Security Solutions Magazine Issue 98 Digital Version by Interactive Media Solutions

AUSTRAL ASIA’S LE ADING SECURIT Y RESOURCE FOR BUSINESS AND GOVERNMENT

Using Data to Unlock The Hidden Value In CCTV

#98 NOV/DEC 2015 $9.95 inc GST / $10.95 NZ ISSN 1833 0215

APPreciate your security! WITH Videofied, a key player in the alarm system market!

On detection, the wide-angle camera records a colour video clip.

Depending on the selected panel: • Operates up to 4 years on one set of batteries • Quick installation wireless or powered • Alarm video sent over GPRS / IP • Connected, accessible, portable, usable anywhere

The video is sent to the monitoring station.

The monitoring operators can watch the video of the intrusion in real time, removing any doubt!

When there is a genuine intrusion, the monitoring station calls the police or required response...

Security

Peace of Mind

Connected

VIDEOFIED®, simply closer to you...

From your office, holidays or anywhere in the world, the APPlication allows you to check Videofied systems on your smartphone. It’s a real interactive tool between you and the panel. The APPlication* allows you to genuinely APPreciate your security system.

*Contact your distributor / Videofied dealer to upload your application for smartphones. Compatible with iPhone and Android

CONNECTED PRODUCTS THAT APPRECIATE YOUR SECURITY!

CALL US

NOW FOR EXCITING NEW PRICING!

1300 46 44 55

W PANEL

info@videofied.com.au www.videofied.com.au

APPRECIATE THE MODERN TECHNOLOGY!

The W panel is a wireless alarm system which adapts itself to the availability of transmission networks. During an intrusion, the W Panel is able to transmit alarms and videos on the ETHERNET network or GPRS. W-IP720 PANEL

W-IP730 PANEL

Hardwired inputs / outputs

Optional module (WIO100)

Wired siren

Optional (WIS100)

GPRS Communication IP transmission

The wireless system with colour video verification Thanks to its wireless capability, the Videofied system is easily installed. It also transmits wirelessly through GPRS cellular communications.

Number of devices Power supply Radio

Mains power (WPS100) with battery back-up

915 MHz

OUTDOOR MOTION VIEWER

Programming Button

 Combine Indoor & Outdoor systems  Extend security to protect outdoor assets

 IP65 - All weather anywhere security  100% wireless battery operation  Fast and Easy installations

Detector VGA Day/Night Video camera

Infrastructure

Marine

e-Guarding

Industrial

Commercial

Warehousing

Infrared LED Input/Output Integration terminals

*New model (as pictured) COMING SOON in early 2016

ge n a R n o r o t In Can g

in c u d

EW N he

360-degree Revolving

Auto Tracking

Scream Detection

All Weather Model

Preset Tours

30 X Optical, High Speed 360째 with built-in Auto Tracking

CAPTURE EVERYTHING IN THE HIGHEST QUALITY With a 75 year history of manufacturing state-of-the-art camera and lenses, our new range of Network Cameras set the benchmark in image quality, colour accuracy and low light performance. Select models have super-fast, accurate 360째 rotation with auto tracking; impressive WDR performance; models with IR illumination systems that allow you to see long distances even in complete darkness and fixed cameras with intuitive remote PTRZ-F functionality.

Infrared Illumination

Auto Day/Night

Area Zoom

Intelligent Function

Intrusion detection

See in the dark up to 30 metres with an advanced dual beam Infrared (IR) illumination system

PTZ

• • •

VB-R11VE (Outdoor, 360°) VB-R10VE (Outdoor, 360°) VB-R11 (Indoor, 360°)

Dome

• • • •

VB-M641VE (Outdoor Fixed Dome) VB-M640VE (Outdoor Fixed Dome) VB-M641V (Indoor Fixed Dome) VB-M640V (Indoor Fixed Dome)

Full Body

• •

VB-M741LE (Outdoor w IR) VB-M740E (Outdoor)

All above models have remote PTRZ-F. Disclaimer: Features vary between models. Please review model specification before purchasing.

Available from:

View the complete 25 model range at canon.com.au/networkcameras call 13 13 83 or email specialised.imaging@canon.com.au

MORE REACH

than ever before

Security Solutions Magazine digital version is now available via ISSUU on every platform, everywhere! Download it now and enjoy your favourite security magazine when you like, where you like, however you like. PC, MAC, Linux, Apple, Android, Google and more...

issuu.com/interactivemediasolutions

CONTENTS ISSUE 98

054

COVER STORY UNLOCKING THE VALUE OF SECURITY Security cameras have the potential to offer much more than security: they can function as a source of information that offers benefits to many aspects of a business. Security managers often struggle to get adequate funding for CCTV systems because these systems are seen as a compliance cost. Joel Rappolt, CEO of RocketBoots, a company with a creative approach to problem solving by thinking about problems from both a technical and business perspective, explains how savvy security managers can turn security systems into a value-add that drives business performance and, in doing so, make these systems more valuable to their organisation.

030.

SELLING SECURITY Selling security is not easy due to competing expenditures, coupled with the fact that Australia is essentially a safe place in terms of the overall threat environment. However, there are some sobering issues on the security horizon in terms of terrorism, cybercrime and corruption, along with declining socio-economic conditions, which play into a decreasing sense of community in Australia. We look at some strategies that security providers should keep in mind when discussing potential security requirements with clients.

066.

SELLING SECURITY

030

INTELLIGENCE AS A TOOL FOR RISK DECISION MAKING In this issue, we present the second and final instalment of Codey Ludbey’s examination of how security intelligence can be used as a tool, in conjunction with the familiar security risk management process, to help navigate the uncertainty that faces all corporate security practitioners in their day-to-day decision making.

074.

THE IMPORTANCE OF PROFESSIONALISATION IN THE SECURITY INDUSTRY Alex Webling of Security Professionals Australasia looks at the importance of professional standards in security and the role of professionalisation in the future of the Australian security industry.

098.

SECURITY IN GOVERNMENT 2015 Find out everything you need to know about this year’s Security in Government conference and expo. We bring all the latest news from this year’s event.

102.

KEYS TO CREATING A CYBER-RESILIENT ENTERPRISE Ron Hale, Ph.D, CISM, Chief Knowledge Officer at ISACA, a global association of more than 140,000 cybersecurity, governance, assurance and risk professionals, looks at the importance of creating cyber resilience in corporations.

006 SECURITY SOLUTIONS

THE IMPORTANCE OF PROFESSIONALISATION IN THE SECURITY INDUSTRY

074

Upgrade to IP utilizing coax

eBridge™ Ethernet over Coax Solutions let you repurpose your analog infrastructure to upgrade and expand security or surveillance. Offering a wide range of options for myriad applications – even outdoors. Efficiently transform your coax infrastructure to IP with eBridge.

More than just power.™ altronix.com

•

1.888.258.7669

MADE IN THE USA • LIFETIME WARRANTY

AVAILABLE AT

ASSET SECURITY DISTRIBUTORS LTD • AUSTRALIA: ASDPTY.COM.AU • NEW ZEALAND: ASSETSECURITY.CO.NZ

SECURITY SOLUTIONS 007

ALARMS

SPECIAL FEATURE

086

036

OPERATIONS

040

CONTENTS ISSUE 98

012.

LETTER FROM THE EDITOR

014.

BRIGHT IDEAS

016.

DID YOU KNOW?

070. LOSS PREVENTION What is the value of building an intelligence sharing group amongst companies to achieve more effective loss prevention?

078. AVIATION SECURITY 14 years after the tragic events of the World Trade Centre attacks in the US, Steve Lawson looks at aviation security and asks, has it really improved?

018. SECURITY BYTES Funny stories, tips, tricks, trivia and news from the security industry.

020. CRIMINAL ODDITY

It should be called ‘What not to do to end up in this section’, but alas, we find a special home for those who are met with odd criminal situations and a lack of intellect.

080. LEGAL Q&A What can security integrators do when clients fail to pay their bill?

082.

ACCESS CONTROL Rachell DeLuca looks at some of the more

022. EVENTS CALENDAR A look at upcoming industry events.

interesting trends that appear to be shaping the future of access control in the Australian market.

026.

086.

SPECIAL FEATURE Ranked as the seventh most influential

person in the global fire and security industries by IFSEC International, Director of Perpetuity Research and founder of the Outstanding Security Performance Awards (OSPAs), Professor Martin Gill examines how to achieve success in the security industry.

INDUSTRY NEWS All the latest from the industry.

036. ALARMS Emanuel Stafilidis discusses various strategies designed to help you secure your security system infrastructure.

040. OPERATIONS Richard Kay looks at ways you can structure your security training to achieve positive results.

044. CCTV We present the second of a two-part series that looks at the findings from a national survey by the Australian Institute of Criminology into the use of CCTV by local governments.

050. BUSINESS BEYOND Greg Byrne examines the role of HR Resilience in the future of human resource management in the Australian security market.

062. JUST LAW Justin Lawrence looks at powers of arrest within the security industry.

008 SECURITY SOLUTIONS

094. EMERGENCY RESPONSE Can body worn security cameras help improve first response capabilities?

107.

SECURITY STUFF

108. PROFILES 114. SPOTLIGHT 116.

PRODUCT SHOWCASES

118. SHOPTALK Company announcements from within the industry.

Superior Detection. All the Time.

The most accurate motion detection camera available. Thermal mini-Bulle T Camer a

• Reduce false alarms with more reliable motion detection • Most affordable intrusion detection and video alarm verification system • Easy integration – PoE/12VDC, IP/ MPX(HDCVI)/analog, ONVIF Find out more at www.flir.com/isc-west-dailies

Asia Pacific Headquarters HONG KONG FLIR Systems Co. Ltd. Room 1613 -16, Tower 2, Grand Central Plaza, No. 138 Shatin Rural Committee Road, Shatin, New Territories, Hong Kong Tel : +852 2792 8955 Fax : +852 2792 8952 Email : flir@flir.com.hk

SECURITY SOLUTIONS 009

www.securitysolutionsmagazine.com

Editorial Editor: John Bigelow john@interactivemediasolutions.com.au Sub-Editing: Helen Sist, Ged McMahon

Contributors: Peter Johnston, Shann Hulme, Anthony Morgan, Rick Brown, Emanuel Stafalidis, Richard Kay, Graeme Cunynghame, Greg Byrne, Joel Rappolt, Justin Lawrence, Codee Ludbey, Daniel Pinter, Callan Lynes, Alex Webling, Anna Richards, Stephen Lawson, Rachel Deluca, Martin Gill, Don Williams, Nicholas Dynon, Imran Aziz, Matthew Naylor, Ron Hale.

Advertising sasenberger@interactivemediasolutions.com.au Phone: 1300 300 552 Publication Co-Ordinator: Stan Asenberger

Marketing & Subscriptions admin@interactivemediasolutions.com.au $62.00 AUD inside Aust. (6 Issues) $124.00 AUD outside Aust. (6 Issues)

Design & Production Graphic Design: Jamieson Gross graphics@interactivemediasolutions.com.au Phone: 1300 300 552

Accounts accounts@interactivemediasolutions.com.au Phone: 1300 300 552

Publisher

Interactive Media Solutions ABN 56 606 919 463 Level 1, 34 Joseph St, Blackburn, Victoria 3130 Phone: 1300 300 552 Email: enquiries@interactivemediasolutions.com.au Disclaimer The publisher takes due care in the preparation of this magazine and takes all reasonable precautions and makes all reasonable effort to ensure the accuracy of material contained in this publication, but is not liable for any mistake, misprint or omission. The publisher does not assume any responsibility or liability for any loss or damage which may result from any inaccuracy or omission in this publication, or from the use of information contained herein. The publisher makes no warranty, express or implied with respect to any of the material contained herein. The contents of this magazine may not be reproduced in ANY form in whole OR in part without WRITTEN permission from the publisher. Reproduction includes copying, photocopying, translation or reduced to any electronic medium or machine-readable form.

RS A DE VI

SSOCIATI

ABN 56 606 919 463 Level 1, 34 Joseph St, Blackburn, Victoria 3130 Phone: 1300 300 552 Email: enquiries@interactivemediasolutions.com.au

SECURIT Y

RALIA LTD UST FA

Written Correspondence to:

Or i g i n a l Si z e

O C I AT I

Y P R OVI D

RIT

D LT

PR O

ASS

SPAAL

AU S T R A L I A

STRALIA LTD AU

SECURITY

Official partners with:

SSOCIAT IO N

RS A DE VI

blue colour changed to this colour green.

COPY/ARTWORK/TYPESETTING APPROVAL Please proof read carefully ALL of this copy/artwork/typesetting material BEFORE signing your approval to print. Please pay special attention to spelling, punctuation, dates, times, telephone numbers, addresses etc, as well as layout.It is your responsibility to bring to our attention any corrections. Minuteman Press assumes no responsibility for errors after a proof has been authorised to print and print re-runs will be at your cost. Signed.................................................................. Date........................

010 SECURITY SOLUTIONS

We offer secure smart card and reader solutions that are a CLASS above.

BQT Solutions’ miPASS range offers both a better alternative solution and a higher security solution that can help YOUR bottom line... miPASS® is BQT Solutions’ own range of Secure Smart Card and Reader Systems which we believe is simply the best in the market today. We have designed and developed our miPASS® smart card and reader systems using leading MIFARE® Technologies and industry recognised encryption standards. The choice of the two leading technologies means that miPASS® users can gain assurance that their assets, people, IP and data are receiving the best means in keeping safe and secure. Our miPASS®3 system is based on secure MIFARE® DESFire EV1® technology using 3DES encryption with diversified keys and offers high security for all access control applications. miPASS®2 is based on secure MIFARE Classic® technology using Crypto1® encryption with diversified keys and offers medium security for access control applications where risk vs economics is relevant.

‘Whatever the Access Control Application, BQT has the solution’ Put your trust in BQT Solutions, like so many others do to tailor your perfect, secure high security smart reader or biometrics solution.

Intelligent Electric Locking Solutions Motorised Pre Load Locks - 90° and 180° Swing Door Models - 1000Kg Hold Force - 100Kg Pre Load Release - Align a misaligned Door

Roller Door/ Gate Lock - 3000Kg Hold Force - Key Override - Selectable Relock Time - Horizontal or Vertical installation - IP55 Weather Proof Design

Electronic Deadbolts

- 1,000Kg to 2,000Kg Hold Force - Self Latching Models - Key Override available - Anti-Tailgate and Anti-Tamper

www.bqtsolutions.com

BQT Solutions is a proud Australian company with all Reader Products Design and Assembly carried out in Australia.

SECURITY SOLUTIONS 011

LETTER FROM THE EDITOR

If there is one thing the security industry has come to excel at over the last few decades, it is creating highly sophisticated systems designed to monitor, track and detect activity. A by-product of these systems is data. The creation of data is becoming incredibly important for reasons that extend well beyond the obvious security benefits of knowing who has been where, to do what, when they did it and why. In my opinion, data is going to create more wealth for the security industry than virtually anything we have previously seen. It will effectively become the boom industry of the next century. To explain, imagine data as being akin to oil 100 years ago. While oil had been in use since the 3rd century AD to develop a variety of products such as kerosene, paraffin oil, tar, petroleum and bitumen, it was not until the turn of the 20th century that oil became the source of revenue that we know today. The development of the internal combustion engine saw oil suddenly become valuable because someone had developed a practical use for oil on a grand commercial scale. Shortly thereafter it became one of the most widely sought after, used and valuable commodities on the planet. Today, six of the top seven largest companies in the world, as measured by their consolidated revenue, are oil companies. Similarly, data has been used for a wide variety of purposes as far back as the beginning of recorded history, but the difficulty involved in collecting and collating the data has limited its commercial value. However, with the development of the Internet of Things, in which so many people and devices are becoming connected on an increasing basis resulting in the creation of petabytes upon petabytes of new data being generated every day, I believe that data will become the new oil fields of the future. All that is required to capitalise on this immense resource is for the right people to figure out how to drill down and access the right data and then refine from it the most useful parts, which will then be used to generate vast income. In this issueâ&#x20AC;&#x2122;s cover story, we look at the potential value of data in the security industry, both to security managers and to security product and service vendors. And while our cover story focuses on data generated through CCTV, the reality is the security industry generates and captures masses of data across everything from access control to intrusion detection, traffic control, screening and the like on a daily basis. When the industry begins to work out how to take this raw data and refine it into something usable, which will be dictated by the needs of end users such as the managers of other departments within the organisation, the Board, commercial clients and so on, then the potential for revenue becomes endless. Imagine a world in which security, through the technology that is already in place, can provide its customers with the kind of who, what, when and where answers that will enable partners and clients to see and understand how to improve the effectiveness and profitability of their business. That is a world in which security can create value beyond anything we have yet begun to imagine.

John Bigelow Editor

012 SECURITY SOLUTIONS

GAIN CONTROL WITH ONEVIEW Defuse situations quicker with a truly unified security control room solution Saabâ&#x20AC;&#x2122;s OneView is a next-generation physical security information management integration platform that provides unprecedented levels of subsystem integration in mission-critical infrastructure environments. OneView empowers operators to respond effectively and efficiently to the most stressful situations. Offering accurate intuitive situation awareness, a simple operator interface, fast detection-response and comprehensive support for post action analysis, OneView is the ultimate choice for modern surveillance and security operations. You can rely on Saabâ&#x20AC;&#x2122;s thinking edge to bring your control room under real control. saab.com/australia

REGULAR

BRIGHT IDEAS

Situations requiring the use of force can be extreme and varied in nature. What works in one situation will not necessarily work in another. Take for example, a young, able-bodied male in his early twenties who is hostile and wielding an edged weapon. In this scenario, it might be reasonable to escalate the use of force to a firearm due to the real and impending threat presented by the armed and agitated young man. However, could the same be said for a confused senior citizen who happens to be holding a household knife, or a young, emotionally disturbed girl who is similarly holding a knife but with the intent to self harm. What might work for situation ‘A’ is not really reasonable for example ‘B’ and ‘C’. However, up until recently, tactical use of force options in the kinds of scenarios previously described have been extremely limited. Using an expandable baton to subdue anyone wielding a knife requires the arresting officer to put him or herself in extreme danger due to the close proximity of such a maneuver. Similarly, chemical sprays tend also to be of limited effectiveness due to the need to close the distance with an attacker (once again

014 SECURITY SOLUTIONS

raising the threat level) in order initiate an effective takedown and minimise the risk of over spray to by-standers. However, where a baton or chemical spray might be too little, a use of a firearm is most likely too extreme for such a situation, especially where the person is emotionally disturbed or upset. What is required, is somewhere between lethal force and a baton or chemical spray. A device which provides the range and effective stopping power of a firearm without the lethal outcome. THE ALTERNATIVE™, developed by Alternative Ballistics, is an easy to use device which acts as a kind of airbag for a standard bullet reducing its velocity and impact by as much as 80 percent. The device sits in a pouch on the officer’s belt for immediate use if the officer can safely apply it. It is designed to allow for a fluid, one-handed removal of the device and the subsequent seating of THE ALTERNATIVE™ onto the top of the weapon within seconds. Most importantly, this can be accomplished without the danger created by an officer removing his or her eyes and weapon from the threat.

Once the bullet is fired from the gun into the projectile, they permanently become one unit. The docking unit will automatically eject from the weapon and the firearm returns to its normal function before it cycles in a new round. Keep in mind, THE ALTERNATIVE™ is designed for situations where lethal force is already justified. It is simply designed to provide a temporary alternative to lethal force in the hope of ending the threat. THE ALTERNATIVE™ decreases the velocity of the bullet and allows the projectile to impact the threat, lessening the bullet’s penetrating energy. The result is serious pain with less internal injury to the body than a conventional bullet. If the crisis is resolved without the need to discharge the weapon, the officer can quickly and easily remove THE ALTERNATIVE™ from the top of the weapon and return it to the belt pouch for future use. For more information visit: www.alternativeballistics.com

Bring your Security

to the next level Bullet, Dome & PTZ Cameras & Recorders Designed with outstanding HD resolution for both indoor and outdoor installation, IR and low-light capable solutions for exceptional night vision, and reliable IP PoE connectivity – FLIR has a security solution for you. • 1-5 MP resolution cameras • Third-party VMS Software compliant/ONVIF • Remote cloud-based viewing via iOS, Android, PC & Mac Visit qsecuritysystems.com.au to learn more. Call your local QSS Branch today.

NOW AVAILABLE AT Q SECURITY SYSTEMS

NSW 02 8833 6500 QLD 07 3630 0813 VIC 03 9676 7000 SA 08 8210 4900 WA 08 9207 6900 SECURITY SOLUTIONS 015 qsecuritysystems.com.au

REGULAR

DID YOU KNOW

Pho to: TK Kur ika

wa / Shu tter stock.

com

Did you know... that according to a recent report by Centrify, in which more than 400 IT Decision Makers (ITDMs) from across the US and UK were surveyed, more than one quarter of respondents admitted they would become a hacker for US$2000 or less. The survey also identified that in the US, 24 per cent of respondents hear more about office happy hours than they do about security; 22 per cent hear more about office birthdays; and 18 per cent hear more about kitchen etiquette. In the UK, those percentages are 17, 18 and 17, respectively. The report titled State of the Corporate Perimeter survey, highlights the findings of a survey given to more than 400 IT decision makers that aimed to find out if corporations are as secure as they need to be. While part one of the survey revealed dangerous gaps in protocols related to identity management that

016 SECURITY SOLUTIONS

Photo : Paolo Bona / Shutterstock

.com

leave companies vulnerable to attack, part two spotlights some of the psychological realities businesses face to secure assets. An unexpected result from the survey was how little money it would cost to persuade an IT decision maker to become a hacker. When asked if they would become a hacker for US$2000 or less, 28 per cent of US respondents and 14 per cent of UK respondents said “yes”. Also, when asked if they could break in anywhere and get away with it, the most popular answers were: 1 The White House. 2 David Cameron’s private email. 3 Facebook. 4 Apple. 5 Bill Gates. 6 My bank.

According to the same report, 59% of US IT Decision Makers (ITDMs) reported sharing access credentials with other employees at least somewhat often. Another 52% share access at least somewhat often with contractors. In the UK, the numbers are 34% and 32 percent respectively. 53 percent of US ITDMs say it would be at least somewhat easy for a former employee to still log in and access data. In the UK, the number is 32%. Half of ITDMs say it can take up to a week or more to remove access to sensitive systems. 55 percent of US ITDMs said their organisations had been breached in the past. 44 percent of US companies had breaches that together cost millions of dollars. 45 percent of UK ITDMs said their organisations had been breached in the past. 35 percent of UK companies had breaches that together cost millions of dollars.

Technology that helps you Technology that helps you Technology helps you Win morethat Business Win more Business Technology helps you Win morethatBusiness

Win more Business Technology that helps you

Win more business Improve operational efficiencies Improve operational efficiencies and gain a competitive advantage and gain a competitive advantage Improve operational efficiencies eziTracker速 iswith the leading workforce management solution Ezitracker with Ezitracker and gain designed aoperational competitive advantage specifically for the Security industry. Improve efficiencies Ezitracker Ezitracker isgain the leading workforce monitoring service specifically to capture data attoamonitor wide variety Ezitracker is the leading monitoring service specifically designed to capture data at a wide variety Ezitracker Monitor is workforce the leading electronic monitoring solution that designed enables security providers and awith competitive advantage of work environments. Verifying site activity of The permanent and casual office cleaners, teams, ground of work environments. Verifying sitesecurity activity of permanent and integrates casual office cleaners, SWATSWAT teams, ground the real time attendance of their workers. system with leading rostering systems and maintenance crews and seasonal workers at shopping malls, retail parks, commercial premises and outdoor with Ezitracker maintenance crews and seasonal workers at shopping malls, retail parks, commercial premises and outdoor has a proven track record in enabling security providers to reduce their costs and improve their service levels. Ezitracker is the leading workforce monitoring service specifically designed to capture data at a wide variety venues, Ezitracker is cloud-based, easy-to-use andahas a proven record of helping customers venues, Ezitracker is cloud-based, easy-to-use and has proven tracktrack record of helping customers to: to: of work environments. Verifying site activity of permanent and casual office cleaners, SWAT teams, ground Ezitracker Monitor is the core service in the Ezitracker suite of management services, providing accurate visit maintenance crews and seasonal workers at shopping malls, retail parks, commercial premises and outdoor data and making information available to authorised supervisorsBetter indesigned real time,control viasite thebudgets internet. Information Ezitracker is thethe leading workforce monitoring service to data at a wide Better site budgets control venues, Ezitracker is cloud-based, easy-to-use and has specifically a proven track record ofcapture helping customers to: variety Reduce payroll time and costs Reduce payroll time and costs of work environments. of permanent andand casual office cleaners, SWAT teams, ground can be accessed online at Verifying any time, site 365 activity days of the year. and performance performance maintenance crews and seasonal workers at shopping malls, retail parks, commercial premises and outdoor Better control sitecare budgets venues, Ezitracker is cloud-based, easy-to-use track record of helping customers to: Promote staff accountability Enhance duty of Promote staffpayroll accountability duty of care Reduce time and costsand has a proven Enhance Improves Service Enhances Communications and performance Improve contract compliance Reduce payroll time and costs Improve contract compliance Promote staff accountability Reduces Costs Promote staffProcesses accountability Improve contract compliance Streamlines

Better control site budgets Win more business Win more business Enhance duty of care Safeguards Workers and performance Enhance of care Win moreduty business

www.ezitracker.com www.ezitracker.com

T: 1800/0800 394 E: sales@ezitracker.com T: 1800/0800 875 E:875 sales@ezitracker.com Improve contract compliance Pay394 as you use No software or Web-based service www.ezitracker.com

hardware needed

Simple andWin more business Scalable service easy to use 10: 10,000 users

T: 1800/0800 394 875 E: sales@ezitracker.com

www.ezitracker.com www.ezitracker.com

1800/0800394 394875 875E:E:sales@ezitracker.com sales@ezitracker.com T:T:1800/0800

SECURITY SOLUTIONS 017

REGULAR

SECURITY BYTES

Appointment of new Independent Reviewer of Adverse Security Assessments The Government recently announced the appointment of Mr Robert Cornall AO as the new Independent Reviewer of Adverse Security Assessments. The appointment will be for a period of two years which commenced on 03 September 2015. According to the press release, Mr Cornall brings a wealth of experience in legal practice, government administration and public policy to this position. Mr Cornall is a former Secretary of the Commonwealth Attorney-General’s Department. He is currently the Chair of the Defence Abuse Response Taskforce. In January 2006, he was appointed an Officer of the Order of Australia for service to the community in developing public policy. Since the establishment of the Office of the Independent Reviewer in 2012, the majority of reviews conducted have confirmed ASIO’s initial assessment. This fact continues to serve as a testament to the confidence that successive Governments have placed on the professional judgement of ASIO and highlights the integrity of the assessment and internal review processes. Mr Cornall’s appointment will fill the vacancy left by the Hon Margaret Stone, who commenced as the new Inspector-General of Intelligence and Security on 24 August 2015. The Government acknowledges and thanks the Hon Margaret Stone for her service in the role of Independent Reviewer of Adverse Security Assessments.

018 SECURITY SOLUTIONS

The Law Is An Ass

Commonly Speaking

Do not believe for a minute that miscreant mental midgets in our Criminal Oddity column hold the monopoly acts of monumental stupidity. If fact, it would seem that there are a fair number of intellectually bankrupt civil servants charged with the task of creating and amending laws that are arguably as idiotic as the people so often caught breaking them. If you don’t believe us, just consider the fact that in Belgium, a driver who needs to turn ‘through’ oncoming traffic has the right of way unless he slows down or stops. In other words, if you want to turn through oncoming traffic, just put your foot down and go and everyone else had better get out of your way. This sounds more like the kind of road rule you might expect to find in Italy. It is also in direct contrast to Canada where it is illegal to turn right on a red light – at any time. Hello! It is a red light. What part of red light says go? While on the subject of road laws, it seems that China has legislated a new and novel way of dealing with the issue of over crowding. Apparently, drivers of power-driven vehicles who stop at pedestrian crossings are liable to a fine of up to five yuan, or a warning. That’s right, next time you are in China and you approach a pedestrian crossing, if it is very busy, you had best speed up in the hope of establishing enough momentum to be able to plow your way through the crowd lest you stop half way and receive a fine.

