2018 ASIS Boston Chapter Leadership

Joe Crowley, CPP, Chair jfcrowley@partners.org

Marty Patnaude, Vice Chair mpatnaude@americanalarm.com

Paul Baratta, Treasurerpaul.baratta@axis.com

Bob Nicol Sec, Secretarybobn@galaxyintegrated.com

www.asis-boston.org

Editorial: Howard Communication AssociatesDesign: MSG Design

The Security BeaconJanuary 2018 Boston Chapter of ASIS International

In this issue...

Data Center Security 1

Anti-Money Laundering 1

Chairperson’s Message 2

Workplace Violence 3

Globalization from Below 3

Upcoming Events 4

Exhibitor Registration 5

Safe Driving Tips 6

Please support our generous ASIS Boston

Chapter supporters

Upgrade data center securitywith two-card accessBy Dan Ryan

It's something everyone heardat some point as a child: “Usethe Buddy System!”

Along with making parentsfeel better and keeping kids

safer, the idea of the Buddy System also added a layer of accountability to any ac-tion: whatever was going on, there would be two people there to witness it.

In the field of information and data center security, there's a similar idea: the two-man rule.

The two-man rule adds accountability to any data center operation, adds securityby preventing rogue individuals from doing any harm and lessens the dangers thatcan come from a lost access card or key.

In short, the same principle that guided the Buddy System that helped keep yousafe as a child can help keep your data safe today. continued on page 7

Association of Certified Anti-Money Laundering Specialists enhances skills of anti-money laundering,counter-terrorism financing professionals

The Association of Certified Anti-Money LaunderingSpecialists (ACAMS) is the largest international membershiporganization dedicated to enhancing the knowledge, skills andexpertise of anti-money laundering (AML)/counter-terrorismfinancing (CTF), and financial crime detection and preven-tion professionals. ACAMS members include representatives

from a wide range of financial institutions, regulatory bodies, law enforcementagencies, and industry sectors. Goals of the organization include:

• Help AML professionals with career enhancement through cutting-edge education, certification and training. ACAMS acts as a forum where pro-fessionals can exchange strategies and ideas.

• Assist practitioners in developing, implementing and upholding proven, sound AML practices and procedures.

• Help financial and non-financial institutions identify and locate certified anti-money laundering specialists (CAMS), ie. designated individuals in the rapidly expanding AML field. continued on page 8

January 2018 2

Chairperson’s Message Looking forward and back atthe start of the new year

I hope you all had a won-derful holiday season. I amlooking forward to a great2018 for the ASIS BostonChapter. I would like tostart by thanking the 21

Executive Board members and Committeechairs who comprised the 2017 BostonChapter Board. I would particularly like toextend my thanks to Jim Healy who hasdiligently served as Chapter treasurer forthe past ten years; his commitment to theChapter is greatly appreciated.

I am looking forward to serving as the ASISBoston Chapter Chairperson and workingwith Marty Patnaude Vice Chair, PaulBaratta, Treasurer, and Bob Nicol, Secretary.

The 2018 Board met in December to startplanning the meetings, events, and activitiesfor 2018. We are proud to recognize that2018 is the Boston Chapter’s 60th Anniver-sary and a committee of volunteers is hardat work on a special event to recognize thisachievement.

The first Chapter meeting of the year willbe held on Thursday, January 25, at the Partners Healthcare Headquartersbuilding in Assembly Row, Somerville. Online registration for the meeting is nowopen. Alan Yankowski, Senior Cyber Secu-rity Consultant for TRC Engineers, will bepresenting “The Alphabet Soup of CyberSecurity and What You Should Know to beSecure.” This subject is critical to all our or-ganizations. Please join us starting with acocktail hour from 5 - 6pm, followed by themeeting from 6 - 8pm.

Other dates to add to your calendar are:

• March 15, 2018 Joint ASIS / IAHSS dinner meeting;

• March 19 – 22CPTED Certification Class; and

• April 26, 2018New England Security Expo.

The Expo Committee is hard at work devel-oping a program of excellent speakers ontimely security industry topics. This is youropportunity to learn, network, and checkout the latest in technology from vendors,all under one roof.

The November Chapter meeting was a timeto network and celebrate scholarship win-ners and the Sheldon Goodman Awardwinner. The award was named for SheldonGoodman, CPP, who exemplified what anASIS member should be. He attended vir-tually every Boston Chapter meeting andwas quick to speak to newcomers.

