheir witnesses. As one of manywho works when time allows as avolunteer in the Victim SupportWitness Service, I know only toowell how such delays impact on theway criminal justice works forvictims in our courts.

In the early stages of my past life inCID, a renowned criminal barristertold me not to get dispiritedfollowing a crown court acquittal – ‘It’s all in the game’ as he aptly putit.

From my perspective, the ‘game’continues to be played out in courtsup and down the country every day.It is a cornerstone of our justicesystem that a defence lawyer has toensure the evidence is rigorouslytested at all times , and if thatmeans putting victims through themost challenging experience oftheir lives then so be it. The prize of

winning the case is the onlyobjective, and the reality that manypeople forget is that lawyerspractise law, not justice.

Many millions of pounds are spentpreparing cases for trial, anddefending those charged withoffences. Victims are not so lucky.The various services which supportthem rely mostly on volunteers andonly around 2% of the costs of ourcriminal justice system are spentdirectly on them.

So why have delays become‘unforgiveable’? Two of the reasonsI submit are not historically focusedon enough because they areconsidered essential to the rights ofall defendants.

Firstly, whilst there are many whodo plead guilty at the very firstcourt date, those who decide toplead not guilty kick start a systemwhich gears up for a trial whetherto be held before a magistrate orbefore a jury in the crown court.The problem is that in literallythousands of those ‘not guilty’cases, the defendants change theirplea to guilty on the date of thetrial.

The result of this is that manymillions of pounds are wasted inCrown Prosecution Service costs,but what about the impact onvictims? As I have seen all toooften, they will be at court waitingto give evidence and preparingthemselves mentally for what isoften a nerve-wracking experience,only to be told they are not needed.

One reason for this is thatdefendants delay pleading guiltyuntil the day of the trial hoping thatvictims and their witnesses will notshow up, leading to a collapse ofthe case. In many cases thesedefendants are being funded bylegal aid. In my view this amountsto nothing more than a publicfunded waiting game, and astraightforward abuse of thesystem. To put it even more bluntly,I suggest it qualifies as witnessintimidation.

The average waiting time for crowncourt trials, from the time adecision is made to hold a trial to itactually beginning, is six months,though in the London area it is notunusual for a victim to wait a yearor longer for a trial to be held.

Secondly, and considered a rightthat can never be jeopardised, isthe ‘sacred cow’ in our criminaljustice system – the right to trial byjury. This cow means that adefendant can choose trial by juryover small thefts with real examplessuch as stealing food items worth afew pounds, stealing from a parkingmeter, or theft of an old mobilephone.

To make matters worse, two thirdsof defendants who choose a crowncourt trial in cases which could bedealt with by magistrates (‘eitherway’ cases) finish up pleading guiltywhen they get to crown court. Why?

In addition to hoping the victim orwitness will not turn up, anotheranswer may be found as far backas 20 years ago. Lord Runcimanwho chaired the 1994 RoyalCommission on Criminal Justicewarned then that one of the threemain objectives for defendantsopting for trial by jury was simply toput off the trial. There were anumber of “personal” reasons forthis, one being to enabledefendants to have part of theirsentence counted while on remandin a softer prison regime, whichincludes being able to wear theirown clothes!

VICTIMS OF CRIME – JUSTICE WHERE ART THOU?Crawford Chalmers CPP


www.asis.org.uk

ASIS FOUNDATION


This is my first year as a Trustee of theASIS Foundation. One of the things theBoard of Trustees is doing is developinga strategy for the future. I hope to reportmore on that later.

In the meantime, I thought I would letyou know about some publications theFoundation has published, alldownloadable free of charge from theASIS Foundation website.

A study of security metricsThe first is a study of security metrics. Itinvolved a major study of the ways inwhich security managers do and coulduse metrics, it was based on an industrysurvey and in-depth interviews and theoutput is geared to help practitioners. Ithink you will find that it is worth a look.The study generated a variety ofpractical, actionable outputs, including:

The Security Metrics Evaluation Tool(Security MET), which securityprofessionals can self-administer todevelop, evaluate, and improve securitymetrics

A library of metric descriptions, eachevaluated according to the Security METcriteria

Guidelines for effective use of securitymetrics to inform and persuade seniormanagement including a focus on returnon investment

The precise reference for the report is:

https://foundation.asisonline.org/FoundationResearch/Research/Current-Research-Projects/Pages/Metrics-Research-.aspx

CRISP ReportsAnother set of publications is the CRISPreports. The acronym stands forConnecting Research in Security toPractice. A range of reports have beenproduced so far and they are also alldownloadable free of charge.