What on earth is Snarfing you ask? As a security professional, you should really know. “Snarfing” is the action of grabbing data and using it without the owner’s consent. For example, imagine attempting to log into the Wi-Fi at your hotel, only to discover that there are a number of access points all called ‘XYZ Hotel’. In this example, a false access point is created that strongly emulates the legitimate access point. The user connects to this rogue access point, and provides their credentials which are then copied and passed along to the legitimate access point. After that, every website that the user goes to can be tracked and files or credentials can be caught as they are downloaded or uploaded if they are unprotected. The Solution: While there are dozens of different ways that Snarfing can occur, the example mentioned here has very specific defenses that can be used to prevent this method of attack. Solution the First: Do not use untrusted Wi-Fi networks. It can be very tempting when you don’t have a large data plan to use free Wi-Fi at places like Starbucks or hotels. However, these locations can be magnets for certain types of cyber thieves. After all, it only makes sense that the more expensive the hotel, the more likely it is that the person staying there has information that would be worth a significant amount of money. Therefore, if you do not know for a certainty that the network is trusted and secure – don’t connect to it.

SECURITY SOLUTIONS 019

REGULAR

CRIMINAL ODDITY We live in a world that is full of war, crime and despair. Be that as it may, it is good to focus on the ridiculous and hilarious in life sometimes. That is why it is great to look on the bright side of life… and read stories about really dumb criminals. It will help you learn to laugh about your own misfortunes.

Jumping Over Dollars As everyone can agree, taxes are no fun. No one likes them, not even the people at the ATO. They are, however, everywhere – every shop you walk into, your car, your office. As many people have said, the only two things guaranteed in life are death and taxes. One enterprising criminal, apparently overly sick of being confronted by taxes, decided to do something about it. However, rather than lobbying the government or speaking to his local MP, as most normal people would, this gentleman decided to drive (while drunk) to another state to avoid incurring costs. Apparently, when his local county (yes, this happened in the US, where else) imposed a new sales tax on alcohol, this genius decided to make the road trip to a neighbouring state in order to avoid the tax. Great idea – in theory – not so good in practice, as unfortunately, our stingy friend was well and truly plastered. When asked if he had any explanation for his actions after police caught up to him and pulled him over, he explained “This is just what I do.”. But of course it is. Sleeping Beauty Moving the focus back home to Australian soil, many readers may have heard about the unfortunate car thief hailing from Adelaide, South Australia. I know that when I have a big day planned, an early night is in order – the body and brain needs rest, even those brains that receive very little use. Obviously, our South Australian car thief had never received such advice from anyone previously,

020 SECURITY SOLUTIONS

because he was caught shortly after stealing a new black Audi. The smart thief decided that the car he had stolen was not clean enough (perhaps he should have been more selective) and thought it might be a sensible move to wash it. So, having taken the car to the car wash and entered the machine, this criminal, obviously relaxed by the sound of the water (and not too stressed about his most recent crime), fell asleep. The car wash attendant left the car and sleeping criminal alone for over an hour before deciding it was time to alert someone to the strange man sleeping in the noisy carwash. He then called the police, who arrested the sleeping beauty and returned the freshly washed car to its rightful owner!

Z Z Z Z

Z ZZ ZZ

Hoisted On Her Own Petard Still back on Australian soil, this time in Victoria, our final lacking criminal mind for this issue is a bank teller. (Seriously, how does someone like this even get a job in a bank?) This young lass, employed by the bank for over 12 months, was independent, hard working and was great with customers. The problem was, she could not count! Each and every night after she went home (she was employed part-time), her colleagues would spend hours trying to figure out why the cash did not balance. Eventually, she applied for a transfer to another branch, and her manager took the opportunity to place her in a branch with cameras behind the telling area. Not endowed with an overly generous helping of intelligence, our witless criminal decided that her first week in a new branch was the perfect time to steal a quick $5000, not realising that she was now being videotaped while at work. The following day, the blossoming brainiac deposited the stolen $5000 dollars in her bank account – held at the same bank she worked for. Following a cursory interview with the bank’s security staff, the young employee sent a text message to a friend asking her to tell bank staff she had lent the employee the $5000 in her account. Unfortunately for her, she sent the message to her branch manager, who happened to have the same first name as her friend, unwittingly confessing to the crime in the process! Perhaps while in jail she could pass her time by applying to MENSA.

Rapid Deployment Security Camera

Lightweight. Easy to install. No cabling required.

features: 9

Supports any standard PoE camera, for easy integration into existing security infrastructure

Protected against the elements with a robust IP65 lockable enclosure

Optional 3G/4G and/or WiFi connectivity

Up to 3 days unassisted operation on the integrated battery

Additional battery pack or solar 9 interface for extended deployments

Suits a variety of industry sectors requiring temporary surveillance.

VPN Service RDC3

3G/4G

WiFi

with Madison, youâ&#x20AC;&#x2122;re

Make the Madison RDC3 an integral part of your security surveillance strategy With integrated WiFi support offering local viewing and configuration, and the 3G/4G communications capabilities for remote viewing, access to the RDC3 can be achieved virtually anywhere. For details on the Madison Privonet VPN service visit www.privonet.com.au Contact us on 1800 72 79 79 or email industrial@madisontech.com.au

SECURITY SOLUTIONS 021

REGULAR

EVENTS 2015 MLA Conference & Trade Expo 22–24 October The Novotel Twin Waters Sunshine Coast

Gartner Symposium/ITxpo 2015 26–29 October 2015 Gold Coast Convention and Exhibition Centre, Gold Coast

New Zealand Security Conference 2015 19–21 November 2015 ASB Showgrounds, Greenlane, Auckland

The Master Locksmiths Association (MLA) Conference and Trade Exhibition will once again be held at the Novotel Twin Waters on the Sunshine Coast from 22-24 October. We invite all members to attend what will be a great two days of training (primarily business training), trade exhibition, gala dinner and more.

Digital business is where it all changes for CIOs. The stakes are higher; the pay-offs bigger; and the need to lead enterprise transformation more urgent than ever before. At Gartner Symposium/ ITxpo 2015, the world’s most influential CIO conference, you will find what you need to succeed. You will have the time to reflect on the topics that match your most critical priorities, and the space to refresh your point of view. Guided by the unbiased advice of Gartner analysts and the insights of world-class business and IT thought leaders, you will be empowered to build relationships, solve problems and embrace new ideas with your CIO peers. Most of all, you will be inspired to re-imagine ‘business as usual’ and strengthen your own personal brand as a key driver of the digital movement. Be a part of the industry’s most forward-thinking gathering of CIOs and senior IT executives for a CIO-focused exploration of technology, business and professional leadership.

The conference theme is “Safe and Secure Cities” and will include presentations by leading international security experts. The International Conference Speakers include: • Peter Houlis, from the United Kingdom, Managing Director, 2020Vision Systems. Peter is an experienced practitioner in the physical security field, having spent 40 years gaining considerable knowledge and understanding of security technology and the principles and practices of protecting people and assets. He will discuss the development of the “Safe Cities” concept from the first UK city CCTV systems installed in the early 1990s in Newcastle, progressing onto the award winning Edinburgh City in View project, finally, moving onto how a safe city should function in 2016. • Miki Calero, from the USA, founder of Urbis Global LLC, a consulting and advisory practice helping companies innovate and meet the security needs of smart cities worldwide. Miki was named one of the Most Influential People in Security – Security Magazine (2012), and selected a Top 100 City Innovator Worldwide – UBM Future Cities (2013), for his vision of

Full registration is only $399 (+ GST) and includes: • Keynote and Opening Cocktail Function • All Business Training Sessions • Friday Night BBQ and Drinks • Gala Dinner and Awards Night • Barista Coffee service Friday and Saturday There are other registration options available, including spouse / partner, Saturday Gala Dinner and Friday Night BBQ and Drinks – further details to come shortly. For more information visit: www.masterlocksmiths.com.au

Visit www.gartner.com/technology/symposium/ gold-coast/ for more information.

022 SECURITY SOLUTIONS

DEFINE YOUR COVERAGE

● This sensor is equipped with a DUAL-ZONE system that initiates an alarm only when detection occurs in both horizontal and downward zones simultaneously. ● No alarm signal is given if only one zone is activated by small animals. ● Perimeter, window or wall detection can be defined by adjusting detection zones. ● MS-12FE equipped with two sensors can cover two perimeters or windows by itself.

DUAL-ZONE system reduces false alarms, making outdoor use more reliable!

(SIDE VIEW)

‘NO ALARM’ only one Zone activated ‘ALARM’ both Zones activated

Horizontal Zone Variable Range

Downward Zone

5m 10m 12m Detection distance is set by adjusting the angle of the downward zone. Adjustable range 2m-12m, 9 steps.

DUAL-ZONE DETECTION

Our dual-zone PIR series combine horizontal and downward curtains requiring simultaneous activation before an alarm output is triggered. With up to 180° x 12m coverage, these sensors are ideally suited for use in both domestic and industrial intruder applications.

+61 (3) 9544 2477

email: oz_sales@takex.com

MS-12/TX-114

Hard-wired or battery operated outdoor PIR up to 180° x 12m.

PVW-12TE

90° x 12m outdoor PIR with recordable message output.

TAKEX AMERICA

023 SECURITY SOLUTIONS www.takex.com

REGULAR

EVENTS enterprise risk management through unified physical and cybersecurity. His career spans the private and public sectors, including startups, Fortune 500 companies, and federal, state, and local government. His experience encompasses information system security, critical infrastructure protection, and facilities security, at strategic and global levels, and in tactical and operational capacities. • James Condron, from the USA, VP Global Sales, CNL Software. James has over 20 years’ experience in the software and hardware industry. He has been instrumental in some of the largest, most complex and ground-breaking security integration projects in the world. He has worked with the largest and most wellknown organisations in the fields of Critical Infrastructure Protection, Law Enforcement, Corporate Security and Safe City initiatives. • Susan Gallagher, from Canada. After a career in project management, design and architecture, Susan began working for the RCMP as a Physical Security Advisor in 1999. In this role, Susan provided advice and guidance for all Canadian federal government departments and agencies for their security program, large construction projects and threat and risk assessments. Since 2008, Susan has worked with the federal government of Canada as well as with the Infrastructure and Resilience Research Group at Carleton University. • Jason Brown, from Australia, is the National Security Director for Thales in Australia and New Zealand. Jason is responsible for security liaison with government, law enforcement and intelligence communities to develop cooperative arrangements to minimise risk to Thales and those in the community that it supports. Our speakers will also be available for media interviews while they are in the country. The New Zealand Security Exhibition runs alongside the conference and is free to attend. The exhibition will showcase the latest in security technologies. The full programme and event details are available from from the New Zealand Security Association website www.security.org.nz.

024 SECURITY SOLUTIONS

Total Facilities 6–7 April 2016 Melbourne Convention and Exhibition Centre Returning to Melbourne with an exciting new proposition, Total Facilities now unites both facilities and workplace professionals in the ultimate industry destination for the built and work environment. Held annually between Sydney and Melbourne, it’s Australia’s largest learning and networking event for facilities and workplace management professions seeking solutions for creating more efficient, sustainable and productive facilities and workplaces. Total Facilities is comprehensive and efficient in its delivery and provides real solutions to every day operational challenges by connecting buyers and sellers to source innovation, debate current issues, share insights and create opportunities for an invaluable community of professionals. Our vision We champion professionals who support the built and work environment with a sense of belonging and advocacy – the unsung heroes and behind the scenes forces. We will evolve and grow our offer year on year to: • bring new and leading solutions in operational efficiency to the market • deliver forefront trends for running more sustainable facilities and workplaces • foster a community of multidisciplinary professions to have a voice and achieve recognition • redefine the future of the industry and challenge traditional perceptions of facility management. For more information visit: www.totalfacilities.com.au

ISC West 6–8 April 2016 Sands Expo Centre, Las Vegas ISC WEST is THE largest security industry trade show in the U.S. At ISC West you will have the chance to meet with technical reps from 1,000+ exhibitors and brands in the security industry and network with over 28,000 security professionals. Find out about new and future products and stay ahead of the competition. Encompassing everything from access control to Facial Recognition software you are sure to find products and services that will benefit your company and clients. This year don’t miss our new IT Pavilion featuring the latest cyber security solutions. Working with SIA, ISC also features world class education to learn about every facet of the security industry. For more info on SIA Education@ISC visit www.iscwest.com

Security Exhibition & Conference 2016 Melbourne Exhibition Centre 20–22 July 2016. As an industry you have spoken and your event is returning to Melbourne in 2016! The Security Exhibition & Conference will return to Melbourne again in 2016 following another outstanding event this year. Having held the Security Exhibition & Conference in Sydney for 12 consecutive years, it’s great to remain in Melbourne to consolidate relationships and to nurture business in this market. For more information visit: securityexpo.com.au

RACKUS IDENTICUS. Series 210 cabinets

Weâ&#x20AC;&#x2122;re proud to pin our reputation to our constant development in racking solutions. But as we make advancements for tomorrow, we never forget the past. Our commitment to continuity-of-design ensures each new product and advancement is back compatible with existing units, enhancing and prolonging the life of every MFB product. With a solid history of over 40 years supplying innovative, off-the-shelf and custom built racking systems, you can rely on MFB for consistent compatibility.

VIC -

P (03) 9801 1044 F (03) 9801 1176 E sales@mfb.com.au

NSW - P (02) 9749 1922 F (02) 9749 1987 E sydney@mfb.com.au

REGULAR

INDUSTRY NEWS Canon Develops APS-H-Size CMOS Sensor With Approximately 250 Megapixels, The World’s Highest Pixel Count For Its Size Canon Inc. announced today that it has developed an APS-H-size (approx. 29.2 x 20.2 mm) CMOS sensor incorporating approximately 250 million pixels (19,580 x 12,600 pixels), the world’s highest number of pixels for a CMOS sensor smaller than the size of a 35 mm fullframe sensor. When installed in a camera, the newly developed sensor was able to capture images enabling the distinguishing of lettering on the side of an airplane flying at a distance of approximately 18 km from the shooting location. With CMOS sensors, increases in pixel counts result in increased signal volume, which can cause such problems as signal delays and slight discrepancies in timing. The new Canondeveloped CMOS sensor, however, despite its exceptionally high pixel count, achieves an ultra-high signal readout speed of 1.25 billion pixels per second, made possible through such advancements as circuit miniaturisation and enhanced signal-processing technology. Accordingly, the sensor enables the capture of ultra-high-pixel-count video at a speed of five frames per second. Additionally, despite the exceptionally high pixel count, Canon applied its sensor technologies cultivated over many years to realise an architecture adapted for miniaturised pixels that delivers high-sensitivity, low-noise imaging performance. Video footage captured by the camera outfitted with the approximately 250-megapixel CMOS sensor achieved a level of resolution that was approximately 125 times that of Full HD (1,920 x 1,080 pixels) video and approximately 30 times

026 SECURITY SOLUTIONS

that of 4K (3,840 x 2,160 pixels) video. The exceptionally high definition made possible by the sensor lets users crop and magnify video images without sacrificing image resolution and clarity. Canon is considering the application of this technology in specialised surveillance and crime prevention tools, ultra-high-resolution measuring instruments and other industrial equipment, and the field of visual expression.

Security Excellence – Discover The Factors To Success Professor Martin Gill, Director, Perpetuity Research (UK) is coming to Australia and will be holding a series of executive briefings in Melbourne (21 October 2015) and Sydney (Friday 23 October 2015). Have you ever wondered why some security companies and corporate security departments perform better than others? What is it that drives their success? What do buyers say about suppliers and the other way around? Drawing on his own international research (which included Australia) world renowned criminologist and security thought leader Professor Martin Gill will share his insights to highlight some of the key characteristics of security excellence. The session will articulate what you get from an excellent security supplier / corporate department that you don’t from just a good one. The findings from his international research are

compelling. If you want to be excellent you need to do certain things exceptionally well. In this special Executive Briefing, Professor Martin Gill will draw on his research as to what constitutes outstanding performance. The session will address: • identified barriers to achieving excellence and how these can be overcome; • the competing trends in Australia and globally which are impacting on security performance; • the role of standards and training and how these relate to outstanding performance; and • the overlap between an excellent corporate security department and an excellent security supplier. Who should attend? Security operates in a highly competitive and cost sensitive environment. This Executive Briefing has been developed to provide senior in-house security managers and providers of security services with an understanding of what really drives organisational success. Registration fee $275.00 (ASIAL / ASIS Members) $325.00 Non Members * Registrations received from delegates to attend both the Security Excellence and Realising the True Value of Security will be eligible to a further discount of $50.00. The registration fee includes session access and tea/coffee. For more information visit www.asial.com.au

GOT YOU COVERED! With our Electromechanical Product Range.

Our Electromechanical Range provides versatile high security and even greater convenience than traditional mechanical products.

The Lockwood Electromechanical Range offers: • • •

The best solution for high-security applications Convenience characterised by speed, durability and longevity Assurance when it comes to meeting application and compliance standards

REGULAR

INDUSTRY NEWS

AFP Assistance In FBI Joint Terrorism Task Force Arrest The Australian Federal Police (AFP) recently confirmed it had provided assistance and support to the Federal Bureau of Investigation (FBI) in relation to an FBI-led Joint Terrorism Task Force operation that resulted in the arrest of a 20-yearold man in Jacksonville, Florida. The man was arrested for distributing information relating to explosives and destructive devices to facilitate a possible terrorist act in the United States. He faces a 20-year prison term if convicted. It will also be alleged that this person provided information over the internet as well in an attempt to facilitate and encourage terrorist acts in Australia. Investigations by the AFP in June 2015 established no initial threat to the Australian community. When investigations determined it was likely the person responsible for these threats was based in the United States, the investigation became the jurisdiction of the FBI, with the AFP in a support role, providing information and assistance. AFP Acting Deputy Commissioner National Security Neil Gaughan said that this person relied on the internet providing a cloak of anonymity. “This man thought that he could willingly and maliciously distribute disturbing information via the internet and never have his identity

028 SECURITY SOLUTIONS

discovered,” said Acting Deputy Commissioner Gaughan “This operation again highlights how law enforcement can investigate people in the online space and use our long-established partnerships to work with overseas agencies to bring people to account for their actions. “The AFP would like to emphasise that ensuring community safety was the primary focus of this investigation.” The AFP would like to encourage people to report instances of people threatening terrorist acts in any online capacity via the National Security Hotline on 1300 123 400 or hotline@ nationalsecurity.gov.au.

Unauthorised Publication Of Personal Information Via Social Media ACSC (Australian Cyber Security Centre) has become aware of leaks of personally-identifiable information, including that of Australian citizens, released by a group calling itself the Islamic State Hacking Division. According to an ACSC press release, there is no evidence to suggest the leaked information is a result of any compromise of Australian-based

systems or networks. ACSC is working with the organisations of the individuals identified in the leaks to identify and address any potential cyber security concerns. ACSC has stated that it will support the broader law enforcement and intelligence community to understand and address this issue. The unauthorised material published in early September is likely to have been compromised from a public website. Affected individuals have used work email addresses to conduct private online activity, including providing personallyidentifiable information. Public websites are frequently targeted by malicious hackers and the compromise of personal information provided to these websites will continue to occur. To minimise the threat to you and your organisation, ACSC recommends you follow the advice provided by: ▪Stay Smart Online (www.communications.gov. au/what-we-do/internet/stay-smart-online) ▪Australian Signals Directorate Top Security Tips for the Home User (http://asd.gov.au/publications/ protect/home_computer_security.htm) If you believe your identity or personal information has been compromised online, you should report the activity through the Australian Cybercrime Online Reporting Network (ACORN).

Enter into a new place where design meets security

Discover the new Speedlane Lifeline Series. A sophisticated, intuitive, refined and yet secure entry management system that guides authorised people through the gateway to their destination. SECURITY SOLUTIONS 029 For more information visit us at www.boonedam.com.au/lifeline

030

g n i l l $e y t i r u c e S

031

By Graeme Cunynghame Selling security is not easy due to competing expenditures, coupled with the fact that Australia is essentially a safe place in terms of the overall threat environment. However, there are some sobering issues on the security horizon in terms of terrorism, cybercrime and corruption, along with declining socioeconomic conditions, which play into a decreasing sense of community in Australia. Technological advancement also guarantees a dynamic security landscape and encourages ongoing demand for security. According to Charles A. Sennewald, two important characteristics necessary for long-term success in the field of security are integrity, closely followed by the quality of work. He also considers there is a need for a calm self-confidence in the midst of problems and that obstacles bound together by a determination to succeed were key components of success in the field of security. Unfortunately, the security spend is often made on a reactive rather than a proactive basis. In the author’s experience, most medium- to small-sized businesses either have no security management plan or, if they do, have an inadequate plan in place in order to identify the threats and guide their security spend. For the purposes of this article, a traditional definition of security will be used, which might be the provision of services for the protection of people, information and assets for individual wellness and community safety. In order to sell security, providers need to remain well informed about security developments and have a clear understanding of what it is they are selling in order to implement cost-effective outcomes. Professional conduct and life-long learning is critical to this end. Providers in the industry can be held accountable for advice given, which in turn introduces the potential for litigation. Many security clients are not fully cognisant of what their security requirements are in order to reduce specific security threats. Often, security solutions are recommended to clients without any real consideration of the actual threats or risks, but are designed to play into the perception of safety in the client’s mind. Furthermore, security is often considered a

032

cost centre rather than a profit centre, with the security budget being the first to be reduced when it comes to recommended expenditure. Security expenditure can be described as grudge expenditure. Organisations that do not have direct line reporting to its senior members can also be an issue, with security mitigation strategies applied in a piecemeal approach in the absence of any security management plan. The catch 22 is that security leads to less security due to a reduction in perceived threats. Customers do not have a standard model in their heads for assessing security risks. Often, risk decisions are made on the basis of how risk averse they may be. Risk has always been closely related to the concept of security, but it is only in recent times that the management of risk has played such an important role in applied security (Smith & Brooks, 2013). Prospect theory is one that may partly explain the thinking of people when it comes to assessing risk. Prospect theory is a behavioural economic theory that describes the way people choose between probabilistic alternatives that involve risk, where the probabilities of outcomes are known. The theory states that people make decisions based on the potential value of losses and gains rather than the final outcome, and that people evaluate these losses and gains using certain heuristics. Heuristics are simple, efficient rules that people often use to form judgments and make decisions. They are mental shortcuts that usually involve focusing on one aspect of a complex problem and ignoring others. The Prospect model is descriptive; it tries to model reallife choices, rather than optimal decisions, as normative models do. There are, of course, other theories that play into risk decision making, such as Cultural theory and Maslow’s hierarchy of needs. Salespeople have long known there are basically two motives to get people to buy – greed and fear. However, according to Bruce Schneier (security expert), Prospect theory explains one of the biggest problems the security industry has with selling security. He believes that very few people actually want to buy it. Either the buyer wants something and spends to get it or they do not want

something and spend to prevent it. According to Schneier, it is much easier to sell ‘greed’ than ‘fear’. Schneier believes security is a ‘fear’ sell. It is a choice between a small sure loss, the cost of the security product and a large risky loss, the potential results of an attack. Additionally, buyers must be convinced the product works, and they must understand the threats and the risk that something bad will happen. But all things being equal, often buyers will take the risk rather than buy the security. According to Schneier, security is inherently about avoiding a negative, complicated by the cognitive bias embedded in the human brain. Another factor influencing the selling of security is that the world is becoming more complicated all of the time, particularly in terms of information overload. Black and white, good and bad, right and wrong have been displaced by complicated constructs that leave most people in the dark. As the world becomes increasingly fast-paced and complex, the amount that people really know and understand of it decreases all of the time. People are increasingly surrounded by black boxes, which are complex constructs that they do not understand, even if they are explained. It is difficult to comprehend the inner processes of the black box but, nonetheless, the inputs and outputs are integrated into decision making. The amount of information people simply have to believe, without understanding it, is increasing all of the time. As a consequence, society is tending to assign more importance to those who can explain something than to their actual explanation. The customer often does not have time for a complex explanation. Convincing them to buy security may be easier using images and emotions rather than logical argument, for which a growing number of people appear to have little time. Compliance as a Selling Point Historically, regulation has proven to be one of the most effective strategies when it comes to the implementation of workplace safety and security practices. Safety, security, health and environment (SSHE) law is a body of law concerned with the regulation of health, safety, security and environmental risks arising from business undertakings.

TEAMS UP WITH

Bollard M50 Just over two years ago our movable bollard M50 was vehicle crash

tested to the American Standard Test Method (ASTM) F 2656 – 07 with a 6.8 tonne vehicle travelling at 50 mph where it achieved a penetration rating of P2. It turned out that ASTM is still not as widely accepted all over the world as we had hoped for despite being an internationally recognised standard. Many Commonwealth countries especially still hold on to the British Publicly Available Specification (PAS) 68 for impact testing of vehicle security barrier systems. In light of a promising project with our Australian partner EZI Security Systems which involves a considerable quantity of movable bollard M50 it was therefore decided to retest the bollard to PAS 68:2013 to meet all specified requirements. Owing to the professional and effective execution of our recent crash test for the movable bollard M30 we once again entrusted CTS / crashtest-service with the vehicle impact testing of one of our products – this time the movable bollard M50. We are pleased to announce that our movable bollard M50 has once more been successfully vehicle impacted tested to arrest a 7.5 tonne truck travelling at 80 kph. The achieved performance classification of V/7500[N3]/80/90:5.2/7.8 and performance rating V/7200[N3C]/80/90:5.5 as per PAS 68:2013 and IWA 14-1:2013 respectively match the P2 penetration rating previously accomplished with the crash test to ASTM standard despite the less favourable test conditions, i.e. •

10 % increased kinetic energy of the impacting truck due to increased test vehicle weight •

25% decreased distance from front of truck to vehicle datum point (i.e. the leading edge of the load platform) which is used as reference point to determine the vehicle penetration from the datum line of the tested bollard

WEDGE II I am proud to announce the launch of our second generation elkosta wedge barrier, called Wedge II.

The Wedge II was successfully tested by TRL to PAS 68:2013 and IWA 14-1:2013 standard stopping a 7.5 t vehicle travelling at 80 km/h with ZERO penetration achieving the following performance classifications: •

PAS 68:2013 V/7500[N3]/80/90:0.0/20.7 (tested with 4 m blocking width) •

IWA 14-1:2013 V/7200[N3C]/80/90:0.0 (tested with 4 m blocking width) With its decreased installation depth and foundation footprint combined with the lowest foundation thickness in the world, the new Wedge II reduces installation costs significantly and allows installation in areas where foundation depths are limited due to underground utilities. Compared to the previous model, the wedge II features many technically innovative details: •

FIND OUT MORE ABOUT US!

AUSTRALIA NATIONAL

State of the art foundation and reinforcement • High energy efficiency due to employment of pressure spring pistons • Optimised starting power and lifting power for raising of blocking element due to energy stored in pressure springs • Reduced working oil volume due to single hydraulic cylinder • Scale-downed versions of accumulator for EFO and RO3 function • Safety skirt available as optional extra

1300 558 304 11 Cooper Street Smithfield NSW 2164 www.ezisecurity.com.au sales@ezisecurity.com

There is an overlap between safety, security and environment, and there are synergies that can be gained from an integrated approach given their respective grounding in risk management as the underlying methodology (Tooma, 2011). Workplace health and safety (WHS) offences and serious environmental offences are criminal in nature; therefore, a breach of these obligations is a criminal offence. WHS laws impose a proactive duty on officers or persons conducting a business or undertaking to exercise due diligence (defined WHS Act 2011) to ensure an understanding and compliance with SSHE legal obligations by that entity. The due diligence duty is a duty imposed on officers personally. A breach of that duty is a criminal offence, attracting a maximum penalty of $600,000 and up to five years imprisonment for serious offences. The introduction of the Work Health and Safety Act 2011 and its regulations (effective January 2012) is a case in example. The harmonisation of Australian WHS laws has imposed broad general duties and responsibilities on key stakeholders, ensuring the health, safety and welfare of people in and around the workplace. Any such prosecution could have a catastrophic outcome for an organisation or individual. The WHS Regulations (Div.4–43) identify the need for businesses to prepare, implement and maintain an emergency plan, with fines for individuals of $6000 and for a body corporate of $30,000 for non-compliance. A further complication for companies seeking to hide behind the corporate veil is the existence of personal liability provisions that render directors liable for offences committed by their company in all states and territories. The legislation now imposes a broad duty of care on key stakeholders in the workplace with respect to ensuring the health and safety of people at work. While WHS and environmental law are well developed, occupation security law is still in its embryonic stage, according to Michael Tooma (2011). Significantly, the law and practice dealing with security and terrorism continue to develop the security landscape at a fast pace. The treatment of security as part of an integrated SSHE risk management approach in integrated management systems is by no means universally accepted (Tooma, 2011). However, there is little

034

doubt that safety duties incorporate security responsibilities. It is estimated that there have been over 60 terrorist attacks in shopping centres in 21 countries since 1998. Against that background, a shopping centre design, which does not adequately manage the risk of terrorist attack, cannot be said to be safe and free from risk to health and safety within the meaning of the relevant WHS legislation. Indeed, the expansion of the duty of care under the Model WHS Act 2011 accentuates the interrelationship between safety and security (Tooma, 2011). Security obligations have been imposed worldwide on specific industries. For example, maritime, aviation, rail and critical infrastructure in major hazard facilities have obligations under federal, state and territory laws with respect to security management, as do persons dealing with security sensitive dangerous goods and certain security sensitive chemicals. These developments undoubtly assist greatly in terms of the security sell as the law and compliance become security sales drivers. (Tooma, 2011). While directors and senior managers will often have directors and officers liability insurance, these insurances do not cover liability in relation to work health and safety offences. This is because these offences are criminal in nature. Any insurance contract that purports to offer such an insurance cover is void against public policy. It is not uncommon for a prosecution to take place after a person has left the company, in which case they may be left to fund their defence from their own resources, sometimes without access to key documents that may assist them in their defence (Tooma, 2012). Security Selling Tips • Everyone has a fundamental need for security. • There is only one chance to make a first impression. • Always spell names correctly. • Be courteous, believable and generous. • Never tamper with the truth. • Desire for gain and fear of loss are two reasons customers buy or do not buy. • A significant number of customers have wants rather than needs. • Customers decide emotionally and then justify logically.