Sheldon supported the CPP program, fre-quently mentored younger members, andassisted the Chapter in every possible way.

ASIS International believes that thrivingchapters are built by members, such as Shel-don, who faithfully support the goals of theorganization, and who often work quietlybehind the scenes to promote its ideals. It isfitting that this award given in Sheldon’smemory was presented this year to AshleyDitta, MS, CHPA. Ashley volunteers hun-dreds of hours each year to the BostonChapter. Her outstanding work this year aschair of the Manning Scholarship FundCommittee was the most recent example ofher tireless devotion to the Boston Chapter.She can always be counted on to assist inany way possible to promote the vitality ofthe Boston Chapter. Congratulations Ashley!

The Manning Fund Scholarship Commit-tee met in October to review submissionsfor the Manning Scholarship Fund. Over$9,000 in scholarships were awarded to thefollowing recipients at the Novembermonthly meeting: Patrick McCurdy; SamBuzzotta; Erik Lundbohm; Nicole McIrney;Brendan McIrney; Christopher Beaudry;Elizabeth Beaudry; Tanner Mills; MarinaGoba; Paul Murphy; and Kathryn Murphy.These recipients also received student memberships to ASIS Boston for 2018.

In the first two weeks of November, theChapter Board conducted a survey of ourmembers with the goal of soliciting input toenergize the Chapter and identify ways to

increase attendance at our monthly meet-ings. The survey was completed and a linkto the survey results was shared with allChapter members via email on 11/27/17. I want to thank the 114 members who tookthe time to answer the survey.

Survey responders recommended by a twoto one margin that Chapter meetingsshould be held every other month. TheBoard has implemented this recommenda-tion for 2018. Holding Chapter meeting onThursdays was also recommended. Respon-ders chose a start time of 6pm as their preference, followed closely by a recom-mendation to rotate meeting start times.Responders picked the topic presented asthe most important factor in their decisionwhether to attend the monthly meeting.Responders provided the Board with thirtysuggestions for topics in 2018. Cyber Secu-rity was one of the five most-requested topics suggested by the survey responders,which is why the Board chose that subjectfor the January meeting. The Board will usethe member recommendations from thesurvey as a guide for choosing speakers in2018.

To review the survey results in detail, pleaseclick on this link. You can share yourthoughts and ideas with the chapter Boardat any time via email at chapter@ASIS-Boston.org.

I am honored to serve as your chapterChairperson in 2018. We have a fantasticVolunteer Board this year. I am asking thatyou help support the Boston Chapter, notonly by attending Chapter meetings but byreaching out to a Chapter member whohasn’t been to a meeting in a while andbringing him or her with you.

We are always seeking members to join theASIS Boston volunteer Board and we wel-come your feedback. Working together wecan build on the great legacy of the past 60years of the Boston Chapter. I look forwardto seeing you at our January 25th meeting.

Joe Crowley, CPP, ChairpersonASIS Boston Chapter

Granite State legislature looks at workplace violence

Legislative Update, NH HB1500: Pending New Hampshire State Legislation. Ingeneral, the terms and definitions of workplace violence can be vague. This legisla-tion attempts to clarify. It only pertains to public employees within the State ofNew Hampshire.

The bill defines workplace violence and workplace injuries and requires deaths andserious injuries in the workplace be reported to the commissioner of labor. Here arethe main items and definitions they clarify.

“Serious physical injuries” means an incident that results in an amputation, loss orfracture of any body part or that necessitates immediate hospitalization or formaladmission to the inpatient service of a hospital or clinic for care or treatment.

“Workplace violence” means an action, verbal, written, or physical aggression,which is intended to control or cause, or is capable of causing, death or seriousbodily injury to oneself or others or damage to property. Workplace violence in-cludes abusive behavior towards authority, intimidating or harassing behavior, andthreats.

In case of death: Every public employer shall report the death of any person in theworkplace or on the workplace premises within 8 hours of such occurrence to thecommissioner of the department of labor by telephone or electronically, stating asfully as possible the cause of the death and the place where the body of the de-ceased person was sent, and supplying any other information relative to the deaththat may be required by the commissioner.

In case of injury: Every public employer shall report the serious injury of any per-son in the workplace or on the workplace premises within 24 hours of such occur-rence to the commissioner of the department of labor by telephone orelectronically, stating as fully as possible the cause of the injury and the place wherethe injured person was sent, and supplying any other information relative to the in-jury that may be required by the commissioner.

