|
Security Features -
December 2008
Security
Industry Authority celebrate one year of regulation with
reception at the Scottish Parliament
The Security Industry Authority (SIA) marked one year of
regulation within the private security industry in Scotland
with a reception at the Scottish Parliament on Wednesday
12th November, 2008. Bill Aitken MSP, the Convenor of the
Justice committee and Ruth Henig, the Chairman of the SIA
addressed the event, hosted by Margaret Mitchell MSP. In
attendance at the event, were a raft of individuals from
the private security, sport and construction sectors and
senior officers from the police service.
Significant progress has been made in creating greater professionalism
within the private security industry in Scotland. Since
November 2007, those operating in designated security roles
must be trained, qualified and hold an SIA licence. Regulation
in Scotland has helped protect the public by preventing
unsuitable or poorly trained people from working in the
private security industry and by raising standards of service.
Baroness Ruth Henig CBE, Chair of the SIA, said:
“I was delighted by the successful reception we held
at the Scottish Parliament. It provided an excellent opportunity
to discuss the benefits of regulation and to hear the insights
of those attending. The private security industry will play
an increasingly prominent role in Scotland with a range
of public sector construction projects on the horizon and
in the run up to the Commonwealth Games 2014. Also, the
timing of this event was apt in the run up to the festive
season where private security plays an integral role in
the leisure and entertainment sectors in this period.”
The SIA’s ‘Enforcement’ pages can be found
here: www.the-sia.org.uk/enforcement
Lisburn Company
Receives Coveted Industry Award
 Federal
Security Services, based in Lisburn is the largest provider
of security services on the island of Ireland. Their team
of over 3,000 dedicated professionals has been awarded a
prestigious industry accolade from Skills for Security,
the Skills and Standards Setting Body, for the UK security
industry.
The award for ‘Contribution to Skills Development
and Training’, sponsored by the National Open College
Network (NOCN), was presented to the organisation at the
Skills for Security Conference at the La Mon Hotel, Co Down,
on 4th November.
Federal Security Services demonstrated that the organisation
undertook a training needs analysis for their management
and staff, so that they could tailor their training requirements
to match those required by each of their individual clients.
The training that was implemented has produced higher standards
of work performance, effective management and implementation
of change, encouragement of team spirit, increased retention
rates as a result of greater job satisfaction and the development
of a multi-skilled workforce.
Shauna Rogers, Federal’s Human Resources and Diversity
Manager comments, “We are dedicated to the achievement
of excellence and have developed bespoke training plans,
with support from the Institute of Leadership and Management,
which has seen 11 of our managers complete Level 5 qualifications
and all of our supervision teams studying for Level 3 qualifications.
We are extremely pleased that our efforts have been acknowledged
and hope this sets a precedent for the industry.”
The entry particularly impressed the independent, judging
panel which comprised of Editors from some of the leading
trade press publications, who commented that this was “An
excellent entry, that demonstrates training as a means to
an end, to benefit both clients and themselves and that
their entry sets a benchmark for peers to follow.”
David Greer, Chief Executive, Skills for Security said,
“The standard of entries this year was very high and
the judges had a hard task to identify a winner. Federal
is providing a perfect example of how continuous training
and development of management and staff can contribute to
the company’s objectives and ultimately have an effect
on their bottom line.”
For further information please contact Ian Melanophy, Head
of Operations at Federal Security Services, on 02892 622
211 or email ian.melanophy@federalsecuritygroup.com
Security
should be a matter of priority for all CEOs
Following the Information Commissioner's call for Chief
Executives to take responsibility for data protection safeguards,
the British Security Industry Association is emphasising
that all aspects of security should be a matter of major
priority for organisational heads.
BSIA Chief Executive, David Dickinson, comments: "Data
protection safeguards are essential to any business in terms
of the security of both the organisation itself and the
customers that it serves. With identity fraud a spectre
that continues to haunt both the public and private sectors,
it is particularly important that data is disposed of securely
by a professional information destruction company to ensure
that any confidential waste does not fall into the wrong
hands."
"However, the issues highlighted by the Information
Commissioner have a resonance beyond that of just data security.
The BSIA believes that security in its widest sense should
be a matter of major priority for all CEOs. By ignoring
the importance of security, an organisation lays itself
open to all manner of risk in terms of damage to assets,
people and reputation as well as potential downtime for
the business itself. By taking an active interest in ensuring
quality security solutions are in place, such risks will
be minimised, protecting your staff and customers and potentially
leading to long-term cost savings."
For more information visit www.bsia.co.uk
Sophisticated
CCTV Solution For Silverburn
 Silverburn,
Scotland’s newest shopping destination can make claims
to have one of Europe’s most technically advanced
security systems with two leading manufacturers, Vicon and
Cortech, working closely together to provide a sophisticated
video management system.
According to Centre Manager George Reader, since opening
the shopping centre has been a huge success with customers
flocking from all over South Glasgow to enjoy the shopping
facilities. “Along with that success comes a responsibility
to ensure that all our visitors, as well as the people who
work in the shops and restaurants are kept safe. We therefore
wanted to equip our security management team with the very
latest CCTV technology to enable them to effortless monitor
activity throughout the shopping centre and be able to react
quickly to any incident.”