Situational Crime Prevention and SupplyChain Security: This provides adiscussion of situational crimeprevention techniques used in domesticand international supply chains. Theauthor presents a consecutive six-stageapproach to mitigate identified andacknowledged risks.

Mass Homicides by Employees in theAmerican Workplace: The authorsanalyze 44 cases of workplace masshomicides from 1986 to 2011 anddiscuss both the causes and triggersand potential remedies.

Fatigue Effects and Countermeasures in24/7 Security Operations: This paperexplores the effects of fatigue and nightwork on human cognitive performanceand offers countermeasures that may beused to combat these effects.

Tackling the Insider Threat: This paperincludes a review of the insider threatliterature with findings of a Delphi studyto arrive at a new approach to defeatingthe kind of trust betrayal that canundermine organisations.

Preventing Burglary in Commercial andInstitutional Settings: A PlaceManagement and PartnershipsApproach: In this report the author looksat how to assess, manage, and respondto burglaries that occur at commercialand industrial sites.

Strategies to Detect and PreventWorkplace Dishonesty: This reportexamines ways to disarmcounterproductive and criminalemployee behaviors before they becomea serious problem.

Lost Laptops = Lost Data: MeasuringCosts, Managing Threats: Replacingstolen units is just the start: lostproductivity, damaged credibility, frayedcustomer relations, and heavy legalconsequences can cripple yourorganisation. This paper has pitfalls andremedies for you to consider.

If you go to the ASIS Foundation websiteand look for CRISP Library, you will seethe reports, the exact address is:(https://foundation.asisonline.org/FoundationResearch/CRISP-Reports/CRISP-Report-Library/Pages/default.aspx).Moreover, the Foundation is hearingfrom any of you interested in writing apaper, download the proposal forms andsend one off if this interests you; I knowthe Research Council (which I am amember of) is committed to producingmore.

Martin GillASIS Foundation Board of [email protected]

The reality of all the delays is thatvictims may decide to give up onthe trial ever taking place, and mayno longer want to give theirevidence. Can they be blamed forbeing unable to keep their lives onhold indefinitely?

Does the longer the time gapbetween the crime and the trialmake it possible that the victim’sevidence is likely to be regarded asless reliable? Could this be agamble that some defendants and

their representatives take?

With such a reality, it is obvioushow difficult it can be to persuadevictims to report crimes in the firstplace, and then to be willing to giveevidence.

Some light in the long dark tunnelfor witnesses has been theabolition last year of committalhearings intended to speed up andimprove efficiency. Pilot schemeshave also begun in terms of an

‘Early Guilty Plea‘ system.Amazingly it has taken until veryrecently for proposals to be putforward for a change in the lawwhich would give greater protectionin court for example for victims ofrape and child abuse.

There is much to be done toenhance the rights of victims ofcrime, because after all “If we donot maintain justice, justice will notmaintain us” (Francis Bacon 1561-1626.



OFFENDERS

Offenders: just how can they be useful? – Prof. Martin Gill

Speaking to offenders and findingout how they assess and evaluateopportunities has immensebenefits. There are a variety ofreasons but I would like to assesstwo here. First, and one of thethings that has emerged fromstudies of offenders is that theways in which they assess objectsand circumstances can bedifferent. A garden ornament canbe a delightful addition to a garden,but to an offender a tool forproviding an advantage in a fight,an open widow a good way ofletting in fresh air, but to anoffender an invitation to burgle.Assessing the ways offenders thinkprovides an opportunity to assesshow security measures – typicallydesigned by honest people- fallshort or can be re-engineered orreused in a different way.