• • • • • • • •

Create a buying desire in customers by demonstrating that they can be safer and more secure as a result of owning the product or service. Customers care about what a product or service will do for them. Do not under price products or services A customer’s attention can be gained by linking a product or service to making or saving money. Around 10 to 15 percent of customers may be dissatisfied, but do not say so; those issues can be fixed if they are known. Address dissatisfaction and indifference. Customers buy products and services because they feel they will be better off. Engage in public speaking (builds knowledge, confidence, gains recognition).

According to Charles A. Sennewald, keeping up in the security industry can be accomplished through education; reading journals; association participation; communicating with practitioners, colleagues and peers; and reading books published for the security industry. Finally, the quality of the security professional depends on following strong moral standards in all relationships and providing a degree of leadership on ethical behaviour. There is a strong connection between ethical behaviour and effective leadership. It is a vital prerequisite in business to adopt the honesty is best policy and building truth-telling cultures, which will have a positive impact on the bottom line. Graeme Cunynghame has been employed in the private sector and served in the NSW Police Force – Fraud Squad, Corporate Affairs Commission, Drug Enforcement Agency, National Crime Authority, and NSW Crime Commission. Graeme read Security Science at Edith Cowan University and has diplomas in Security Risk Management, Work Health and Safety and Government Investigation. He is a member of ASIS and ACFE. Graeme welcomes referrals relating to fraud matters, workplace investigations, security risk management concerns and security negligence issues. He can be contacted via email: pripol@pripol.com.au or on 0408 787 978. Visit www.pripol.com.au for more information. For a full list of references, email: admin@interactivemediasolutions.com.au

EasyGate an award winning range of speedgates DDA Compliant Secure – up to 1800mm high barriers Stylish – European design and manufacture Reliable – 24 month warranty & 3,000,000 MTBF Fast – Throughput rates of up to 60 people per minute

With 14 years’ experience delivering entrance control solutions and 5 offices across Australia & New Zealand Centaman is here to help you make the right entrance

T: 1300 858 840 E: sales@entrancecontrol.com.au

www.entrancecontrol.com.au

MASTER LOCKSMITHS Master Locksmith Association members are highly trained, fully qualified security professionals with access to the very latest in restricted key systems, from mechanical keys and locks to the world-leading electronic master key systems.

Find your nearest locksmith and MLA member at

THE MLA ADVANTAGE

DOMESTIC

COMMERCIAL

AUTOMOTIVE

SAFES

RESTRICTED KEY SYSTEMS

ELECTRONIC SECURITY

CCTV

SECURITY SOLUTIONS 035

ALARMS

036 SECURITY SOLUTIONS

How To Secure The Security System Infrastructure By Emanuel Stafilidis

Security systems are designed to protect assets from threats. The first key point to successfully implementing an electronic security system is to successfully secure the system itself. If the system is easily defeated from internal and/or external threats, then it is not a successfully implemented security system. When an organisation decides to implement an integrated security system solution, or a dedicated integration platform, such as a physical security information management (PSIM), how does the organisation’s security manager ensure the solution is protected from internal and external threats? Modern solutions are Internet Protocol (IP) based and hosted on IP network infrastructure. Steps must be taken to design and maintain secure infrastructure to achieve a successful solution. In this scenario, who is responsible for ensuring the network infrastructure that hosts the integration platform is secure? The answer is everyone, and they must all understand their contribution to achieving an acceptable level of security. It is important that all stakeholders have an understanding of what measures should be taken to secure the security solutions and the commitment required to maintain the ongoing security of the system. These stakeholders include solution owners, security managers, users, designers, consultants and the integrators responsible for installation. It is also probable that there

will be heavy involvement from the end users’ IT department, as their infrastructure is likely to be utilised for delivery of parts of the security solution. It is, therefore, important that security managers have an understanding of what questions to ask of their team to ensure that the system is properly secured. These questions are likely to generate the discussion required to inform decisions and also provide guidance for those who will ultimately be responsible for securing the system. The answers to these questions will act as input to assessing the operational needs to ensure the system remains secure against attack. In order to formulate these questions, a security manager needs to identify the priority and criticality of the data, systems and infrastructure that are to be protected and should also obtain a basic understanding of the fundamentals in achieving a secure solution. The design should ensure physical separation between in-band and out-ofband networks, and ensure there is no default routing between them and that it is appropriately locked down to control configuration changes. A password management policy is needed that requires setup and communication with users to ensure all aspects of the system are managed appropriately through the policy, with minimal or no duplication of data entry. All default passwords are to be identified and changed.

There are a number of items that typically need security attention, including: • Windows server and workstations, including guest access • Windows shares • basic input/output system (BIOS) • server/workstation out-of-band management • database servers (Structured Query Language [SQL], Oracle and so on) • backup software • camera web pages • switch web / Telnet / file transfer protocol passwords • input/output (I/O) and USB/serial device servers • hardware time servers. The structure of the network requires careful planning, including the use of virtual local area networks (VLANs), firewalls and fault tolerance handling. Stringent intrusion detection and reporting is an essential tool in defeating intrusions alongside forensic investigation of the target and scope of attacks. Equipment lockdown is an important aspect of controlling general user access to functions and software that can lead to unauthorised system changes or interactions. Lockdown should include managing the connection of new equipment or devices, such as USB devices, to the computing hardware. Virus and Trojan management are critical factors in the system’s defence to minimise the risk posed by malicious software.

SECURITY SOLUTIONS 037

ALARMS

It is important that all stakeholders have an understanding of what measures should be taken to secure the security solutions and the commitment required to maintain the ongoing security of the system.

038 SECURITY SOLUTIONS

It is commonplace that software manufacturers frequently release upgrades and patches for differing reasons, including addressing latent defects or identified security risks. Procedures for the management of these patches are needed to ensure the integrity of the security systems. It is important that these procedures include the practice of monitoring available updates and assessing the criticality of system updates in order to manage the ongoing support of the system. As a general rule, default operating system settings often present a soft security posture. Dedicated analysis of these configuration settings should be conducted with the focus of hardened security to assist with solution protection. Irrespective of the measures taken to secure the system, network and infrastructure, it is vital to ensure a suitable system backup strategy is in place and that a proven disaster recovery plan is established. Monitored archiving of progressive backups should be performed regularly. The physical security design must extend to control access to all the physical hardware, including servers, switches and other infrastructure devices. The threat of the insertion of unauthorised devices and loggers should not be underestimated. Example mitigation strategies for this category of this risk include: • disabling network ports not in use to avoid the addition of devices • tamper detection on critical networks and hardware access points • certificate-based authentication • detection of link up / link down activity on the network to alert operators of new devices added to the network • appropriate handling procedures for the events to allow execution of an appropriate response. All workstations should be thoroughly scanned and cleaned prior to adding them to the network. Further, the workstations should be configured as desired and have adequate control over what software can be installed. Configuration and version controls should be managed through the life of the machine.

Users need to be educated and regularly reminded about the risks and methods of phishing, social engineering and humanin-the-loop failures. There is a need to follow security protocols and procedures at all times, with no exceptions. All system users need to be informed, including supervisors and managers, so that they understand the potential consequences of overriding security procedures and are able to correctly evaluate the risks involved. The ISO/IEC 27002 standard can be referenced for new systems and this standard can be used to develop a point of audit for ongoing management. In summary, the security manager should ask the following questions of their team to ensure that the system is properly secured: 1. What is the priority and criticality of the data, systems and infrastructure the system is protecting? 2. How are different priority data categories handled? 3. What threats is the system endeavouring to combat? 4. What level of risk is acceptable? 5. What assumptions have been made in the hardening of infrastructure security? 6. How frequently will the security and threat assessment be revisited? 7. What training needs to be provided to system users? 8. What ongoing activities need to occur as preventative security maintenance of the system? 9. How will security breaches be detected? 10. What steps need to be taken in the event of a breach? 11. What level of disaster recovery is supported?

Emanuel Stafilidis has worked in the electronic security industry since 1988 as a security systems integrator and a security consultant. Emanuel is currently the Business Development Manager at Saab Australia. Visit http://saab.com/ region/saab-australia/security/ for more information. Emanuel can be contacted via email: emanuel.stafilidis@au.saabgroup.com

SECURITY SOLUTIONS 039

040

Instructor Responsibility Structure Training To Achieve Positive Results By Richard Kay The responsibility of a use of force instructor is to prepare officers for that aspect of their jobs that has the potential to put them in harm’s way; that is, to prepare officers to survive violent confrontations. This survival preparation has several factors, which should be addressed during training: • Physical – skills that enable officers to protect persons and control violent subjects. • Legal – knowledge that enables officers to make correct decisions within lawful parameters. • Emotional – strategies for managing the stressful aftermath of a violent confrontation. A critical aspect of fulfilling this obligation lies with assessing competence in all aspects required for effective operational duty. This can be expressed as safety, survivability and consequence. Competency Obligations If officers have good physical skills, but do not understand their operational guidelines or the lawful parameters regarding when and how they may use these skills, they are not operationally competent as they do not possess the complete range of required skills. Likewise, if they have a clear and comprehensive understanding of the legal and procedural aspects, but their physical skills are not up to the required standard, they are also not operationally competent as, again, they are missing an essential part of the required content. Further, if they have good skills and knowledge, but do not possess the ability to make critical decisions within the context of violent confrontations, or the proper character to make correct decisions (demonstrating a callous nature during training, disregarding safety guidelines and showing no remorse for the consequences of their actions), are instructors not remiss in

041

their duty to those officers, other officers and the public if they certify them to operational status to lawfully use force? The basis for operational decisions made by officers is training and experience. If they are not ready, or their demeanour deems them unsuitable, the instructor has an obligation to make the decision to deem them as not yet competent, pending remediation or, in the circumstance of attitude, counselling. A use of force capability is a huge responsibility, and that starts with instructors. On a relative scale, the variations between officers, instructors and instructor-trainers looks like this: The majority of officers fall into the 2/10 range. This has nothing to do with their ability to operate

a violent confrontation: • the tools to prevail • the skill to prevail • the will to prevail. Employers provide officers with the tools for the job (for example, batons, handcuffs, firearms) relative to their respective operational role, and instructors provide training so officers know when to use those tools, how to use those tools, and to be ready to use those tools under realistic conditions. But what about the actual will to use those tools? Is it a good thing to have the tool and the skill, but not the will to use it? Of course not, because someone who does have the ability to harm may take that tool away from the officer

Instructor Standards Level

Role

Attributes

1 2 3

Officers

Average standard = 2/10 = average knowledge/skills. Able to apply competently in the workplace. Commitment to safety, survivability, defensibility.

4 5 6

Instructors

Average standard = 5/10 = good knowledge/skills. Able to communicate, motivate and facilitate learning in officers. Commitment to continuous improvement.

7 8 9

Instructor Trainers

Average standard = 8/10 = excellent knowledge/skills. Able to communicate, motivate and facilitate learning in instructors. Commitment to unceasing professional development.

The ‘ideal’ to strive for. No one is perfect, but never stop trying to be so.

professionally on duty; it is simply a reflection of the average person’s ability with regard to physical training and use of force. Of course, some officers will fall into the 4–6 range, and even some into the 7–9 range. These officers will easily adapt to the demands of training. But the aim is to make the training accessible to the most officers, not the least. To be accessible, training should be targeted at the level of the average student, who generally receives minimum training and re-training. It is also a common mistake for instructors to set training expectations at a level that suits them, rather than to what is appropriate for the students. A good instructor should have knowledge and skills beyond the level of the average officer; after all, students are coming to instructors to learn, so instructors need to be able to guide them and answer their questions accurately and appropriately. The training has to be accessible to all officers, not just those who can easily adapt to the learning process. Skill versus Will There are 3 ‘ingredients’ for operational safety in

042

and use it on him or on innocent bystanders. If, at the moment of truth, an officer cannot or will not use the tool, then all the training and equipment is wasted. If officers are going to carry tools of their trade, they must have knowledge to know when to use them lawfully, the skill to know how to use them effectively, and be willing to use them if required. The key factor in developing and assessing the capability of students to be actually able to make this decision lies in realistic scenario training involving stress inoculation. However, even then, no one can truly know how an officer will react in the reality of an actual confrontation. After all, no matter how real training appears, officers still know, in the back of their minds, that it is still training and that their safety and wellbeing are not really threatened. However, instructors should aim to provide the best preparation for officers that they can. What if an officer demonstrates an unwillingness or inability to use the tools in training? An officer who is uncertain whether they can use force against another person, whether it is empty hand, baton or firearm, and for whatever

reason, should probably not be working in an operational role that has the potential to place them in a violent confrontation. To do so would be to put not only that officer in danger, but also other officers, support personnel and innocent bystanders who may be directly or indirectly involved in the confrontation. Relate this to duty of care as an instructor. It is not a simple issue, but one that should be considered and addressed by all professional use of force instructors. Learning Process The process for learning use of force is as follows: 1. Learn – basic knowledge/skill acquisition phase. 2. Practice – hone skills to familiarise the body to responses (train the midbrain). 3. Master – unconscious competence (autopilot). 4. Functionalise – place in operational context (stress inoculation). 5. Maintain – regular, appropriate, realistic training. Most people are content to cover stage 1. However, without the other four stages, it is unlikely officers will be properly prepared to survive a violent encounter. Each stage is progressive and necessary for the next, and only by adequately working the various stages in a natural, progressive manner will officers absorb, adapt and fully utilise the skills they are trained in. Discretionary training is based on the presumption that officers have received previous instruction on legal issues pertaining to use of force. Officers should experience situations that involve discretionary decision making. This is usually done during scenario training, but can also be used during dynamic drills. It is important to demonstrate through training that officers understand their force response choices, and they can justify their decision to use a certain level of force under the conditions presented. The student will make all decisions about the use of force, when it is justified and what is the appropriate level of response to gain or maintain control. Discretionary decisions are as much about when to use force, and to what level, as they are about when not to use force. This is a critical factor is determining lawful validity and justification for the training process. Instructors should endeavour to incorporate

these various stages into training, to make it progressive in nature and appropriate to the officer’s operational environment. Constantly refreshing basic skill acquisition does little to prepare officers for the reality of violent encounters. In fact, continuous repetitive training in theory and practical only, with no application under stress, can actually build false confidence in officers. Skill acquisition is the start. From there, officers need tactical development drills that develop operational readiness. Levels of Mastery The levels of skill mastery are as follows: 1. Unconscious Incompetence – This is the lowest level. People do not know they are lacking knowledge and will not admit it. The first step in making them better is to get them to admit that they need experience and practice. 2. Conscious Incompetence – This is where people know they lack knowledge but will not admit it. Often males who undertake firearms training are convinced that they are experts with a weapon. The instructor’s first task is to

educate them of their ignorance. Often, women are easier to train because they know they need to learn, and they are willing to listen; they are already at a level of conscious incompetence. 3. Conscious Competence – This is where people do the right thing, but they have to think about it. The training at this stage is programmed into the forebrain, that part of the brain responsible for logical, rational thought. This is fine for many tasks, but for force response skills in violent confrontations under stress, it is not good enough. 4. Unconscious Competence – This is the highest level of mastery. The aim is to ‘learn it until you forget it’, to perform without thinking, so that officers operate automatically under stress, responding correctly without hesitation or conscious thought of their skills. It involves consistent training under realistic conditions to program skills into the midbrain, the part of the brain responsible for survival and that takes over under stress. Instructors will most often train officers who are either at levels 2 or 3. New students will most

likely begin at conscious incompetence. If they are open minded about their need to learn and realistic about their initial level of competence, then the instructor can usually get them to level 3 reasonably quickly. Ultimately, if instructors are to properly prepare officers for the reality of violent confrontations, the aim is to get them to level 4 as soon as possible. However, the instructor cannot do this alone. The officer has to make a commitment to his own development and survivability. The only substitute for operational reality is realism in training. Personal safety is personal responsibility, but instructors need to provide total training that is progressive in nature to prepare officers for operational reality in a safe, positive training environment. Richard Kay is an internationally certified tactical instructor-trainer, Director and Senior Trainer of Modern Combatives, a provider of operational safety training for the public safety sector. For more information, please visit www.moderncombatives.com.au

SECURITY SOLUTIONS 043

CCTV

CCTV Use By Local Government: Findings From A National Survey Part 2

044 SECURITY SOLUTIONS

SECURITY SOLUTIONS 045

CCTV

By Shann Hulme, Anthony Morgan and Rick Brown

As discussed in part one of this article in the previous issue of Security Solutions Magazine, there has been considerable growth in the use of closed circuit television (CCTV) in public spaces as a crime prevention method and as a tool to detect and identify offenders. The Australian Institute of Criminology (AIC) surveyed local councils within Australia to develop a national picture of the prevalence and characteristics of open-street CCTV systems managed by local councils. Part one discussed the methodology used and the limitations of the survey, and presented statistics in relation to the prevalence of CCTV systems and local council CCTV funding and expenditure. Part two presents the remaining survey findings. Characteristics of CCTV Systems Given the local nature of their application, CCTV systems vary considerably across locations in administration, operational practice and technology (Wilson and Sutton, 2003). CCTV systems may involve cameras that are static (fixed) or have the capacity to pan, tilt and zoom (Clancey, 2009; Gill and Spriggs, 2005). CCTV can be fixed, redeployable or mobile, can transmit digital or analogue images either via cable or wireless links, and can record the subsequent images in different ways. These factors can have important implications in terms of the quality of the images and the type and speed of monitoring that is available (Gill and Spriggs, 2005). Technical specifications have the potential to impact upon the effectiveness of the system as both a crime prevention and detection measure (Gill and Spriggs, 2005). Overall, the mean number of open-street 100 90 80 70 60 50 40 30 20 10 0

CCTV systems reported by councils was 5.0 (14 percent RSE, 95 percent CI 3.6â&#x20AC;&#x201C;6.4), while the mean number of cameras operated by local councils was 43.2 (15 percent RSE, 95 percent CI 30.5â&#x20AC;&#x201C;55.9). Around half of all councils (53 percent) reported operating 20 cameras or fewer, while one in four (27 percent) had 10 cameras or fewer at the time of responding to the survey. One in nine councils (12 percent) reported having more than 100 CCTV cameras in operation at the time of the survey. In other words, a relatively small number of councils account for a significant proportion of all cameras currently being operated by local government. The survey results also showed that cameras have been installed by local councils in a range of different locations (Figure 4). Among those councils that had CCTV in operation at the time of completing the survey, 56 percent had cameras installed on local council owned property (such as libraries, cultural centres, waste transfer stations, swimming pools), 48 percent had cameras in recreational areas, 28 percent had cameras in outdoor shopping malls and 27 percent had cameras installed in car parks. While around one in five councils (18 percent) reported having cameras installed in an entertainment precinct, the actual prevalence is likely to be much higher given that cameras installed in entertainment precincts may have been reported as other location types (because they serve different purposes during the day). The most common location for the main CCTV system (the system with the largest number of cameras) was council-owned property (25 percent of councils with CCTV), followed by recreational areas (21 percent).

All systems

Recreational areas

Entertainment precincts

046 SECURITY SOLUTIONS

Car parks and roads

Main system

Council property

100 90 80 70 60 50 40 30 20 10 0

2005

Digital technology

Colour imaging

Wireless connection

2014

More than 15 cameras

Figure 5: Characteristics of CCTV systems

Figure 4: Location of CCTV cameras (%)

Outdoor shopping centre

Information was also sought on the characteristics of the main system in operation in each council, to better understand the type of CCTV technology that is currently being used by councils. This information was comparable to data collected in the earlier Iris Research survey. Results for selected characteristics of CCTV systems in both 2005 and 2014 are presented in Figure 5. This shows that in addition to there having been an increase in the proportion of councils with more than 15 cameras in operation between 2005 and 2014 (31 percent cf 43 percent), there have been increases in the use of digital technology (59 percent cf 83 percent), colour imaging (61 percent cf 80 percent) and the use of wireless connections (33 percent cf 41 percent). In other words, both the size and sophistication of camera systems (or at least the main camera system) appears to have increased significantly in the past decade. It is worth noting that, because they are the largest system in operation, the main system may also be more likely to be upgraded, therefore the extent to which these results can be generalised more broadly to council CCTV systems is unclear.

Other areas

CCTV systems also vary in terms of control room operations. Monitoring and control room operations are arguably the most crucial element of a CCTV system, particularly where the aim of a scheme is to improve the response of police or private security to incidents as they occur (Wilson and Sutton, 2003). The monitoring of CCTV can be classified into three broad categories:

SECURITY SOLUTIONS 047

CCTV

1. Active monitoring, whereby a person sits and monitors camera footage in real time. 2. Passive monitoring, monitors are in view and are casually monitored by operators who react when an incident is observed in progress. 3. No monitoring, where recording devices record images that can be accessed and replayed if a crime is reported (Wilson and Sutton, 2003; Ratcliffe, 2006). Responses to the survey, as presented in Table 2, indicate that the majority of main systems operated by councils are not monitored (61 percent), while a further 15 percent were occasionally monitored by an operator during business hours (passive monitoring). Only 10 percent of systems were actively monitored, either during business hours or 24 hours a day.

additional funding to cover the operational costs associated with CCTV systems: • Monitoring is the greatest cost and the greatest benefit to ensuring an effective CCTV system. There is no grant funding available, only for capital costs (respondent 133). • Monitoring of cameras is a luxury a small council cannot afford (respondent 74). • Monitoring of CCTV is an expensive exercise (respondent 120). Further, there are important differences between councils and jurisdictions in terms of the relationship between local government and police and the extent to which police are willing and able to monitor local government operated CCTV. The 2005 n % 16

Occasionally by an operator during business hours

24 hours a day by an operator

During business hours by an operator

Other

Table 2: Type of CCTV monitoring

The growth in the use of CCTV systems by local councils has not been accompanied by an increase in the number of monitored systems. Based on a comparison with the results from the Iris Research survey, the proportion of main systems operated by councils that are actively monitored has fallen from around one in four to one in 10 systems, while the proportion of main CCTV systems that are passively monitored has also fallen (22 percent cf 15 percent). The proportion of main systems that are not monitored has doubled from 31 percent to 61 percent of councils with a CCTV system. This finding is not particularly surprising given the resources that are required to monitor CCTV and the focus of major grant programs on covering installation and infrastructure costs. A number of councils expressed concern about the cost of monitoring CCTV and the need for

048 SECURITY SOLUTIONS

Uncertain 4%

No requests were made 15% Once a year 10% Once every 6 months 15%

Once a week 20%

Once a month 19% Once a quater 17%

2014 n %

Recorded only, no monitoring

Total

importance on the value of CCTV footage in criminal investigations, rather than focusing primarily on the crime prevention benefits of camera systems.

126

actual benefit of monitoring CCTV systems will ultimately depend on its intended use. Specifically, monitoring offers the greatest benefit where it is used to support the rapid deployment of police or security personnel (or both). While this requires the resources to support monitoring activity, it also requires an effective working relationship between camera operators and local police or security providers. Use of CCTV Footage by Police There has been little Australian research that has examined the extent to which CCTV footage is used by police as part of criminal investigations. The survey, therefore, included a number of questions about the frequency with which CCTV footage was requested by police (where police were not responsible for monitoring the footage themselves). This is important, given that there appears to have been a recent shift towards placing greater

Figure 6: Frequency of requests for CCTV footage by police

The results are shown in Figure 6. Overall, four out of five councils (81 percent) had received at least one request in 2012–13 from police for camera footage from a system they owned or operated. One in five councils (20 percent) reported having received requests for footage from police approximately once a week on average, while a further 19 percent of councils received requests on a monthly basis. Fifteen percent of councils had not received a request for camera footage in that financial year. Councils were also asked to indicate the extent to which police had used this footage for different purposes (to the best of their knowledge). As shown in Table 3, more than two-thirds of councils (69 percent) who had received a request for footage from police reported that it had been used to successfully identify an offender ‘sometimes’ or ‘often’, and 55 percent of councils reported that the footage had been used to prosecute an offender ‘sometimes’ or ‘often’. CCTV footage provided by local councils was used less frequently to seek information from the public or in a community safety message.

‘Sometimes’ or ‘often’ (n)

‘Sometimes’ or ‘often’ (%)

Used to successfully identify an offender

Used in the prosecution of an offender

Used to seek information from the public about a crime

Used in a community safety message

Table 3: Police uses of CCTV footage

These responses appear to provide some evidence that police use local government CCTV footage in criminal investigations. However, these responses are largely based on anecdotal evidence. There is limited data available to councils on the impact of footage supplied to police for law enforcement purposes, and this was an area of concern raised by a number of respondents: • There is a need for better communication from the police on results of prosecutions as a result of CCTV footage provided (participant 15). • We need to be better informed as to the admissibility of the footage as evidence for court (participant 52). • When we have supplied footage to the police (at their request), we usually do not hear back from them to let us know whether or not it was helpful in identifying/ prosecuting an offender (participant 118).

Both the size and sophistication of camera systems... appears to have increased significantly in the past decade.

A consistent theme throughout the survey, reflected in qualitative responses to key questions, was the need for local government and police to work more collaboratively in designing, managing and monitoring CCTV systems. Conclusions and Implications Limitations aside, the findings from the AIC’s national survey of local government on the use of CCTV provides further evidence of the significant growth in the use of CCTV by councils in public spaces. Further, improvements in the size and sophistication of these systems are noted. Councils invest significant financial resources in CCTV and many have received external funding for the installation of CCTV. However, there remains a significant number of councils that have chosen not to install CCTV, most often because it is not viewed as a strategic priority, because crime is low, or because funding was not available. Councils have in place a range of different approaches to the collection, storage and monitoring of CCTV footage. There was evidence that CCTV footage from counciloperated systems is frequently requested by police agencies and that councils believed this had a positive impact in terms of identifying and apprehending offenders. More research is required in order to better understand the impact of CCTV footage on criminal investigations and the capacity of police to identify and apprehend offenders.