Passed recently in New Hampshire

Senate Bill 234 – Syringe Takeback. Details are still being worked out due to origi-nal laws pertaining to school proximity to many hospitals where takebacks wouldoccur. While hospitals are the most ideal locations due to their ability and familiar-ity with dealing with syringes, if they are located close to a school they cannotpresently be considered.

January 2018 3

ASIS Book ReviewGlobalization from Below

By Jeremy Brecher, Tim Costello and Brendan SmithReviewed by Mark H. Beaudry, PhD, CPP

Globalization from Below provides anexcellent introduction to the emergenceof the anti-globalization social move-ment that targets the negative actionsand consequences of various institu-tions and corporations in their effort toincrease profits and power. Authors Je-remy Brecher, Tim Costello and Bren-dan Smith do an excellent job ofdiscussing topics such as unions, childlabor, people exposed to unsafe workingconditions, and people working for un-ethical wages.

The authors are clearly well-versed inall the theoretical literature on the topicand the book is written in an accessiblenarrative that makes it well worth read-ing. Unlike other social movements, theanti-globalization movement is uniquebecause it consists of a multitude of so-cial causes, ranging from environmentalto labor rights. The authors expand onthe objective of returning to a democ-

continued on page 7

Calendar of Events January - April 2018 4

Ongoing

ACFE Webinar: Money Laundering inthe Digital Currency EnvironmentOrder online at www.acfe.com or byphoning (800) 245-3321

To register for ASIS International webinars and classroom programs, visitwww.asisonline.org

January 2018

10

ASIS Webinar: Physical and Cyber Security: A Synergistic Relationship*

18

FREE Webinar: Politically ExposedPersons (PEPs) – Exposing the Facts12-1pmPresented by the Association of Certified Anti-Money Laundering Specialists (ACAMS)

19

FREE Webinar: 360 Degree Review:Europe’s 2017 Activities and Forecastsfor 20181-2pmPresented by the Association of Certified Anti-Money Laundering Specialists (ACAMS)

25

ASIS Boston Dinner Meeting5pm: Registration/Cocktail Reception6pm: Dinner

Partners Healthcare HeadquartersBuilding, 399 Revolution DriveSomerville

Topic: IoT, 802.11, GAP, 802.15.4,GATT. The Alphabet Soup of Cyberse-curity and what you should know to besecure

Register online

31

ASIS Webinar: How to Turn the EUGDPR into a Business Asset*

February

7

ASIS Webinar: Organized Crime as aCyber Threat*

14

ASIS Webinar: Integrated Solutionsfor Protecting Our Schools in K-12Education*

March

12-13

CPP Review ProgramPSP Review ProgramOrlando, FL

12-15

ASIS Assets Protection Course™:Principles of Security (APC I)Orlando, FL

19-22

CPTED Certification CourseBoston, MA

April

18-20

ASIS Europe 2018Rotterdam, Netherlands

26 - Save the Date!

New England Security EXPOBoxboro Regency, 242 Adams Place,Boxborough, MAVisit our website for details.

*Sign up for a full year of ASIS webinars bypurchasing a Webinar Subscription.

Visit www.asisonline.org for details.

Are you ready to takethe CPP, PCI or PSP

Exam?

Launch your career in a new di-rection by taking the CPP, PCIor PSP Exam. Learn aboutthese valuable certifications andwhether you’re eligible to sit foran exam by downloading one ofASIS’s exam handbooks. Theseguidebooks provide a personalassessment tool and will helpyou decide whether you’re eligi-ble to sit for an exam. Visitwww.asisonline.org to down-load Preparing for the CPP, PCIand PSP Exams.

January 2018 5

January 2018 6

Safe driving tips refresher

We never forget how to drive, but in today’s distracted world, it never hurts to goover the basics of driving safely. According to the National Highway Traffic SafetyAdministration (NHTSA), distracted driving claimed more than 3,400 Americanlives in 2015 alone.

Protect yourself and your loved ones from becoming one of those statistics by following these helpful guidelines for keeping you and your passengers safe on theroad.

1) Turn it off – Turn your phone off or switch to silent mode before you get in the car.

2) Spread the word – Set up a special message to tell callers you are driving and you’ll get back to them as soon as possible. Or, sign up for a service that offers it.