Indeed, it is somewhat ironic thatmeasures that were originallydesigned to prevent offenders mayactually work to their advantage.This can be true in a general sense,for example, some offenders haveargued to me over the years thatone of the advantages of CCTVcameras is that they lull staff intobeing less security aware; staff relyon cameras to do the job and sobecome less attentive to security. Ina different way I recall a fellowcriminologist, Professor PaulEkblom noting that signs on theLondon underground encouragingpassengers to beware ofpickpockets caused them to checktheir pockets to make sure thewallet was there; this toldobservant pickpockets where theyneeded to focus; they knew whichpocket the money was in, itincreases their chances of success.I recall one armed robber I spoke totelling me that the fact that therewere screens in banks at the timemeant that he could be moreaggressive in the bank to demandmoney; banging an item against thescreen made a noise and was morescary, he thought it increasedcompliance with his demands.There are many good aspects to

measures of course, but they aremore readily acknowledged thanthe alternative.

The second way is in terms ofunderstanding just how much thecontext in which people workprovides the skills necessary tomake a crime possible. And I domean skills here. We know that onereason for workplace crime is agrudge or feeling of disappointmentwith colleagues and/or thecompany, but they are motivators ortriggers, where I am moreconcerned here about the ways inwhich offenders commit theircrimes. We can often do a lot moreto disrupt and prevent crime whenwe know how people do it.

I have spent some time recentlywith fraudsters. What is intriguingabout workplace fraudsters is howthey use the skills sets acquired atwork to commit offences. Indeed,while there has been a tendency tosee the decision to commit crimeas different from the act itself, inpractice the overlap isconsiderable. During my interviewswith fraudsters one of the mostinteresting findings was that mostdid not join the company to commitfraud, something happened alongthe way to change their behaviourand views. Most had never been introuble with the police before andwere not contenders for beingunder suspicion by their employers,so something happened. ElsewhereI have discussed the range ofreasons including need for money,addictions, to gain status, becausethe opportunity presents itself andbecause of intimidation. Of coursethese all lend themselves tointerventions. But what is it aboutthe workplace that makes itattractive?

The first thing is that employeesbuild up skills in their job aboutweaknesses in crime preventionmeasures, knowing about theseweaknesses can breed and feedthe idea of a crime. Moreover,because the weakness is at work,and exploiting it will most often

involve skills and knowledge thatare acquired and honed throughwork, the key ingredients of anoffence, a motivated and skilledoffender; an available victim, andthe absence of a capable guardianare present.

One offender I spoke to stolemoney from his employer and wasencouraged to keep stealing whenhe realised that the employer neverchecked the cash deposit properly.He had a gambling habit and hopedto pay the money back before itwas noticed but that failed. Anotheroffender stole money from apension fund, but knew how tobreak the rules and get away with it(at least in the short run) via hisaccountancy training. In both thesecases the procedures in place,designed to facilitate business andprevent theft were poorlyconstructed and/or operated, andcertainly did not take account ofinternal experts being able toexploit opportunities with skills andknowledge gained at work.

In this short article I just wanted tohighlight some of the reasons whywe need to consider what offenderssay. We must treat their wordscritically and carefully – many areadept liars after all – but security islikely to be less effective if weignore their wisdom altogether.

Martin GillDirector of Perpetuity [email protected]



NEW MEMBERS

Holders of CPP, PSP and PCIcertifications need to recertifyevery three years, by amassingCPE points.

This year, for the first time, wehave run a number of free-to-

attend CPE events thanks tothe support of our CPE PartnerAxis Communications.

We are also very gratefulto Stewart Hughes CPPand Corin Denison CPP ofAdidas Group and JohnMurphy CPP PSP of StateStreet Bank for, very

kindly, hosting the events.

We are working on plans for

similar events for 2015

Welcome to these new and returning Members

CPE DAYS

Martin AbbottAndrew EdwardsDaniel JonesTony RumgayJon AkandeObioha EgereTim JonesRobert SaitTed AllenFreddie EllisIgnas KarvelisCraig SeckersonPaul AndersonMatt EtheridgeMark KilnanSimran SembhyRichard AustinWilliam FaasDaniel Krause-Harder-CalthorpeNoel SheeranPeter BaronsJamie FarrellMark LangworthyAlec ShermerNasir BashirNoel FeeneyBrian LarkinsVictor ShokCherry BatchelorAndy FinneyMatthew Lee CPPGraham Sims

