Page 1


ISSUE 111 JAN/FEB 2018

How to Use


001_SSM111 Cover-FIN.indd All Pages

To Create Better Security Outcomes

21/12/17 3:44 pm

Are you working to resolve a hostile vehicle attack risk? Ezi Security Systems has an unrivalled, extensive offering of high to extreme security products and have the expertise to design a solution to secure any critical infrastructure or extreme risk assessed site. All Ezi Security Systems Active Vehicle Barriers (AVB) and Hostile Vehicle Barriers (HVB) have been rigorously crash tested and certified to meet relevant ASTM, IWA and PAS 68 stipulations. For further information, please visit our website or call 1300 558 304 to speak to our security specialist team.

If serious security is your requirement, you need look no further than Ezi

002-003_SSM111 DPS.indd 2

20/12/17 3:48 pm

1300 558 304 11 Cooper Street Smithfield NSW 2164

002-003_SSM111 DPS.indd 3

20/12/17 3:48 pm












Melissa K Weinberg, PhD of Deakin University looks at the science of Choice Architecture. How can we use psychology to influence decision making with a view to achieving more desirable security outcomes?



How do you manage the risks associated with a facility being used for a heinous, criminal, public act such as the recent shootings at Mandalay Bay in Las Vegas?


This new report by Anne Speckhard, PhD and Ardian Shajkovci, PhD, from the International Center for the Study of Violent Extremism, raises frightening questions about women returning from the ‘caliphate’ – if they can return at all.


Juniper Research predicts the cost of cybercrime will climb to an estimated US $2.1 trillion by 2019, far exceeding the revenue generated by more traditional criminal activity. How can you keep your business safe from cybercrime?

74 THE CHANGING SECURITY LANDSCAPE We explore the security landscape of the past and compare it to the landscape we see today. How have we arrived at where we are? What are the current security service delivery trends? Where might those trends lead and what opportunities might they present for the security industry?


Jason Brown looks at the role of governance in leadership.


Jason Brown looks at the role of governance in leadership.


Dr Rita Parker looks at the socio-technical imperative of a resilient organisation.


Greg Byrne examines the obligations of employers regarding full-time employees employed under the conditions of a contract.


Dr Kevin Foster examines the potential for borrowing ideas from CPTED to consider ways that we might mitigate the threat of vehicle attacks at places of mass gathering and mass transport facilities.



Richard Kay presents the second part in his special look at the benefits of training beyond firearms qualifications.


We examine the potential of a new low cost storage method for high quality CCTV surveillance.



Company announcements from within the industry.

In the first of a four-part series, Alex Sidorenko, founder and CEO of Risk-Academy, explains how the key to managing corporate risks is often through dealing with the individual risks of decision-makers first.


Wills are an important safeguard for anyone who works in a dangerous role or owns a business. We look at the 10 most important things you need to know about wills.


What is the real value of Air Marshals?


What are the emerging trends in smart building security?


What are the benefits of going back to security basics?


A look at upcoming industry events.


004-005_SSM111 Contents.indd 4

20/12/17 3:46 pm

Series 400 is a fully welded 19” rack mount wall cabinet with heavy duty load carrying capabilities.

When you choose Australian made, you’re choosing more than quality and reliability, you’re choosing peace of mind.


MFB’s range of innovative racking solutions is proudly made onshore, to ensure quality and consistency above all others. Backed by constant development, unsurpassed customer support and expedited delivery. MFB proves a solid project partner whatever your requirements. Australian made, makes Australia. With a solid history of over 45 years of supplying innovative, off-the-shelf and custom built racking systems, you can rely on MFB to ensure when you buy Australian, you’re investing and supporting Australian industry.


004-005_SSM111 Contents.indd 5


P (03) 9801 1044 P (02) 9749 1922

F (03) 9801 1176 F (02) 9749 1987


20/12/17 3:46 pm



EDITOR John Bigelow EMAIL SUBEDITORS Helen Sist, Ged McMahon


Garry Barnes, Jason Brown, Greg Byrne, Kevin Foster, Richard Kay, Steve Lawson, Justin Lawrence, Scott O’Driscoll, Rita Parker, Don Williams, Lamie Saif, Anne Speckard, Alex Sidernko, Ardian Shajkovci, Ami Toben, Simeon Votier


oes Australia really take security

Australian’s do have a very relaxed attitude

seriously? Yes, Government claims

to security because they believe, rightly or

to, and some of the corporate

wrongly, that “it will never happen here”. This

sector demonstrate a passing

is a sentiment we can only hope remains true.

interest from time-to-time, but what of the

However, as the old axiom states, one should

average man and woman on the street? Do we

always expect the best but plan for the worst and

honestly take security seriously or do we, as a

prepare to be surprised. Of course, one should not have to rely upon

nation, just pay lip service to the idea


Keith Rozairo PHONE 1300 300 552 EMAIL


Jonathan Rudolph PHONE 1300 300 552 EMAIL


PHONE 1300 300 552 EMAIL $62.00 AUD inside Aust. (6 Issues) $124.00 AUD outside Aust. (6 Issues)


some form of devastating incident to occur in

of security? As we enter 2018, we should be thankful that

order to force people to take security seriously.

Australia has never suffered a major terrorist

There is a great deal that the security industry

incident the likes of 9/11, the Boston bombings,

can do to educate the business community about

the bombings of July 7, 2005 in London or the

the benefits of taking security seriously. In past

terrorist attacks of October 12, 2002 in Bali.

issues Security Solutions Editor-At-Large Rod

However, as a result, the Australian community

Cowan has written about how security can act as

has become somewhat complacent with regard

a differentiator for business and give companies

to security. I often hear many of our readers who

a competitive edge. If we have learned anything from tragic

PHONE 1300 300 552 EMAIL

are security managers within large corporations comment on the differences between attitudes

events that have occurred globally in recent


to security in Australia and America, where they

years, it must be that the world has changed –

often have to travel and work. According to many

permanently – and we cannot keep pretending

security managers, Americans understand that

that it has not. 9/11 was not an isolated incident

terrorism is a clear and present danger and a

and if groups like ISIS have their way, such

fact of daily life and thus, they treat security

attacks will become much more frequent. There

and security workers with the due respect. In

is a great deal more work to be done to ensure

contrast, they believe that Australian’s have a

that we create the kind of effective security

very blasé attitude towards security and it is this

culture within organisations and the broader

attitude that makes us much more vulnerable

community that will enable Australian’s to be

to attack.

safe and secure. And the work must begin with

ABN 56 606 919463

Level 1, 34 Joseph St, Blackburn, Victoria 3130 PHONE 1300 300 552 EMAIL WEBSITE


The publisher takes due care in the preparation of this magazine and takes all reasonable precautions and makes all reasonable effort to ensure the accuracy of material contained in this publication, but is not liable for any mistake, misprint or omission. The publisher does not assume any responsibility or liability for any loss or damage which may result from any inaccuracy or omission in this publication, or from the use of information contained herein. The publisher makes no warranty, express or implied with respect to any of the material contained herein.

In my opinion, having recently travelled

security professionals. Let’s make 2018 the year

through Egypt and Jordan, they are correct.

that Australia begins to take security seriously. n

The contents of this magazine may not be reproduced in ANY form in whole OR in part without WRITTEN permission from the publisher. Reproduction includes copying, photocopying, translation or reduced to any electronic medium or machine-readable form.











 Level 1, 34 Joseph St, Blackburn, Victoria 3130  1300 300 552 

Official Partners O C I AT I
















O rigin a l Siz e


blue colour changed to this colour green.

COPY/ARTWORK/TYPESETTING APPROVAL Please proof read carefully ALL of this copy/artwork/typesetting material BEFORE signing your approval to print. Please pay special attention to spelling, punctuation, dates, times, telephone numbers, addresses etc, as well as layout.It is your responsibility to bring to our attention any corrections. Minuteman Press assumes no responsibility for errors after a proof has been authorised to print and print re-runs will be at your cost. Signed.................................................................. Date........................


006-007_SSM111 Editors Letter.indd 6

John Bigelow Editor

20/12/17 3:54 pm

EC - S

TALL. FAST. STYLISH. Our award winning speedgates combine state-of-the-art optical technology with a high barrier height to protect your building.