3) Pull over – If you need to make a call, pull over to a safe area first.

4) Use your passengers – Ask a passenger to make the call for you.

5) X the Text – Don’t ever text, surf the Web, or read your emails while driving. It is dangerous and against the law in most states.

6) Know the law – Familiarize yourself with state and local laws before you get in the car. Some states and cities prohibit the use of hand-held cell phones. Not sure about the laws where you’re heading? Check this chart on the GHSA website.

7) Prepare – Review maps and directions before you start to drive. If you need help when you are on the road, ask a passenger to help or pull over to a safe location to review the map/directions again.

8) Secure your pets – Pets can be a big distraction in the car. Always secure your pets properly before you start to drive.

9) Keep your kids safe – Pull over to a safe location to address situations with your children in the car.

10) Focus on the task at hand – Refrain from smoking, eating, drinking, reading, and any other activity that takes your mind and eyes off the road.

Sharpen your knowledge ofcybersecurity and corporateinformation protection atJanuary Chapter meeting

Do you need a better understanding ofcybersecurity to ensure your company’sinformation is protected? Don’t missthe presentation by guest speaker AlanYankowski at the Boston Chapter’s first2018 meeting on Thursday, January 25,at 6:00 pm.

An expert in cyber-security and theNorth AmericanElectric ReliabilityCorporation(NERC) critical in-frastructure protec-

tion plan (CIP), Yankowski has 30 yearsof experience directing complex projectsthat build and optimize organizationalprocesses, measurement systems and in-frastructure in a variety of industries.Cyber Security and NERC CIP Pro-gram Manager at TRC, Yankowski hasworked on physical and cybersecuritythreat and vulnerability assessments fortransit ports, public buildings, utilitiesand chemical facilities.

Yankowski will address the many chal-lenges of security in the utility world.His principles, experience and insightalso apply to almost every other busi-ness market.

Please join your ASIS Boston Chapterat Partners Healthcare HeadquartersBuilding, 399 Revolution Drive,Somerville, to learn more about this im-portant subject and install our 2018Chapter leadership. Cost is just $35.Register online at www.asis-boston.org.

January 2018 7

Book Review, cont’d pg 3

racy in which decisions are made by in-stitutions that don't favor the wealthyminority. In their writing, they addressthe disparity between rich and poor, thelaws and regulations protecting con-sumers and the unregulated marketsthat put both humans and the planet indanger.

This book also offers an incredibly in-telligent take on the ways that culturaland political memes spread through so-ciety and affect us all. Network power isa concept that's been discussed foryears, but here, it is applied to a muchlarger geographic arena. Finally, thisbook is truly one of its kind. It moveselegantly through various case studies inwhich the same underlying power dy-namic is exposed, and is recommendedto both expert and lay readers who haveinterest in globalization and how glob-alization works.

Dr. Mark H. Beaudry, CPP, contributes fre-quently to The Security Beacon. A retired in-telligence chief and anti-terrorism instructorfrom the U. S. Marine Corps, Dr. Beaudryserved on Embassy duty as a Marine SecurityGuard for 3½ years.

Read any good bookslately?

Write a review of a book you’veread about security or a relatedsubject and submit it to The Security Beacon for an upcomingissue. Book reviews should be250-350 words in length. Questions? Emailrichard_zupan@identicard.com.

Data Center Security, cont’d pg 1

What is the two-man rule in data center security?

When it comes to data center and information security, the two-man rule is prettybasic. It refers to a situation where two people must jointly perform some kind ofaction.

The term is said to have military origins, referring to the process the U.S. govern-ment instituted decades ago regarding the launch of a nuclear weapon: two differ-ent people had two different keys, and each had to use his or her key at the sametime to initiate any kind of action.

The reason behind the military's process is clear: no one would want a single per-son to have access to that much power, and giving a single person access to such aweapon would pose a huge security risk.

In the data center security world, the two-man rule follows the same logic: there'sfar too much sensitive data in today's server racks to leave access up to a single per-son.

The two-man rule doesn't just apply to physical data centers. In fact, the NationalSecurity Agency (NSA) put a two-man rule in place a few years ago, shortly afterthe massive data leak initiated by Edward Snowden.

The NSA's two-man rule is more digital: it requires two people, usually high-levelsystem administrators, to be present for the transfer of any kind of sensitive data.This procedure is meant to prevent any rogue employee from being able to initiatethe downloading or exporting of data on his or her own.