Paul BeatNik FlytzanisNicky LowryCraig SmithPaul BentleyMatthew FountainJim MaiettaDavid SmithDavid BerezanskyTom FranklandChris MarshallShaun SouthallDarren BlackieAndrew GaitPaul McKayBarrie StewartJames BorrelliWilliam GarrihyDavid McWilliamsSean SuttonDylan BowenAndrew Gemmell Patrick John MifsudCharles SwansonDavid BuckleyGeoff GrahamAlexander MorakinyoJohn TaskerTimothy BurchellChris GraoEmma MorganNicola ThompsonKevin Burke

Jeff GreenCeline MurphyRory ThorneMicky CalcottStewart GriffithsColin MyersAlex ThorntonAndy CarrollLawrence HardcastleSteve NewboultCarl ThorringtonKristian CarterDaniel HarperLionel NightingaleJohn TristramMatthew CawthorneNigel HawkinsNicholas NunnGeorge TurnsAli ChahineAnthony HaywardBenard OlaliDaniel VerityIan ClarkeStephanie HenslerErnie PallettKatie VintPeter ConsterdineRichard HigginsJason PalmerJames WaltersAdrian CoxWesley Hodgens

Anthony PelliJames WaringCaroline DemoulpiedPaul HollandsJohn PhillipsJames Williams Paul DenningStephen HollingsAnton PieterseMichael WilliamsRay DolanAdrian HouseGail PinkertonMichael WoodPaul DrawbridgeColin HugginsStephen PorterJordan WylieMatthew DuffWayne HughesRoman PrzekopJulie YoungPhillip DunnSimon HuntSean PurnellSimon ZammitFrank DunsmoreDavid Hurley CPPRupert ReidChristopher EckersleyJoel JohnsonSamuel Robb



CPP

The ISMI™ PreparationProgramme for the ASIS CPP®Certification got off to asuccessful start recently with 9professionals attending the firstphase, 8-10 October, in a quietpub in the Worcestershirecountryside. The timber-framedsetting of the function roomprovided the perfect backdrop forthree days of intensive studyduring which candidates wereintroduced to the detail of the CPPdomains and the content thatwould likely form the base for theexamination.The group, whichincluded several students withextensive policing experience,worked exceptionally well to coverthe core material in 3 days andwill now spend 4 monthsconsolidating and developing theirknowledge by means of distancelearning tasks, andtelephone/email coaching,culminating in 3 days back in theclassroom where they will hone

their skills on approximately 800practice questions.ISMI'spreparation programme, led byDavid Cresswell CPP PSP, is abrand-new course incorporatingthe latest changes to the studymaterials. It is offered at a specialfee of £1250 (+ VAT) for Chaptermembers, which includes 6 daysin class, 4 months of distancelearning and coaching, and accessto an online library of supportresources.During the past 10years David has helped over 200security professionals achieve

ASIS certification and is therecipient of two awards from ASISInternational for his work withcertification programmes.

CPP “COACH INN”

ISMI™ 2015 Preparation Programme for ASIS CPP®

Led by David Cresswell CPP PSPTwo phases:

13-15 May and 14-16 October plus distance learning

£1250 +VATContact Janet Ward [email protected]


JSAFE

September saw the inauguralJSAFE event. This was acoming together of five securityorganisations, ADS, ASIS UK,City of London CPA, IPSA andThe Security Institute to raisemoney for worthwhile causes.The two charities selected thisyear were PTSD Resolution whotreat veterans suffering frommilitary trauma and St GilesTrust, who work to rehabilitateex-offenders.The event, a formal Dinner heldin The City of London, raised£16,000 through ticket sales,a raffle and the auction ofitems and events generouslydonated.

Whilst this was less then thetarget amount, the £8,000each charity will be receivingwill be put to good use and willenable them to help numerouspeople.Plans are underway for the2015 event where we hope toraise even more.

JOINT SECURITY ASSOCIATIONS FUNDRAISING EVENT (JSAFE)



www.asis.org.uk14

COMPLIANCE

WINTER 2014

What does risk andcompliance around PhysicalAccess Governance involve? Banks, financial institutions,companies managing critical nationalinfrastructure such as utility providers,nuclear power plants and datacenters are mandated to ensurecompliance against governmentand/or industry regulations for severalareas of their business. The risksassociated with failure of complianceare related to the financial andreputational profile of anyorganisation and therefore are takenvery seriously across all levels andareas. Therefore, organisationsimplement rigorous processes withinternal checks and balances toensure that they are able to measurethe level of their compliance andthereby identify any areas of concernahead of time.