• • • •

Barrier heights up to 1800mm Fast throughput (up to one person per second) Ideal for Disability Discrimination Act compliance Choose from a number of models, including the LX, SPT, SG, IM or LG • Custom pedestals with an array of attractive finishes EASYGATE LX

Find out which security gate is right for you.

1300 858 840



EC - Security Solutions Ad.indd 1 006-007_SSM111 Editors Letter.indd 7



6/02/2017 10:37:16 AMpm 20/12/17 3:54



Although not an exhaustive


(known as Basel II). The governance

improvement, and the status of

talked about the role

list, it is good governance for

arrangements and metrics

efforts to improve previously

and attributes of

any organisation to establish a

suggested in the paper would have,

identified deficiencies.

leaders, managing

framework which provides for the

if not prevented, greatly mitigated

security through metrics and

following to meet organisational

the spread of the GFC.

leaders’ self-awareness. It is time to

and community expectations. There

talk about governance –

must also be a clear definition of

out the reference to banking and

must include risk profile against

accountability, responsibility,

roles and accountabilities for all

finance measures and substituted

expectations. Reporting frequencies

delegation – from the board and

decision makers and decision-

‘security’ in the governance

may vary with the significance and

chief executive officer down.

making bodies, such as committees.

section of the report. It makes a

type of information and the level of

This is especially true for the roles

useful structure for thinking about

the recipient.

the provision of good governance.

and accountabilities of leaders,

security governance.

“The concept of governance is

particularly at an executive

not new. It is as old as human

management level, which should be

civilization. Simply put, governance

articulated and documented.

All material aspects of the

A board exists to provide

security rating and estimation

to the operational level. It is the


Every leader is responsible for

means the process of decision

I have taken the liberty to take

Corporate governance (paraphrased from Basel II, p90):

Internal ratings must be an essential part of the reporting to these parties. Reporting

In summary, security is a core component of good governance


and should have appropriate attention from the board through


making and the process by which

strategic oversight of its operations,

processes must be approved by the

job of leaders at all levels to

decisions are implemented (or

while the executive management

organisation’s board of directors

ensure good governance to achieve

not implemented). Governance

is responsible for the day-to-

or a designated committee thereof

organisational goals. n

can be used in several contexts

day operations of the business.

and senior management. These



Jason Brown is the National

Managers should be assisted in their

parties must possess a general

international governance, national

work through the establishment

understanding of the security

Security Director for Thales in

governance and local governance”

of key committees, such as an

risk rating system and detailed

Australia and New Zealand. He

(United Nations Economic and

audit and risk management which

comprehension of its associated

is responsible for security liaison

Social Commission for Asia and

may address a range of issues

management reports. Senior

with government, law enforcement

the Pacific, 2007 What is good

from financial to security risks

management must provide notice

and intelligence communities to


and compliance. Such committees

to the board of directors or a

develop cooperative arrangements

should have appropriate terms

designated committee thereof of

to minimise risk to Thales and those

ground but, most importantly, it is

of reference or charters (not

material changes or exceptions

in the community that it supports.

about making decisions and getting

just activity statements) and be

from established policies that will

He is also responsible for ensuring

things done or, in the case of

geared towards achievement

materially impact the operations of

compliance with international

security risks, getting things done

of business objectives. Such

the security system.

and Commonwealth requirements

to stop other unpleasant things

objectives and structures should be

being done!

regularly reviewed.

Senior management also must


for national security and relevant

have a good understanding of the

federal and state laws. He has served

security rating system’s design

on a number of senior boards and

Good governance has nine

It is interesting to note that

major characteristics, as follows:

many commentators suggest that

and operation, and must approve

committees, including Chair of the

• anticipatory

the global financial crisis (GFC)

material differences between

Security Professionals Australasia;

• consensus oriented

resulted from systemic failures

established procedure and actual

member of ASIS International

• accountable

of governance in the financial

practice. Management must also

Standards and Guidelines

• transparent

institutions. Ironically, in 2004, three

ensure, on an ongoing basis, that the

Commission; Chair of Australian

• responsive

years before the GFC, the Basel

rating system is operating properly.

Standards Committee for Security

• effective and efficient

Committee on Banking Supervision

Management and staff in the

and resilience. As of February 2017,

• equitable

published International Convergence

security control function must meet

Jason has been appointed Chair of the

• inclusive

of Capital Measurement and Capital

regularly to discuss the performance

International Standards Committee

• follows the rule of law

Standards - A Revised Framework

of the rating process, areas needing

for Risk Management.


008-025_SSM111 Regulars.indd 8



such as corporate governance,

This definition covers a lot of


20/12/17 4:34 pm










008-025_SSM111 Regulars.indd 9

20/12/17 4:34 pm



come under attack. When one device

that requires telecommunications

determine if law enforcement

seemingly getting

is compromised, the hacker can

carriers to block users’ access to

authorities can have far-reaching

more compromised

easily overtake the whole system of

private, government unapproved

surveillance powers. Many privacy

with each passing

interconnected devices. One of the

VPNs (Virtual Private Networks) by

activists are striving to overturn

year. 2017 has witnessed some of

biggest fears is that hackers might

February 1. This would mean that

the law passed in July, which

the worst security breaches in

compromise medical IoT devices, and

lots of people in China will not be

allows government agencies to

history – such as the breach of

patients’ information can be leaked.

able to reach the global internet,

collect data from large groups of

Equifax, which impacted over 143

A connected smart home will be

as many sites – such as Google or

people at once.

million clients in the U.S. and

another popular target for hackers.

Facebook – are blocked in China.

abroad. There were also three major

What’s more, breached IoT devices

state-sponsored ransomware

can be used in vast scale DDoS

5. The EU is implementing General

How to secure your web presence in 2018

attacks, affecting hundreds of

attacks, putting down virtually any

Data Protection Regulation. GDPR,

Internet users can still take

thousands of targets around the

Internet-based service or website.

coming into force in May (2018),

matters into their own hands

is going to introduce stricter rules

and secure their own computers

2. Increase in travel data breach.

for companies on storing personal

or smart devices. It’s important

Hackers are discovering that

user data and on obtaining

not to click on strange emailed

getting increasingly dangerous,” said

travellers who book their trips

customer consent. The regulation

links, not to download from

Marty P. Kamden, CMO of NordVPN.

online share their passport and

will have global reach and force

unofficial app marketplaces, to

“Besides, system administrators are

credit card data, which can be

companies to protect user data –

always have strong passwords,

not ready to protect their networks

stolen. This marks the move

being one of the rare examples of

and to be generally cautious when

from more sophisticated breaches.

towards specific online breaches,

governments striving to actually

going online.

We believe that attacks will only

targeting groups of people – such

protect data privacy.

keep getting worse.”

as travellers, online shoppers,


world. Unfortunately, it looks like this is just the beginning. “Ransomware assaults seem to be

In addition, Internet freedom

and others.

has been on a steady decline. For

It’s also highly recommended to use online privacy tools, such

6. Digital Economy Bill in the UK.

as VPNs, which encrypt all the

The UK is planning to pass a bill

information that is being shared between the user and VPN server.

example, in the US, ISPs have the

3. New, larger ransomware attacks.

that requires age verification for

right to track customer data without

This year has shown the power of

adult site visitors. Age verification

consent and sell it to third parties,

one ransomware attack that can

is done through collecting various

security and privacy, cybersecurity

and net neutrality is under attack.

disable hundreds of thousands

data about the user, which poses

specialists will be in big demand,

Other countries are also passing

of computers around the world.

a huge risk of data leaks and

and companies will be looking

freedom-limiting laws.

Companies are not yet up to

data loss, with sensitive private

to fill new job openings for

speed with sophisticated hacker

information being stolen.

cybersecurity professionals. Those

Below are the top 7 predictions for cyber security threat in 2018.

who want to protect their own

technologies, so there is a huge risk of new, larger ransomware attacks.