This article originally appeared as a research paper from the Australian Institute of Criminology in May 2015. The article has been republished with permission. The original paper can be found at: www.aic.gov.au/media_library/publications

SECURITY SOLUTIONS 049

BUSINESS

HR Resilience:

The Future Of Human Resource Management In The Australian Security Industry

050 SECURITY SOLUTIONS

By Greg Byrne This is the first in a series of articles written for Security Solutions Magazine on human resources (HR) resilience and the implications it has for the security and related industries in Australia. The term ‘HR resilience’ finds its origins in the current shift in thinking around business resilience in Australia, and although it could be just another trendy catchphrase to grab attention, it is not. It is a serious solution to a serious issue in the security industry in Australia, which is the effective management of its people in terms of workforce planning; focus on business strategy, values and mission; recruitment and retention of talented people who are actually capable of delivering on mission, strategy and value attainment; effective and real performance management and reward system; training and development that is focused on business strategy; and effective human resource information systems (HRIS) and the competent and effective management of those systems. In this article, the term HR resilience will be discussed, as will the reason it is important to business in Australia. The discussion will then progress to the skill base an organisation’s HR manager must possess if he or she is to progress the organisation to being truly HR resilient, followed by consideration of what the HR manager needs to know, what he needs to do and how he needs to be regarded. HR Resilience To ensure a company is resilient to adverse activity from employees, competitors or hostile external parties, a review and, where necessary, a restructure of HR systems and processes must be conducted. Adverse activity from employees could include anything that is either deliberate or done out of ignorance or wilful disregard of company policy or strategy. An example of deliberate action could be an employee who is planning to leave for a competitor and is collecting policy and training programs to take with them. Or a disgruntled employee facing disciplinary action and acting unethically to supply an external body, such as a union or a legal representative, with information to counter an internal investigation. Or the actions of a rogue employee who has ‘turned’ and is determined to inflict as much damage on the employer as possible before they are detected and dismissed. Non-deliberate adverse activity could come from any level of the organisation, but mainly from middle and upper level management where employees have access to the policies, processes and procedures at a level at which they are actually able to influence and interfere with the strategy and mission of the organisation. An example is a supervisor who refuses to let subordinates attend training or who rosters staff outside industrial guidelines, exposing senior management to industrial action or civil litigation. However, the greatest threat to HR systems comes from those who are closest to them, such as the HR manager and his or her direct reports. If those people are

not competent or do not have the interests of the company, the vulnerabilities of any company’s HR systems are quickly and brutally exposed. Threats by competitors are the norm for any business. In most cases they are easily detected and quickly counteracted, either through quick tactical manoeuvring, rapid damage control or through the guile of competent managers and tactically savvy employees and supervisors. But what if the attacks are not detected and the managers and supervisors are not competent or well trained; or what if the attacks were centred on the internal HR or business systems and they are not resilient enough to manage the attack? A responsive and competent CEO and Board could manage such a situation, but they should not have to. It must be recognised that most systems, processes and strategies in any organisation are people based. That being the case, the HR manager must accept responsibility and should have recognised the vulnerabilities and done something about them. If managers and supervisors are not capable or vigilant, they should be trained, rotated or, as a last resort, dismissed. A competent HR manager should recognise a system or process that is failing or vulnerable and do something about it. This is to say the HR manager should have redesigned and implemented the new policy or made appropriate recommendations to the CFO and CEO, and participated in remedial action. Attacks by hostile external parties may sometimes not be as evident or readily detected. This is mainly because these influences are not interacted with as regularly and, therefore, the vigilance of them is not as astute. However, if the internal systems are resilient and staff adequately trained, then the organisation should manage this activity easily. If an environment is created where staff at all levels are committed to the mission and strategy, and loyalty to the aims of the Board and CEO are complete, then employees closest to the attack and who are the first to detect and respond to the adverse

SECURITY SOLUTIONS 051

BUSINESS

gic ate ct Str hite arc

Co lla bo ra tiv e

Culture and change leader

Stakehold mentor and coach Organisational context

Understand and care

nd ist la ca activ i h Et ible d cre us eo ag r u Co

Infl ue nc er

Organisational capability

Feature oriented

and workplace designer

rt r pe Ex itione ct pra

052 SECURITY SOLUTIONS

e dibl Cre

The Competent Human Resource Manager If the greatest threat to HR systems comes from the HR manager, then the skill base of that person must be exposed and, if not up to standard, he should be trained up, moved or, if not possible, then perhaps removed from the organisation. The Australian Human Resource Institute’s Model of Excellence (MOE) is the best tool to test the skill base and competence of an HR manager. The MOE was developed after consultation with industry and is a graphical presentation of what a competent HR manager should know, is expected to do, and what peers expect him or her to be or do in terms of behaviours and capabilities. The know: a competent HR manager must be business driven and have strong knowledge of key business influences, operations and key organisational drivers. The HR manager must understand and manage stakeholder needs and, with the CEO and CFO, drive organisational performance. As a business driver, the HR manager must have a thorough understanding of legislative framework and effects social, technological, economic and demographic changes have on an organisation, and be able to anticipate the impact on the organisation. By being business driven, the HR manager is able to respond appropriately to internal and external influences and their likely impact on workforce risk, governance, sustainability and organisational performance. The competent HR manager is also a strategic architect who is able to develop people strategy in line with organisational strategy that the HR manager has actively participated in. The human resource and business knowledge of the HR manager should be such that he is acknowledged as an expert practitioner, strategic architect and an ethical and credible activist. The do: a competent HR manager should be part of the senior management team and be

involved in the development of organisational The AHRI Model of Excellence culture that is goal-reward-based and that drives The next article in the series will propose a shift the organisation to strategic success. The HR in thinking about the role of the HR manager and manager must create a competent, sustainable suggest that the position should be rebranded and capable workforce that has a culture of loyalty, Chief Human Resource Officer (CHRO) and sit with performance recognition and goal attainment the CEO and CFO as a triumvirate at the top of the – a culture that is focused on the organisational organisation, forming a solid link between finances strategy and mission and is used to rewarding and and the “… people who produce them”. This group being rewarded. As the HR manager drives the of three, as discussed by Charan, Barton and Carey organisation into this culture, he or she must act as (2015) is referred to as the ‘G3’ and signals an an important stakeholder, mentor and coach and intent by the CEO to move HR into the inner circle be capable of building and fostering relationships and contribute at the same level as the CFO. As and partnerships with key stakeholders in order to Charan et al state, “… the company stays on the ensure organisational capability. rails by homing in on any problems in execution. It The expectations: the reputation of the HR is the G3 that makes the connection between the manager should be one of high competence organisation and business results.” The third article and total recognition and commitment to the will discuss the various HR processes, policies and organisation and the organisational goals and functions that are vital to the effective running of any strategies. Peers expect the HR manager to be a organisation and how they can be made resilient. critical thinker who is capable of analysing data The fourth and final article will then showcase and situations in order to provide advice and make small, medium and large security companies in competent and strategic decisions that are focused Australia and demonstrate what resilient HR looks on mission and goal attainment. The HR manager like in the security industry in Australia. is also expected to be solutions driven, who focuses the organisation on business objectives, engages Greg Byrne is the CEO of MultiSec Consultancy Pty in continuous learning and improvement, has the Ltd. Recently retired from the NSW Police Force after courage to negotiate outcomes as agreed to by the 32 years, Greg currently teaches an undergraduate Board and CEO, and is focused on organisational diploma in policing at Western Sydney University and strategy and mission. The HR manager’s peers also is a sub-editor and board member of the Australian expect him to have the capacity and competence Police Journal. His academic qualifications include to develop positive and collaborative relationships Master of Management, Diploma of HR, Grad with stakeholders, employees and all members of Cert in Leadership and a Diploma a Security Risk the senior management team. The HR manager Management. Greg also possesses a current NSW should also be a member of a professional body, security licence – class 2ABD. He can be contacted preferably at a more senior level, to provide credibility via email greg@multisec.com.au and demonstrate competence and commitment to continuous personal development. Finally, the Critical and HR manager is expected to be totally enquiring thinker ethical in terms of loyalty to the So lu l tio na senior management team and ns o i s s dr e f ive organisation, and ethical in o r s s P n e n i n Organisational s terms of organisational Bu rive objectives d reputation and legislative and finance compliance. Workforce Resolver of issues

activity would do so effectively and ethically. They would also report up the hierarchical chain and the well-trained and committed CEO, CFO and HR manager would respond in appropriate and ethical ways, ensuring that systems were reviewed and staff adequately rewarded. The development of this environment is the responsibly of the HR manager, who trains employees and develops systems that are resilient and that reward good behaviour. A competent HR manager ensures that the right people are in the right place at the right time and when they are, interference with supply chains, operations and cybersecurity are quickly detected and responded to.

SECURITY INDUSTRY

INSURANCE Types of covers provided; • • • • • • •

Public/Products Liability Professional Indemnity Errors Omissions Cash in Safe/Transit Good in Care Custody and Control Loss of Keys Statutory Liability

• • • • •

Workers Compensation Criminal Defence Costs Management Liability Business Packs Motor Vehicle

Business Activities provided for: Static Guarding

Debt Collecting

Mobile Patrols

Drug & Alcohol Testing

ATM Response

Crowd Control

Sales & Importing

Alarm Response

Alarm Installation/ Maintenance

Professional Money Carriers

Body Guarding Investigations

Consultants

Manufacturing

Security Training

Use of Firearms/Dogs

And more... *We only use Authorised Australian Insurers

call now

for an obligation free quote

1300 880 320 Email: admin@guardsafe.com.au

SECURITY SOLUTIONS 053

COVER STORY

054 SECURITY SOLUTIONS

Unlocking The Value of Security

SECURITY SOLUTIONS 055

COVER STORY

By Joel Rappolt

Security cameras have the potential to offer much more than security: they can function as a source of information that offers benefits to many aspects of a business. Security managers often struggle to get adequate funding for CCTV systems because these systems are seen as a compliance cost. However, savvy security managers can turn security systems into a value add that drives business performance and, in doing so, make these systems more valuable to their organisation. Those who do not explore this path could find themselves beaten to the post by IT departments, who also have the capability to deliver added value using other systems such as Wi-Fi. There is much hype in the market around a number of technologies that can build an agile business – big data, the Cloud, the Internet of Things, and machine learning to name a few – as they approach the growth phase of the product lifecycle and early adopters try to benefit from them. Business leaders are looking to understand the opportunities to achieve competitive advantage from these technology advances. The opportunity for security managers is to unlock the benefits these technologies offer by using CCTV systems to gather data for these technologies. In fact, successful security managers of the future will collaborate with other business units such as marketing, sales and human resources (HR) to gain investment in CCTV infrastructure. By doing so, they reinvent their position in the organisation by becoming a business growth enabler. So how can this be achieved? In short, through the adoption of business intelligence software. This article explores how security managers can build services for other business units using CCTV infrastructure and highlights

Current Situation Because CCTV solutions are a compliance cost for business, security managers often find attracting the budget required to roll out a CCTV solution of choice is difficult. This results in the selection of a less preferred solution and/or inferior product. The consequences of this flow all the way through the value chain: 1. System integrators receive smaller installation and support services contracts. 2. Distributors receive lower volume orders. 3. Manufacturers of cameras receive lower volume orders. 4. Digital video recorder and network video recorder manufacturers sell cheaper products and less licences. These lost opportunities are a result of the CCTV infrastructure being predominantly dominated by software that is designed for security and safety purposes only. If this same infrastructure can create value for other business units such as marketing, property, sales, human resources and loss prevention, the potential to attract greater investment to deploy a more functional infrastructure increases significantly. This is a win-win as it benefits the business and all participants in the value chain. Consequently, the question that needs to be answered is: “How can the CCTV system be used in the creation of software that delivers value to the other business units?” One answer is to unlock information about the physical space that is provided by the CCTV infrastructure. The key objective of using this information is to give business units a clear, evidencebased indication of which business initiatives or changes to the environment are having a positive impact on the business. It can be used in testing tools to help choose the right direction for change – rapidly and at lower cost.

the gap between traditional video analytics solutions and the actual business problems they could potentially solve. It discusses the current situation faced by many security managers and introduces the capabilities they need to build or acquire in order to transform into a business intelligence enabler.

Examples of the type of business initiatives that could be evaluated using this physical space information include: 1. Did marketing campaign A or B attract more people to my store? (marketing) 2. Did training A or B result in strengthening sales capability? (sales delivery, HR)

056 SECURITY SOLUTIONS

3. Did training A or B improve quality of service? (QoS, HR) 4. Did training A or B reduce shrinkage through errors at the register (loss prevention, HR) 5. Which layout decreases choke points at my facility? (property and HR) 6. Which store layout better engages customers? As innovative ways to drive business are presented in the future, the CCTV infrastructure will be a key element that will enable the business to test these innovations so that they only adopt those initiatives that produce positive results.

MORE THAN JUST A GREAT 360° IMAGE IT’S META DATA ON TAP

Available in SNF-7010 (3MP) & SNF-8010 (5MP), WDR, Digital PTZ, Bi-Directional audio, M12 Connector* Double Panorama, Internal and Vandal. *M versions only.

call 1300 239 419 SECURITY SOLUTIONS 057 samsungsecurity.com

COVER STORY

If this same infrastructure can create value for other business units such as marketing, property, sales, human resources and loss prevention, the potential to attract greater investment to deploy a more functional infrastructure increases significantly.

Building the Capability Security managers have two options in building this capability and unlocking the data for software developers: building a team with internal staff or partner with a company that has the existing capabilities and technology. The following are the capabilities the security manager will be responsible for coordinating to ensure that the right data is collected and presented as information to the right target audience in a useable format that requires no further analysis to support a decision: 1. Consulting: understanding what kind of CCTV data is available and how it can assist the various business units to solve business problems. 2. Computer vision: using algorithms and ongoing testing to collect and maintain accurate physical space data based on CCTV system images. 3. Software development: • combining and correlating data from CCTV and other internal systems • presenting data as information to the end-user (the Board and other department heads) to support decision making with confidence • machine learning and statistical analysis to automate responses to re-occurring situations as they happen. 4. Software support: support any deployment of technology to ensure data accuracy and availability over the long-term. To date, many traditional video analytics products focus on the collection of data (item 2 above) and present the data in its raw form. This is problematic because business units have to either manually build their own data integration and analysis capability to turn this raw data into business information, or engage an analyst. Both options can be time consuming and costly. For these reasons,

058 SECURITY SOLUTIONS

many security managers frown on traditional business intelligence/analytics because they fail to reach their potential. Competition in this marketplace is growing; there are other competing technologies that can collect physical space data, such as Bluetooth, Beacons and Wi-Fi. In a time where managing complexity is a major cost for business, leveraging existing infrastructure is an obvious choice as it decreases the number of technologies a business needs to purchase, install and support. This gives CCTV and WiFi an advantage, as it is already deployed and available to be used. The race is on to see who embraces this opportunity first: security managers or IT network managers. However, it is worth pointing out that a Wi-Fi only solution only sees devices that have Wi-Fi turned on, which results in less accurate data. A computer vision based solution that uses CCTV is a much more accurate source because it sees people and objects.

The key objective of using this information is to give business units a clear, evidencebased indication of which business initiatives or changes to the environment are having a positive impact on the business.

A Typical Scenario for Marketing Here is a detailed rundown of the consultation, software development and support capabilities required. This scenario uses a retail chain as the business and a basic computer vision derived metric: a count of people into each store over time. It is also assumed that the security manager is using a partner to deliver this requirement and not building the capability in house. Consultation is the first step in the value creation process and is required before sourcing a solution to ensure the right data is collected to address the actual business problem. This is a very short exercise with the owner of the requirement that asks the question, “How is the people count information going to be used, and by whom?” Without questioning, the deliverable will be raw foot traffic data by day/week/month and so on. However, as a result of asking the question “How is the people count information going to be used, and by whom?” it is discovered that marketing is about to launch a series of campaigns and they would like understand the relative performance of each; that is, which campaign attracted more customers to the store. It is also confirmed that marketing does not have access to an analyst to extrapolate the data and that they are also interested in understanding which store has the best suggestive selling capabilities (requires integration of point-of-sale [PoS] data – software development capability). Human resources will also use this information to select which stores to focus training on to test different training approaches. The Challenge is to convert the pixels in the camera views into meaningful business metrics. This becomes a new type of data to add to a company’s data portfolio. Once this

RADWIN WIRELESS SOLUTIONS SECURE HIGHEST QUALITY VIDEO TRANSMISSION RADWIN’s carrier-class wireless solutions for video surveillance offer a market-proven solution that effectively handles uplink video transmission, low latency and dedicated bandwidth per camera. If you need high definition video for safe city CCTV surveillance, traffic monitoring & control, perimeter security or broadband connectivity to police patrol and mobile command contact RADWIN today.

» » » » » » » »

Point-to-Point backhaul - up to 250 Mbps Point-to-MultiPoint - up to 250 Mbps per base station Subscriber units range from 10Mbps to 100Mbps! FiberinMotion solution for wireless broadband in motion Guaranteed bandwidth (SLA) per camera site and supports PTZ Fixed & low latency for zero video ‘hiccups’ Transmission in dense urban areas with non-line of sight (NLOS) Operate in licensed and unlicensed Sub-6GHz frequencies

SAFE CITY CCTV SURVEILLANCE

TRAFFIC MONITORING & CONTROL

CALL US TODAY FOR MORE INFORMATION 1300 063 743 | sales@mergeidc.com | www.mergeidc.com | www.radwin.com

PERIMETER SECURITY

BROADBAND CONNECTIVITY TO POLICE PATROL AND MOBILE COMMAND

SECURITY SOLUTIONS 059

COVER STORY

data is available, it can be used to drive data/ business intelligence applications for the other business units. Many companies will be limited in the type of movement that their software can detect, so security managers need to ensure that any partner has a full suite of capabilities, such as top down and oblique people counting past a point; counting traffic between zones; floor space utilisation; queue and chokepoint dwell times; and population counts. Additionally, advanced partners may have capabilities such as number plate recognition and facial matching. Back at the retail store, the security manager needs to source software that can accurately count people past a point into the store over a long period of time. The best software will be able to use existing camera infrastructure for these counting purposes. Other options will require an additional dedicated camera in a specific placement, which usually inflates the costs. While some cameras offer integrated computer vision processing, the reality is that few, if any, of the cameras provide the processing power available to run best practice algorithms and are able to cope with a wide array of lighting conditions and viewing angles. Using such cameras may be possible for greenfield projects; however, most security managers will be looking to leverage as much of the existing infrastructure as possible â&#x20AC;&#x201C; probably a mix of analogue and IP cameras. Therefore, in order to maximise use of the existing infrastructure, a possible approach could involve the installation of a device onsite and connect to the camera network to convert the video streams into physical space data. The security manager needs to ensure the selected supplier has a process in place to enable the recalibration of technology to new environments (ideally at minimal cost), as the changes to physical environments that take place over time, including the angle of light, marketing signage locations, layouts and so on may influence what the camera sees. Software development and support capabilities are required to enable the solution. The CCTV cameras capture the movement, computer vision algorithms convert that movement to physical space data, which then

060 SECURITY SOLUTIONS

As innovative ways to drive business are presented in the future, the CCTV infrastructure will be a key element that will enable the business to test these innovations and only adopt those that produce positive results.

needs to be aggregated with PoS and HR data across a store network. Finally, that data is presented to the end business unit, typically via a web or mobile application. In order to meet the requirements, the data needs to be managed and presented as meaningful information. Remember, it is highly unlikely that your business will have an analyst available on an ongoing basis to extrapolate information from the data for the marketing or other teams, so the structure should be built into the way the data is presented when the software is initially developed. Ideally, it will be possible to establish a daily foot traffic baseline per store before the campaigns begin. The user interface will enable the user to label the campaign periods, for example, campaign A and campaign B. In a single graphical view, the user will be able to see the difference in foot traffic between the two campaigns, enabling the marketing department to identify the more successful campaign quickly. Perhaps it was advertising on the side of the bus that made one campaign more successful than another, maybe it was a radio segment. The objective for the business is to avoid spending financial resources on underperforming campaigns in the future, resulting in a more efficient marketing approach to attracting people to their stores.

This type of information is invaluable for marketing; but controlling this sort of testing takes a good baseline data set. The earlier this can be collected, the better. It also requires experience and statistical skills. What happens if our test site is an ice cream store and the weather during the better performing campaign was 35 degrees every day and the other campaign experienced 20 degrees? Was it the campaign or the weather that resulted in increased foot traffic? A skilled partner should point these things out, and should include weather condition information in the baseline and campaign data so that temperature can be taken into account. Security managers have an exciting opportunity: they are in the best position to begin unlocking physical space information. If they collaborate with the right partners, they can produce exciting capabilities that will benefit security functions and the business as a whole. Clients in security departments are already breaking long-standing deadlocks in the rollout of new security infrastructure with the enthusiastic collaboration of other arms of their business. When it comes to understanding what is going on in the physical spaces of a business, every department can benefit and be smarter and more agile as a result.

Joel Rappolt is the CEO of RocketBoots, a company with a creative approach to problem solving by thinking about problems from both a technical and business perspective. Joel can be contacted by email joel@rocketboots.com or on 02 9323 2500.

SECURITY SOLUTIONS 061

JUST LAW

062 SECURITY SOLUTIONS

The Power of Arrest

SECURITY SOLUTIONS 063

JUST LAW

By Justin Lawrence In legislation throughout Australia, the right of citizens to arrest and detain people in certain circumstances is enshrined. What we often forget, is that in most cases, these rights are the same rights available to security officers. What is meant by ‘in most cases’ is that, unless a security officer has been afforded some special powers such as the ability to enforce by-laws as a part of his or her role, then he or she has no greater power of arrest than the average citizen. However, unlike the average citizen, it is not uncommon for a security officer to have to affect an arrest. Therefore it is important for all security staff, supervisors and managers, to have a thorough understanding of exactly what boundaries those powers entail. In Victoria, for example, the Crimes Act provides that any person may use such force as is believed to be necessary to prevent the commission, continuance or completion of a serious offence, or to effect or assist in the lawful arrest of a person committing or suspected of committing any offence. This type of action is known in general terms as a “citizen’s arrest”. Whilst most readers have probably never been in a position where they have had to effect a citizen’s arrest in their private lives, they might have done so in a professional capacity. If that is the case, then in order to have acted lawfully, they must have acted in accordance with the terms of the Act. In effecting a citizens arrest, the Act states that the force used by the person must not be disproportionate to the objective. The term “disproportionate” is one about which members of the security industry ought to be familiar. Simply, the force used in arresting an individual must not greatly exceed the resistance. By way of illustration, it is necessary to examine the actual method used by a person to apprehend a suspect. If a person witnesses a man in a mask pull out a screwdriver, threaten a service station attendant with it whilst demanding cash, and then flee the service station with cash in hand, it is a disproportionate response for that witness to shoot the robber in the back as he is running down the street. It would, however, be an entirely appropriate and proportionate use of force for the witness to tackle the robber to the ground and to restrain

064 SECURITY SOLUTIONS

him until Police arrived, or to use a weapon of limited damage (such as a broom handle or cricket bat) to knock the robber off his feet in order to detain him until Police are called. In order for the arrest to be lawful, the citizen may only apply such force as he/she believes on reasonable grounds to be appropriate. What constitutes “reasonable grounds”? Regular readers of this column would be familiar with the term “reasonable” as it is a word that appears quite often in the law. It is a term that has no concrete application in every set of circumstances. Rather, it obtains its definition and context from the events surrounding its application. By way of illustration, it would not be reasonable for a person to carry a loaded firearm into a public place such as a cinema. However, it is entirely reasonable for a Police officer to do so. What is the difference? Simply, the Police officer is employed by the community to maintain peace, law and order. In order to do so, sometimes it is necessary for Police to draw and discharge a firearm. In the case of a private individual, however, there is no justification for carrying a firearm into such a place. Whilst the act itself is identical (carrying a gun into a cinema) the surrounding circumstances distinguish the actions as being either reasonable (the Policeman) or unreasonable (the individual). As a citizen is only able to exert such force as he believes on reasonable grounds to be proportionate to the objective (i.e. the arrest), the reasonableness of his actions will be judged by reference to the situation confronting him. For example, if a citizen sees a robber fleeing a service station with a screwdriver in hand after committing an armed robbery, and that person grabs the nearest “weapon” (such as a fence pailing) and strikes the robber on the back of the legs to bring him to ground, that level of force is likely to be considered reasonably proportionate to the objective of arresting the offender. Using the fence pailing to successfully bring the robber to the ground and then using the screwdriver to stab him in the arm would not be considered proportionate force. As it was probably not necessary for the screwdriver to be used by the arrestor at all in effecting the arrest, the use of the screwdriver by the person making the arrest

to inflict corporal punishment on the offender would be deemed to be a disproportionate use of force in the circumstances. Even where a person who is effecting a citizen’s arrest uses only such force as is proportionate to the particular objective, he must be certain that the arrest is lawful in the first place. The Act states that the arrestor must not only suspect a person of committing an offence but he must actually find the person committing the offence unless two exceptions apply. The first exception is where the arrestor is acting on the lawful instructions of a Police officer. An obvious example of this is where the robber fleeing the service station is being pursued by a Police officer who calls out to a citizen to “stop that man”. The citizen can then take such action and use such force as he believes on reasonable grounds to be necessary to effect the arrest. The second exception is where a citizen arrests a person who is believed to be escaping from lawful custody. Usually the belief will stem from the arrestor witnessing the escape from detention or from the arms of Police, or where the arrestor believes that this has occurred. In those circumstances a citizen is entitled to take such steps as are reasonably necessary and proportionate to effect the arrest. If neither of those two exceptions apply, then the Act states that any person may effect an arrest of another person without a warrant where the arrestor reasonably believes that the arrest is necessary to ensure the appearance of the offender before the Court; to preserve public order; to prevent the continuation or repetition of the offence or the commission of a further offence; or to preserve the safety or welfare of the public or the offender. Once the arrestor finds the offender committing the act, he must then be certain that at least one of the other elements is present before effecting the arrest. The term “found committing” an offence simply means that a person has witnessed a person behaving in such a way that there are reasonable grounds for believing that the person is guilty of an offence. In respect to Commonwealth offences, such as drug importation and social security

fraud, legislation states that any person may arrest another person without a warrant if he reasonably believes that the suspect is committing, or has just committed a serious offence and that the case is not one that can be properly dealt with by Police summoning the offender to appear at Court. Importantly, in so far as Commonwealth offences are concerned, the law requires people who have effected a citizen’s arrest to hand the offender over to Police as soon as practicable. Although the state-based legislation does not contain a requirement that persons who have effected a citizen’s arrest must hand the offender over to Police as soon as practicable, the spirit of the Act expects that this will be done. It seems apparent from the way that the citizen’s arrest powers are drafted that Parliament’s intention is not to create a second tier Police force or to empower vigilante groups. Rather, the legislation appears to recognise the fact that in many cases Police officers require the help of citizens to adequately perform their duties, and that those citizens must not be subjected to criminal charges in the event that they have acted reasonably and in accordance with the legislative requirements. The power to effect a citizen’s arrest is limited to the situations outlined above. This is considerably different to the power of Police to effect an arrest. Police are given power by legislation to arrest people. There is no automatic right given to Police to do so – only acts of Parliament provide them with their power. Importantly, if an arrest does not fit within any of the categories in those pieces of legislation then it is unlawful and may be resisted through the use of reasonable force. In Victoria the Crimes Act states that no person may be arrested without warrant other than in certain circumstances. One of those circumstances is where a person is found committing an offence. The elements of that type of offence have been outlined above. A further power given to Police to effect an arrest without warrant is where Police believe on reasonable grounds that a person has committed a serious indictable offence. There is no need for the Police to have found the accused person committing the offence. Rather, the Police need

There is a fine line between a lawful arrest and the unlawful deprivation of liberty... Actual capture is not an essential element of an arrest.

only have reasonable grounds of belief that the suspect has committed the offence. In so far as offences against Commonwealth law are concerned, Police are empowered to arrest a person without warrant where they believe on reasonable grounds that that person has committed or is committing an offence; if charging the person on summons to appear at Court would not stop the suspect from committing further offences; to prevent evidence being lost or destroyed; to make sure that the suspect appears at Court to answer the charge; or to stop the harassment or intimidation of witnesses. There is a fine line between a lawful arrest and the unlawful deprivation of liberty. It is important to realise that a lawful arrest involves the actual seizure of or physical contact with a person’s body with the intention that the person be detained. Actual capture is not an essential element of an arrest. Technically, if there is no touching of the body then there is no arrest. However, if a citizen does anything that would

lead another person to believe that their liberty has been removed, such as asking them to wait in a room, then the person being asked to wait could argue that they were under arrest regardless of whether or not an actual lawful arrest (physical contact) has taken place. Once an arrest has been effected by Police, they are required to inform the suspect of the nature of the charge. This does not apply where the suspect is aware of the reasons for the arrest beforehand. As far as citizen’s arrests are concerned, there is no requirement for the suspect to be informed of the charge prior to the citizen handing him over the Police, as the citizen will have little to do with the charge other than, perhaps acting as a witness. The situation is the same for offences against Commonwealth law. There are no special powers given to citizens to perform de facto Police duties other than those pertaining to citizen’s arrests outlined above. If the powers enshrined in legislation in respect to citizen’s arrests are not followed carefully, then the criminal law might very well treat any misuse of those powers as an assault by one member of the public against another. Justin Lawrence is a partner with Henderson & Ball Solicitors, 17 Cotham Road, Kew, Victoria, and practises in the areas of Commercial Litigation, Criminal, Family and Property Law. Henderson & Ball has Law Institute of Victoria accredited specialists in the areas of Business Law, Property Law and Commercial Litigation. Justin Lawrence and Henderson & Ball can be contacted on 03 9261 8000. Whilst every effort has been taken to ensure its accuracy, the information contained in this article is intended to be used as a general guide only and should not be interpreted or taken as being specific advice, legal or otherwise. The reader should seek professional advice of a suitably qualified practitioner before relying upon any of the information contained herein. This article and the opinions contained in it represent the opinions of the author and do not necessarily represent the views or opinions of Interactive Media Solutions or any advertiser or other contributor to Security Solutions Magazine.