Silverburn near Glasgow comprises five distinct shopping
areas. Collectively, The Crescent, The Square, The Lane,
The Circus and The Garden comprise over a million square
feet retail space plus a large number of cafes and restaurants,
whilst the centre’s multi-storey car park provides
shoppers with the convenience of 4,500 car parking spaces.
The specification for the CCTV system needed Vicon and Cortech
to work closely together to provide a sophisticated system
which fully meets the shopping centre’s immediate
requirements whilst also having virtually unlimited built-in
expansion capabilities.
Vicon has provided the CCTV hardware including 240 dome
cameras which are a combination of their highly successful
Surveyor and VC-600 models, as well as 15 Kollector Pro
digital video recorders which are capable of recording and
storing video at high frame rates for up to 31 days. Together
with keypads, monitors and a Vicon matrix switcher, the
domes and DVRs are all networked. The system management
software that drives the “front-end” was supplied
by Cortech Developments who cooperated with Vicon to ensure
that Silverburn took delivery of an effective and easy to
operate integrated security solution.
George Reader added: “Since the system was installed
by Niscayah (previously Bell Security), we have been very
pleased with its reliability. Security personnel in our
control room have been impressed with the functionality
and flexibility of the Vicon CCTV equipment and how easy
it has been to control via the Cortech graphical user interface.”
MITIE
wins Port of Felixstowe security contract
Following a competitive tender, MITIE, the strategic outsourcing
and asset management company has been awarded a significant
contract to provide security services at the Port of Felixstowe,
part of the Hutchison Port Holdings Group.
Under the three-year contract, MITIE are working in support
of the port’s own police force to create a safe and
secure environment for all staff and visitors at one of
Europe’s largest container terminals.
The team of over 60 officers are responsible for controlling
access points to the port, undertaking vehicle searches
and for providing 24 hour patrols across the 150 hectare
site to meet the requirements laid down by the Department
for Transport.
The success in winning the security contract further enhances
MITIE’s presence in the aviation and transport sectors
as well as at the Port of Felixstowe where it already provides
a range of catering services.
Tony Medhurst, who heads up MITIE’s transport security
team, commented: “The provision of effective security
at UK ports is essential in protecting the critical national
infrastructure. We’re delighted to be working with
the local management team and the Port of Felixstowe to
support them in creating a safe, secure environment for
all staff and visitors. This success reinforces our capabilities
of working in DfT regulated environments”
Larger
Security Companies join IPSA
 The
International Professional Security Association (IPSA) has
experienced an interesting new trend as several large security
companies have joined the Association.
In recent months Carlisle Security Services Limited and
GBM Services Limited, two UK companies both with 2000+ staff,
have joined ranks with existing members such as ISS Pegasus
Security. Other new companies and in-house security teams
to join or apply to IPSA this year are Schutzhund Security
Limited, Protea Security Limited, Ultimate Solutions (UK)
Limited, Metro Guards Limited and Bradford College Security
Department.
Currently 57% of eligible IPSA member companies are also
registered on the SIA Approved Contractor Scheme with the
remaining 43% being inspected for compliance with British
Standards by either IPSA inspectors or UKAS accredited inspectorates
such as SSAIB and NSI. The number of ACS registered companies
re-enforces the Association message that companies should
become or retain membership of security associations in
addition to whichever of the voluntary quality assurance
schemes they choose. This ensures that the have the means
of effective representation in addition to direct participation
in stakeholder consultation groups.
Speaking about his company’s decision to join IPSA,
Richard Chappell, Managing Director of Carlisle Security
Services Limited, said “I made the decision for Carlisle
Security to join IPSA. I felt that in the changing security
world post regulation it is important for our company to
align itself with a professional body who I felt could be
a voice to champion the industry issues on behalf of its
members. We believe that IPSA represents that type of professional
body that will challenge traditional thinking and be inclusive
to all members. I believe that the industry needs a brighter
more modern voice and one that is inclusive.”
Justin Bentley, IPSA Chief Executive Officer, said “We
believe that it is important for security companies to be
members of a professional or trade association. There are
a number of choices open to companies and individuals, and
we consider that IPSA offers its members a high quality
of service, whilst keeping prices realistic. This is particularly
important in the current economic climate.”
Paul Trendall, Commercial Director of Carlisle Security
Services Limited, added “It's important to pick your
friends wisely and in the case of IPSA we have the pleasure
of being associated with the UK's oldest professional body
for the security industry. Having been impressed by IPSA's
commitment to the security industry, and its selfless approach
to working on behalf of its members; recommending to my
colleagues that we join IPSA was a pleasantly easy decision
to make.”
IPSA Chairman Patrick Somerville says “ IPSA has been
working hard to show that it can deliver a good service
to both companies and individuals in the industry. These
new members have made appropriate commercial decisions and
their example should be an encouragement to others to consider
the benefits of association membership for their companies
and their staff.”