1. Increase in IoT attacks. As Internet

7. Dutch referendum on

data at home need to learn simple

government surveillance

cybersecurity tricks themselves. n

of Things (IoT) devices become

4. China to ban VPNs. China’s

powers. The Netherlands will

common-use, they will continue to

government passed a regulation

hold a referendum next year to


008-025_SSM111 Regulars.indd 10

With the decline in online

For more information, visit

20/12/17 4:34 pm

ATTENTION INTEGRATORS GOLD CLASS MOBILE ACCESS PROMOTION Upgrade your customers to experience the benefits of GOLD CLASS MOBILE ACCESS on their mobile device.

Increase your own income.


Complimentary award winning HID Readers and Credentials Exclusive to ISCS

“Only having to carry one device for so many daily tasks is excellent.” ALISON BROWN Facilities, Operations & Events Manager, Netflix


HID Mobile Access®

Secure, convenient access control via your mobile device

ISCS is Australia’s HID Platinum Partner distributor

Contact or 1300 111 010 and quote code GOLDCLASS Any size company considered, new or existing customers

008-025_SSM111 Regulars.indd 11

20/12/17 4:34 pm




he organisational

In resilient organisations, this

also cause people to be distracted,

fundamental quality of all security

landscape has

has led to a management cultural

overly stressed and potentially

managers and professionals. Just as

changed rapidly since

revolution and, given these

isolated in their work environment.

a good manager should not allow

the start of the 21st

imperatives, effective security

Part of the daily work of security

a valuable machine or other asset

century, leading to more demands on

professionals today are those

professionals and managers is

to break down because of lack of

security professionals who need to

who no longer embrace parochial

to deal with problems which

maintenance, similarly, a security

have a high-level and overarching

practices, but rather international

occur during everyday business

professional should not allow

understanding of the complexities of

security management practices,

and organisational operations.

a valuable human contribution

the organisation. Increasingly, there

including understanding and

These daily problems can be

to be lost or become vulnerable

is a greater need for awareness of the

being equipped to address socio-

about tangible issues such as

because of lack of proper care and

demands, and limitations, of the

technical challenges.

infrastructure, communication

appropriate attention.

socio-technical interface within

Technological advances

equipment, supply chains and so

Levels of job satisfaction,

organisations. This is within the

have improved communications,

on. Other problems can be less

job involvement, organisational

context of a culturally diverse, highly

encouraged innovation and

tangible, such as informal networks,

commitment, absenteeism and

mobile workforce, operating in a

creativity and saved time within

interpersonal communications,

turnover, as well as poor or

global competitive environment

an organisation. Technological

human relations, employee

inadequate performance, can

against a background of new and

gains have also changed the

discontent and passive-aggressive

be early and critical signs and

increased risks from multiple sources.

way people engage and interact

disruptive behaviour. While some

potential indicators of inhibitors of

with each other, especially in the

of these types of problems can

resilience within an organisation.

influenced the way organisations

workplace. Recognising the need to

appear, at least to the superficial

These types of indicators can also

operate in this century. Some factors

optimise the relationship between

observer, to be time consuming

help identify potential weaknesses

are intrinsic to the organisation,

the technology system and the

and not directly security related,

in the security of the organisation.

while many others are beyond the

social system is one of the most

some can be more insidious and

direct control of organisations.

demanding areas and pressing

destructive to the overall integrity

managers and professionals today

Several notable influencing factors

imperatives for security managers.

and resilience of the organisation

understand the complexity of the

are the pace of change, which seems

Some technological advances have

and its future if they are not

inter-relationships within each

certain to continue to increase;

redefined socially appropriate

detected, monitored and mitigated

organisation and do not view

global competition; additional and

and acceptable behaviours in

as soon as possible.

people or technology in isolation

different risks and threats, including

the workplace, such as sending

With the socio-technical

of each other, but recognise each

disruptive digital technologies;

emails to the person in the next

imperative in mind, an integral

component as part of the overall

changing vectors; and the changing

office or work cubicle instead of

aspect of a resilient organisation

socio-technological system

relationship and expectations

speaking to them directly. Yet, some

today is good human resource

contributing to organisational

between employers and employees.

technological developments can

management and it should be a

resilience. n

Several critical aspects have


008-025_SSM111 Regulars.indd 12

It is imperative that all security

20/12/17 4:34 pm

We’re TRANSFORMING We’ve opened a new National Distribution Centre in Seven Hills, NSW – bringing our supply chain in house to give our customers faster service, and we’re developing a new website to make buying online easier. Stay tuned for more details…



We’re transforming our business to provide a better customer experience.

For more information on these and other best-in-class solutions from Hills call us on 1300 HILLS1 (445 571) or visit CONNECT


008-025_SSM111 Regulars.indd 13


20/12/17 4:34 pm




have previously

of the employment, limitations on

the position title and reporting

could be a breach of contract

discussed the

the employee’s ability to compete

lines, along with restraint of trade

for an employer to fail to

National Employment

with the employer after they leave

(which protects the employer

take reasonable steps to

Standard and the

the company, specific grounds for

from an employee trading near to

ensure that employees are

rights and obligations of

termination, dispute resolution,

where they used to work) should

not exposed to bullying or

contractors, but I have not

terms of confidentiality and

also be built into the contract.

harassment, or to risk of

discussed the rights and obligations

rights to anything the employee

The management of contracts

of employers regarding full-time

produces while employed by the

of employment in Australia is not

employees employed under the

company. Employment contracts

without nuances and complexities,

work to certain categories of

conditions of a contract.

can also reference and rely on

about which employers should be

employees and/or in certain

other documents, including

aware. On the face of it, it would

policies and job descriptions.

seem quite a simple task to employ


An employment contract is an agreement between an employer and employee that sets out terms

Contracts offer benefits for

someone on contract and then

physical or mental injury • the employer’s duty to provide

circumstances • the employee’s duty of care and competence

and conditions of employment

both the employee and the

terminate them when the contract

or a professional relationship. A

employer, which is why they are

expires. This of course is true;

contract should be specific to the

becoming increasingly popular.

however, employers need to be

individual needs of the parties

For the employer, they offer the

aware that during the term of the

entering into the arrangement

advantage of engaging a worker

contract and at its end, they have

cooperate with the employer

and can be in writing or verbal, or

for a specific period of time, at

certain obligations. A longstanding

in the operation of the

partly in writing and partly verbal.

the end of which there are no

obligation was clarified in

The Fair Work Ombudsman advises

messy separation issues. For the

2014 when the High Court of

that an employment contract

employee, it guarantees (subject

Australia determined the case of

or the obligation of the

cannot provide for less than the

to performance, conduct and

Commonwealth Bank of Australia v

employee to desist from all

legal minimum set out in either the

competence issues) a set period

Barker [2014] CA 32 (10 September

actions causing commercial

National Employment Standards

of employment.

2014) and found there was no

detriment to an employer or to

implied mutual trust and confidence

have regard to the interests of

(NES), the associated award,

Awards do not cover such

• the employee’s duty to obey the lawful reasonable instructions of the employer • the employee’s duty to

employer’s business • the employee’s duty of fidelity

enterprise agreements or other

aspects as intellectual property,

automatically written into

registered agreements that may

confidential information,

employment contracts in Australia.

apply to particular workplaces. All

following employer’s policies or

Prior to this decision, it was assumed

there is no general implied

employees in Australia are covered

reasonable instructions, but these

that employers were not permitted

obligation to act in good faith;

by the NES, regardless of whether

can be written into employment

to breach the trust or confidence of

however, it can be imported

they have signed a contract,

contracts. Contracts should

employees. It has now been clarified

into a contract by express

are working under a workplace

contain clauses that protect

that this is not the case.

or implied provision to

agreement, or are casual workers.

confidential information and

A contract cannot make employees

intellectual property, state that

of law that everyone should be

It is important to understand that

worse off than their minimum legal

an employee is required to follow

aware of, including:

the requirements of these implied

entitlements (as established by

employer’s policies and that an

• the implied duty of care, which

terms will vary from one situation

the NES and an industrial award

employee is required to follow

requires that the employer

to another. Employers should seek

applicable to that industry).

the reasonable instructions of

take reasonable care for

out independent legal advice

The contract can include

the employer. Flexibility as to

the health and safety of its

if there is any doubt as to their

location of work, hours of work,

employees; for example, it

obligations. n

information regarding the duration


008-025_SSM111 Regulars.indd 14

However, there are other areas

his employer • the duty of good faith –

that effect.