SECURITY SOLUTIONS 065

FEATURE ARTICLE

066 SECURITY SOLUTIONS

Intelligence As A Tool For Risk Decision Making Part Two

SECURITY SOLUTIONS 067

FEATURE ARTICLE

By Codee Ludbey Effective security decision making is vital to business success and ensures a secure workplace for everyone. Security intelligence can be used to improve the efficacy of such decision making in times of crisis and in dayto-day operations. In the previous issue, the usefulness of using intelligence processes and practice to inform risk decision making was discussed. The uncertainty of decision making that comes hand-in-hand with the corporate security function within an organisation must be addressed with improved situational awareness and better information. Commonly, corporate security functions are undermanned or overworked, and the challenge of staying up-to-date and informed on all business operations and their operating context can be difficult to overcome effectively. This issue can be addressed by embedding intelligence processes throughout the corporate security function. Many experts agree that security intelligence provides a vital foundation to the security risk assessment and the broader security business unit. They explain that effective security intelligence process can enable the corporate security manager to tailor risk mitigation strategies appropriate to the threats being faced by the organisation and provide an increased opportunity to make decisions with reduced environmental uncertainty. Further, these processes provide the corporate security manager the ability to develop an objective, evidence-based argument to the executive team for resources and manpower to counter the threats identified throughout the process. Resourcing and Education Any in-house intelligence program will require operatives to be well resourced, well trained and educated in intelligence methods. Intelligence operatives working within the function should be dedicated personnel, not only due to the specialist role they fulfil, but also so the intelligence program can operate as designed: to reduce work load, uncertainty and complexity in other security operative roles. It is noted that the initial cost of setting up an intelligence program in-house can be expensive and time intensive; however, the rewards and benefits, especially in the

068 SECURITY SOLUTIONS

quality of information being provided for key decision making, will justify the expenditure. As with any new business operation, it is vitally important that management oversees the set up and operation of the program from day one, ensuring it is fit for purpose and meeting expectations. Ideally, the intelligence program will collect information extensively on internal and external threats, using a wide variety of sources. It is important to understand, however, that reliable and quality external collection will require a greater expenditure of resources due to the nature of the threats posed. Intelligence function capability and quality will increase in line with the expenditure and education provided to those involved. The crux of any successful program is the level and quality of training and education provided to the intelligence operatives, as mental rigour and knowledge of collection methods and analytical techniques are vital. Degeneration of the intelligence program will occur if no support or review is provided by management. Collection Any intelligence process needs effective information collection techniques and sources to succeed. For the most effective collection of information, exploitation of the organisation’s staff and customers is a necessity. This means the analyst must be able to interact with all levels of the organisation in some capacity, and would be required to build trust and relationships with people on the ground, as well as people in the board room. Each level of an organisation is involved with a slightly different aspect of the external environment and has a unique view of the organisation’s operations and risk. By utilising this network of natural information collectors, the analyst can build a coherent picture of the organisation and its environment. Further collection from outside of the organisation can also occur. Depending on the organisation’s political clout and operational environment, it may be possible to build relationships with policing and emergency services to gain access to more relevant crime and event

data. Another important resource for threat intelligence is other security practitioners. Due to the non-competitive nature of security outcomes, relationships can be built between security practitioners across many industries, fostering a level of information sharing and understanding not available outside through other means. Web resources, such as social media, news websites, government bulletins and policy documents, are also valuable sources of information and can provide unique perspectives on an issue. Analysis Once information has been collected, it must be put together in such a way to provide understanding of the issue at hand. Critical to this analytical phase is the notion of ‘valueadding’ to the information. Value-adding is the process through which the analyst provides predictions of possible outcomes, suggests courses of action, identifies trends and explains indicators that one should expect to see if a situation is developing in a certain way. The notion of value-adding is what differentiates intelligence from news and allows the decision maker to have more insight into what is actually happening and what may happen in the future. It is vital that the analyst takes an approach of disproving his or her theory of events rather than seeking information to prove said theories, as this is one of the easiest ways to reduce analytical bias.

Intelligence function capability and quality will increase in line with the expenditure and education provided to those involved.

The notion of value-adding is what differentiates intelligence from news and allows the decision maker to have more insight into what is actually happening and what may happen in the future.

The true worth of an intelligence function is not measured in the collection capability. Intelligence success stems from what is determined from the information collected. The analyst should not be expected to know everything, but should be able to understand information in the context of the problem and provide advice based entirely on what is known and what is probable. It can be assumed, especially in the business environment, that the decision makers will, at times, be privy to information that the analyst is not, due to their industry contacts or other information supply lines. In this case, the analyst must be able to contextualise that information within the current operational or strategic picture and provide coherent advice. Dissemination Dissemination is an often overlooked but critical part of the intelligence program. Consideration must be given to who actually receives the intelligence product. Whilst the immediate answer is usually the leader of an organisation or manager of the relevant division, this may not always be the case. The intended audience for intelligence products is the person or persons who are making the decisions. In some cases, the organisational chart is not a perfect indicator of reporting or decision-making hierarchies. For truly effective intelligence,

the analyst or intelligence team must devote time and resources to understanding the ins and outs of the organisation, especially the true reporting hierarchies and decisionmaking authorities at every level. Through this understanding, more effective dissemination can be achieved, as timely information can be sent to the right person. Another important factor to consider is the timeliness of the information. Intelligence is useless if it is not available when it is required. The analyst must be proactive and ensure that dissemination occurs regularly and in a timely manner to ensure the efficacy in the product. This may require extensive communication with the decision makers to ensure clear communication channels and understanding of both partiesâ&#x20AC;&#x2122; requirements. Security Intelligence and Risk Management Part one of this article pointed out the importance of integrating the security intelligence process into the risk management function, and part two has discussed what this may look like in practice. Whilst security intelligence can and should be used extensively with the organisationâ&#x20AC;&#x2122;s security risk management program, over time, this function may develop to expand its scope beyond security risk management. A strong intelligence function, with full organisational buy-in and support, can be a powerful tool used extensively across the organisation to inform all levels of an organisation about security and aid in the development of a security culture. A well-implemented intelligence function can build resilience and provide the competitive edge a business needs in the modern world. Most importantly, informed, evidence-based argument about security needs based on the threat spectrum is vital to ensuring the security business unit is properly resourced and preventative security measures can be implemented in a timely fashion; intelligence can facilitate this discussion.

The true worth of an intelligence function is not measured in the collection capability. Intelligence success stems from what is determined from the information collected.

Codee Ludbey is the 2014 recipient of the Australian Security Medals Foundation Ruddock Fellowship. Codee also holds a Bachelors Degree in Security Science from Edith Cowan University and is an independent security consultant.

SECURITY SOLUTIONS 069

LOSS PREVENTION

070 SECURITY SOLUTIONS

Developing Loss Prevention Networks By Daniel Pinter and Callan Lynes The power of networks is well known in the business world, and it is said that the greater an organisationâ&#x20AC;&#x2122;s network, the greater its influence and likelihood of its success. As the Internet has made the world a much smaller place, professional and social networking sites such as LinkedIn and Facebook have become very popular and are educating people once again about the power of networking. An example of how powerful networking with the right people in the security industry can be occurred just the other day. A client had a query about what incident reporting system to use for their large LP (loss prevention) team. The question was posted on a couple of the many LP forums on LinkedIn and, within two days, approximately 40 responses of various solutions with website links and other information attached were received. Any one of the respondents could be contacted for further information about their experiences with the products, including benefits and shortcomings, or even pricing. Benefits Of Developing An LP Network For a security manager or LPM (loss prevention manager), peers are one of the best sources of valuable information. Being a part of a network of like-minded organisations and individuals can be very empowering. Knowing that at their fingertips is the expertise and resources of a group of professionals that share the same fundamental desire to improve the success of

their own departments and the retailers that they serve is very beneficial. Networks provide an opportunity for LPMs to discuss industry trends, new technologies, and to share experiences and solutions to typical problems. This method of sharing information can create an opportunity for LPMs to significantly enhance their abilities and industry-related knowledge. LPMs can lead their teams to improved results through the implementation of new systems, technologies and strategies based on the information that is shared within the network. LPMs may be facing a particular problem within their organisation and may not have the resources, knowledge or experience to combat it, but by being a part of a network they can likely gain valuable feedback about their own solution and/or be exposed to alternative solutions from other members. Networks also facilitate the creation of relationships with other industry professionals; some will form into true partnerships that can last decades. These relationships can become very valuable during the career of an LPM, as the assistance or cooperation of a fellow professional could be required at any time. Face-to-face networks for LP professionals are often hard to come by and this article aims to encourage LPMs to actively seek out or develop their own networks. But even though there may not be a lot of opportunities for LPMs to participate in face-to-face networks, there

are a lot of opportunities to network and share information on the Internet via professional and social networking sites. The number of easily accessible LP forums and networking groups on the Internet is growing and, whilst it is true that more personal relationships are created in a face-to-face environment, one benefit of Internet networking is the easy access to the knowledge and input of hundreds of LP professionals from all around the world. As demonstrated in the introductory example above, experienced help and opinions are only a few keystrokes away. Sharing LP Intelligence And Conducting Joint Operations Through local LP networks, valuable LP intelligence can be shared and also developed. The network may discuss intelligence on any number of local crimes and crime trends, with sometimes the involvement of a police representative in the form of a crime prevention officer. This type of intelligence can include information about robberies; the use of counterfeit money; cheque, credit card or refund scams; organised retail theft rings; fraud cases; and assault on customers. All members may have access to the information but are to be governed by strict guidelines to protect the legal liabilities of the group. Criminals often share information better than security professionals do, so this type of intelligence sharing can help close the gap.

SECURITY SOLUTIONS 071

LOSS PREVENTION

These networks are also great for when special events take place, such as demonstrations, government conferences, or major events. They can be utilised to improve communication and intelligence sharing during these challenging events through joint operations. Members can plan for these events together and with the involvement of emergency services. In the United States, it is a common occurrence for these types of networks to grow to 200 or 300 members in size during these types of events, with the involvement of a wide variety of interest groups and stakeholders. Other joint operations of the network with the involvement of the Police Target Action Group can target just retail crime. For example, such an operation may run in a central business district for several days, utilising a central control room which provides communications and a central command. Each participating retailer would have their covert and uniformed LP officers on duty, actively targeting any form of retail crime. Police are called to every arrest taking place, while the stores also conduct their normal procedures for apprehensions. All of the results of apprehensions and their details are shared amongst the group and the results can be analysed at the central command and at a follow-up meeting post-operation. The cooperative nature of this type of operation usually ensures some great successes in various areas. A consideration in these types of operations is the company policy and the implications of privacy laws when sharing information with other organisations, but as long as these are carefully considered at the time of the operational planning, any issues can usually be overcome or worked around. Developing A Face-To-Face Network The biggest challenge faced when attempting to start face-to-face loss prevention networks is to gain the commitment and active participation of the members. Successful groups achieve this by utilising a number of key strategies in how they set up and run their meetings. The number one task of a newly formed group is to agree on the purpose of the group, which can include many of the items mentioned in the article, including the sharing of knowledge, information and experience. The purpose

072 SECURITY SOLUTIONS

There are a lot of opportunities to network and share information on the Internet via professional and social networking sites.

should be clearly defined and documented. Then, guidelines about how the group is to be run must be decided, most often including the appointment of a facilitator, deciding on the location and frequency of the meetings, the rough idea of the general agenda, and the kind of culture that the members want to create. The key here is not to become too bureaucratic, but it is critical that these areas are addressed at the outset and documented. Members appreciate a well-organised meeting that keeps to specific outcomes. Once the setting up of the group has been established, there are some useful things to consider. Firstly, networking is about building relationships. Opportunities for members of the group to get to know each other and find common ground must be created. There should be a time before and after the structured meeting where members stand and chat over a coffee, for example. Also, a different member of the group should do a short five-ten-minute presentation every meeting, on a topic that is relevant to the group.

This is part of the art of creating value for all of the members of the group. If true value is not created successfully, members will not attend future meetings or get involved with information sharing. It is said, â&#x20AC;&#x153;To get the most value from a networking group, you should first add value yourself. By sharing information or assisting others in solving their issues, you gain their trust and they are more likely to share information with you which will assist your own operations.â&#x20AC;? In other words, contribution must go hand-inhand with participation. Another way to create value is to be selective of the members of the group. This means selecting individuals who fit the ideal member profile of the group, something that should be identified early on. Remember that no two groups are the same, so being flexible in the approach is important, but so is developing a strong structure that clarifies who the group is for, what it stands for and what value it will create for its members. The aim of this article has been to awaken some interest and demonstrate the value in LPMs and security managers becoming members of networks of like-minded organisations and professionals that share the same desire to improve the success of their own departments and organisations. Through these networks, whether face-to-face or online, they are able to easily access the experience and resources of other members and can, therefore, meet the challenges they face with increased confidence.

Daniel Pinter is the Marketing and Business Development Manager at Vision 3 IT, a network security service provider. Daniel is a former private security consultant with extensive security industry experience across a number of sectors, including retail loss prevention, university security, and risk management. Callan Lynes is a security professional who has worked in the security industry for close to 20 years. Currently the Client Services Manager at Business Risks International, his experience includes successfully operating his own private security firm and management in the retail and university sectors. He can be contacted via email at callan.lynes@gmail.com.

KeyWatcher is a reliable and extremely easy to use electronic key management system, designed to prevent mismanaged, misplaced, or stolen keys. KeyWatcher eliminates outdated metal boxes, unreliable manual logs and messy key identification tags utilising a computerised storage cabinet. The system releases keys only to the individuals with correct authorisation, recording each user transaction and providing total system accountability.

KEYWATCHER SYSTEM OFFERS to 14,400 keys and 10,000 user per site l “Site” concept uses a common database l Numerous high level interfaces for access control, contractor management and vehicle fleet systems l Longer user IDs can be up to any 6 digits, plus a 4 digit PIN l Bright 7” full colour, touch screen l “Key Anywhere” allows keys to be returned to any KeyWatcher Touch within a site l On-screen guides for users, along with voice commands l Up

Available in Australia through: AST Pty Ltd T: +61 2 8020 5555 | M: +61 417 089 608 | F: +61 2 9624 7194 E: di@astpl.com.au | www.astpl.com.au

SECURITY SOLUTIONS 073

FEATURE ARTICLE

Importance Of Security Professionalisation For Australia

074 SECURITY SOLUTIONS

SECURITY SOLUTIONS 075

FEATURE ARTICLE

By Alex Webling A self-regulating security profession is the best option to resolve the mess that exists in Australian security licensing regimes. Supporting Security Professionals Australasia and becoming a registered security professional with the Security Professionals’ Registry (Australasia) [SPR-A] will help drive positive change. Whether a supplier or a consumer of security services, it is in everyone’s interests to see a more professional security industry. Security Professionals Australia (SPA) is the federated body consisting of representatives from industry groups, professional associations and institutions, government and tertiary education, as well as individual members – both registered security professionals and leaders who have demonstrated commitment to the development of the security profession. Together, they represent the collective voice of the security profession. As the representative body, SPA sets professional standards for security practitioners and promotes their common vocation to serve and sustain the security of the community. In delivering industry self-regulation, SPA also has a key thoughtleadership and advocacy role for the profession and within the public domain in general in relation to security matters that impact the community. Security licensing in Australia has demonstrably decreased competition and resulted in lower quality services at higher prices without improving societal security. The security industry is as diverse as the society it seeks to protect. Security licensing regimes in the states and territories are being operated as profit centres for cashstrapped governments where applicants either fit within a ‘box’ or do not. Based on requirements for only nominal education standards and police checking, the regime delivers minimal regulatory outcome and has resulted in no measurable improvement in the quality of security service provision. The restraint of trade imposed by state licensing schemes that require professionals to have separate licences for each state or territory increases costs and reduces flexibility for suppliers and consumers of security services alike. As an example, just think of providers servicing Queanbeyan, NSW, which is effectively

076 SECURITY SOLUTIONS

a dormitory suburb of Canberra. Many highly specialised Canberra firms do not hold licences in both jurisdictions. For large firms, they may not be able to move their specialists between contracts. Effectively, this means less competition, higher prices and lower quality overall. To state the obvious, this is not a stated objective of the security licensing regime as it stands in 2015. The same state of affairs holds true in Hobart and Melbourne. What is Professional Self-Regulation? SPA aims to change the landscape by building the case for self-regulation for security professionals. Self-regulation of a profession through registration is a well-understood path; it is one of the oldest means of controlling the practice of professions. Government authority delegated to professions has provided them with a significant autonomy and authority in identifying professionals. In the 21st century, the emphasis on self-regulation is an underlying focus on protection of the public and society at large. This idea encapsulates the difference between a profession and a job. Beyond being an expert in a particular field, a professional has a higher calling to their society through their adherence to ethical standards. By becoming self-regulating, a profession gains greater autonomy and control, but also professional prestige. At the same time, with great power comes great responsibility; the regulatory body for a profession is able to set entry requirements and standards for practice. In addition, the regulatory body provides members

of the profession with a voice into government. An individual who wants to be part of the profession is judged by their peers. This provides a transparent means by which competency and professional standards are defined and implemented throughout the profession and across Australia and New Zealand. Prestige comes with becoming a professional and there are commensurate financial benefits to professionals from the increase in demand for services of a profession due to the public’s trust that registered professionals have high standards. Many Australian professionals have some form of self-regulation and have developed selfregulation and registration schemes. Medical practitioners, accountants, engineers and lawyers are all professionals where self-regulation plays some role in upholding standards. In many cases, professional self-regulation schemes involve coregulation with government, as the professions are so important to modern life. There is a similar picture in countries like New Zealand, the UK and Canada. In light of the scope and criticality of the services provided by the security profession, there is no doubt that effective regulation is called for. However, until now, the profession has been subject to various state and territory licensing regimes only. The registry function within SPA represents the only time that a nationally consistent regulatory framework has been implemented. In providing a self-regulatory framework in which professional standards, professional development and competencies can

In light of the scope and criticality of the services provided by the security profession, there is no doubt that effective regulation is called for. However, until now, the profession has been subject to various state and territory licensing regimes only.

be delivered, measured and developed through time, SPA is providing an essential service and is saving substantial red tape for government. Security professionals, and those seeking to be recognised as such, are now able to have their skills, qualifications, experience and attributes assessed, recognised and registered. This is a powerful enabler for professionalising the industry and a substantial public good – registering security practitioners against established competencies and ethical standards enhances their ability to meet their primary duty to the community and to maintain recognised professional standards. The Self-Regulation Opportunity for Government Self-regulation is also a significant opportunity for governments. Allowing self-regulation enables governments to demonstrate that they are working to protect the public. At the same time, government remains at arm’s length from registrants, insulating them from responsibility for individual failure. In this way, governments can demand the profession meets ethical standards without having the expense of policing them. The government also saves the expense of hiring other professionals to create specialised standards and rules for different specialities within the profession. Setting and evaluating highly specialised standards is something that governments do not do efficiently or effectively. Moreover, because the profession regulates itself, it is also able to be more flexible in its regulatory process and change rules as circumstances change. This is especially important to the security industry with the constant change that it is experiencing in security practice. Specifically for the security profession, given the current licensing morass, there is an opportunity for government to reduce red tape while at the same time improve security outcomes by encouraging and promoting development of self-regulation at the security professional level by streamlining the security licensing process. SPA is undertaking the self-regulation journey by creating an Australasia-wide registration scheme for security professionals that provides a transparent means by which competency and professional standards are defined and

implemented throughout the profession. The benefits of a nationally consistent registration process for government and the community that incorporates a robust ‘fit and proper’ test include (but are not limited to) the following: • Procurement: The new arrangements provide a credible means for the validation of claims regarding professional standards and competencies made by organisations and individuals tendering to provide services. The various licensing regimes that exist in some

Security professionals... are now able to have their skills, qualifications, experience and attributes assessed, recognised and registered. This is a powerful enabler for professionalising the industry and a substantial public good. state and territory jurisdictions do not. Moreover, because the registration scheme is Australasia wide, it does not preclude experts from crossing between state and territory borders, unlike the current licences do in practice. This represents substantial benefit in government and private sector procurement decision making. Agencies can get the best talent at the best price. SPA is seeing examples of this emerging in Commonwealth procurement, but this needs to be a common inclusion in all procurement decision making. • Employment: Mobility of security professionals within government and between sectors is also served by the capability of employment decisionmaking processes to validate claims regarding professional standards and competencies. As with procurement, such validation has been difficult in the past and decision-making processes in this regard can only benefit from the new arrangements.

• Free flow of skills and experience: A nationally recognised means of acknowledging the competency and professional standards of practitioners will promote a deeper understanding of the essential nature of security services within the community and will enhance ‘cross border flows’ of skills and experience across the security domain. • Professionalism and a body of knowledge: SPA provides thought leadership and policy in key areas, including education, certification and continuing professional development, professional conduct, and national and international standards. Input and policy development regarding these matters are provided for the greater good and, in particular, in support of the work of the SPR–A in its registration decision making. These critical areas of work will enable the security profession to align itself more closely with the public good and the needs of the community. What this Means Looking forward, given that these arrangements are in the interests of the security industry and the community more broadly, readers should: • encourage those engaged in security management, policy and implementation to register as recognised security professionals • encourage government agencies and the community to look favourably upon registered professionals in recruitment and promotion to security management positions • promote the benefits of the new arrangements in government and business procurement decision making by treating registration as at least a desirable attribute for tenderers. Alex Webling is a registered security professional and a director of Security Professionals Australasia. Visit www.securityprofessionals.org.au for more information.

SECURITY SOLUTIONS 077

AVIATION ALARMSSECURITY

Aviation Security – Has It Really Improved? By Steve Lawson The anniversary of the September 11 attacks in New York strikes me as a good time to consider if aviation security has improved over the intervening 14 years or whether many improvements are little more than ‘smoke and mirrors’. More importantly, could a better job have been done? Having been involved in various aviation security management roles since 1989, I have a reasonable industry memory. In that time, I have been able to watch the implementation of ideas and policies, see them run their life, be discarded and later reintroduced as ‘new’ ideas. Reflecting on these types of questions is important, but it is also often very uncomfortable. If I make an argument that there has been no real improvement in aviation security then it can be argued that, with others, I have wasted years and the industry has wasted billions of dollars. Therefore, my answer to this reflection is a fence-sitting yes and no. Maybe it is simply that I do not want to think that I have wasted years of my life, but I do not think that years have been wasted – misused is a possibility, since it can be argued that the focus has been too much on visible and less productive measures. There is almost no doubt that huge amounts of money have been wasted. Aviation security is not about crime that has some association with aviation; it is about preventing acts of unlawful interference with aviation. So, stealing wine off an aircraft is

078 SECURITY SOLUTIONS

not an aviation security incident, but it can be argued that stealing the life jacket may be an act of unlawful interference with aviation. So, what do the statistics say? Some measures seem to have been spectacularly effective. Restricting travel on and locking the flight deck door have probably been the most effective measures. Since the 2001 attacks, there have been 13 hijackings and many of those were attempts. In 2001 alone there were five hijackings, not including those associated with the attacks in the US. In the 14 years before September 11, there were 28. This is not an in-depth analysis of the causes of those hijackings, but it is fair to say that the reduction in hijackings has been in no small part due to locking and armouring the flight deck doors. Can similar conclusions be drawn about weapons detection? The answer to that question is much more subjective since there is not an accurate database for weapons detected. Also, what is considered a weapon has changed over time. For example, today, knives in the cabin of the aircraft are not specifically banned. Instead, “sharp things designed to be used primarily to inflict injury or to be used in self-defence” are banned. In 1999, the legislation was not as pragmatic. The list of weapons then was quite specific – to stop knives getting into the cabin of an aircraft “sharp things” were not banned, but knives and “items which in the opinion of the aircraft operator is a weapon” were.

Knives were described in a list of weapons as: • a flick-knife or a knife, sword or other weapon hidden in a riding crop, walking stick, walking cane or umbrella • a knife commonly known as, or a device similar to, a star knife • a knife or scissors with a blade length exceeding 100mm (4 inches). Given this list, the box cutters used in the September 11 attacks were quite legal here! “Items which in the opinion of the aircraft operator is a weapon” was a whole different issue. I recall a discussion where it was considered whether walking sticks were a weapon or not. Thankfully, it was decided that they were not. Weapons also used to be handled differently. Aircraft personnel used to take possession of items like knives, place them in a special bag and put them into the hold of the aircraft and let the passenger collect the item from the baggage master on arrival. That process included keeping records and reports.

So it could be reasonably suggested that the changes in aviation security have resulted in a near 40 percent reduction in aviationterrorist incidents.

Is aviation security better than it was in 2001? Overall, yes, if only because aviation security is now an important driver for most organisations, staff and passengers.

That does not happen today. If a passenger arrives at a screening point with a knife, he gets a choice of dropping it down a slot and losing the knife, putting it into his checked baggage or getting rid of it some other way. The process involves few records, so comparing records from today with pre-2001 records is meaningless. Having said that, according to the global terrorism database, in the 14 years before 2001 there were 400 incidents associated with aviation and in the 14 years after there were 244. On the face of it, that is a 39 percent reduction in terrorist-related incidents. If considering the same data for non-aviation related terrorist incidents for the 14 years before 2001, there were 44,283 (41,409) incidents associated with aviation and in the 14 years after there were 68,219 (42,017). The figure in brackets is the number if incidents in war zones such as Afghanistan, Iraq, Libya and Syria are removed. Consequently, terrorist attacks on non-aviation targets have stayed about static. So it could be reasonably suggested that the changes in aviation security have resulted in a near 40 percent reduction in aviation-terrorist incidents. Some readers may recall that there was a ‘crisis’ in Australian aviation security in 2014. A media organisation raised a range of aviation security issues at major Australian airports and consequently there was a Senate review of aviation security in early 2015, with the report due in December 2015. I have not been involved in any submission to the Senate and I have no idea what the report will say. However, as with much in aviation security, the smoke and mirrors aspect is not a one-way street. Fuel containers under an aerobridge in Canberra is a safety issue, not a security breach. Is aviation security better than it was in 2001? Overall, yes, if only because aviation security is now an important driver for most organisations,

staff and passengers. In short, they take aviation security seriously. Since they take aviation security seriously, they notice security issues and consequently report them. So it would be expected to have a greater number of ‘security incidents’. It is the old story: there were no reports before that date and now there are hundreds. It only happened after a reporting system was implemented. When I first started in aviation, I had running ‘discussions’ with some engineers who did not want to close the door to their area since it meant that they had to remove their access card to open the door. Removing stairs from unattended aircraft almost caused a strike! Today, try to find an engineer who does not take security seriously. Has money been spent in the right area? In the US, yes – to be frank, they needed to spend the money and make changes. In Australia, there is less certainty. I have zero evidence to back up this assertion, but if I were asked to take the same weapon through a screening point in 1995 and today, I think that I would have the same chance of being detected. That is not to say that security is as bad as it was in 1995; quite the opposite – 1995 was not that bad. Where should there have been a greater focus? On such things as behavioural analysis, voice stress analysis and facial recognition, although some of those things are being introduced now and some have been there for a few years, but not since 2001. The air cargo system still needs to be better secured, although positive steps have been taken in the training area. So after all of this rambling, was the decade and a half a waste? No. With the benefit of 20/20 hindsight, things could have been done a little differently and some more quickly. Was money wasted? Absolutely yes! But again, with the benefit of hindsight, maybe not so much.

Has money been spent in the right area? In the US, yes – to be frank, they needed to spend the money and make changes. In Australia, there is less certainty.

Steve Lawson has over 20 years of experience in aviation security. As a Security Executive with Qantas Airways, Steve held a number of senior management roles covering all aspects of aviation security from policy development to airport operations. He was sent to New York immediately following the 9/11 attacks to manage the Qantas response and undertook a similar role following the 2002 Bali Bombings. On his return to Australia, he was appointed Security Manager Freight for the Qantas Group. Since 2007 he has been a Director of AvSec Consulting in partnership with Bill Dent, a fellow former Qantas Security Exec. Today Avsec Consulting provides consultants from the US, NZ, ME, Israel and Europe. Steve can be contacted on 0404 685 103 or slawson@avsecconsulting.com

SECURITY SOLUTIONS 079

LEGAL

Q&A Anna Richards

It is an unfortunate reality that occasionally, a person or organisation, might not pay, an invoice upon the completion of a job. In such a situation, it is not uncommon or unreasonable for the installer/integrator to wonder what legal avenues might be available to address the outstanding account beyond the usual reminder letters from the accounts department. For example, is it legal for the installer to use an override code to disable the system until such time as the invoice is paid? The short answer to this question is that if the contract between your business (the supplier) and the customer (the purchaser) provides for the supplier to disable the systems until such time as all invoices for the supply and installation of the said systems are paid in full, then, accordingly to contractual principles, you should be able to disable them. However, whether or not such a contract would be enforceable by a Court would depend on a number of pertinent matters, including whether or not both parties were aware of the clause before agreeing to it; that such a clause is sufficiently prominent (in the context of the other terms of the contract) and that the meaning and effect of the term is clear. Otherwise, there is scope for a Court to find that such a term is not enforceable because the customer was not aware of its inclusion in the contract or because its meaning is not clear and the parties may have had different understandings of its meaning at the time of agreeing to the terms of the contract. In the absence of a contractual term permitting the supplier to disable the system (that is, in the contract between the parties), it is likely that the rendering of goods inoperable would be seen as a breach of contract. Usually, ownership of the goods is deemed to occur at the time of delivery, unless the contract between the parties states otherwise.