How does the two-man rule help secure a data center?

The two-man rule helps add security to a data center in a number of ways, mainlyby both discouraging data theft from being attempted and by stopping data theft inprogress.

The two-man rule helps cut down on worries about a rogue or disgruntled em-ployee doing nefarious things with a company's data. Without the two-man rule,an upset employee could scan his or her own employee badge (or steal a co-worker's) and then have unlimited access to servers. With the two-man rule, thatsame employee would have to use two different cards to gain access to the racks.

• The two-man rule helps discourage data theft from even being attempted.With a single-scan system, any thief or hacker would need only to steal or clone a single card to gain access to server racks. With the two-man rule, two different cards would be required, doubling the effort and risk necessary to illicitly acquire the cards.

• The two-man rule ensures that only authorized employees have access to server racks. When only a single card is required to be scanned for access to a rack, it's entirely possible for a person to steal a co-worker's card to scan his or her way in. However, having two people present ensures that there's always someone to verify the identity of the other party involved.

continued on page 8

January 2018 8

Data Center Security, cont’d pg 7

How can you implement the two-man rule at your data center?

By now, it's pretty clear that the two-man rule is an important and necessarysecurity measure at data centers bothlarge and small. So how can you takesteps to institute a two-man rule at your site?

Some software programs offer a featurecalled multi-party control, which re-quires that two cards with authorizedaccess to the rack be scanned within tenseconds of one another in order for aserver rack door to be opened. Multi-party control is the two-man rule, justwith another name.

Dan Ryan is a web content specialist at BradySecurity Group.

Article and photo reprinted frominsights.identicard.com/blog

Anti-Money Laundering, cont’d pg 1

The ACAMS membership is diverse and cuts across the public/private realm of in-dustry and government. Members come from sectors such as anti-money launder-ing officers, compliance officers, government regulators, lawenforcement/intelligence agencies, internal and external auditors, risk managers, at-torneys and CPA’s, investment advisors, real estate compliance specialists, and con-sultants.

Much like ASIS, they offer certification. Like CAMS-Audit and CAMS-FCI certifi-cations, the Certified Anti-Money Laundering Specialist (CAMS) credential andACAMS Advanced are recognized as gold standards in AML certifications world-wide.

As money laundering and terrorist financing threaten financial and non-financialinstitutions and societies as a whole, the challenge and the need to develop expertsin preventing and detecting financial crime intensifies.

Internationally-recognized, the CAMS credential identifies those who earn it aspossessing specialized AML knowledge. AML professionals who earn the CAMSdesignation position themselves to be leaders in the industry and valuable assets totheir organizations.

Conferences – Both national and international meetings bring the latest trends andstrategies to fight money laundering; provide networking opportunities to discusswhat’s working and not working in other parts of the country/world.

ACAMS in Boston

Launched in June 2010, the mission of the Greater Boston Chapter is to supportthe goals of the larger ACAMS organization in providing outstanding learning andtraining events for career development and professional networking for our com-munity professionals. The Chapter fulfills this mission by organizing meetings,workshops and events of local interest and presenting various speakers who are sub-ject matter experts. By joining and participating in the Chapter, you can keep yourAML skills up to date in this ever-changing environment. The Chapter’s executiveboard is comprised of industry professionals from both the private and public sec-tor in and around the Boston area.

Why Omnium?

Comprehensive Suite of Professional Services20 Years National and International Experience

Extremely Qualified Personnel – Highly Respected Organization – Unmatched Professionalism 24-hour Global Security Operations Center

Consulting• Workplace Violence• Threat Assessments• Security/Integrity Audits• Technical Security Counter Measures• Travel Advisories

Training • Staff Training• Executive Protection• Active Shooter Preparedness• Guardian Safe School Program™• Security Awareness

Protection• Hotel/Hospitality Environments • Executive Protection• Event/Conference Security • Secure Transportation• Film Production/Talent Security

844.9.OMNIUM or 844.966.6486 | www.omniumpg.com | facebook.com/omniumprotectiongroup303 wyman street, suite 300, waltham, ma 02451-1208

omnium protection groupi

intelligent solutions

Send Us Your News!

Share your knowledge of the security industry by writing forThe Security Beacon. Email articles and photos torichard_zupan@identicard.com