20/12/17 4:34 pm

CivSec 2018 Security Solutions.qxp_CivSec 2018 Security Solutions 5/12/2017 9:48 AM Page 1



Human Security

Cyber Security

Law Enforcement

Border Security For further information and exhibition enquiries contact the Sales Team Telephone: +61 (0)3 5282 0500 Email:

008-025_SSM111 Regulars.indd 15

20/12/17 4:34 pm



n a previous article I

are sometimes used to reduce

outside a sports stadium, concert

state of CPTED might have a harder

wrote about the

the relative ‘capability’ of the

hall or convention centre.

edge, but with careful design the

‘wicked problem’ of

attacker to achieve his goal while

hostile vehicle (HV)

also achieving some degree of

designers are now considering

the intent of the attacker instead of

attacks and some of the relevant

psychological deterrent. However,

the use of hard security measures

trying to physically stop them in all

standards that might assist with the

as a general rule, the harder

like bollards and concrete blocks.

places at all times.

choice of bollards and other

the security measures the more

However, barriers that are rated to

barriers. In this article, I want to

expensive the security becomes

stop a car or a truck travelling at

designers to put forward creative

discuss the potential of borrowing

and often the uglier the built

a significant velocity can be very

ideas to solve this very dynamic

ideas from Crime Prevention

environment becomes. Perhaps it

expensive, especially if the barriers

design problem. Furthermore, risk

Through Environmental Design

is also important not to over-react

are required over significant

and security policy needs to be

(CPTED) to consider ways that we

to the terrorist threat in places

distances (e.g. around the entire

developed to encourage creative

might mitigate this threat at places

where the likelihood of an incident

perimeter of a sports stadium or

security infrastructure solutions

of mass gathering and mass

is relatively low and no greater

along the length of a purpose built

in order to subtly but effectively

transport facilities.

than at other similar places. It has

bicycle path).

protect our people as they go about


CPTED provides valuable

to be remembered that a ‘probable’

It is not surprising that many

Therefore, maybe we need

emphasis can still be on mitigating

I would like to challenge all

their business and leisure in public

design principles that can have a

threat at the national level does

to reframe CPTED to deter or

places. This security should not

mitigation effect on the ‘intent’ of

not equate to a ‘probable’ threat at

demotivate the hostile vehicle

change or hinder our way of life; it

a potential offender. These design

every place in Australia.

attacker. Sadly we might simply

should be designed to enhance it. n

principles usually emphasise ideas

However, the apparent increase

change the means that the Dr Kevin J. Foster is the

about territoriality (ownership

in the frequency of hostile vehicle

attacker uses to achieve his deadly

of the space), surveillance, and

attacks targeting pedestrians,

goals. However, we need to keep

managing director of Foster Risk

access control. CPTED designers

requires us to rethink what we

improving our security, in dynamic

Management Pty Ltd, an Australian

typically focus on softer ‘natural’

can do to protect people where

or agile ways, to counter these

company that provides independent

mitigation measures rather than

vehicles can come into close

evolving threats.

research aimed at finding better

hard structural barriers and

proximity with very large numbers

electronic security.

of people. This might be at a

could be modified to embrace ideas

public safety, and improving our

transport facility like a train or bus

of Terrorism Prevention Through

understanding of emerging threats

station, or it might be in an area

Environmental Design. This evolved

from ‘intelligent’ technologies.

Hard measures like bollards and other types of vehicle barriers


008-025_SSM111 Regulars.indd 16

Perhaps the CPTED approach

ways to manage risk for security and

20/12/17 4:34 pm

25 – 27 JULY 2018

SECURING INNOVATION The 2018 Security Exhibition + Conference: Powered by ingenuity and invention, showcasing the latest technology and cutting edge thinking. From physical and electronic solutions to biometrics and AI, Australia’s largest security event offers unparalleled opportunities. Limited stand space still available, contact the team to find out more: or call 03 9261 4500.

008-025_SSM111 Regulars.indd 17


20/12/17 4:34 pm



ecently, I went to one

Take the mobile phone industry

do any of this, you have a genuine

and brand identity stack up? Does

of the world’s biggest

as an example. Nokia and Motorola

opportunity to make your service

it shout, “Look at us, we’re really

markets. Over 2,500

were both making quite good

really shine, and thereby greatly

special!” Or does it whisper, “Hey,

vendors sell their

mobile phones. Then Apple came

increase both your sales and the

don’t take any notice of us, we’re

wares every week at the Rose Bowl

along with the iPhone, something

percentage of customers who

pretty much the same as everyone

Flea Market in Pasadena, California.

that not only transformed the entire

come back.

else”? If you don’t say something

You can buy almost anything, all of

mobile phone industry, but also

it old or used. My wife and I went

revolutionised how mobile phone

did at the last company I owned, an

remarkable, why on earth should

there expecting to walk away with a

software was developed.

advertising agency:

anyone call you?


mountain of bargains. Instead, we left with nothing. Why? Because, despite the fact there

Here are some of the things we

remarkable, or at least look

Pretend for a moment that you

How could you make your

• When clients came into our

product profoundly different from

office for meetings, they

are not the owner of your business.

that produced by your competitors?

weren’t just offered coffee or

Take a look at it as an outsider.

were over 50,000 items available

Rather than just slightly better,

tea. They were given an actual

When you peruse your website,

to buy, there was a dire shortage

as it probably now is. What could

menu of numerous coffees and

your ads, your brochures and sales

of stuff that was actually special or

you add to it, or subtract from it, to

six different teas they could

materials, do they startle you with

unique. If we are not careful, our

make it really stand out from the

choose from.

their freshness, energy, relevance

businesses will end up with the

sea of sameness in your industry?

same problem of offering plenty

Take a few minutes now to have

‘60-Second Monthly Review’,

of stuff, but nothing extraordinary;

a think about this. It will be time

where they ranked us in five

selling goods that aren’t that good;

exceedingly well spent.

different quality areas.

and presenting services that serve

• Every 30 days, they filled out a

• They were invited to boardroom

and uniqueness? No? Well maybe you should change them. Appearances count. Branding matters. Advertising can be the crucial point of difference if your


lunches where interesting

product or service doesn’t stand

research was presented and, at

apart from your competition.

need another okay business.

What if, no matter how hard you

night, to concerts and movies.

Almost every industry is vastly

try, you cannot think of a way

over-catered for already. If we

to differentiate your product or

recently-published books about

to stand out from the pack. If you

are to thrive in this overcrowded

service? No matter, all is not lost.

business and marketing.

aspire to business greatness, they

marketplace, we must do

Just make amazing service your

something, anything, to stand out

point of differentiation. It is easy

beautiful cards with written

from the pack. There are three

to do – just look at every point the

messages from our team.

fundamental ways to do this:

customer comes into contact with

Were we the best advertising agency

you, and conjure up some way to

in the city? Maybe, maybe not, but

Australia’s foremost marketing


make it special.

we certainly offered the finest, most

experts and coaches entrepreneurs

memorable service. And so can you.

from all over the world, increasing

Right now I’m betting you are

phone that would charm their socks

producing a reasonable product

off? How could you make their

at a reasonable price. But that is

nobody brilliantly. The truth is, the world doesn’t

What could you say on the

• They were sent important,

• On their birthdays, they received

So folks, they are the three areas to look at when evaluating how

are not just ‘nice-to-haves’, they are ‘must-haves’. n Siimon Reynolds is one of

their sales, improving their profits and helping them work more

experience at your office or store


a dangerous place to be. The past

really great? What about after sales

Like it or not, potential customers Siimon

10 years have shown us forcefully

service? How could you make that a

often choose who they buy from,

also offers online courses on business

that reasonably good does not cut

little more unusual and remarkable?

based on image. That being the

through The Fortune Institute. Find out

it anymore.

In a world where few companies

case, how does your marketing

more at


008-025_SSM111 Regulars.indd 18

effectively. To learn more, visit www.

20/12/17 4:34 pm


008-025_SSM111 Regulars.indd 19

20/12/17 4:34 pm




ccasionally, there is

Additional questions:

assessment, risk assessment,

and technical terminology, but it

benefit in returning to

• What is really important to

security surveys, access control,

should not be used to befuddle

alarm monitoring and response,

the audience or to hide a lack of

cost benefit analysis, media

fundamental awareness.

the absolute basics of our knowledge set.