080 SECURITY SOLUTIONS

Accordingly, it is likely to be an implied term of the contract that the goods (in this case, the system) would be operational upon it being delivered. Further, such a right (to disable a good until payment of the invoice occurs) is unlikely to exist under any form of legislation. So, if your contract does not enable you to disable the security system, in the most extreme instances are you able to take the goods back? This second question raises the issue of “Retention Of Title” clauses in contracts. It also potentially raises a number of other legal rights which arise from different types of liens and pledges but time and space only permits me to address “Retention Of Title”. WHAT IS A RETENTION OF TITLE CLAUSE Retention of title (ROT) clauses can have an enormous impact on a business. They can provide suppliers of goods with significant bargaining power to enforce payment of their invoices. THE APPLICATION OF A ROT CLAUSE IN THE SECURITY INDUSTRY One could easily imagine that ROT clauses could be suitably utilised in many contracts that arise in the security industry. Some obvious examples are in relation to the supply of security related goods such as alarms, CCTV systems, locking devices, equipment and so on. Imagine that your business supplies $20,000 worth of security related equipment to a customer and the customer fails to pay for the equipment. Without a well drafted ROT clause, you may have no leverage or ability to enforce payment of the invoice, other than by suing the customer. Even then, many such customers are businesses which are structured in a way to ensure that they have no assets against which a Court Order (for payment of the invoice) could be enforced.

HOW DOES A ROT CLAUSE GIVE YOU LEVERAGE? The ability for the supplier to repossess goods supplied, when confronted by a customer’s failure to pay the invoice, provides the supplier with plenty of leverage, particularly where the purchaser still needs or wants the goods. In some cases, that is your only point of leverage as the goods supplied may have been tailor made to the purchaser’s requirements and hence you may not be able to resell them to recoup your losses. However, in many cases, your ability to recover possession of the goods and to re-sell them to another purchaser is enough to mitigate the loss, or to at least minimise it. WHAT DOES A ROT CLAUSE EFFECTIVELY DO? A ROT clause basically delays the passing of the ownership of the goods to the time of payment either of those goods or of all goods provided to that customer, depending on the wording of it. This delay means that the supplier remains the owner of the goods despite the purchaser having taken possession and control of them. This means that the supplier then has a right to possession of them if they are not paid for within the contractual terms of trade. IMPORTANT ANCILLARY CLAUSES – DIFFICULTY OBTAINING ACCESS TO GOODS One could easily imagine that a major obstacle of enforcing a ROT clause may be the inability of a supplier to obtain access to the goods in order to repossess them. That is, where a supplier notifies the purchaser of his intention to repossess the goods, it is likely that the purchaser may attempt to block the supplier’s access to the goods to prevent repossession of them. Whilst in the case of retail stores, there is an implied permission to the public at large to enter the store, that permission is implied to be restricted for the purpose of viewing

LEGAL

Q&A the goods on sale and potentially purchasing them. Hence, the entry into such premises to repossess goods (without a contractual term providing that right) is likely to be deemed to be trespass and hence the purchaser would have the right to evict the supplier from the premises. Further, once a dispute arises, it is likely that the purchaser would explicitly “ban” the supplier from entering any of the purchaser’s premises with the result that any unauthorised entry would clearly amount to trespass. This situation can be avoided by what I will describe as “access clauses” being drafted alongside the ROT clause to permit the supplier to enter any premises occupied by or controlled by the purchaser for the purpose of repossessing goods in the event of the invoice for the goods (or all goods supplied, depending on its terms) remaining unpaid in full. Without such an “access clause”, the ROT clause may be rendered “useless, at least without intervention of a Court. IMPORTANT ANCILLARY CLAUSES – DIFFICULTY WHERE GOODS WERE SOLD Another way in which a ROT clause can be circumvented is where the goods are sold and converted into proceeds of sale. For this reason, it is important to have alongside of the ROT clause, a further contractual term permitting the supplier to trace the goods (which have effectively been converted from goods to proceeds of sale) and for the invoices of the supplier and any costs associated with enforcing the clause to be paid from that portion of the proceeds of sale that is attributable to the sale of the goods. PITFALL – NOT BEING ABLE TO IDENTIFY THE GOODS In order for a ROT clause to be effective, it is

necessary for the supplier to be able to clearly identify that the goods he seeks to possess are the goods that were supplied. Obviously, it would be unfair if a supplier could simply possess another supplier’s goods, despite them being essentially identical. For this reason, it is important to employ a system which enables the supplier to match the goods to the invoices, for instance through the use of serial numbers or codes on each of the goods. If you are unable to identify the goods, it is highly likely that a Court would not enforce the ROT clause. SEEKING TO RECOVER ALL MONIES THAT THE PURCHASER OWES Imagine how much more beneficial it would be to a supplier if that business able to rely on a ROT clause to recover all monies that the purchaser owes the supplier and not just those relating to the particular goods. Imagine that ABC Security Supplies made the following goods available to XYZ Security Contractors; • 200 locks relating to Invoice 1 for $20000. • 400 security cameras relating to Invoice 2 for $100,000. • 2 document safes relating to Invoice 3 for $5,000. Further, imagine that all of the goods are delivered to the purchaser but that the purchaser only pays Invoice 2 of $200,000. In such a situation, the best way of having the most bargaining power is to have clauses drafted into the agreement between the parties which enable the supplier to repossess any goods that it has supplied whilst any invoice that it has rendered on the purchaser has not been paid in full. The inclusion of such clauses creates a powerful way of enforcing payment because it enables the supplier to have control over a far

wider range of goods of which the purchaser requires possession for the successful conduct of his business. Without such a clause, the supplier would only be able to repossess the far less costly goods (the locks and safes) and the purchaser would then be at liberty to source those items from an alternative supplier. Therefore, a large amount of bargaining power would be lost. Unfortunately, time and space does not permit me to address the very serious impact that the Personal Property Securities Act (2009) (Cth) has on ROT clauses which are said to give rise to a “security interest” in the supplier. The Act has particular impact on the ranking of competing security interests in personal property (such as goods) and hence has a bearing on which security interest holder is said to have a prior interest which will override that of a later interest of the same callibre. I will attempt to address that topic in the next issue.

Anna Richards is the Legal Director and a lawyer from Victorian Legal Solutions Pty Ltd and practices in the areas of Commercial law including Commercial litigation and other areas. Anna Richards and Victorian Legal Solutions can be contacted on: (03) 9872 4381 or 0419 229 142.

Whilst every effort has been taken to ensure its accuracy, the information contained in this article is intended to be used as a general guide only and should not be interpreted to take as being specific advice, legal or otherwise. The reader should seek professional advice from a suitably qualified practitioner before relying upon any of the information contained herein. This article and the opinions contained in it represent the opinions of the author and do not necessarily represent the views or opinions of Interactive Media Solutions Pty Ltd or any advertiser or other contributor to Security Solutions Magazine.

SECURITY SOLUTIONS 081

082

The Future Of Access Control Systems By Rachell DeLuca In response to constant changes in the security landscape, new and exciting technologies and ideas are being incorporated into electronic access control systems. Systems are moving beyond traditional, restrictive, proprietary system architectures and are embracing open and flexible solutions that integrate more freely with non-traditional access control devices and equipment. The customer and user experience of these systems is changing as more manufacturers embrace new ideas and think outside the box. Combining new communications protocols with existing access control and security principles is paving the way for new innovations and uses for systems. Authentication credentials such as the humble username and password will be left behind as new combinations of credential types and multi-factor authentication requiring combinations of two or sometimes three valid credentials take over as standard. Access control systems too will expand to encompass more than just doors and gates to include network login rights and deeper integration with building management systems. Mobile phones, tablets and wearable technology are capable of replacing access cards as access credentials and have the capacity to store information for multiple buildings and systems, further integrating frictionless and fluid access control into the day-to-day life of a user. Some of the exciting technologies that users can expect to see more of include: Mobile Access Control Communication protocols, such as Bluetooth or near field communication (NFC), allow for electronic access control credentials to be expanded to a new range of devices, including mobile phones or wearable technology items. These items could replace mechanical keys and proximity tags and cards for physical and logical access control, and offer a more secure and more convenient, fast and frictionless method of opening doors, parking gates and accessing secure areas. Utilising a device’s built-in NFC technology, users will be able to present valid credentials to allow them access to facilities, networks,

virtual private networks (VPNs) and both cloud- and web-based applications. In this example, user credentials would be presented by touching or tapping into a radio frequency identification (RFID) reader and access would be granted or denied based upon the rules and assigned access level awarded to the user. The use of Bluetooth technology extends the range of transmission and can be combined with gestures to allow users to open doors and authenticate themselves by rotating their device without needing to physically touch the device to the reader. Advancements in mobile access control will change how access control is integrated into business practice, with the development of solutions that do not require users to carry sometimes numerous dedicated security tokens, but instead have the ability to use their smartphone to access a range of different locations and applications. Considerations should be given though for businesses and facilities using the bring your own device (BYOD) structure to ensure that minimum device technical specifications are met, that rigorous security and vulnerability assessments have been performed, with rules surrounding whether to allow or refuse ‘cracked’ or ‘jailbroken’’ devices, or devices without anti-virus or nominated security software. Consideration too must be given when choosing infrastructure to ensure that it is capable of supporting the many types of devices that are likely to be presented for use with the system.

SECURITY SOLUTIONS 083

Integration of IT and Physical Access Control Credentials Access control to physical and logical environments has historically been managed by mutually exclusive divisions of an organisation, on separate platforms and with separate needs, rules and requirements. As technology is embraced in more areas of daily life, the distinctions between the two disciplines are beginning to blur; in many cases they can be managed together. The capability to provision physical access control credentials and IT identities on a single card, smartphone, or piece of wearable technology is now a reality. That card, phone or even fitness tracker such as a Fitbit can allow users to open doors, enter and exit car parks and login to computers. This creates a seamless user experience and removes the need for users to carry multiple credentials. It also improves the way in which organisations create, use and manage user identities across many different technologies such as smartphones, tablets, wearable technology, tags and access cards. Additional functionality and increased value to organisations exists in the capability to assign numerous access control credentials to a user, including single use tokens, on smart microprocessor smartcards or on smartphones. Organisations will be able to achieve true integration of both IT and physical access control systems through a, single solution. This allows improved efficiency of their access control systems through centralisation of their credential management for both physical and IT identities and resources, resulting in streamlined and more secure processes and user identity management. Innovative Implementations of Multi-Factor Authentication Future access control developments will see further innovation of access control credentials to incorporate multi-factor authentication principles. Security has advanced further than simple passwords and authentication tokens that satisfy the ‘something you know’ and ‘something you have’ aspects of authentication. Increasingly, access is being granted on a combination of these principles, with the inclusion of biometric credentials to satisfy the remaining ‘something you are’ principle. Companies like Apple, for example, have harnessed multi-factor authentication for use

084

with their iPhones and Apple Pay service. Users must physically have the phone to hold against the retailer’s reader and must authenticate biometrically via the fingerprint scanner that is built into the device, hence producing something they both have and are in order to make the transaction. This same method of multi-factor authentication can be applied to access control systems, where instead of allowing a financial transaction to take place, a door is accessed or network access is granted. This is an innovative use of multi-factor authentication because it satisfies nonrepudiation, which is another criterion of security. While typically applied to IT security, it is just as relevant to physical and protective security. Simply put, non-repudiation is the assurance that someone cannot deny something. Until recently, it has been a legitimate defence to claim that a user access card, token, password and so on was stolen or revealed and used by a person other than the nominated, authorised user. Nonrepudiation is able to be achieved through multi-factor authentication that incorporates biometric principles because it binds a user to a credential such as a phone, a key fob with fingerprint sensor, or other authentication item. Without the use of additional systems such as CCTV for verification, it is now possible to ensure that the user presenting the credential is in fact the user that has been assigned that credential, which provides for a more secure system overall. Offline Locks While the use of offline locks is not a new development or trend, they do still have their place in the consumer marketplace when used in the right circumstances and implemented correctly. Until only recently, offline locks were not ideal for large commercial applications as their form factor and overall aesthetic had an industrial feel since they were designed for repeated use in hostile environments. Today, however, offline locks and wireless technology have been adapted into more approachable, aesthetically pleasing designs and form factors, which are ideal for interior use in a wide range of markets. Offline locks are preferred in many applications and by many customers because of their low cost in comparison to online locks, despite not offering the same features. Offline

locks do manage to provide a higher level of security than traditional mechanical locks do, and therefore provide a nice middle ground between basic mechanical lock and key devices and high-end electronic, online locks. The type of offline locks that are available in today’s market do offer an attractive range of benefits, including automatic lock and unlock scheduling, usage data tracking and management, and the capability to update access rights and users. Coupled with a competitive cost, these lower end locks are able to provide an adequate level of security when utilised in the right setting.

Combining new communications protocols with existing access control and security principles is paving the way for new innovations and uses for systems.

While the technology is rapidly changing and advancing, and manufacturers are innovating clever ways of combining ideas together to produce more secure systems that are more accountable and reliable, the principles of access control have remained the same: to allow authorised persons in and to keep unauthorised persons out. As technology expands at a tremendous rate, future access control systems may be unrecognisable to security professionals today, but their purpose and functions will undoubtedly remain the same. Rachell DeLuca is a senior security professional located in Melbourne, Australia. She has over 16 years’ experience in the security industry and has been involved in projects utilising a huge range of analogue, IP and hybrid technologies. For more information, Rachell can be contacted via email at: rachell-deluca@outlook.com

ITâ&#x20AC;&#x2122;S HERE! THE FIRST EVER TRUE NATIVE IP PUBLIC ADDRESS SYSTEM! EXIGO

Does not require any specialised network hardware and can co-exist with other network systems

Supports all infrastructure - Buildings, Industrial, Remote Areas Extremely energy efficient with low power consumption and low heat dissipation Effortless scalability to any sized systems Excellent system management with advanced system maintenance and monitoring

Oceania Inquiries Phone: +61 3 9729 6600

www.stentofon.com.au sales@stentofon.com.au

SECURITY SOLUTIONS 085

SPECIAL FEATURE

Seeking Success In Security: What Is It, What Does It Look Like, How Is It Achieved? 086

By Professor Martin Gill The security world is such a fascinating world to be in. It is much maligned by those who look to high-profile failures and poor past performances and conclude that it characterises private security today. Cynically, it could be argued that all professions emerge from dissatisfaction with poor performers and high-profile failures; it is these sorts of things that lead to development. But actually there is a much more fundamental set of issues to address. This article reflects on some of the key ones. What Success Looks Like Part of the challenge for the security sector is to better define what success looks like. Many researchers over many years have defined security as protecting assets, which is limiting and confusing. Arguably, the two most important assets are people and finance, and each has its own group of professionals (finance and human resource departments) to look after them. What do they need security for? It really forces security to focus on lesser valued assets. If, all those years ago, security had been defined differently, would it have had a different reception? What about defining security as â&#x20AC;&#x2DC;an essential business function, fundamental for enabling all business operations, integral to all people and processes, thereby enabling the organisation to function legally and profitablyâ&#x20AC;&#x2122;? If security defines itself in terms of protecting assets and does a good job, then it could be argued it has been a success and, of course all things being equal, it has. But often the reaction of organisations is that, now there is not a problem, security is not needed, or is needed less! Sometimes that is legitimate, but the point is a broader one; that what success looks like needs to be better defined. Of course, the definition above would locate the success of security much more in successful operations and the overall profitability of the company, although there is another dimension to this. When looking at other areas of business, they have international ways of recognising excellence â&#x20AC;&#x201C; a Pulitzer Prize, a Man Booker Prize, a BAFTA, a Grammy. All these areas of activity have a way in which they recognise the success of their outstanding performers. Australia has been a leading light in the development of what is hoped will become the security equivalent. The Outstanding Security Performance Awards (OSPAs) were launched this year in Norway, Australia and Germany, and more countries are to follow suit (www.theospas.com). The scheme has many unique features, but the main point is to recognise the truly outstanding performers in the security sector (suppliers and clients) worldwide.

SECURITY SOLUTIONS 087

SPECIAL FEATURE One of the findings from research that led to the OSPAs was that people often judge success in very narrow terms. A way of judging that is independent, credible and by experts, has the components necessary to attract positive attention not just within the security sector, but outside too. What was also striking was that when suppliers and representatives of corporate security departments were asked – in two quite separate samples – they were in very strong agreement about the components of success. The flip side is that they also agreed that the components that they considered essential, the sector was often not good at. But, as always, there are some shining examples. So what, according to the security samples (that included input from Australia), are the top tips for success? Tips for Success For security suppliers, there is never a substitute for understanding their customers’ needs. Security suppliers must be able to define what they are, what their aims and objectives are, and what the barriers are to achieving their aims. It is essential to have a well-defined strategy that is aligned with and designed to help clients meet their objectives. To do this effectively requires highly motivated and able staff. This is not just about being well trained; it is about being capable in the areas in which the service is performed and being motivated to excel. There needs to be a culture of innovation, of thinking continually and generating ideas – not necessarily big ones; often small ones can make all the difference. For corporate security departments, understanding the threats is vital – not just what they are and how they can be mitigated, but how they impact on different parts of the organisation and how they can be mitigated in a way that is conducive for business. Strategy is important, but it has to be one that has buyin and guides practice – often they are tools done to tick a box. Challenges and Opportunities Corporate security departments often operate in a context of lack of board understanding of what security can do. Rectifying this remains a challenge for the security sector. A few years ago, Professor Gill interviewed some board directors about whether they

088

saw security as ‘an essential business function, fundamental for enabling all business operations, integral to all people and processes, thereby enabling the organisation to function legally and profitably’. Some did, but they had doubts about whether the security sector could live up to it. For example, none of the directors felt their head of security could be the chief executive because they lacked the business skill sets; there was a perception security was different.

For security suppliers, there is never a substitute for understanding their customers’ needs. So, it is not the role of security perhaps, but the people in it? To some extent, this may be true, but consider the following: 1. Over many years, Professor Gill has asked audiences to vote on what they consider the more important skill set for a head of security – to be good at security or to be good at business? Most like to say both, but when pushed there has been a definite shift to business skills. It comes from the recognition that security is a business enabler and understanding how the business works is a precursor to that and a very necessary one too. 2. What the security department is responsible for is often much less than all security. Sometimes the security department is responsible only for guarding or protecting buildings and, important though they are, this is only part of the role security plays most of the time. 3. The true value security offers a company has been massively underplayed. Security adds value in many ways. It contributes to a happy workforce; it keeps the organisation honest; it facilitates a culture where people are able to do their jobs free from worry or danger (or at least with support). In short, security is a valuable role, albeit that it is only sometimes seen as fulfilling that role. For suppliers, the relationship with the client is fundamental. If a client does not value its

security then it is difficult to be an outstanding performer, which is why buyers are so important to the state of the security sector; what they will pay for and accept is what will be provided. Educating buyers on the value of good over poor, and excellent over good, is a real challenge going forward. This is an exciting time for the security sector, but to realise its potential there needs to be a mind change. That is gradually happening. It is hoped going forward that security personnel will embrace research and new ideas, and seek to be the outstanding performers. They need to be identified because other security professionals need to learn from them; that is what all developed professions do. Take Your Learning to the Next Level Professor Gill’s executive briefings will be held in Melbourne on 21 October and in Sydney on 23 October. The morning session (Discovering the factors to success) is developed to provide senior inhouse security managers and providers of security services with an understanding of what really drives organisational success. This executive briefing will articulate what differentiates good security from excellent security. The afternoon session (Realising the true value of security) is designed to challenge the thinking of security managers and service providers. Professor Gill will argue for a reframing of the case for the value of security; not as a marginal business activity, but one that enables organisations to operate ethically and profitably, and is an essential component of business success. Visit www.asial.com.au/events for more information. Professor Martin Gill is a criminologist and Director of Perpetuity Research. He is also the founder of the Outstanding Security Performance Awards (the OSPAs) and a published author of 14 books. Martin is a Fellow of The Security Institute, a member of the Company of Security Professionals (and a Freeman of the City of London), a member of both the ASIS International Research Council and the Academic and Training Programs Committee and a Trustee of the ASIS Foundation. In 2015, IFSEC placed him in the top 10 most influential fire and security experts in the world.

Do You Know This Person?

This person has made a difference to someone’s life. It may be that he or she, through an act of courage or valour, has stepped in harm’s way so that someone else may be safe. It may be that he or she has put in tireless hours, made great personal sacrifices and dedicated a career to making the security industry a better place. Please, help us find and reward this person. Nominations are now open for the 2016 Australian Security Medals. Whether you are nominating a medal recipient, making a donation to the Foundation or booking seat (or table) at the industry’s premier charitable event, you will be helping to create a more professional security industry of which we can all be proud. For more information about making a nomination or providing sponsorship, please visit the Australian Security Medals Foundation website today!

www.inspiringsecurity.com SECURITY SOLUTIONS 089

EMERGENCY RESPONSE

090 SECURITY SOLUTIONS

New Mobile Surveillance Cameras Ensure Best First Response By Nicholas Dynon, Imran Aziz and Matthew Naylor Surveillance has perhaps been the most significant legacy of 9/11. The continuing threat posed by global terrorism has driven huge amounts of government investment into electronic surveillance, as well as both wide and targeted physical monitoring systems in cities. Digitised mobile camera surveillance, in particular, presents a powerful weapon in counterterrorism and law enforcement, yet this emerging technology remains relatively undiscovered. The UK boasts the world’s most extensive CCTV coverage. It is estimated that most individuals are seen by a camera an average of 340 times per day and, in Central London, an individual will be on camera for about 95 percent of the time. Compared to the UK, CCTV use in other jurisdictions is limited by a range of fiscal, legislative and privacy constraints. Surveillance cameras cannot be everywhere and, despite their ubiquity in modern streetscapes, they lack the type of panoptic capability decried by civil libertarians and idealised by Hollywood films such as Enemy of the State. According to the Queen’s University Surveillance Studies Centre, the likely consequence of camera surveillance is that “crime and undesirable conduct are displaced into neighbouring areas once cameras are installed in a target location”. The centre cited a San Francisco study, which found violent crime decreased within 250 metres of ‘open-street’ surveillance cameras, but increased beyond 250 metres. Crime, like water, finds the gaps and exploits them. Filling those gaps is critical, and the introduction and use of new mobile camera technology has been heralded as the solution. Mobile and Body Worn Cameras Mobile and body worn cameras have

traditionally been used for the same purposes as static CCTV: deterrence and evidence. But it has been issues around use of force, such as the 2014 shooting of Michael Brown in the St. Louis suburb of Ferguson, and the need to protect both police and civilians that have intensified calls for police to be wearing body worn vest (BWV) technology. It has been recognised that the behaviour of both parties changes when a BWV system is involved. The first empirical study on the use of body worn cameras by police was released last December by researchers at Cambridge University’s Institute of Criminology. The results from this 12-month study of California’s Rialto Police Department indicated a 59 percent drop in use of force by officers wearing BWV and an 87 percent drop in complaints against officers. These findings are consistent with those of similar studies. If police and security personnel were not recording their actions in responding to an incident, then an onlooker with a smartphone/device would undoubtedly be recording their actions. According to the US Office of Community Oriented Policing Services, “given that police now operate in a world in which anyone with a phone camera can record video footage of a police encounter, body worn cameras help police departments ensure events are also captured from an officer’s perspective.” Echoing international trends, all Australian state jurisdictions have now run trials of body worn cameras, but the approach has been one of caution. “Whether we decide to roll [body worn cameras] out more widely across the organisation is not a decision we are going to rush,” commented Inspector Ian Geddes of Victoria Police via an email interview. “Further work is needed to help us to consider the next steps,” he stated, “including considering the outcomes of other body worn camera trials happening across Australia and the world, as well as the ongoing considerations around evolving technology and data storage needs.”

SECURITY SOLUTIONS 091

EMERGENCY RESPONSE

Indeed, it is the evolving technology that is making law enforcement and security procurement of body worn cameras increasingly complex. While many organisations have trialled and implemented solutions based on transparency, evidentiary and behavioural benefits, emerging second-generation technologies are enabling cameras to do much, much more. The major consideration is now around whether to invest in cameras that can also provide live video feeds, immediate remote response and intelligent analytics aimed at early warning and intervention.

Digital, or secondgeneration technology, incorporating video analytics can turn existing technology into a proactive system. Gaps in First Response Traditional static CCTV and remote monitoring systems have been limited in providing first responders with real-time information when responding to suspicious events and/or intercepting crime in progress. The majority of video surveillance systems are reactive in nature, in that they record the pictures delivered by video cameras on streets, which are later analysed for evidence or explaining crimes and other incidents. CCTV was very effective, for example, in the hunt for Boston Marathon bombing suspects, but was of no value in preventing the incident. Even when remote monitoring systems send alarms in real time to security monitoring centres, they are often poor in quality and require the attendance of a security response vehicle to investigate. According to Luke Percy-Dove of Matryx Consulting, “A very high percentage (95 percent) of all alarm traffic is associated with false alarms, meaning most alarm attendances are a waste of time too.” Typically, police will not attend an alarm event unless it can be validated or the premises carries a high level of priority. “And remember, if 95 percent of all alarm events are false, why would they?” Digital, or second-generation technology, incorporating video analytics can turn existing technology into a proactive system. This allows

092 SECURITY SOLUTIONS

alarm-receiving centres to make decisions with real-time information, in many cases removing the need for security officer call-out. This results in a significant reduction in costs and false alarms, leading to improved security and proactive responses to situations as they occur. Once a first responder is deployed to an incident site, however, they still depend on radios to relay information back to central monitoring stations. In most jurisdictions this includes police, who are unlikely to have anything other than radio with which to communicate while on foot. According to Percy-Dove, this means that whoever is in charge of coordinating the response needs to rely on words to understand the situation on the ground. “In this day and age and with the technology available, it is crazy it still happens this way but people do not know better and what is possible,” he stated. Some first responders have the option of sending images from a car or transmission hub to the control, but this is limited by the necessity of being in close proximity to the hub. “As we all know, when a police officer is dealing with a situation they are not necessarily near or anywhere close to a car or hub,” comments Imran Aziz of safety and security solutions provider Xtralis. “Also, these units will not be able to provide users with GPS information for use with mapping software.” Additionally, Percy-Dove notes, “Some vehicles are now fitted with video capability, but as far as I know these are recorded only in the vehicle and are not yet broadcast back to the station.” In the case of the Victoria Police, Superintendent Geddes concedes that not all police vehicles are mobile data network enabled. First Responder Solutions BWV technology incorporating live-streaming CCTV can provide the potential answer to the real-time intelligence deficit of radio-only communications from the first responder to base. “I think it adds real value because at street level you get to a whole different perspective of what has happened,” states Percy-Dove. “… the key is always to get the best possible information you can.” But it only works if it is plugged into a system that can transmit audio and video in real time to command and control structures so that the intelligence can be analysed and operational decisions made.

Entering the marketplace are a number of innovative solutions for early and reliable detection, and remote visual monitoring for immediate and effective response. The City of London Police (CoLP), for example, has recently commenced a trial of a solution that provides live transmissions from police vehicles and BWV to better assess situations and more efficiently deploy appropriate assistance. The body worn solution used in the trial has the capability to use multiple types of cameras with the same unit. The recording unit is remote from the camera, so if the camera is pulled off the vest by a member of the public, the recording remains safe on the vest, thus protecting the evidence. It also possesses a live streaming capability and GPS tracking. Solutions like the Xtralis WCCTV Nano technology allow first responders to live stream wirelessly via 3G/4G, LTE and CDMA, as well as satellite, Wi-Fi and broadband networks. Its software allows multiple vests to be monitored at any given time, giving the commanding officers complete situational awareness. In Australia, local councils, water authorities and electricity authorities are looking towards mobile video-streaming technology to protect assets and people in areas where there is no traditional network infrastructure available. Rob Galic, Sales Director at Xtralis, says, “Local councils are using the technology for health and safety to protect rangers who are driving in remote areas, and for protection of parking officers.” According to Galic, it is also being used by tow truck companies whose drivers are often the target of aggression by vehicle owners when their cars are being towed from illegally parked areas. “If the tow truck driver is feeling threatened or is concerned that their truck is at risk, they can hit a panic button that will alert a control centre and stream live video while recording the incident.” Solutions such as these are presenting law enforcement, public transport and security procurement departments with the choice between a deterrence and evidentiary tool on the one hand versus all that and a whole lot more on the other. In essence, it is a choice between a tool that can record a criminal act and a tool that can proactively prevent one. Given the increasing political, social, financial and human cost of crime and the continuing spectre of terrorism, the latter option is difficult to ignore.

