ASIS International

Exhibitor Profile: AMAG Technology, Inc. (Booth #1239)

AMAG Technology provides an end-to-end solution that includes access control, video surveillance, intrusion detection, identity management, visitor management, and incident management. Products are powered by a robust policy-based platform to help security operations mitigate risk, reduce cost, and maintain compliance. At the heart of the AMAG solution is the Symmetry™ Security Management System, which provides intelligent networked solutions scaled to manage the security challenges faced by both small, remote facilities as well as multinational organizations around the world.

In this video, Director of Business Development Kami Dukes talks about RISK360, AMAG’s new incident and case management solution that investigates and analyzes incidents to help organizations operate more efficiently, save money, enforce compliance and mitigate risk.

RISK360 is a highly configurable, workflow based solution that empowers security teams to capture information, perform assessments and identify risks, giving companies a clear picture of what is happening on their premises. Organizations can track the time and expenses spent on incidents, monitor resource allocation and use that data to streamline processes and save money. Robust reporting with customized dashboards help companies work smarter and meet compliance requirements.

Available as a Software as a Service or as an on-premise solution, RISK360 operates on all modern browsers and mobile operating systems including IOS, Windows and Android.

RISK360 integrates seamlessly with Symmetry Access Control software. Events in RISK360 are communicated to Symmetry Access Control, and alarms in Symmetry generate events in RISK360. The integration creates Be On the Lookout (BOLO) flyers and automatically terminates a user’s access in Symmetry, providing a safer environment.

RISK360 also helps manage security personnel with guard tours, daily activity reports and passdown logs. Users can leverage computer aided dispatch to identify the closest available responders, saving time and improving efficiencies. Organizations can also capture site specific information using geospatial analysis, perform assessments and notify teams of risk.

For more information, please visit www.amag.com, call 310-518-2380 or email an AMAG Business Development Manager. Or visit us at booth 1239 at GSX, September 24-27, 2018.

Medical Cannabis Security: From Seed to Sale

By Tim Sutton, CPP

In more states than not and in an increasing number of countries around the world, medical cannabis security has become a unique new challenge. In the U.S., twenty-nine states and the District of Columbia have enacted laws legalizing medical cannabis. Cultivation, processing, and dispensing organizations present both shared and unique risks and each state has its own set of rules, regulations, and governing bodies. Join us as we move through all phases of medical cannabis security, beginning with the permit application and continuing through to patient sales. Explore how to demonstrate compliance with varying rules and regulations while providing a safe and secure environment for employees and patients. Study factors in operating multiple sites in multiple states across multiple levels.

At GSX, we’ll explore the complexity of securing the medical cannabis industry and the many challenges faced by Security. The permit application process and security plan are unique to each state’s rules and regulations. Explore how to meet some of the more difficult requirements for compliance and learn about some examples of noncompliance. Learn also about the commonalities and differences across different locations.

We will discuss case studies from several states. There is no cookie-cutter template that will ensure success. The security plan is weighted as 25-30% of the total scoring of permit applications and is much more than cameras, locks, and security personnel. Discover how to integrate ASIS ANSI Security Standards throughout the process as we discuss the core elements of a security plan in the medical cannabis industry used today in operations across multiple states.

Join me on Tuesday 25 September for Securing the Medical Cannabis Industry from Seed to Sale.

Tim Sutton has nearly 30 years experience in loss prevention, safety, and security with more than 20 of those years in management. He has worked in both operations and administrative capacities for some of the largest and most prestigious regional and international companies. His experience in retail, manufacturing, chemical, public and government housing, schools, and hospitals and their specific safety and security needs has helped build his unique perspective and skill set. As Director of Security for GHG Management, Tim is responsible for any and all security concerns including the designing of electronic security systems and all physical security programs within the company’s 12 Medical Cannabis Dispensaries, and Medical Cannabis Cultivation and Processing Centers in IL, MD, and PA.

Exhibitor Profile: Orion Entrance Control, Inc. (Booth #521)

Orion Entrance Control, Inc. manufactures optical turnstiles for corporate, government, and university lobbies. Orion’s turnstiles allow easy entry for employees and visitors. The turnstiles range from a high-security bi-parting full glass speed lane to a four-inch-wide pure optical pedestal. With an award-winning design coupled with infinity lane control software, Orion can meet or exceed any specifications to ensure that lobbies are secure. Its state-of-the-art turnstiles are hand-built, high-quality products made in the U.S.

Exhibitor Profile: Johnson Controls

Johnson Controls: Booth #2217
Johnson Controls, Security Products: Booth #2015

Johnson Controls is a global diversified technology and multi-industrial leader serving a range of customers in more than 150 countries. Its 120,000 employees create intelligent buildings, efficient energy solutions, integrated infrastructure, and next-generation transportation systems that work seamlessly together to deliver on the promise of smart cities and communities. The company’s commitment to sustainability dates back to its roots in 1885, with the invention of the first electric room thermostat. Johnson Controls is committed to helping customers win and to creating greater value for all stakeholders through its strategic focus on buildings and energy growth platforms.