There are a number of reasons why this is of value: sometimes we have become so entrapped by the detail that we forget the basics, sometimes we become expert in a field and lose

our business? • Can we make it hard for villains to get to the assets? • Can we make it hard for them to move or damage the assets? • Can we know if they are doing it?

sight of the underlying principles,

• Can we record them doing it?

and sometimes we have come into

• Can we do this without

management, image protection,

Knowing the fundamentals

equipment selection, policies,

also provides a solid foundation

procedures, training, monitoring,

upon which to build our security

assurance reviews, risk transfer,

plans, processes and capabilities.

emergency and crisis management,

Without such a solid basis for what

business continuity and so on.

we do and why, there is the real

Understanding the basics not

likelihood, indeed probability,

security from another discipline and

damaging the image of

only reminds us of what we do,

that the organisation’s protective

never really comprehended the

our business?

how and why, but also allows

security will be flawed.

foundation on which protective security is built. Remember back to See Spot run? The building blocks of

• What measures do we have in place? • Is it costing, or going to cost,

us to present our case to other

Ours is a complex and multi-

managers and the executive in

faceted management discipline

simple terms. It was Einstein who

that overlaps and integrates with

the language of Shakespeare and

more to protect the asset than it

said, “If you can’t explain it to a

so many other aspects of providing

Dickens is in those books. So, if we

is worth?

six-year-old, you don’t understand

a safe and secure environment

it yourself.” While not suggesting

in which we can work, live and

that the executives are six-

play. Given the complexity and

year-olds, the principle applies.

importance of the role of the

Occasionally, there is a perception

security professional, perhaps

that the use of small words and

sometimes we should revisit the

simple concepts is somehow

basics. That way we know why Spot

• How do we recover

demeaning or uninspiring. On

is running. n

our reputation?

the other hand, the ability to

are all sitting comfortably, let us try to recapture the fundamentals. Basic questions: • Do we own anything? • Do we do anything? • Is there anyone who would want to take or damage what we have or do? (Really, is there?)

• Do we know how to respond appropriately? • Should something happen, can we repair or replace the asset? • If our functions are harmed, how do we look after our clients?

Don Williams CPP RSecP ASecM

• How could they do it?

The above are really simple

present a logical argument that

• What can we do to protect our

questions, but they reflect

is not bound up in jargon can be

is a recognised thought leader in the

everything we do: asset and

both refreshing and informative.

field of security. He can be contacted

function identification, threat

Certainly, there is a place for

at donwilliams@dswconsulting.

assessment, vulnerability

detailed, specialist knowledge

assets and functions? • How do we know the (security) measures are (really) working?


008-025_SSM111 Regulars.indd 20

20/12/17 4:34 pm


STid Security presents

French expert in RFID, NFC, Bluetooth® and IoT, our contact free identification solutions have been designed to eliminate barriers in your business via innovative independence-focused technologies. Thanks to the STid Mobile ID® app and the Architect® Blue Bluetooth® reader, your smartphone turns your hand into a badge you have with you at all times. With the freedom to choose your favourite identification mode and make your access options both secure and much more intuitive.

Slide mode

TapTap mode

Remote mode

Hands-free mode

Security Meeting 2016 Trophées de la sécurité 2016 & 2017 Expoprotection 2014 & 2016 ISC West 2017 Trophées APS 2017

008-025_SSM111 Regulars.indd 21

Photo credit: iStock - 08/17 - 10917

Badge mode

20/12/17 4:34 pm


Co Fo

ISC West

moved to the ISC West show

Held annually between

11–13 April 2018

floor in 2017! As the digital

Sydney and Melbourne, TFX is

Sands Expo Convention Center,

and physical worlds collide,

Australia’s largest learning and

Las Vegas

it is increasingly important

networking event for facilities

ISC West is the largest security

for industry professionals to

and workplace management

industry trade show in the US.

protect their organisations and

professions seeking solutions for

At ISC West you will have the

clients from both physical and

creating more efficient, sustainable

chance to meet with technical

cyber threats. CSE provides

and productive facilities

multidisciplinary professions

representatives from 1,000+

holistic solutions for today’s

and workplaces.

to have a voice and achieve

exhibitors and brands in the

connected organisations.

Total Facilities is

• bring new and leading solutions in operational efficiency to the market • deliver forefront trends for running more sustainable facilities and workplaces • foster a community of


security industry and network with

Working with SIA, ISC West also

comprehensive and efficient in

over 28,000 security professionals.

features world-class education

its delivery and provides real

industry and challenge

to learn about every facet of the

solutions to everyday operational

traditional perceptions of

security industry.

challenges by connecting buyers

In 2018, ISC West will offer attendees a host of attractions including: • new products and technologies,

Visit for more information.

encompassing everything

• redefine the future of the

facility management.

and sellers to source innovation,

Visit for

debate current issues, share

more information.

insights and create opportunities

from access control to

Total Facilities

for an invaluable community

CivSec 2018

unmanned vehicles.

18–19 April 2018

of professionals.

1–3 May 2018

• Unmanned Security Expo,

Melbourne Convention and

Melbourne Convention and

introduced in 2017, is an event

Exhibition Centre, Melbourne

Our vision

Exhibition Centre, Melbourne

within ISC West focusing on

Returning to Melbourne with

We champion professionals

Security, Safety and Sovereignty for

unmanned aerial vehicles

an exciting new proposition,

who support the built and work

the Indo-Asia-Pacific Region

(UAVs), unmanned ground

Total Facilities now unites

environment with a sense of

Building on the success of the

robotics and vehicles (UGVs),

both facilities and workplace

belonging and advocacy – the

inaugural CivSec event, 2018

and the various software and

professionals in the ultimate

unsung heroes and behind-the-

will bring together leaders and

applications that support them.

industry destination for the built

scenes forces. We will evolve and

decision makers, policy makers

and work environment.

grow our offer year on year to:

and advisers, managers and

• Connected Security Expo (CSE)


008-025_SSM111 Regulars.indd 22

20/12/17 4:34 pm

Contact us on 1300 364 864 Follow us on

Delivering Proven Solutions for Security & Safety We Protect People & Assets 008-025_SSM111 Regulars.indd 23

20/12/17 4:34 pm

EVENTS officials, operational professionals,

through developing a integrated

technical specialists, strategists

strategic focus. In particular, the

and academics, researchers and

conference will look at breaching

consultants, technology developers

the gap for sharing of information/

and industry suppliers.

intelligence, policy, tactics and

While focusing on the Indo-

capability. Recognising modern-

Asia-Pacific region, CivSec 2018

day thought in breaking down

will address issues of global

self-imposed barriers, allowing us

significance. The sovereignty,

to sufficiently structure to better

safety, prosperity and cohesion

secure Australia.

of societies and communities

Safeguarding Australia 2018

everywhere are threatened by

will draw on the knowledge of

natural disasters and emergencies,

domestic and international experts

by human catastrophe and civil

to contextualise the current

disorder, by criminal activity and

threat environment and look at

terrorism and by the movement

the development of Security and

of distressed populations across

Emergency Management structures.

porous frontiers.

The conference will culminate in a

This international congress

strategic snapshot looking at our

and exposition will zero-in on key

future direction and our ability to

themes, which will include:

evolve in-line with the threat posed

• human security and safety

to our way of living.

• public security, policing and protection • infrastructure, resource and environmental security

The approach of the conference

manufacturers, distributors, security

The OSPAs recognise and


is to engage and inform Security

professionals and end-users to

reward companies and individuals

and Emergency Management

connect and create unparalleled

across the security sector. They are

Leaders, Practitioners and Policy

business opportunities.

designed to be both independent

The entire team is looking

and inclusive, providing an

• cybersecurity and social media

makers at all levels of Government

• borders and sovereignty

and Industry on best practice today

forward to once again reuniting

opportunity for outstanding

• homeland security

and their thoughts for the future, so

more than 4,500 security

performers, whether buyers or

• community resilience

we may develop our shared vision

professionals with over 150

suppliers, to be recognised and for

• emergencies and disaster

and capacity to best Safeguard

leading suppliers. The 2018 show

their success to be celebrated.