WEâ&#x20AC;&#x2122;RE VIDEO HEADS

In a digital and fast paced world, video is an ever advancing asset to your arsenal. Whether youâ&#x20AC;&#x2122;re in need of a promotional, corporate or explainer video, a motion graphic or animation, IMS has you covered. Show the world what you can do, harness the power of video today.

www.interactivemediasolutions.com.au

Interactive Media 093 SECURITY SOLUTIONS Solutions

HOMELAND SECURITY

094 SECURITY SOLUTIONS

Blast Modelling

Getting More Bang For Your Buck By Don Williams Security managers, and others, ask the quite legitimate question, “What would a bomb do to my building?” The answer can be provided by blast modelling. The problem is that explosive effects are particularly complex, being a combination of gas and hydro dynamics that create thermal increases, pressures, impulses and physical responses well outside the scope of normal structural engineering. This brief article provides guidance for those seeking blast modelling on what to ask for, how to discuss the requirement with the modeller and how to ensure the response is useful. When an explosion occurs, the material, usually a solid, is converted into a gas at speeds measured in thousands of metres a second. As gas takes up more volume than a solid, the gas expands, compressing the air around into a hardened wall of air travelling away from the seat of the explosion at roughly the speed of sound. The initial pressure that hits a surface is referred to as the ‘peak incident pressure’ and, if the surface does not collapse immediately, the pressure will continue to build until either the surface fails or the pressure is reflected at the ‘peak reflected pressure’. As the reflected pressure is applied over time, the effect against the building is actually an impulse which is described in terms of megapascals of pressure applied in milliseconds. Depending on the amount and type of explosive and the distance involved, very few materials can withstand this type of assault, which is why explosives are common tools in the mining, agriculture, construction, demolition and military sectors.

In simplified terms, the three primary products of an explosion are: blast, which is the expanding wall of air; fragmentation, which is dependent on the casing of the improvised explosive device (IED) and the objects nearby; and heat, which near the centre of the explosion can be thousands of degrees. Blast is well researched and the existing models can provide good approximations of expected pressure and impulse effects. Fragmentation is difficult to model as there are many variables, particularly in relation to an IED, and the thermal effects are often omitted as being less relevant than the pressure effects. There are a number of reputable providers of blast modelling and there are others that may be able to operate the software but do not fully comprehend the intricacies of blast. Blast modelling services range from simple assessments of explosive effects to complex computational fluid dynamic (CFD) analysis of specific structural elements. The issue is determining what level of information is needed and framing the request for modelling to match. In some cases, modelling is not worthwhile. For example, “What will happen if a 500kg charge explodes 5m from my building?” (an actual question posed) does not need modelling. The building will suffer catastrophic damage and people will die. It may be of interest to know at what point progressive collapse of the building may cease. The building will be so badly damaged that it will be uninhabitable, as well as it being a complex crime scene. The response now rests with business continuity, staff support, media management and legal aspects of the business.

SECURITY SOLUTIONS 095

HOMELAND SECURITY

Blast modelling relies on three main inputs: the size of the donor charge (the IED), the type of explosive used and the distance to the target. The structure can then be compared to the calculated blast effects and the responses predicted. Using CFD modelling, how steel beams will bend like plastic under the stresses from an explosion and how a shard of glass can travel hundreds of metres and penetrate a brick wall can be clearly demonstrated. In most cases, the client only wishes to know if the wall or fixtures will fail. The exact manner in which the beam will deform may be of academic rather than practical interest. It must be noted that all assumptions related to the use of IEDs are inaccurate as they are, by definition, ‘improvised’. It is not possible to predict what explosive or what quantity will be used, how it will be primed or detonated, how it will be encased, or when and where it will be detonated. Intelligence information and consideration of potential motives and attack vectors can assist in determining what is probable. The design of the site, aligned with appropriate policies and procedures, can limit, within certain parameters, where an IED can be placed. A change of even a few metres will have a significant impact on the pressures felt by the receiving surfaces. As a result, any modelling related to IEDs can, at best, only be indicative. The first input, the size of the donor charge (IED), can be realistically scoped by visualising that a 5kg weight can be held with an outstretched arm, 10kg can be carried by the side of the body, 20kg is a heavy two-arm carry and anything above that will be transported on wheels. A review of open source media reports on bombing incidents around the world over 15 years suggests that most IEDs are less than 5kg, most vehicle-borne IEDs are less than 30kg, a few in the hundreds of kilograms and very few in the tonnes. Consideration can be given to what size device can be brought into which areas of the site. How close to the building can a vehicle approach? Can anyone enter the public area carrying or wheeling any size item? Are there controls over what can be brought into access controlled areas? The size of the donor charge(s) should be based on what is probable given the existing operating and security environments. The often quoted charge weights of 23, 225 and 500kg are at the higher end of what experience would indicate is probable and their use may provide unwarranted results.

096 SECURITY SOLUTIONS

Related to the size of the charge is the type of explosive. Most modellers use trinitrotoluene (TNT) as it is the standard against which other explosives are measured. Unfortunately, TNT does not reflect the reality of IED construction. TNT is difficult to obtain as it is rarely used in the commercial and military sectors other than as a component of other explosives. Consideration of the size of the expected IED would assist in selecting an appropriate explosive to model; for example, pentaerythritol tetranitrate (PETN) based explosives for small devices and ammonium nitrate, fuel oil (ANFO) or other nitrate-based explosives for larger IEDs. Models using PETN or ANFO will provide different, and probably more realistic, results than those using TNT. When discussing the modelling with the provider it is worth defining what assumptions, in addition to those about the IED, will be used. Will fragmentation and thermal effects be excluded? Other aspects which may be ‘assumed out’ include detailed facade fixtures, door recesses, windows, overhangs and vents to the basements, surrounding terrain features, voids under the roads and so on; all of which may be quite legitimate exclusions, as long as the client is aware. It is also important to know if the modeller is calculating only the peak incident pressure, which the structure may withstand, or the larger peak reflected pressure and related impulse. In many instances it is not possible to prevent an IED from being introduced to the site, although it may be possible to limit the size. The value of blast modelling may be to identify where the critical services are vulnerable and to make the building and the tenants’ businesses survivable. If recommendations are sought as part of the modelling, be aware that most modellers

are engineering companies or engineering departments within universities and, therefore, the answers may be structural – more concrete, larger barriers, stronger fittings – all of which may be relevant to the problem. The client may wish to consider procedural solutions such as access controls, or environmental factors such as creating distance through landscaping. Recommendations should consider the operating environment and image of the site. A friendly, open, familyorientated environment with a 5 star green rating may not be best served by the addition of large expanses of concrete. Suggested discussion points in relation to blast modelling include: • the size of the donor charge (IED) and why this is appropriate to the particular location • where the IED will be located and how this matches the operating environment and controls at the site • which explosive will be used in the models and why • the assumptions that will be made in the model • what level of information is needed as a result of the modelling; enough to know that the wall or column will collapse or detailed analysis of how specific elements will fail • whether peak reflected pressures will be provided as well as peak incident pressures and if the impulse loadings are needed • if recommendations are sought, will they consider the operating environment and image of the site as well as physical treatments. Modelling of blast effects is a very useful tool in helping to understand a complex problem, but it is of real value only if the client and the provider both understand the questions and the limitations. Don Williams CPP RSecP is a member of the Institute of Explosives Engineers, the International Association of Bomb Technicians and Investigators, the International Association of Protective Structures and ASIS International. He is a frequent contributor on security and safety related issues and has a particular specialty in bomb safety and security. Don can be contacted at donwilliams@dswconsulting.com.au

A R T EX A R T EX

eNews

! t i t u o b a l Read al

your email address here

Security Solutions Magazine eNewsletter Sign up to our eNewsletter and receive up-to-date valuable information regarding all things Security.

www.SecuritySolutionsMagazine.com

FEATURE ARTICLE

Photo: Neale Cousland / Shutterstock.com

098 SECURITY SOLUTIONS

The SIG2015 Conference in Review

SECURITY SOLUTIONS 099

FEATURE ARTICLE

Another very successful Security in Government (SIG) conference was recently hosted by the Australian Attorney-General’s Department in Canberra. Now in its 27th year, the conference provides an excellent educational and networking opportunity for protective security professionals. This year’s theme was Risk management – getting it right! Conference speakers highlighted various aspects of effective risk management, including understanding the vulnerabilities that underpin each of the critical points in the business model and what is essential to the running of the organisation. Speakers included the Hon Dr Brendan Nelson, Director of the Australian War Memorial and former Federal Opposition Leader, Duncan Lewis AO, Director-General of Security, Australian Security Intelligence Organisation (ASIO), Chris Moraitis PSM, Secretary of the Australian Attorney-General’s Department, Dr Carl Gibson from La Trobe University and Andrew Annakin from the New Zealand Intelligence Community. Delegates at the SIG 2015 conference dinner were treated to an unforgettable and national patriotism building address by Dr Nelson. Dr Nelson’s address included entertaining anecdotes from his past experiences as a federal education minister. But the heart of his speech was a moving, personal perspective on the purpose and mission of the Australian War Memorial. He sees the Memorial as more than a commemoration of the sacrifice of those Australians who have died in war. He believes it is a celebration of who we are and how that sacrifice shapes our future. Mr Lewis provided delegates with an update on the current security and intelligence operating environment focusing on ASIO’s three key priorities, terrorism, espionage and foreign interference; and cyber security. He spoke about key global challenges, including political instability, incidents of state sponsored killings, high numbers of refugees and internally displaced persons, and the significant increase in terrorist attacks over the past year. Mr Lewis also referenced remarks made recently by the US Director National Intelligence, General James Clapper, that ‘unpredictable instability is the new norm’.

100 SECURITY SOLUTIONS

Mr Moraitis spoke on managing personnel security risk. He explained that a robust riskmanagement approach to personnel security requires an understanding of the risks and the ways to manage them at the individual, organisational and whole-of-government level. He also stressed the importance of embedding a ‘culture of security’ within organisations. Dr Gibson provided an insight into understanding the risk environment and focused on the consequence and the probability of day to day events, as well as oneoff events that often influence our approach to managing risk. Mr Annakin spoke about the introduction of New Zealand’s new Protective Security Requirements (PSR). The PSR framework provides clear guidance and support for New Zealand’s public service departments and the New Zealand Defence Force, New Zealand Police, New Zealand Security Intelligence Service and Parliamentary Counsel Office to achieve improved security standards in protecting its people, information and assets. Attached to the SIG 2015 conference was an extensive trade exhibition with over 70 organisations showcasing the newest cutting edge technologies, innovative protective security products and educational solutions available on the market. A range of industry sponsored workshops were offered to delegates with topics ranging from major incident capability assurance to how the public and private sector collaborate on cyber security. Also featured at the conference was Cyber Scurry 2015, a competition testing and validating cyber security professionals’ capabilities, in both offensive and defensive cyber security techniques. For further information on the Security in Government conference visit www.ag.gov.au/sig or contact SIG2015@ag.gov.au.

SECURITY SOLUTIONS 101

FEATURE ARTICLE

102 SECURITY SOLUTIONS

Keys To Creating A Cyber-Resilient Enterprise

By Ron Hale

Today’s cyber attacks on enterprises are persistent and advanced – no enterprise is 100 percent secure. A simple approach of prevention and detection is no longer sufficient. Cyber incidents are increasing year after year and it has never been more important for businesses to become cyber resilient; anticipating, withstanding and recovering from attacks. While implementing risk management programs is a management responsibility, board members and audit and risk committees of the board all need to take oversight responsibility to ensure that plans are complete and their implementation appropriately protects the organisation. While cyber attackers continue to employ technical and social mechanisms, today’s attackers are more persistent and attack techniques are more advanced. Attackers are focused on circumventing controls and finding the weakness that enables them to steal trade secrets and personally identifiable information (PII), commit fraud or capture precious resources. Information technology is an essential part of how business is conducted and cyber protection is no longer a technical issue; it is a business issue requiring board attention. In the digital economy, successful enterprises anticipate threatening events and still continue essential activities, despite adverse conditions. Even more importantly, successful enterprises have the ability to evolve so that the impact of potential and actual incidents is minimised. This is the foundation of the cyber-resilient enterprise. Because of the rapidly changing integration of digital solutions into emerging and traditional business functions, the board needs to be confident that it has the necessary information to evaluate, direct and monitor management’s programs and practices. Here are some questions for the board to ask in order to gain this assurance: • Is the board equipped with the right competencies to understand cyber-related risk and determine if management is taking appropriate action?

• Does the enterprise have the ability to detect changing threat conditions and understand the potential enterprise risk associated with these changes? • Is the board sufficiently informed about changes to the organisation’s use of technology and associated operational risk to exercise its responsibility? Cyber Resiliency Information and communications technologies are a crucial part of how enterprises operate. As a result, cyber-related activities are an integral part of the business, making resiliency essential. Cyber resilience is the ability of an enterprise to anticipate, withstand, recover and evolve to improve capabilities in the face of adverse conditions, stresses or attacks on the supporting resources it needs to function (Ponemon Institute, 2014). To be resilient, a holistic approach to understanding and prioritising business risk and implementing risk management activities needs to be integrated into day-to-day operations across all business functions. A resilient enterprise knows which information and communications systems are mission-critical, and has already taken the steps to prevent disruption. It also recognises that total protection is impossible. A recent survey from ISACA’s Cybersecurity Nexus (CSX) reveals that 83 percent of global respondents say cyber attacks are among the top three threats to organisations today, whilst only 38 percent say they are prepared to experience one. Knowing that cyber incidents still occur even in well-defended enterprises, boards of resilient enterprises ensure that policies and practices are implemented to reduce damage in the event of an incident, effectively manage the incident and learn from it. Given the nature of digital business and the value driven by the use of technology to meet stakeholder needs, the board needs to be assured that management’s plans not only address defence, but also ensure that the enterprise is resilient. The following questions

may be appropriate for the board to ask: • Is sufficient attention given to the ability to defend against intrusions as well as the ability to recover and restore essential functions and services? • Is the board routinely informed about the potential material operational risk and risk mitigation strategies, as well as incidents that could impact the brand? • To what extent have essential services and functions been identified and programs implemented to provide for their resilience in the event of a disruption or cyber incident? Defining Cyber Resiliency Priorities A cyber-resilient enterprise connects cybersecurity priorities with the core mission and goals of the enterprise. As cyber incidents threaten both the assets and the essential activities of the enterprise, the objective of cyber resilience is to ensure that critical processes continue to be available at an acceptable level even during a threatening incident. To accomplish that objective, it is essential for the enterprise to understand and prioritise stakeholder needs, identify the core business processes that are essential to meeting the mission and goals of the enterprise, and understand the potential impact a cyber event will have on critical business enablers. Enterprises exist to create value for stakeholders, including owners, shareholders, employees, business partners, and the customers and clients that the enterprise serves. Value creation is a governance objective, as it is core to the purpose of the enterprise. Anything that threatens the ability of the enterprise to create value must be a priority for the board. The failure to connect cyber risk to business processes and plans may produce several negative outcomes relative to critical value-producing activities and programs – they may be disrupted, they may no longer be able to maintain an acceptable level of performance, or they may not be recoverable within the needed timeframe. An effective IT governance framework can help mitigate some of the risk. By assessing

SECURITY SOLUTIONS 103

FEATURE ARTICLE

the enterprise’s IT governance maturity level, senior management – with support and direction from the board – can begin to modify and/or implement practices, policies and procedures that will assist the enterprise with IT governance optimisation. Risk optimisation requires the board to understand management’s plans and activities to balance risk acceptance and avoidance within the context of enterprise goals, strategies and objectives. Risk scenarios are often used as an aid to ensure that risk is identified and the balance between acceptance and avoidance is maintained. Risk scenarios use business terms to describe the effect a risk can have on the achievement of an enterprise’s objectives, based on an understanding of the origin, nature, characteristics, resources impacted and time duration of a risk incident (Bodeau & Graubart, 2011). Figure 1 contains a generic description of the contents that should be included in a risk scenario. Event

• Disclosure • Interruption • Modification • Theft • Destruction • Ineffective design • Ineffective execution • Rules and regulations • Inappropriate use

Threat Type

• Malicious • Accidental • Error • Failure • Nature • External requirement

Asset/Resource

• People and skills • Organisational structures • Process • Infrastructure (facilities) • IT infrastructure • Information • Applications

Risk Scenario

Actor

• Internal (staff, contractor) • External (competitor, outsider, business partner, regulator, market)

Time

• Duration • Timing occurrence (critical or non-critical) • Detection • Time lag

Figure 1: Risk Scenario (ISACA, 2013)

104 SECURITY SOLUTIONS

Protection and the Cyber-Resilient Enterprise An important element of achieving cyber resilience is the ability to implement protective measures that are consistent with the risk/ reward balance approved by the board. Board members need to be informed of business activities and cyber risk so they can exercise their responsibility to evaluate and direct management, which in turn guides and implements cyber protection programs. As the threat landscape changes, risk scenarios need to be continually revisited and security practices modified to address new priorities. Given the complexity of cyber protection and the need to respond to the application of new and emerging technologies to business issues, it is important for the enterprise to employ a structured approach to cybersecurity program design and management. In July 2015, The US National Institute of Standards and Technology (NIST) released an update to Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework). The framework draws upon wellestablished guidance, including COBIT 5 for Information Security, to provide small to large enterprises with common principles and best practices that are internationally recognised to improve protection and resilience in the face of continued risk. The benefit in using COBIT for Information Security or the NIST Cybersecurity Framework is that they ground the enterprise in international best practices and standards, and provide a defensible position that demonstrates that a complete and holistic approach has been implemented. Sustainability and the Cyber-Resilient Enterprise The ability to protect the enterprise from intrusion is only part of what is required to ensure stakeholder needs continue to be met. Integral to an enterprise’s continued success is providing for the continuity and recoverability of essential services and processes, in spite of threats. Prudent enterprises prepare to avoid incidents, but they also implement disaster recovery and business continuity plans. Their need is twofold: 1. Respond when an incident is detected. 2. Have an integrated capability that connects protection with detection, response, recovery and, more importantly, the continuance of core services and functions.

Nearly all enterprises are likely to experience an incident from significant to benign at some time. An enterprise can be specifically targeted or can be victimised through a number of means, including a cyber attack on new-found vulnerabilities or human error. The multiple paths available to attackers make it impossible to guarantee protection. Protection must be balanced with continuous monitoring of the entire digital environment. It is not uncommon for attacks to go undetected for months. Such a delay in detection and response is difficult to explain to shareholders, partners and customers. How could a compromise of such significant magnitude not have been detected much earlier? According to a recent Ponemon Institute study, it took enterprises 170 days, on average, to detect an attack by malicious outsiders and 259 days when insiders were involved in the attack (Ponemon Institute, 2014). Cyber Incident Management Stakeholders are likely to consider the enterprise’s behaviour during a cyber crisis as indicative of the quality of its leaders and its values. A cyber incident’s long-lasting impact may have more to do with how well the incident appeared to have been managed than with the number of records compromised or value lost. Communication is potentially even more important than other elements of incident management and recovery. Cyber incident management requires board participation across the enterprise, incorporating technology and policy enterprise. Transparency with internal and external audiences is key, as almost any attempt to conceal the truth is certain to be interpreted negatively. As intrusions are often experienced even after the supposed return-to-normal point, it is important that the cyber-resilience program covers the need for caution in declaring the end of the incident. Ron Hale, Ph.D, CISM, is the Chief Knowledge Officer at ISACA, a global association of more than 140,000 cybersecurity, governance, assurance and risk professionals. ISACA recently established Cybersecurity Nexus (CSX) to help companies develop their cybersecurity workforces and help individuals advance their cybersecurity careers. For a full list of references, email: info@interactivemediasolutions.com.au

SECURITY SOLUTIONS 105

SUBSCRIBE Security Solutions Magazine, Level 1, 34 Joseph St, Blackburn, Victoria 3130 | Tel: 1300 300 552

I wish to subscribe for:

oONLY $62 per annum!

Name: ............................................................................Company: ....................................................................................... Position: .........................................................................Address: ......................................................................................... Suburb:...........................................................................State: ................................. Postcode:............................................. Tel:..................................................................................Email: ................................................................. ........................... TERMS AND CONDITIONS For more information on subscriptions, or to contact Interactive Media Solutions, please phone 1300 300 552 or email to admin@interactivemediasolutions.com.au. Deductions will be made from your nominated credit card every year in advance of delivery. The direct debit request and subscription price may be changed by Interactive Media Solutions from time to time, however you will always be given at least 28 days notice. The authority to debit your account every year remains valid until you notify Interactive Media Solutions to cancel your subscription by contacting Interactive Media Solutions Customer Service. No refund is given after a payment is made. In the event of a cancellation of your subscription, the subscription will simply expire twelve months from when the last subscription payment was made. Information on how we handle your personal information is explained in our Privacy Policy Statement.

Credit Card oBankcard

oVisa

oMastercard

oAmex

oDiners

Card Number: ........................................................................................................................................................................ Exp: _ _ / _ _ Card Name: .................................................................................................................................................................................................................... Signature: ....................................................................................................................................................................................................................... When payment has been received and funds cleared, this document serves as a Tax Invoice. Interactive Media Solutions ABN 56 606 919 463. If this document is to be used for tax purposes, please retain a copy for your records.

Subscribe to Security Solutions Magazine for

ONLY $62 per annum!

Simply fill in the form or call 1300 300 552

106 SECURITY SOLUTIONS

SECURITY STUFF C O N T E N T S

108

108 Spotlights

116

116 Profiless

118

118 Product Showcases

120

108 110 112 114

116

BQT ICU SAAB Boon Edam

Altronix

118 118 119

AIRKEY Cybersecurity and CyberWar Magicard Rio Pro

119

Security Metrics: A Beginnerâ&#x20AC;&#x2122;s Guide

120 Shop Talk Takex Quad Beam Teleste S-VMX

SECURITY SOLUTIONS 107

SPOTLIGHT

Reader and Card Security Considerations It should come as no surprise that not all access control systems are created equal. An Access Control System is made up of many elements, beginning with a panel which incorporates a feature set designed to facilitate proper verification and enrolment procedures. The panel should also enable continued credential maintenance procedures for the maintenance of both the approved credential lists and unauthorised credential lists. Perhaps the most important component of any access control system is the selection of smart reader and card technology. With so many different types of smart readers and card technologies available, it is often difficult to know what to choose. Which combination smart reader and card technology will minimise the chances of someone successfully presenting false credentials with a view to gaining access, or the ability to compromise communications within the system through hacking and cloning of authorised credentials and reader data? Choosing the right technology, one which has a level of security commensurate with your level of security risk, is vitally important. Proper risk analysis is the key to ensuring that the right Smart Reader choice is made. For example, some Smart Reader products, such as 125Khz prox or CSN/UID readers, offer no protection against hacking and cloning cards. Others readers are based on technology platforms that have, at some point, been compromised. However, the level of sophistication required to compromise the technology is sufficiently high enough that it does represent a threat to medium level security applications. Alternatively, new counter measures many have

108 SECURITY SOLUTIONS

been incorporated into the existing platform to insure that it once again provides sufficient protection for medium security applications. Then there are the high security smart reader and card systems which are designed using technology platforms that support higher encryption standards which are considered safe for protecting sensitive and classified data. As is the case with any security design, a balance must be struck between ease of maintenance and use and the degree of security provided based on the perceived level of risk. In the case of access control systems, the decision to implement a more user friendly, easier to maintain system often comes at a cost to the integrity of the system’s security, especially where reader technology is an ‘offthe-shelf’ solution chosen primarily because of factors such as how easily components can be purchased, maintained, replaced. The cheaper and more readily available the components of a system are, the lower the level of security they are likely to provide. Furthermore, it is often the case that ‘off-the-shelf’ access control systems are much easier to administer because such systems offer little or no encryption, hence minimal security. BQT Solutions are uniquely different in that their miPASS card and reader systems offer economical “off the shelf” convenience with the right level of encryption and security for both medium and high risk security applications. They can also provide tailored Smart Reader and Card systems with custom “secret” keysets and/or encoders and configuration software for larger organisations or classified installations.

Encryption Card Readers communicate between the access Credential and the Reader through radio frequency and also to the Access Control Panel via a protocol such as Wiegand. For a security risk analysis to be considered complete, an examination of both of these methods of communication is required in order to assess the how easily data in the system could be compromised. This risk assessment then determines the appropriate technology platform and encryption standard. BQT Solutions advise that medium security products such as their miPASS 2 secure card and reader system, which include modern MIFARE® Crypto1® encryption, may be implemented at a similar budget to non-encrypted technology such as such as 125Khz prox or CSN/UID readers, eliminating the need to expose an organisation to the kinds of hacking and cloning security risk associated with cheaper systems. The standard of card and smart reader encryption for high security applications requires a higher level of encryption such as Triple DES (3DES) and AES which have been approved by organisations such as the US Department of Commerce, National Institute of Standards and Technology (NIST) for the protection of sensitive and confidential data. BQT Solutions miPASS 3 secure card and reader system provides a suitable “off the shelf” solution which implements Triple DES (3DES) encryption between the card and the reader to protect against hacking and cloning of these communications. BQT Solutions also offer a smart reader range that has custom keys and output formats, as

Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.

BQT Solutions

well as a choice of platform, encryption standard (as available for the platform) and output protocol. These readers offer MIFARE® Classic with Crypto1® encryption, MIFARE® DESFire® EV1 with DES, 3DES or AES encryption and/ or MIFARE Plus® with AES encryption. Output protocols offered as standard include Wiegand and both plain and AES encrypted RS485 with plain or encrypted OSDP as a further option.

Smart Reader Output (Communication With The Access Control Panel) Most access control panels on the market today communicate data from the smart reader as Wiegand protocol. This communication is unencrypted, plain text and may be hacked and replicated to allow unauthorised access. Many models in the range of BQT Solutions readers include the option of RS485 protocol communications encrypted with AES. Data from the reader is then sent to a High Security Module (HSM) installed next to the Access Control Panel in a secure area and decrypted back to Wiegand data for use in the Access Control Panel.

Diversified keys and Random UID enhance a Smart Reader and Card System’s security and integrity, making hacking and cloning of systems more difficult. Many BQT Solutions products include Diversified Keys and Random UID techniques within feature sets, providing additional peace of mind.

not the back-end, which grants access based on a string of data that it receives, but on the authentication and verification of the individual seeking access. Essentially, this means that the security risk is mitigated at the Smart Reader. As there are cost implications to each additional factor of authentication, most organisations determine the authentication and verification processes based on the constraints of time and of money and take a zonal approach to increasing factor authentication as the security risk or value of property being protected increases. The Multifactor approach to security is strongest at three factor authentication and verification providing three key ingredients:What you ARE - (Biometric Information e.g. a fingerprint) What you HAVE - (A credential such as a Smart Card) What you KNOW - (A PIN, kept secret)

Other Authentication

Backend Security Procedures and Controls

It has often been noted among security experts that the strength of an access control system is

An Access Control System is only as strong as its weakest component or procedure. Just

Other Security Features

as important as the technology selection are the procedures that are implemented around enrolment, and suspension of system users and custody of credentials. System lists of authorised and unauthorized issued credentials should be strictly maintained on an on-going basis, strong policies should be adopted with regard to lost/ stolen cards and practices such as tailgating and card sharing should be prohibited.

BQT Solutions BQT Solutions has a range of smart reader products that cover all applications and risk levels from low to high and critical risk applications and multiple factor authentication readers are available. Their technology is installed at over 3,500 sites globally and is trusted for some of the most high risk security applications in the world. They offer both “off the shelf” secure smart reader and card systems and tailored solutions which can be specified for any security application. For more information visit www.bqtsolutions.com or call +61 (0)2 8817 2800

SECURITY SOLUTIONS 109

SPOTLIGHT

ICU Solar Cam

“We deal with the complexities, so you can enjoy the simplicity”

The cost of theft and vandalism across the building, transport industries can be astronomical. According to a 2009 report released by the Australian Institute of Criminology, of the 7,014 builders interviewed as part of the report: • Thirty-nine percent of residential builders were affected by theft or vandalism. • Nineteen percent had experienced theft alone, seven percent had experienced vandalism alone, and 13 percent experienced both theft and vandalism. • Sixty-five percent of theft victims and 66 percent of vandalism victims had experienced more than once incident. • Residential builders who had experienced theft or vandalism in 2002 had suffered, on average, two incidents in the year. • The risk of theft and vandalism generally rose with increasing numbers of staff and the amount of annual turnover. • The risk of theft and vandalism also rose when the building site was in or close to an urban area. • Twenty-four percent of victims of theft and 17 percent of victims of vandalism indicated that they had borne indirect financial costs resulting from these crimes, such as the building project being delayed. • The mean amount of indirect losses incurred in the most recent incident of theft was $1,873, and $8,568 for vandalism, while the median amounts were $500 and $400 respectively.