When
the Hacker Is at the Door
How to get what you need from executives
by Richard Kirk, European Director, Fortify Software
Do you feel like you’re shouting about “IT security”
in the wilderness these days?
Does your boss understand how crucial security is to the
integrity of your enterprise?
Does your boss think that you’re crying wolf every
time there’s a new threat to your business applications?
Know your audience
The history of relations between management and the frontlines
of IT security traditionally has been fraught with fear,
uncertainty and doubt, according to Jennifer Bayuk, information
security specialist. While IT may know that software is
vulnerable to attack, communicating that to the “suits,”
and getting a response in terms of a comprehensive strategy
and increased budget, is often a challenge.
So IT professionals “cry wolf” to get attention,
but this tactic has resulted in management becoming immune
to their security concerns. Bayuk says, “Even when
IT administrators thought it worked, it didn’t. The
best business managers are comfortable with risk, and security
risk is just another risk for them,” she says.
But network managers, as well as other IT professionals,
must find a way to help executives grasp the security hazards
of buggy or poorly designed software vulnerable to attack.
Network managers are often in the position to manage risks
because they understand the software that makes up their
network, according to Gary McGraw, author of Building Secure
Software, in an interview on linuxsecurity.com
IT professionals must translate their concerns into how
they affect business processes. In order to approach an
executive effectively, Bayuk stresses the importance of
IT doing the following:
Recognize how the executive understands the applications.
Determine how the organization uses these apps.
Help the executive to understand how staff use the company
applications and what these apps mean to day-to-day business.
Explain how specific applications can improve business.
Once IT administrators understand the way executives think
about software, they can approach management with a plan
for action.
You speak tech, they speak business
How do you overcome this language barrier? Bayuk outlines
three concrete ways to approach management. She recommends
that you show rather than tell, put it in their terms and
use compliance as an attention-getter.
Show how a security problem relates to a business problem:
First, instead of showing your boss an isolated set of technical
security statistics on how many times software security
was compromised, give her evidence of how a security problem
relates to a business problem. For instance, show management
how client-use metrics fell when there was a security hole.
She’ll see that the security gap cost the company
clients and, therefore, money.
Correlate business with security issues and concerns: It
takes a solid strategy to get the attention and budget necessary
to manage security effectively. In that case, IT has to
speak to management in “business speak,” a jargon
equivalent to the lingo technical geeks use. If a business
manager says “huh?” and looks like he doesn’t
know what you are talking about, boil it down to his business
terms; explain what faulty security means for customers
and for the financial well being of the enterprise.
Build your case with compliance: Say your boss thinks of
IT security as a nagging problem and she’s only interested
in patching things up and moving on; perhaps she’s
heard this song and dance too many times. So how do you
get her attention? The best approach is from a business
angle, such as governance, risk and compliance (GRC). Those
on the business side understand these issues, and over the
past few years, there’s been a big push in those arenas.
Once you get your executive’s ear, lay out two things:
1) the company has to create a budget with enough funding
for software to secure data; 2) management needs to understand
the importance of IT governance and the role of securing
company data.
Application Security — a business need versus an IT
function
To board members and corporate governance teams, IT security
issues are becoming more important. So IT professionals,
whether they like it or not, also have to learn the language
of enterprise and corporate governance.
It’s your job to remind these folks that IT has become
more important to achieving company goals and that information
security (including application security) is an integral
part of IT governance. IT executives must educate C-level
executives so they can understand the message: IT governance
is more than just security controls or audit-related controls.
In fact, managing operational and IT risk has surpassed
regulatory compliance as the top governance priority, according
to an April 2008 report by AMR Research.
In addition, The Harvard Business Review found that firms
with more effective IT governance had more senior management
involved in the process. If the CIO isn’t involved,
successful IT governance might be a difficult goal to attain.
Certified in the Governance of Enterprise IT (CGEIT)
If your boss has little knowledge of how the rest of the
world is thinking about these issues, you also might try
educating him or her about CGEIT, which in the past 10 years
has legitimized IT governance.
As IT governance issues have become more important, a certification
process has emerged. The certification acknowledges that
IT governance is integral to corporate and enterprise governance
and, according to the Information Systems Audit and Control
Association (ISACA) Web site (www.isaca.org), the certification
is meant to:
Support the growing business demands related to IT governance.
Increase the awareness and importance of IT governance good
practices and issues.
Define the roles and responsibilities of the professionals
performing IT governance work.
This certification, which is expected to be recognized and
adapted as a “best practice,” could help business
executives, or your boss, understand the growing need for
tighter IT security and governance from the top down. Management
must acknowledge the need to include IT security at the
strategic level in organizations. Rather than trying to
push the IT agenda with “cry wolf” strategies,
know you audience and speak in their terms.
As successful businessman Robert Half says, “Convincing
yourself doesn’t win an argument.”
Bayuk agrees and adds that to get buy-in and the budget
you need to achieve your goals, you must share the pros
of security with the powers that be - in their language.
|