Australia for our collective future.

is set to see some interesting new

management • catastrophes and humanitarian response

For more information, visit www.

are based on extensive research

new attractions.

on key factors that contribute

Make sure you put the dates

• innovation and technology.



to and characterise outstanding

in your diary. We look forward to

performance. (This research can be

Comprising an exposition of

seeing you again in Melbourne in

found at https://perpetuityresearch.

equipment, technology and

25–27 July 2018

2018 for the Security Exhibition &


services and a congress of

Melbourne Convention and

ASIAL Conference!


specialist conferences, CivSec

Exhibition Centre, Melbourne

2018 will confront the complex

In 2018, the Security Exhibition

and increasingly interconnected

& Conference is heading back

security and environmental

to Melbourne.

more information.

The OSPAs are being set-up in collaboration with security associations and groups across

The 2018 Australian OSPAs

many countries.

Conference is the industry’s annual

18 October 2018

standardising the award categories

opportunity to reunite for three

Doltone House,

and criteria, the OSPAs scheme

days of quality networking and

Hyde Park, Sydney

provides an opportunity for

Safeguarding Australia 2018

unrivalled education alongside a

The Outstanding Security

countries to run their own

showcase of the most innovative

Performance Awards (OSPAs) are

evidence-based OSPAs schemes

9–10 May 2018

solutions to the Australian market.

pleased to announce the dates

while maintaining an ability to


For over three decades, it has been

for the 2018 Australian awards.

compete on an international level

This year’s summit will address

the largest and most established

They will be working for the fourth

in the future – World OSPAs.

developments of contemporary

commercial event for the security

year in a row with the prestigious

interagency operations and focus

industry in Australia, bringing

Australian Security Industry

more information or to make a

on the friction points created

together the entire supply chain of

Association Limited (ASIAL).

nomination. n

challenges facing modern societies. Visit for more information.


008-025_SSM111 Regulars.indd 24

The Security Exhibition &



Security Exhibition & Conference 2018

Visit for



The criteria for these awards

innovations, as well as a host of


By researching and

Visit for

20/12/17 4:34 pm

NEW INT-QUADIP For PB- Series Quad Beams











With the new IP interface module, our intelligent PB- series Quad Beams are as easy as IP cameras to install and integrate with leading VMS solutions.


Most intruder detection systems rely on legacy technologies which require a number of third-party products and man-hours to install. The INT-QUADIP module utilises infrastructures already in place with CCTV, Access Control, and other security systems; dramatically reducing installation costs whilst providing a fully integrated security system which can be easily expanded and configured as desired.


PoE Class 3 IEEE 802.3af VMS Compatible Direct control for cameras including: - Axis - Bosch - Hikvision - Sony

● Plug & play web browser interface ● No software installation required ● One cable installation

PB-IN-HF/HFA The ultimate in trouble free perimeter detection for distances up to 200m.

1300 366 851 008-025_SSM111 Regulars.indd 25

PB-F/FA Single channel quad beams ideal for simple perimeter systems.

PB-IN-100AT Anti-crawl beam for high security perimeters up to 100m.

PB-KH TAKEX quad beam performance for use in beam towers.

(02) 9427 2677

20/12/17 4:34 pm




026-029_SSM111 Article 1.indd 26

20/12/17 4:39 pm

B U S I N E S S BY SIMEON VOTIER Casino operators, like insurance

manage the risks associated with

companies, make their money

their facility being used for a

from the risk business. Statistics,

heinous, criminal, public act such

probabilities and the design of

as the shootings at Mandalay

games and machines all work

Bay in Las Vegas on the 1st of

to benefit them. Fraud, theft,

October 2017?

competition, card counters,

026-029_SSM111 Article 1.indd 27

This article does not seek

damage to reputation, gambling

to analyse or criticise the

software and disruptors – these

preparedness or response of

are negative risks that casino

Mandalay Bay, its owner MGM,

operators recognise, analyse

or any of the local, state and

and treat in various ways, such

federal authorities involved;

as through surveillance, rules,

however, this terrible incident

market intelligence, acceptance

should serve as a reminder to

and pricing. But how do they

businesses to comprehensively


20/12/17 4:39 pm

FEATURE consider all risks, even those so outrageous so as to defy prediction and definition. Many will be familiar with ISO 31000:2009 Risk management – Principles and guidelines or the COSO Enterprise Risk Management-Integrated Framework or other frameworks. Fundamentally, they are similar in that they contain steps or processes to: • consider the context • identify the risks • analyse the risks • evaluate the risks • treat the risks • monitor and review. All enterprises and industries face comprehensive risks. While there are some risks peculiar to individual enterprises, there is much more in common between similar businesses, industries or activities. So, in the generic framework outlined above, the context is largely shared and the risks to business as usual are common, for a given industry in a particular location. For Mandalay Bay and its competitors, their shared context is that their revenue is a function

types of risks to their business on

exploited to perpetrate a mass

risk analysis. Alternatively, the

of their venue being accessible,

a daily basis.

casualty attack on the public’.

impact may be estimated using

At some point in time, the

Assume that this risk had been

some indirect metric, such as

People go to Las Vegas for positive

owners of all similar enterprises

expressed sometime previously

consumer confidence or visitor

experiences and businesses thrive

in a location have made a decision

in a risk management context.

numbers, or something like

on their positive appeal. Of the

on a business case to build, own

Having identified the risk, it

damage to a brand or reputation.

hazards, the amount of money

and/or operate them, having

should be analysed in terms of

The likelihood is ideally expressed

floating around Las Vegas and the

considered that the potential

its likelihood and impact. The

as a probability, but this is not as

tendency for the visiting public

risks are manageable given

goal is to understand the risk

easy as calculating the payoff for

to behave with less caution are

the expected return on their

and its components which might

a roulette wheel, nor is it always

a magnet for crime. Gun laws

investment. Where one enterprise

make it increase or decrease.

possible. Often a crude descriptive

in Nevada are not strict. Mass

then becomes distinguishable

In business, the impact is

scale is all that can be applied. The

shootings occur in the US often

from another is whether and how

usually measured in financial

point here is not to be exact, but to

enough. The terrorist threat level

risks are analysed and evaluated,

terms – this may be estimated

be as consistent as possible when

in the US is ‘elevated’ – there is a

the risk appetite of its leadership,

using analogous situations. For

analysing each risk.

significant risk of terrorist attacks

its values, how risk is treated, how

example, MGM Chief Executive

– and symbols of capitalism and

effectively it monitors risks and

Officer Jim Murren has openly

account the severity of the risk,

indulgence are appealing targets

reviews and adjusts its response,

reported the impact on its

what control a business might

for would-be terrorists. Some

and its resilience should a risk

business in Las Vegas and several

have over the risk, the cost of

parts of the US are more prone

event occur.

hundred of Mandalay Bay’s 7,400

any control, potential losses and

employees will be affected. Other

potential benefits or opportunities.

visible and well patronised.

to natural disaster than others.

The Las Vegas shootings were

Evaluating the risk takes into

But, as noted at the opening of

the manifestation of a risk to

similar businesses could use

Regardless of the methods used

this article, enterprises face other

Mandalay Bay that ‘the venue is

this information for their future

to analyse and evaluate the risks,


026-029_SSM111 Article 1.indd 28

20/12/17 4:39 pm

evaluated such that the owner decides to do something about it and treat the risk: Can they avoid the activity? No, as it would be inconsistent with the business objectives to not operate the facility. Can they reduce the likelihood? Yes, as the operator of private premises, they have the right to decide who and what is permitted on the premises. The operator could introduce a


policy whereby firearms are not allowed to be brought on their

Practiced engagement and

must be accepted when there are

premises by members of the

cooperation with local law

no viable treatment options, but

public. This could be backed up

enforcement authorities shares

where the likelihood or impact are

by incentives or disincentives,

the burden of mitigation, as does

still substantial. It is critical for

or by a comprehensive security

the development and adherence to

contingency plans to be in place

checking regime, surveillance

industry codes and standardised

for such risks and for adequate

and weapons detection

policies in cooperation with

resources to be available to

equipment. Unenforced policy

other venues that make all of

implement those plans.

is inexpensive, but ineffectual.