110 SECURITY SOLUTIONS

• Theft was more likely to take place in the evening/night on weekdays, while vandalism was likely to take place more frequently in the evening/night on weekends. • Nearly one-third of theft victims stated that the most recent incident of theft had involved some forced entry, mostly entry to a house. • Thefts tended to take place at the final stage of construction. • The most frequently stolen items from building sites were raw materials (61%), while the most commonly targeted expensive items were whitegoods (17%) and heating/water systems (15%). As a result of the growing level of theft and vandalism in not just the building industry, but also transport and other similar industries, it became clear that there existed a need for a fully self-contained, easily deployed and monitored security solution that would enable both security and end-users to deter and detect potential criminal activity. Hence, the ICU Solar-cam was born. The ICU Solar-cam system is a fully self contained, HD CCTV solution designed to capture images (as often as every half hour) and send them to multiple devices in full HD quality. The system incorporates an integrated solar panels, PV (Photo Voltaic) charge controller and Battery so that the solution can be installed pretty much anywhere with a minimum of fuss and expense. (It can also work with 240V power with back up battery). This makes the ICU Solar-cam idea for

deployment in areas like underground car parks and inside buildings where wiring is impossible or to expensive. The system works over 3G to provide a complete wireless solution using WATCHDOG, an in-built feature designed to check 3G connectivity as often as every minute. This helps to ensure that the in-built back to base monitoring, which occurs via contact ID and Video verification, is running and functioning as specified at all times. Another of the ICU Solar-cam’s numerous points of difference includes the ICU web portal, which allows users instant access to all trigger events, while also supporting pre and post recording capabilities. The ICU Solar-cam system also enables provides users the ability to login and view live footage at any time and from any smart device in full HD 1080 video as well as audio recording. The system also features on-board storage capacity for digital stills and video capture while facilitating full cloud server back-up to ensure that all data remains intact, regardless of conditions in the field or damage to the system on site. The combination of two-way communication capability and an LED Floodlight to capture images and people in full colour (even at night) enables security staff to warn offenders off before they cause damage or engage in theft thereby reducing potential costs. The system can also deliver push notifications via email to a smart device to ensure that

ICU Solar Cam

users are always in the loop as well as providing users with the ability to remotely set up and change settings as required. According to James Harrison, Display Building Manager for Metricon Homes “Over time we have tried different products from different companies. However, we found we were still being broken into and those other products were failing to deter theft. The ICU Solarcam cameras, on the other hand, look like a serious piece of hardware appear very intimidating. The image quality is the best I have seen on this type of equipment for both day and night videos. As a result, ICU Solar-Cam have been part of the Metricon business for a very long time.” Mark Darmanin, Senior Building Manager, Metro West Region for Simonds Homes relates a similar experience. We tried a number of other security products in the past but the footage was never acceptable. Based on our experience, the ICU Solar-Cam product really is second to none”.

James Harrison of Metricon goes on to explain, “The cameras have been extremely effective due to the flexibility and portability of the design. They are very visible and if activated, flood lights, flashing strobe lights and an audible voice message means that the intruders quickly turn around and leave. According to Mark Darmanin, “since Simonds Homes began using the ICU Solar-Cam system on our sites, we’ve had zero incidents of theft or vandalism. What more could we ask for more.” Mark goes on to explain, “This reduction in theft has a major impact on our profitability. In the past, claims valued at less than $5000 were not passed through

to our insurance company. This has meant that Simonds Homes has had to carry the cost of these incidents. Beyond the simple financial cost, there were also expensive time delays associated with having to order new equipment as well as paying tradespeople to do the repair or replacement work. To have eliminated these cost from our projects is a major bonus.” James Harrison of Metricon states, “The ICU Solar-Cam team have been fantastic to work with. They are extremely proactive and accommodating when it come to our ‘ special requests’. I would absolutely recommend both the ICU Solar-Cam team and their product to anyone looking for a portable, reliable, selfcontained CCTV solution.”

For more information in the ICU Solar-Cam solution visit www.icusolarcam.com or call 1300 428 066

SECURITY SOLUTIONS 111

SPOTLIGHT

Is There A Better Way? Critical infrastructure operators are quickly discovering that to adequately protect their premises, more electronic systems are required. The traditional security systems such as intruder alarm and access control systems, CCTV, perimeter intrusion detection, pedestrian, vehicle and car park barriers and systems, duress systems and intercom systems are not the be-all and end-all. An effective onsite security control room must also monitor the visitor/contractor management system, building management system, fire and EWIS (Emergency Warning Intercommunications System), UPS and generators, lighting and Ethernet network for any changes that may impact the site. Security managers must also concern themselves with general asset tracking and social media activities that relate to the facilities and organisation. Of course security personnel need to communicate with each other and all other parties on site so use telephones, two-way radios, intercom and public address systems too. Then there are add-on systems like biometrics and video analytics for greater facility protection and site specific systems such as key safes, RFID systems, mobile phone detection systems, etc. These are simply the most obvious ones for critical infrastructure sites, but depending on site specifics, even more can be used. This is a large number of systems for security operators to manage and monitor, raising several issues and complications that must be addressed. For example:

112 SECURITY SOLUTIONS

• How easy is it to learn all these systems and operate them? • How many monitors must the operators keep their eye on to make sure they don’t miss anything? • When an event occurs, how stressed does the operator become and therefore how many mistakes could be made under pressure? • How many policies and procedures relate to all these systems and how confused are the operators? • Most importantly, what is the speed and precision of the current security staff to action alarms and events? • How difficult is it to conduct an investigation? Is there an efficient method of gathering the information from all these systems and collating them into time order so as to create a clear picture of the event? Basic high and low level system integration improves the speed and precision of some alarms and events but certainly not all. Integration also decreases the number of viewing screens and tasks performed by operators. Integration however, does not assist with training, stress, policies & procedures and investigations. Alternative methods must be used to solve these issues and this is where the global security industry is turning to Physical Security Information Management (PSIM) systems. Over the past 10 years PSIM has become an accepted term within the security industry and this acronym is starting to pop up everywhere, even in technical specifications. Originally PSIM’s were purpose built, however

as the technology advanced, PSIM’s have become a commercial off the shelf solution that fit many industries. A true PSIM has the ability to integrate with any system or device and is therefore non-proprietary. PSIM’s add tremendous value to organisations as they are a single human machine interface for all the security systems. Essentially PSIM’s are a single Graphical User Interface (GUI) for the multitude of disparate security sub-systems that are managed by security operators providing tremendous situational awareness. Understanding if the client needs a PSIM can be determined in a number of ways however generally the answer lies within a few requirements. First, the speed and precision required for responding to events and second, the number of sub-systems. The major benefit of a PSIM is that it integrates ALL security systems regardless of make, model or class. Be wary though, not all systems marketed as PSIMs are actually PSIMs. A true PSIM will allow multiple security systems such as access control systems and/or multiple video management systems to be integrated. If the PSIM manufacturer will not easily and openly integrate competing products, then the system is not a PSIM, therefore possibly not provide all the desired features and benefits and possibly lock you into proprietary solutions. For many reasons a security operation can have multiple security sub-systems such as video management systems forming part of the overall solution. A PSIM seamlessly integrates all disparate systems so the organisation can meet its key operational business needs. Control room

support for post action analysis, OneView is the ultimate choice for modern surveillance and security operations. You can rely on Saab’s thinking edge to bring your control room under real control.

SAAB

saab.com/australia

personnel can simply learn and control a single system, the PSIM. A PSIM delivers a security ecosystem that provides complete situational awareness. Personnel can apply an adaptive workflow including clearly defined procedures to follow, for each event. Best practice is applied with real time information presented, whether the subsystem is old or new. There are many functions of a PSIM and as a minimum the solution should collect and analyse the data gathered from all the sub-systems. As all the systems are present in the single GUI, the operator typically receives data from these sub-systems as text or by way of icon changes on a map. When the operator chooses to action the event, the operator will click on the text or icon and they will automatically be provided all the information associated with the event and realise the benefit of the PSIM. The information from various systems is presented at the same time providing the operator a complete picture. The PSIM should provide the operator the ability to respond to any situation more efficiently with additional information, which is presented in a clean and well-laid-out display.

The PSIM should include all the Security Operating Procedures (SOP’s) and present only the relevant SOP’s for each event – ie. when a duress alarm is activated the SOP’s for this event are automatically presented so the operator can perform the task as efficiently as possible. The PSIM must retain a complete audit trail in chronological order of everything that happens on the PSIM and every sub-system in a single repository. In this day and age geo-mapping should be provided as a standard feature. This mapping feature should essentially operate like Google Earth or Google Maps, however the load times should be virtually instant. There should not be any delay waiting for pages or maps to load. The PSIM should update the status of the points from each sub-system every second or faster. Systems update delays, such as map loads shouldn’t be tolerated. The PSIM should facilitate alarm and event searching as all recordable movements from each sub-system are stored within the PSIM’s audit trail. Investigations are easier, more accurate and conducted in a more speedily fashion.

Often an overlooked benefit of a quality PSIM is that it will eliminate desk top clutter within the control room. As all the systems are integrated and operated from a single system, the result is that an operator simply uses a few monitors, keyboard, mouse, joystick, intercom and/or telephone. All other devices such as multiple two way radios, paper based SOP’s, intercoms, keypads, switches, little sticky notes, etc. are all eliminated to reveal a clean and efficient control room. De-cluttering the control room always results in well-organised, capable and happy control room operators and a safe and secure premise. Saab Australia is a major system integrator of Physical Security Information Management systems within Australia. The company has developed and installed several systems in prisons, defence bases and critical infrastructure facilities across the Asia Pacific region.

SECURITY SOLUTIONS 113

SPOTLIGHT

Boon Edam New Speedlane Lifeline Series The objective is to highlight the differences between the Lifeline Slide, Swing & Open models & which model is most appropriate for which application. Turnstiles are more than just barriers to entry or headcounters. While security is still key, companies today are also heavily invested in aesthetics that are less obtrusive and fully integrated. Structures that blend into a building’s space and provide a system that combines security with quality service, discreet looks and top-end technical functionality are now the industry benchmark. Flexible working hours means that monitoring the daily movement of foot traffic in and out of a building has become an ongoing challenge faced twenty-four hours a day. So how do you manage this continuous flow of people and keep track of who is in the building and where and when? Boon Edam spent 3 years investigating the patterns of behaviour of pedestrian mobility and consulted extensively with architects, building managers and tenants to better understand what they are looking for in a speed gate and how to best address their concerns. What was needed was to go back to the drawing board and create a new system from the ground up with the intended outcomes in mind. “As work environments become increasingly dynamic, the need for increased security measures within buildings grows. Knowing this, we started seeing things from a new perspective to step ahead and meet changing demands.” explains Product Manager Daan van Beusekom.

114 SECURITY SOLUTIONS

The insights gained from the studies posed both the challenge and the opportunity to create something truly unique. Out of the investigations was born an innovative, intuitive and highly sophisticated new entry management system that was both visually appealing as well as functional to users. Launched in June this year, The Speedlane Lifeline Series is a new line of optical turnstiles unlike any other in the industry. The Series achieves the perfect balance between good looks, brawn and brains and is a technology designed to be intuitive and interactive with all who approach, guiding visitors to their destination through a secure and unobtrusive gateway. Boon Edam understands the importance of workplace security and they have incorporated state of the art measures into all of their components and the latest design trends. The Speedlane Lifeline system recognises that each installation is unique and provides modular systems that are highly customisable to suit every individual fit and entrance situtaion. Each model is technically styled to meet the individual needs of customers and their buildings, and can be integrated with almost any access control system on the market today. The Lifeline Series is a completely new and sophisticated product range that includes the slimmest security barrier in the industry and comes in three configurations, named The Open, The Slide and The Swing. • The Open model is designed to be suitable for smaller, more compact areas where space is a premium. True to its namesake, its barrierfree entry system provides the smallest footprint

with a unique pulsing light strip to guide users to their destination. Unlike The Slide or The Swing, The Open is a discreet and invisible system that works not by acting as a physical barrier to entry, but rather through counting people as they enter and exit. While its overall security level is lower than the other models, The Open has the advantage of being a discreet and gentle gatekeeper. For many businesses, the perception of their workplace as being considered approachable and welcoming is paramount to their underlying philosophy. They require a warm and inviting place of business, while still maintaining high standards of security protocol. The Open provides is a seamless gatefree option, and the free-flowing design allows for a higher capacity of entry per minute, making it a discreet and traffic-friendly security choice. Built in just one, simple size configuration, The Open also uses less power that the other models, giving it an energy-saving advantage. • Both The Slide and The Swing feature secure glass barriers that come in a range of sizes spanning waist height to full body height. Unique light sensors detect the approach of visitors and these gates prove excellent in areas where volume is high and security is critical. Both designs are fitted with a unique technology customisation that produces an alarmed physical barrier wherever there is an attempt to jump the barrier, tailgate or piggyback, providing both a physical and psychological barrier to entry. • The Swing is the slimmest speed gate in the world, combining high design and top security. Due to its elegant, and minimal form, an almost invisible gateway is created, instantly giving an

Boon Edam

Discover the new Speedlane Lifeline Series. A sophisticated, intuitive, refined and yet secure entry management system that guides authorised people through the gateway to their destination. For more information visit us at www.boonedam.com.au/lifeline

BEAUS_Advert_210x276mm.indd 1

air of sleek design and openness. The Swing is ideal for use in smaller areas and commonly operates in multiples. It is perfect for fluently guiding the flow of high numbers of visitors, ensuring that the right people are channeled securely to the right place. â&#x20AC;˘ The Speedlane Slide interacts directly with those who approach it, managing and guiding authorised users through to the secured areas of buildings. The interactive light displays use intuitive and proven visual symbols to make it more user-friendly and its array of customisation possibilities enable it to be fit with almost any interior design. The Slide is the ideal intuitive speed gate for a range of top security needs, whether itâ&#x20AC;&#x2122;s for a higher security level or disabled access, every combination is possible.

29/09/15 15:30

The Speedlane Lifeline Series is available in a variety of options including an array of modern colours and finishes to suit the aesthetic desire to either blend-in or standout from the surroundings. Customers can choose to make a statement by fitting the design with corporate identity colours or work to create a harmonious and discreet interior design.

As pedestrian mobility increases so does the need for a sophisticated, intuitive, refined and secure entry management system for those entering and moving around buildings. For businesses seeking a fully customisable, high security turnstile option, The Speedlane Lifeline Series leads the way in the technology, design and user experience.

SECURITY SOLUTIONS 115

PROFILE

Altronix

ADVERTORIAL

Advanced IP Adaptive Transmission PoE Solutions Simplify Migration to Networked Systems and Increase Profitability With all the buzz about IP systems, power distribution products may not be the first thing that comes to mind, but these versatile devices provide the foundation for surveillance and security systems. The bottom line is that new adaptive transmission solutions can efficiently and affordably facilitate network connectivity with IP devices using legacy analog infrastructure – and enhance the distance and device capacities of existing and new Ethernet based systems. It’s a win-win for end-users and resellers regardless of the type of cabling infrastructure already in place or planned for installation. The ability to deliver video, data and power over Ethernet, coax or UTP cabling provides security

116 SECURITY SOLUTIONS

professionals with a robust and cost-effective solution for deploying the latest IP technologies and devices. With the introduction and increasing popularity of Ethernet over coax (EoC) and IP/ UTP adapters, the migration path to networked connectivity has proven to deliver practical advantages given the overwhelming cost savings achieved using existing infrastructure. In some cases removing legacy cabling may be mandated by local code and can be difficult and expensive –especially when you factor in the cost of purchasing and installing new cable infrastructure. It’s more economical to provide PoE with video/ data (often over much longer distances) using existing coax, UTP or Ethernet cabling. The cost advantages and simplicity of using EoC or IP/ UTP adapters provide a strong incentive for end users to deploy IP devices and move to network connectivity. The fact is that users in nearly every vertical market are more likely to move forward with a project that allows them to use infrastructure they’ve already paid for. The functional advantages of using EoC and IP/ UTP adapters are also a bonus. IP devices can be located up to 500 meters from the head-end using coax or UTP cabling without repeaters, versus typical Ethernet cabling which can only go up to

100 meters. Additionally, some EoC and IP/UTP adapters accommodate multiple devices over a single cable providing added cost-efficiencies. This allows systems to be easily expanded without the need to add more cables, further reducing Total Cost of Ownership (TCO) over the long run. The eBridge4SK Ethernet over Coax Adapter Kit from Altronix is a good example of just how efficient EoC adapters can be using legacy infrastructure to deploy network connectivity. The EBridge4SK allows you to send/receive video and PoE for four IP devices over a single coax cable. The kit consists of an eBridge4SPT transceiver with integral 4 port managed PoE/PoE+ switch and an eBridge1SPR single port receiver. Power with battery backup is supplied via optional Altronix VertiLine563. It’s a practical cost-effective solution that allows endusers to increase the coverage of their surveillance systems while lowering costs. EoC and IP/UTP adapters are changing the way systems are designed and implemented by providing myriad benefits and increased profitability. The issue is no longer what type of cabling infrastructure you already have or plan to install – it’s how well you optimize cabling infrastructure to achieve the highest efficiencies using the latest adaptive transmission solutions.

I AM CHAMPIONING CUTTING EDGE INTEGRATED SECURITY SOLUTIONS. I BELONG TO THE TOTAL FACILITIES COMMUNITY. JOHN GROVES, HEAD OF HEALTH, SAFETY & SECURITY

AUSTRALIA’S LARGEST INDUSTRY EXHIBITION FOR FACILITIES AND WORKPLACE PROFESSIONALS.

PRINCIPAL MEDIA PARTNER

FIND OUT MORE AT

TOTALFACILITIES.COM.AU

SECURITY SOLUTIONS 117

PRODUCT AIRKEY / CYBERSECURITY AND CYBERWAR / MAGICARD RIO PRO / SECURITY METRICS: A BEGINNER’S GUIDE

AIRKEY AirKey is the latest electronic lock innovation from one of Europe’s leading manufacturers of locking systems – EVVA. The AirKey is designed and manufactured in Austria and is available in a range of cylinders to suit the Australian market. AirKey is perfect for residential or single-lock commercial applications. Also it is an ideal solution for businesses with multiple locations – nationally or internationally. The system is managed using an app, and access can be granted over the Internet allowing an NFC enabled Android phone to grant access or even to be used as a programmer for traditional proximity cards and fobs. AirKey benefits at a glance: • Free software as a web service. • Cylinders to suit the Australian and New Zealand markets. • NFC enabled Android Smartphones – for programming and/or as the access media. • Traditional proximity cards and fobs can also be used. • Access and authorisations can be sent via the Internet to other NFC enabled Android smartphones. All that is required to get the system going is at least one NFC enabled Android smartphone or coding dock; access media (an NFC enabled Android smartphone or conventional proximity card / fob); an Internet connection and an AirKey cylinder. The free AirKey system management software is web-based and can be accessed with the app or PC. Using the App, you can send access privileges to anyone with an NFC enabled Android smartphone. The system is not only an effective and versatile access control solution but is also highly secure with all data transportation being encrypted. What’s more, Airkey cylinders and the wall readers are suitable for indoor and outdoor use. Using your Android enabled smartphones and the Airkey cylinder offers a wide range of benefits such as the ability to use your phone as your personal key, manage other users with the App and give access privileges to other users via the Internet turning their NFC enabled Android smartphone into a key. What’s more, every time a valid NFC enabled Android smartphone is used to access a lock or wall reader, the audit is downloaded and the lock is updated. For more information visit www.evva.com.au/airkey or call 1300 007 007

CYBERSECURITY AND CYBERWAR: WHAT EVERYONE NEEDS TO KNOW A generation ago, “cyberspace” was just a term from science fiction, used to describe the nascent network of computers linking a few university labs. Today, our entire modern way of life, from communication to commerce to conflict, fundamentally depends on the Internet. And the cybersecurity issues that result challenge literally everyone: politicians wrestling with everything from cybercrime to online freedom; generals protecting the nation from new forms of attack, while planning new cyberwars; business executives defending firms from once unimaginable threats, and looking to make money off them; lawyers and ethicists building new frameworks for right and wrong. Most of all, cybersecurity issues affect us as individuals. We face new questions in everything from our rights and responsibilities as citizens of both the online and real world to simply how to protect ourselves and our families from a new type of danger. And yet, there is perhaps no issue that has grown so important, so quickly, and that touches so many, that remains so poorly understood. In Cybersecurity and CyberWar: What Everyone Needs to Know®, New York Times best-selling author P. W. Singer and noted cyber expert Allan Friedman team up to provide the kind of easy-to-read, yet deeply informative resource book that has been missing on this crucial issue of 21st century life. Written in a lively, accessible style, filled with engaging stories and illustrative anecdotes, the book is structured around the key question areas of cyberspace and its security: how it all works, why it all matters, and what can we do? Along the way, they take readers on a tour of the important (and entertaining) issues and characters of cybersecurity, from the “Anonymous” hacker group and the Stuxnet computer virus to the new cyber units of the Chinese and U.S. militaries. Cybersecurity and CyberWar: What Everyone Needs to Know® is the definitive account on the subject for us all, which comes not a moment too soon. Available from Amazon www.amazon.com

118 SECURITY SOLUTIONS

Unless otherwise expressly stated, the review of the product or products appearing in this section represent the opinions of the Editor or relevant editorial staff member assigned to this publication and do not represent the views or opinions of Interactive Media Solutions or the advertisers or other contributors to this publication.

MAGICARD RIO PRO The Magicard Rio Pro is the industry standard for high volume, high-speed card printing. Excellent print quality secured with a unique custom watermark and backed with the industry’s most comprehensive warranty. Built for heavy use, the Rio Pro sets the standard for secure card printing. High capacity hoppers (up to 200 cards) and a fast, reliable print engine can produce more than 150 high quality, secure, full colour cards per hour. Included with all Magicard printers, HoloKote® is patented technology that frosts a secure watermark onto the card’s surface during printing. The Magicard Rio Pro offers the option of customising this watermark to your organisation’s unique logo or security design. The Magicard Rio Pro can be equipped with a range of card encoding devices to write secure electronic data to cards at the point of issuance. Smart card encoding options include contact chip, MIFARE, DESFire and iClass. Specialist high-security encoders, such as EMV accredited devices, can also be fitted for the in-line personalisation of payment cards. The Rio Pro can also be supplied with a magnetic stripe encoder built-in. Wholesale iD are the Australasian distributor for Magicard card printer solutions. For more information visit www.wholesaleid.com.au

SECURITY SMARTS FOR THE SELF-GUIDED IT PROFESSIONAL “An extraordinarily thorough and sophisticated explanation of why you need to measure the effectiveness of your security program and how to do it. A must-have for any quality security program!” ―Dave Cullinane, CISSP, CISO & VP, Global Fraud, Risk & Security, eBay. Learn how to communicate the value of an information security program, enable investment planning and decision making, and drive necessary change to improve the security of your organisation. Security Metrics: A Beginner’s Guide explains, step by step, how to develop and implement a successful security metrics program. This practical resource covers project management, communication, analytics tools, identifying targets, defining objectives, obtaining stakeholder buy-in, metrics automation, data quality, and resourcing. You will also get details on cloud-based security metrics and process improvement. Templates, checklists, and examples give you the hands-on help you need to get started right away. Security Metrics: A Beginner’s Guide features: • Lingo – Common security terms defined so that you’re in the know on the job. • IMHO – Frank and relevant opinions based on the author’s years of industry experience. • Budget Note – Tips for getting security technologies and processes into your organisation’s budget. • In Actual Practice – Exceptions to the rules of security explained in real-world contexts. • Your Plan – Customisable checklists you can use on the job now. • Into Action – Tips on how, why, and when to apply new skills and techniques at work. Author Caroline Wong, CISSP, was formerly the Chief of Staff for the Global Information Security Team at eBay, where she built the security metrics program from the ground up. She has been a featured speaker at RSA, ITWeb Summit, Metricon, the Executive Women’s Forum, ISC2, and the Information Security Forum. Available from Amazon www.amazon.com

SECURITY SOLUTIONS 119

SHOPTALK

Unless otherwise expressly stated, the review of the product or services appearing in this section represent the opinions of the relevant advertiser and do not represent the views or opinions of Interactive Media Solutions or the other advertisers or contributors to this publication.

Takex Announces New Battery Powered Quad Beam TAKEX AMERICA, INC. are pleased to announce the launch of their first battery operated Quad beam designed to be compatible with all leading wireless systems, reducing the time and cost of permanent installations and allowing the use of Active Infrared Beams on rapid deployment temporary installations. Based on the PXB Professional Beam Series, the TXF-125E offers a number of key advantages when Active Infrared Beams (AIR’s) are employed. The wide beam pitch ensures stability and reduces the possibility of unwanted activations from wildlife and detritus, and the IP65 design ensures integrity regardless of the installation conditions, preventing ingress from water, dust and insects whilst allowing moisture within to evaporate, prohibiting condensation. The 4-channel selection allows the stacking of beams, and also the use of multiple beams on linear installations, further assisted by a transmitter power selection option, allowing the user to choose 25/50/75/100m zone length. Vivid body colours coupled with Dual Ring Gun Sights both facilitate faster alignment, aided by the audible monitor tone. Using just 2 batteries per unit (Tx/Rx) approximately 5 years of service is expected, with the option to fit 4 batteries per unit, the TXF-125E has a Battery Sharing Function to allow battery monitoring with an adjustable output to customise the warning notification time. Attention to detail has always been synonymous with the TAKEX brand, and the TXF-125E exemplifies this, with features including a Drip-Proof housing designed to channel precipitation away from the optical face of the beam, Antibird Spikes to prevent our feathered friends from alighting on the units, and ±90° horizontal ±20° vertical adjustable heads to cater for the most dynamic of terrains, the TXF-125E has it covered. Key Specifications: • 4 selectable operation ranges 25/50/75/100m • 4 selectable frequencies to allow multiple use • up to 5 year battery life using 2 x LS 33600 (3.6V 17Ah) batteries per unit • IP65 housing • ±90° horizontal ±20° vertical adjustable heads • wide beam pitch Additional details including pricing will be announced at the time of availability.

TELESTE – Reliability, Scalability, and Engineering Capabilities Teleste Corporation, a publicly listed company founded in 1954, has two main activities, Video Security and Information and Broadband Network Products. The Video Security and Information division has over 20 years’ experience in the CCTV industry with Video Management System (S-VMX), network video recorders (static and onboard), ruggedized IP encoders/decoders, Ethernet switches, fibre optic transmission equipment as well as passenger information systems and displays for public transportation sector. Teleste Australia has its head office located in Brisbane and has had its products distributed through Optical Solutions Australia (OSA) since 2008. OSA compliments Teleste products with network and communications products and is regarded as one of the best in specialised IP projects. The Teleste product has been successfully implemented in more than 80 Qld Police Watch House locations across Queensland for over 7 years and most recently was successful in deploying its video management system into two major projects; G20 Command Centre and Logan City Council Safe City CCTV. The Teleste S-VMX is the flagship of the product range and is complimented by the reliable range of Teleste designed and manufactured IP encoders/decoders, network switches and fibre optic transmission equipment. This ensures a fully compatible product suite from Teleste to reduce risk for critical infrastructure sites, rail transportation, public space, airports and government institutions. For more information, contact your local Optical Solutions Australia branch on 1300 130 423

120 SECURITY SOLUTIONS

The choice of professionals for secure card printing

High Volume, High Speed Personalisation

Your company logo as a card security feature

Trusted Visual Security

Trusted Electronic Security

Backed by the industry’s best 3 year warranty

Call us on 1300 437 746 for professional advice.

Wholesale

“We know iD card printers”

www.WholesaleiD.com.au Official Master Distributor for Magicard

SECURE ACCESS. NO CARD REQUIRED. Secure mobile access solutions by HID represent a revolutionary breakthrough in next gen technology by combining convenience, flexibility and the power of Seos. With a simple tap or use of our patented “Twist and Go” gesture technology, you’ll experience the most innovative way to make an entrance—no card required. And because it’s all powered by Seos, issuing, managing and revoking access couldn’t be easier—or more secure. You’ll call it the most advanced way to use your mobile device. We call it, “your security connected.” Contact asiasales@hidglobal.com or +613 9809 2892

YOUR SECURITY. MOBILE

Visit us at hidglobal.com