Physical Access governance is onesuch area, which relates to ensuringthat:

the right person has (physical) accessto the right place at the right times

all required vetting and validation ofany person (who is being provisionedphysical access) has been done inaccordance to the security policy ofthe organisation

necessary approvals are receivedbefore physical access is provisionedfor a particular area (for examplethose which are critical/high securityareas such as data centres) for anyperson

required training and certifications(for example, health and safety) are inplace in accordance with the securitypolicy of an area

physical access is revoked orsuspended per the defined securitypolicy

In order to measure and assurecompliance around these aspects,organisations have to collect, manage,analyse and report on a lot of data

and processes during the lifecycle ofany person who steps foot on theirsites. This involves collaborationbetween several departmentsconcerned with Physical Security, IT,Risk and Business continuity.However, ownership and liability ofthese aspects mostly lie with thePhysical Security department. Hencethe reason that in a 2012 (July)survey conducted by the CSOmagazine and IDG research group,63% participants, who were servingchiefs/directors for physical securityat medium/large organisationsclassified compliance around physicalaccess governance as a critical/highpriority. When including those whoclassified it as a moderate priority,this figure went up to 92% of the totalparticipants.

How do organisationsassure compliance aroundPhysical Access today? Andwhat are their challenges? Until now, Physical Security groupsworldwide have relied heavily on theuse of various systems/devices suchas physical access control systems(PACS) to help them measure themetrics outlined above and assurecompliance. However, in addition tothe collection of data from thesesystems, measuring overallcompliance involves a lot ofadministrative effort and cost due tothe lack of any easily available audittrail for all processes, which led to thegeneration of the data initially. Thisspend is further compounded whenthere are disparate sources ofinformation/ systems deployed at anorganisation, which is true for mostglobal enterprises who have grown(organically or throughmergers/acquisitions) and inherited alegacy of different systems fordifferent areas, sites or regions.

Recently, many organisations havespent millions of dollars onstandardising their systems (such as

PACS) to one model or type with theintent to reduce the risk andadministrative spend involved inmeasuring and assuring compliance.However, such investments haven’thelped them significantly in thisaspect. Hence the reason that morethan 70% of the respondents whotook part in the CSO/ IDG research inJuly 2012 (referenced earlier)identified this area to be of significantconcern given the high risk andincreasing costs of ownership, both ofwhich couldn’t be addressed by any ofthe existing systems or devices whichthey were aware of.

How can the currentchallenges be addressedwhilst saving cost? What isPIAM? In the light of decreasing budgetsaround physical security andincreasing operational costs, it’simportant to identify a way in which allprocesses and data can be captured,audited, reported and analysed in themost cost and time effective manner.To meet this need, a new class ofenterprise software was introduced,Physical Identity and AccessManagement (PIAM).

Assuring Compliance, Reducing Risk and SavingCosts around Physical Access Governance andAdministration – Dr Vibhor Gupta, Chapter Technology Lead

Dr Vibhor is the ASIS UKChapterTechnology Lead and can bereached at [email protected]



COMPLIANCE

The purpose of a Physical Identity andAccess Management (PIAM) solutionis to allow physical securityadministrators to have a single self-service user interface from where theycould view, control, audit and reporton data and processes relating to anyperson (employee, contractor orvisitor) and their physical access. Akey component of PIAM solutions, is arule based engine which allowsphysical security administrators todefine all workflows along withnecessary checks and balances(discussed above) required forprovisioning physical access for anyperson. This gives the administratorsa capability to automate and audit theimplementation of these processesthrough one single user interface andthereby eliminate the need to extract,normalise and stitch data frommultiple source systems manuallythereby saving a significant amount ofcost and effort.