them less appealing as a target

Strictly enforced security policy

or attack platform. In Australia,

response arrangements may not

is complex and obviously more

government seeks to transfer to

remain appropriate. Following

expensive to implement. Executed

the private sector some of the costs

the Las Vegas attack, one would

thoughtlessly, the policy could

and obligations arising from some

expect operators of hotels and

generate a new risk that the

terrorist risk through the recently

casinos in Las Vegas, as well as

‘positive experience’ that the

released document Australia’s

analogous operations elsewhere,

operator wants the guests to have

Strategy for Protecting Crowded

to have re-assessed this type of

is diminished. There is nothing

Places from Terrorism, which

risk and to have reviewed their

that a business could do to prevent

states, “Owners and operators of

response arrangements. It is the

the result is a list of risks which

a disturbed individual or terrorist

crowded places have the primary

cost of doing business, whether

can be ranked and a decision

group from deciding to carry out

responsibility for protecting their

for profit or otherwise, that

made on any treatment of the

an attack, but it is feasible that

sites, including a duty of care to

such monitoring and reviews

risks. The goal is to be able to

they could reduce the likelihood of

take steps to protect people that

be ongoing. So, while the Las

decide whether to do anything

them using their venue.

work, use, or visit their site from

Vegas tragedy reminds everyone

a range of foreseeable threats,

to comprehensively consider

about a risk and, if so, what to do?

Can they reduce the

Risks are not static and

Emerging from this process is a

impact? Yes. Physical response

including terrorism”, while

all risks, especially those that

list of risks to be treated.

arrangements and effective

encouraging and promoting

do not promise to deliver a

training and coordination of staff,

information sharing, guidance and

tangible, positive business benefit,

as well as cooperation with law

strong partnerships between the

operators should ensure that risk

enforcement agencies, can reduce

private and public sectors.

management is built into business

Risks can be treated by: • avoiding the activity that generates the risk • mitigating the risk by reducing its impact or likelihood • transferring the risk through

the physical impact. Business

Should they accept the risk?

continuity and contingency

Risks whose severity is low, whose

processes rather than bolted on. n Simeon Votier worked in

plans can reduce the financial

likelihood is remote or where

insurance, outsourcing

and operational impact on the

the cost of mitigation or transfer

public service for over 25 years,

or sharing, such as in a

business. It may even be possible

outweighs the impact, are usually

providing risk advice on a variety


to offset the cost of mitigation

accepted. This is different from

of domestic and international

• accepting the risk.

by attracting patronage due to it

ignoring the risks altogether, as

topics affecting both the private

Looking again at a hotel/casino

being a safer facility.

some degree of monitoring and

and public sector. He has had

Can they transfer (some of)

review should be ongoing. After

posts overseas in high-risk

where the risk that the venue is

the risk? Yes. Diversification of

mitigating a risk, it probably still

countries and is a member of the

exploited to perpetrate a mass

investment is an obvious strategy.

exists at a reduced level and is

Risk Management Institution of

casualty attack on the public is

Insurance may be worthwhile.

then accepted. Sometimes a risk

Australasia (RMIA).

operator on the Las Vegas strip

026-029_SSM111 Article 1.indd 29


20/12/17 4:39 pm



030-033_SSM111 Alarms.indd 30

20/12/17 4:50 pm

believes he could get something

security systems from cyber attack

of value and get away with it.

cannot be understated. There is

Remember, he is looking for a

no system anywhere in the world

‘payday’ and not just a challenge.

that is safe from hackers. No one

He then notices a home close by is

will ever be able to completely

in the dark, has its front door open

stop attackers, but they can make

and it is obvious that nobody is

it harder.

home. Which one will the burglar

Imagine a burglar is walking

030-033_SSM111 Alarms.indd 31

enter? The point is, everyone

down a suburban street looking

should have security and it is no

for a ‘payday’ and comes across

different online and with an IP-

a standard home with lights on,

based security solution.

a high fence with a locked gate,



Security system designers,

cameras, an alarm, and so on. He

administrators and operators

could break in; he is capable and

must carefully consider and


20/12/17 4:50 pm


protect against threats to the

To protect against the

Even if the network is

as if the system is open to the

physical security network. It is

internal and external threats,

completely separate and not

conceivable that a vulnerable

some organisations are

connected to the outside world,

security system could be the

physically separating their IT

the trusted insider still has access

to consider who will have access

opening needed to breach the

infrastructure by creating a

and can facilitate remote access

to the security network, who

facility. The vulnerability could

network for physical security

through open ports or access

will administer the network

allow the perpetrator to access the

applications that is separate

points. Equipment lockdown is an

and whether it is separate or

security network to compromise

from all other network use.

important aspect of controlling

connected with other networks.

the security system or use it as the

However, this may not be

general user access to functions

Will the security installation

bridge to the corporate and other

practical because infrastructure

and software that can lead to

contractor or the end-user’s

networks. Security managers must

and workstations on alternative

unauthorised system changes or

preferred IT contractor be

ask what can be done to minimise

networks are utilised for the

interactions. Network security

authorised to access the security

the impact of a breach.

security application.

must be thoroughly implemented

network? Who is trusted and


030-033_SSM111 Alarms.indd 32

outside world. The security manager needs

20/12/17 4:50 pm


to protect the security system?

That begs the question, who was

cybersecurity and research

This form of login is single-factor

speaking about security matters

companies, discovered they had

authentication in that it only relies

at board meetings?

been under attack. They found

on something the user knows. If

It is reported that 40 million

malware in their networks

the user passes this single bit of

credit and debit card records

information to someone else, then

were stolen and over 70 million

that person is able to login. This

total records of Target shoppers

has in place a range of

policy is insufficient, particularly

stolen. Total records included

measures, including the Cyber

when protecting against the

name, address, email address and

Security Operation Centre

trusted insider.

phone number. Target suffered a

within the Defence Signals

46 percent drop in profits for the

Directorate and a dedicated

is still one of the best methods

fourth quarter of 2013 compared

cyber investigations unit

of protection – something the

with the year before as a result

within the Australian Security

user knows and something

of the breach. They also spent

Intelligence Organisation

the user has or, even better,

$100 million on upgrading their

(ASIO). The Daily Telegraph

something he is, like a biometric.

payment terminals. The estimated

reported in 2011 that the

A second factor, such as a card

cost to banks and credit unions to

Central Intelligence Agency

or biometric, greatly assists

re-issue cards was $200 million.

(CIA) and Federal Bureau of

Two-factor authentication

with the protection of the

A class action lawsuit against

designed to spy on them. The Australian Government

Investigation (FBI) advised the

security network. HID Global

Target has resulted in a further

Australian Government that

are promoting the use of tap

$10 million proposed settlement

at least 10 federal ministers’

authentication, where it is

with affected consumers.

emails had been hacked and

how do managers know they

possible to use an access control

The settlement also required

the compromise occurred over

are capable of always following

card to login to workstations and

Target to appoint a CISO and

a one-month period. Chinese

procedures? It may be better to

all other devices, such as mobiles

maintain a written information

intelligence agencies were

utilise the end-user’s existing

and tablets.

security program.

among a list of foreign hackers

IT department to conduct

Recent reports have shown

Wikipedia reports, “The Sony

that were/are under suspicion.

administrative services, including

that once in, the hacker can

Pictures Entertainment hack

security of the network, because

cause immense damage. A quick

was a release of confidential

has also documented that a

they are internal staff and are

Google search will discover

data belonging to Sony Pictures

CCTV system installed within

already responsible for securing

recent breaches at JP Morgan

Entertainment on November 24,

a significant site has suffered

the existing corporate network.

Chase, Sony, UPS, The Home

2014. The data included personal

failures in the past due to

The security applied to

Depot, Target (US), the citizens of

information about Sony Pictures

“external influences”.

the network must ensure that

New York City, Kaspersky and the

employees and their families,

perpetrators are caught before

Australian Government; the list

emails between employees,

network-based security systems

they achieve their goal. If a

goes on and on.