Cyber Protection Program

Johnson Controls’ approach to cyber protection is aimed at providing peace of mind to our customers. It’s holistic cyber mindset begins at initial design concept, continues through product development, and is supported through deployment, including a rapid incident response to meet the comprehensive and evolving cybersecurity environments. It’s methods include the ability to provide cyber resilient systems with a range of capabilities to complement the diverse security needs of their customers.

They have invested in establishing a centralized dedicated Global Product Security team that is focused on managing cyber practices with governance to enforce compliance and is disciplined in executing these as they understand what is at risk otherwise.

Since protecting against cyber threats is a shared responsibility, Johnson Controls engages in market facing programs to provide customer engagement, education, and thought leadership to help their customers achieve success in their mission of a more secure system. To register for security advisories or to receive additional information about the Cyber Protection Program you can sign up via a registration form on their website.

View Johnson Controls on the GSX 2018 floorplan.

Business Continuity for the Aftermath of an Active Shooter Incident

By Hector Sanchez, MBA; CPP

Here we are just over 151 days into 2018 and we already have “473” injured and ”202” killed in active shooter incidents with over 7 months remaining in 2018. There are many reasons why such horrible incidents take place, but the impact is deeply felt throughout our society and the effects are long-lasting. The Department of Homeland Security had developed and tirelessly communicated their “run, hide, fight” approach, via any and all means available; yet victims outnumber the calendar days this year 2:1 with over half the year remaining. There isn’t a solution to this epidemic that continues to metastasize within our society with no end in sight; so, what is there to do?

Here are the 5, 4, 3, 2, 1 considerations to take:

Five (5) actions to take
1. Develop an action plan considering the worst and work backwards
2. Involve all individuals from your organization
3. Engage vendors, contractors, and customers alike
4. Get Law Enforcement and First Responders to play a part
5. Continuously perform Operational Security Assessments

Four (4) areas that must be clearly explained in your Policies & Procedures
1. Incident Management Plan
2. Visitor Management Program
3. Strong CPTED Operational Philosophy
4. Workplace Violence & Active Shooter Insurance

Three (3) Principles to live, operate, and exist by (ASIS)
1. Policies, Procedures, & Protocols (3Ps)
2. Technology, Tools, & Techniques (3Ts)
3. Internal, External, or Hybrid Security HR

Two (2) Operational security incident outcomes of an organization
1. It will survive after the incident because of the readiness level it operated under, or
2. It will perish because it operated under false pretences that “it will never happen to us”

One (1) real fact…
1. It’s not if it happens but when it happens that organizations should operate under

Take action using the previous points or reach out to someone that can help your organization!
Join us on September 26 in Las Vegas, NV at the Global Security Exchange (GSX) from 11:00-12:15 for a live presentation on such an important, valuable, and relevant topic that’s impacting everyone today. I look forward to meeting everyone there!

Managing Cyber Extortion Crises

To be presented by: Lynn de Vries, CPP, PCI & Erik de Vries, CPP

Managing a crisis is always a challenge. But managing a crisis about something that is completely out of your comfort zone can be even more challenging. This is more and more the case as non-technical security professionals have to grapple with how to manage increasingly prevalent cyber extortion crises, including ransomware.

Whether or not they are part of the organization’s crisis team, the (non-cyber) security professional is often the first point of contact when a crisis hits. The most important thing to understand is that, no matter the cause, in most cases, crisis management is about communication and protecting the organization’s reputation. A cyber extortion crisis is no exception. Even though you may not be a cyber professional, knowing which steps to take can help you manage any crisis, even cyber.

Preparedness is always the best response. But where to start?

Using the business impact analysis as the first step in a comprehensive risk management approach is the best starting point from our point of view. The next steps are selecting and training the crisis team(s) and developing a well thought through crisis plan.

One cannot prepare for all kinds of crises. Adopting the all hazards approach and preparing checklists for the most likely scenarios will help crisis teams to be prepared, even though we all know that a crisis never develops as expected.

Apart from the experience of participating in a short but intensive cyber extortion crisis desktop exercise during our training session, attendees will be offered a step-by-step approach to develop or re-define their crisis plans.

Join us at GSX on Wednesday the 26^th of September for our session: Managing Cyber Extortion Crises.

International Buyer Program at GSX

ASIS International is proud to be a participant once again in the U.S. Department of Commerce International Buyer Program (IBP), which recognizes the importance of Global Security Exchange to the security industry worldwide.