The important thing to remember isthat PIAM solutions are not areplacement for physical accesscontrol systems (PACS) or others suchas physical security informationmanagement systems (PSIM) butrather a complementary fit in anorganisation’s security infrastructure.PIAM solutions integrate with existingPACS to source/provision requireddata per the workflows defined intheir rule engine. Additionally, PIAMsolutions provide physical securityadministrators the capability toschedule and create reports/ auditsto measure their organisation’s levelof compliance. Examples of somequestions, which a PIAM solution willhelp provide answers for easily arelisted below:

• Are all people with physical accessto a particular area securitycleared?

• Are there any people with physicalaccess to a particular area whodon’t meet the necessary trainingor certification requirements whichare mandatory for that area? If yesthen has their physical accessbeen terminated/suspended?

• Have all people with access to aparticular area been approved foraccess by the respective area

owner/authoriser?

• Has an area owner/authoriservalidated all people who haveaccess to their area?

• Have the results of any change insecurity policy or complianceregulations successfullyimplemented across all concernedareas and for all concerned people(such as employees, contractors orvisitors)? What is the scale ofimpact for any such changes, i.e.how many people and areas areimpacted?

• How compliant is the organisationagainst various parametersdefined as part of an industryregulation such as SOX, SAS16,Basel III, SAS70, NERC and FERC?

• Has the organisation takennecessary action in areas whereit’s failing compliance currently?Does this require any process re-engineering internally?

What are the benefits of PIAM withrespect to reducing risk and assuringcompliance? And, is it easy toimplement?

The time and cost savings, which canbe achieved through a PIAM solution,are subjective to an organisation’sindustry sector, compliancemandates, processes and existinginfrastructure. However, various casestudies and examples have shownthat such solutions can help reducethe overall operational costs by 60%on average. Most importantly, theability to proactively audit andmanage processes provides a greatopportunity for any organisation toreduce their risk significantly. A typicalreturn on investment for such a PIAMsolution is seen to be realized in 8-10months from the date it’simplemented. Hence, a PIAM solutioncan help add value to an existingsecurity infrastructure by providingopportunities to assure compliance,reduce risk and save significantoperational cost.

Finally, it’s important to consider theease of implementing a PIAM solution.The primary objectives ofimplementing such a solution are toreduce risk and costs whilst maintainfull business continuity. Hence the

reason it’s highly recommended toconsider a commercial off-the-shelf(COTS) PIAM solution rather thanthose which are customised/bespokeversions of existing solutions. Giventhe level of integrations (for examplewith disparate PACS, logical systems)and the sophistication of managing,auditing and reporting on relateddata/processes, it’s imperative thatimplementation of a well referencedCOTS product would be muchsmoother than that ofcustomised/bespoke solution.

Summary and Conclusion The priorities around physical accessgovernance will continue to befocused on reducing risk and assuringcompliance across an organisation’sestate for all people working there(employees, contractors and visitors).Regardless of the ownership of such aresponsibility, infrastructure acrossmost organisations will mandatecollaboration across variousdepartments and integration acrossvarious legacy/systems. This will befurther compounded by the need toreduce operational costs whilstassuring full compliance. A PIAMsolution could help achieve theseobjectives.

An ideal PIAM solution will be onewhich can allow organisations tocollect and manage the flow of dataacross disparate systems (such asdifferent physical access controlsystems) and additionally presentthem with the capability to automateauditing and reporting of relatedprocesses/workflows for all areas andpeople (employees, contractors,visitors). A return on investment in theform of operational cost savings andidentifiable risk reduction (throughautomated auditing and reporting)should be carefully assessed by eachorganisation per their compliancemandates, process complexities andexisting infrastructure. Finally,successful implementation of a PIAMsolution is the key to any suchinitiative and therefore it’s highlyrecommended that a well-referencedCOTS product is considered in thisregard.


www.fsslimited.com

HEAD OFFICE: Reflex House The Vale Chalfont St Peter Bucks SL9 9RZ Tel: +44 (0)1753 482248

LEEDS OFFICE: 1200 Century Way Thorpe Park Business Park Colton Leeds LS15 8ZA Tel: +44 (0)1133 221026

Email: [email protected] follow us at:

fsslimited

fsslimited

SECURING

ACCESS CONTROL, CCTV, & INTRUDER DETECTIONTHE CITY


ASIS UK Winter Newsletter 2014

Documents

Transcript of ASIS UK Winter Newsletter 2014