We invite you to join an IBP delegation from your country to take advantage of exclusive benefits and registration rates for Global Security Exchange (GSX), taking place 23-27 September in Las Vegas, Nevada, USA. Connect with your peers and colleagues from around the globe to explore the trends and technologies driving the security industry.

To discuss attending GSX and receive a special registration code, please contact the Commercial Service Specialist at your local U.S. Embassy or Consulate. Take the next step by finding your delegation. You can also download a multilingual brochure below.

GSX Multilingual Brochures

Letter of Invitation

To receive a letter of invitation, you must first register for GSX; however, registration fees will be refunded if the visa was applied for in time and proof is shown that a visa could not be granted.

The Dark Web: Protecting Brand, Reputation, and Assets

What makes the dark web?

By Cynthia Hetherington, The Hetherington Group

The Dark Web, or darknet, is classified as a small portion of the World Wide Web that has been intentionally hidden and is inaccessible through standard web browsers. There is no “darknet Google.” Darknet sites are often put up and taken down within a matter of minutes specifically to maintain anonymity. The entire drive behind the dark web is anonymity—and privacy.

The most famous content that resides on the Dark Web is found in The Onion Router (Tor) network, accessed with a special web browser, called the Tor browser (www.torproject.org). This is the portion of the Internet most widely known for illicit activities because of the anonymity that the Tor network gives.

The backbone of the WWW works because there are online directories, known as domain nameserver (DNS), handing off your search requests to the real location of the site. It’s often easy to remember a domain name—especially if it’s a catchy name. But it’s the Internet Protocol (IP) address—the number—associated with the URL name that is the true language the Internet understands. For example, you type in hetheringtongroup.com and hit Enter. Up pops the website for the Hetherington Group. But what’s truly happening is this: the browser sends your hetheringtongroup.com address to a DNS and is handed back the actual IP address, which is 209.177.145.48, and at the same time takes you to the Hetherington Group website. To better understand, try typing in 209.177.145.48 and hit Enter. You will be taken to the Hetherington Group website. But hetheringtongroup.com is a heck of a lot easier to remember than 209.177.145.48, eh?

On the darknet, however, there are no DNS servers. You must know where you want to go and what you are looking for; you must have those specific coordinates beforehand to locate what you want on the darknet. Otherwise you will not find it. More importantly, it can’t be indexed or mapped, which is what makes it anonymous.

With caution, a good way to start eyeballing the dark web is to try a few websites that try to create a searchable platform. Some of those beginner websites are:

• The Hidden Wiki (torhiddenwiki.com): It’s like Wikipedia for dark web content, or Yahoo’s subject directory.
• Onion Link (onion.link): Uses Google’s API on the links and content they have located. A search on, say, puppies in surface web Google would give very different results than the same search would give on Onion Link.

These accessible sites and others that lead to your assets and brands, are the type of practical dark net matter we will be sharing September 25 at GSX 2018! Join me for Session #5105, The Dark Web: Protecting Brand, Reputation, and Assets.

Karen Marquez Memorial Honor Nominations Are Now Open

Annual Honor Recognizes Outstanding Women in Security

The Karen Marquez Honor is presented annually to a female security professional who has consistently worked for the betterment of the security industry over an extended period (minimum 15 years experience or equivalent—law enforcement/military, or 10 years experience or equivalent—law enforcement/military—with an ASIS Certification).

The candidate must be a member of ASIS International in good standing (or Life Member) at the time of the award. The nomination must identify contributions the individual has made to the Physical Security Industry. The candidate must attend Global Security Exchange (GSX 2018) to be considered. This is noted in the nomination form as well.

Mrs. Karen Marquez was the Co-owner and Executive Vice President of MVM, Inc. a physical security services firm based in Virginia. Karen passed away in 2006 after a long battle with Cancer. During her 23-year career in security, Karen developed and implemented core administration and support functions at MVM, including finance, billing, recruiting, and human resources processes. A member of the National Association of Women Business Owners, the Fairfax County Chamber of Commerce, and the National Association of Female Executives, Mrs. Marquez brought her hands-on expertise to global management issues.

In 2006, in memory of MVM’s co-founder Karen Marquez, MVM established the Karen Marquez Institute for the purpose of helping Hispanic students obtain a college education. In 2010 the Karen Marquez Institute was transformed into the Marquez Foundation, a not for profit organization to honor Karen Marquez and the causes she had a great deal of passion for.

“During her 25-year career as a business executive, Karen always appreciated the value a college education could give to employees in the business world,” said Dario Marquez, husband of the late Karen Marquez. ” Today, Karen’s dream is being realized through this Institute which bears her name, and as a family, we are proud to support her memory.”

To nominate an ASIS member for the Karen Marquez Memorial Honor, please fill out the nomination form and follow the instructions for submission.

GSX: By The Industry & For The Industry

Welcome to the GSX blog. On behalf of the HQ team, we’re excited to be able to share program news and updates, offer sneak peaks of the education and technology you will experience in September, and provide behind the scenes glimpses of what it takes to put on the industry’s flagship event. This blog will help you connect with fellow attendees, speakers, companies, allied organizations, and partners that will be at GSX, as well as put faces to the names of HQ staff that serve the membership and the profession throughout the year.

Building on our 64-year legacy of event distinction, the newly rebranded GSX will bring the full spectrum of security together for one powerful global event. Our modernized education, transformed exhibit floor, and refreshed networking events are just the beginning of the event enhancements that will continue in the years ahead. And, it’s clear the industry has taken notice. Already we have seen:

Record-setting number of education proposals and a blockbuster 300+ session education lineup
An allied partners program that continues to grow
Significantly increased attendee and exhibitor satisfaction
Expanded opportunities to engage attendees with more theaters, immersive learning experiences, and career center programming

And, with four months to go and more announcements on the horizon, all signs point toward an experience in Las Vegas that will truly be talked about all year ‘round.

And this excitement extends beyond GSX. Growth, engagement, and satisfaction for all our global events continue to rise. From the exclusive content and conversations at our CSO Summit to the jam-packed ASIS Europe in Rotterdam—and with record attendance predicted for ASIS NYC—GSX is poised to deliver an extraordinary experience for both attendees and exhibitors alike.

In the days ahead, we’ll be sharing details related to every aspect of the attendee and exhibitor experience in Las Vegas. For today, I’d like to end with this thought:

There are a lot of industry events you can choose to attend. Security practitioners and product and service providers have options. Some event organizers are focused on selling you a product, sending you on your way and seeing you again in a year. At GSX, you can take pride knowing your event investments aren’t just funding the bottom line for a corporate entity. As the leading association for security professionals worldwide, ASIS serves the profession all year long and reinvests proceeds from GSX back in the profession each and every day in the form of professional development, certification programing, resource development, and best practice sharing. Convening the industry at GSX to share insights and highlight technologies and services driving the industry forward is a critical component of that strategy. Everything about ASIS International – and Global Security Exchange – is truly informed and driven by the industry and for the industry.

So I’ll close by saying thank you. We appreciate your continued support as it allows us to address critical industry issues together…as a community, both in-person at the event and all year long. Together we will make the communities where we all work, live, and play safer, smarter, and more resilient.

Ron Rosenbaum
Chief Global Marketing & Business Development Officer | ASIS International

Outstanding Security Performance Awards Open, New Young Professional Category Added

Nominations are now being accepted for the US OSPAs. The US OSPAs are part of a global awards scheme currently running in eight countries and designed to recognize and reward outstanding performance within the security sector.

Entry to the US OSPAs is open to companies, teams and individuals who have performed at an exceptional level and you can enter as many categories that are applicable.

Nominations are open from today until the 23rd July 2018, and submissions are invited in the following categories:

Outstanding In-House Security Manager/Director

Outstanding Contract Security Manager/Director

Outstanding Security Team

Outstanding Contract Security Company (Guarding)

Outstanding Security Consultant

Outstanding Security Initiative

Outstanding Security Installer/Integrator

Outstanding Investigator

Outstanding Cyber Security Initiative

Outstanding Information Security Company

Outstanding Security Equipment Manufacturer

Outstanding Security Officer

Outstanding Young Security Professional

Lifetime Achievement Award (this is nomination only)

The US OSPAs will be presented on Monday, 24th September 2018 at the Global Security Exchange (GSX), which is taking place in Las Vegas.

The judges are nominated by leading security associations across the US who proactively support and participate in these awards. All judges sign up to an ethics policy and mark independently. The criteria for each category as well as full details on how to enter are available on the OSPAs website.

Professor Martin Gill founder of the OSPAs says, “These awards provide the opportunity for global recognition of exceptional performance. The awards are increasingly being recognized as one of the highest accolades a security professional or company can receive. Finalists and winners will be promoted not just across the US but across the world.”

3 Myths and Tips of Campus Security (Education & Houses of Worship)

by Garret Macrine

3 myths of campus security for educational institutions and houses of worship

1. “A security guard or officers on campus will give the atmosphere of a prison or make people feel like they are under siege.”
2. “Schools and places of worship are impossible to secure as anyone can enter at any time by the very nature of their intention and design.”
3. “If only we had 360 security camera coverage we would be safe as clams with all that monitoring and detection.”

3 things you should know about campus security for educational institutions and houses of worship

1. Security is unimportant to them, a divisive topic and burdensome… until someone gets hurt.
2. They may believe firearms on campus will ultimately lead to their use on campus and further vulnerability to violence.
3. Run, Hide, Fight cannot work in a church or synagogue as there is nowhere to run and hiding depends on luck.

Garret Macrine will present on “Israeli Security Best Practices for Law Enforcement and Physical Security Professionals,” at GSX in September.