The Australian Government

It is very clear that all

information about executive

must be fully protected. Network

The majority of breaches

salaries at the company, copies

security must be thoroughly

security network, they must be

reported appear to be debit and

of (previously) unreleased Sony

implemented as if the system is

quarantined before they steal,

credit card data related. The news

films, and other information.”

open to the outside world. The

tamper, alter or deposit data. They

reports concentrate on breaches

must be restricted so they cannot

that impact large members of

were that the breach was a

must ensure that perpetrators

turn on/off items that could render

the general public, such as debit

super-sophisticated attack,

are caught before they

the physical and/or IT security

and credit card holders. This may

but Joseph Steinberg of Forbes

achieve their goal. Two-factor

systems useless.

give security managers of critical

magazine believes that this seems

authentication is still one of the

infrastructure a false sense of

to be an over-exaggeration. The

best methods of protection and

penetrate a network is with the

security. Further investigations

lesson from the Sony 2014 hack

should be implemented to login

use of someone’s login details.

reveal that every industry is

is that organisations without a

to the physical security system. n

The management of user details,

being breached.

security solution that can limit

perpetrator does access the

A very easy way a hacker can

including login information,

Target’s US CEO stepped down

Reports on the Sony hack

damage internally are taking

security applied to the network

Emanuel Stafilidis has worked

is a very important task. The

after the massive data breach at

remarkable risks and being

in the electronic security industry

security manager must analyse

the end of 2013. It was reported

extraordinarily naive about the

since 1988 as a security systems

his organisation’s policy and

at the time that Target did not

advanced capabilities of today’s

integrator and a security consultant.

procedures relating to logging

have either a chief information

cyber attackers.

Emanuel is an independent security

in to the network. Is entering a

security officer (CISO) or a chief

username and password sufficient

security officer (CSO) in place.

030-033_SSM111 Alarms.indd 33

In June 2015, Kaspersky, one of the world’s leading

adviser and can be contacted at


20/12/17 4:50 pm



PART2 Part 1 of this article in the

sight alignment and be prepared

who poses a threat to life whilst

previous issue of Security Solutions

to fire once a new sight picture is

moving and officers need to

Magazine introduced readers to

acquired. Looking first and then

track the firearm horizontally to

the importance of officers who

moving the firearm may be safer

maintain a sight picture.

carry a lethal force option on the

in regard to an unintentional

job receiving training in combat

discharge, but it may be

of moving the firearm up or down

shooting and began to discuss

dangerous in terms of reactive

on a vertical plane. A possible

some of the options available,

shooting to stop the threat. Quick

situation may be when the subject

beyond qualification training,

and proper assessment, accurate

has been shot, but he continues

that can assist officers in the

firing and safe handling are all

to pose a threat to life due to body

operational use of firearms. The

key aspects of tracking.

armour, enhanced physiology

discussion continues below.


034-037_SSM111 Operations.indd 34

Horizontal tracking is the

Vertical tracking is the process

(alcohol/drugs), or strong goal

process of moving the firearm

orientation despite severe trauma,


from side to side on a horizontal

such that further shots at his torso

Tracking means moving the

plane. Possible situations include

may not effectively gain control.

firearm to acquire a new sight

when engaging multiple subjects

Tracking down to the pelvic girdle

picture, most commonly vertical

who pose a threat to life and,

increases the chances of shots

or horizontal, depending on the

after firing at the most immediate

hitting and limits the subject’s

circumstances. When tracking,

threat, officers have to track to

mobility, whilst tracking up to the

move the eyes and firearm

the next most impending threat,

head is a more difficult shot but

together to maintain consistent

or when engaging a single subject

offers a high potential of control.

20/12/17 4:55 pm

034-037_SSM111 Operations.indd 35


20/12/17 4:55 pm


Another situation is when the

Static drills are important

should move only as fast as they

include turning with the whole

subject is shot and he diminishes

for marksmanship, but once

can effectively engage, with trigger

body and/or simply rotating the

in height, by bending, kneeling or

proficient, officers should

discipline until ready to shoot.

upper body only.

falling, but he continues to pose

progress to dynamic drills that

a threat to life. Vertical tracking

involve tactical decisions, such as

with balance, whilst maintaining

movement uses suppressive fire

in this case may not necessarily

movement, cover, multiple threats,

operational capability and

to decrease a subject’s ability

involve firing more rounds, but

malfunctions and officer down.

attaining accurate sight pictures,

to engage officers. It involves

may be used to cover the subject

Movement should be smooth and

is an important skill to master.

organised, coordinated movement

before taking further action.

balanced to minimise the effect

Officers may be required to

in the safety afforded by the

of body motion on the front sight.

identify and engage targets from

suppressive fire laid down on

Movement Dynamics

Keep the knees bent and posture

a variety of directions – forwards,

the subject, keeping him pinned

Movement is a critical aspect of

over the feet and transfer weight

backwards, left, right and

down and forcing him to take

operational skill development.

smoothly across the feet. Officers

diagonally. Options for turning

cover until flanking officers engage


034-037_SSM111 Operations.indd 36

The ability to turn smoothly

The concept of fire and

20/12/17 4:55 pm

him. Trigger and muzzle discipline

so suppressed that they lose sight

not likely to notice other officers

should be maintained when

of the subject. Whilst cover is the

moving off to the side where they

moving between cover positions,

best protection, officers can use

can get control. Distracting the

and officers should maintain

concealment when moving or

subject with covering fire may

good balance so they can move

taking cover to mask their actions

give officers more time to aim or

and react quickly to a threat in

from the subject.

get closer.

Tactical Options

control subjects, as they do not

disengagement, where officers

If officers come under fire, they

want to be harmed any more than

use fire and movement to cover

may all take cover until they decide

officers do. The rate of fire is also

each other and allow officers

they are not the ones being shot

important. Greater incoming fire

to tactically disengage to a safe

at. However, even once they know

is more intimidating, but if officers

distance, where they can cordon

they are not a target, they may still

run out of ammunition they are

and contain the situation and wait

be reluctant to move out of cover

not going to suppress the subject

for responding assistance.

unless required to do so. Self-

for long. By controlling the rate of

preservation is a powerful instinct

fire and firing consistently, officers

harder for the subject to track

and, under stress, officers are in

can keep from running out of

officers, giving him less of a target

pure survival mode and under

ammunition at the wrong time.

to shoot and possibly causing

control of the mid-brain.

any direction. It can also be used for tactical

Countermeasures make it

confusion. Countermeasures

Accuracy is a key factor to

Covering fire is used to

Officers should use teamwork to cooperate with each other to


do not work if officers remain

decrease subject accuracy and can

locate and suppress the subject,

stationary, so they should move

play an important role to control

make sure they do not run out

tactically in an evasive manner.

a deadly force encounter because

of ammunition at the same time

On the range, targets do not shoot

Be unpredictable. Officers should

it can deny the subject specific

and not get out-manoeuvred.

back. Shooting is a physical and

move from cover to cover and

firing requirements, such as officer

Everyone should have an area of

mental discipline that requires

return fire from a different place

location, target area and aim

responsibility they have to cover

practice in order to maintain

to where they entered. When firing

point. If the subject cannot shoot

(arcs of fire). Officers should

proficiency. Much of survival

from behind cover, change firing

accurately, it decreases the chance

know their designated arcs of fire

depends on mental preparation

positions and places. When moving

of officers getting shot. Incoming

and maintain muzzle discipline

prior to an actual situation.

under fire, zig-zag randomly.

fire tends to encourage people to

when working with other officers

Without the will to prevail,

take cover first and worry about

to ensure fellow officers are

practising tactical skills may not

accuracy second.

covered and everyone is safe from

help officers survive.

When firing around the right side of cover, brace the body on the right side, and vice versa

Preventing the subject from

indiscriminate fire. It also ensures

Firearms training should

for left, for balance and to avoid

firing is the ultimate goal of

economy of fire, as officers only

prepare officers for a critical

unnecessary body exposure. Avoid

covering fire. If the subject is

have to cover their designated

incident, but to put the odds in

creating a silhouette and look

intimidated by officer fire, then

arc, trusting that colleagues do

their favour they must prepare

around objects, not over them.

officers can move with relative

likewise. Before engaging in

properly for such an event. Train

Reload only behind full cover;

safety. Suppression means to

multiple-officer drills, officers must

beyond the simplistic qualification

if proper cover is not available,

discourage the subject from firing

learn to control their arc and rate

skills of static marksmanship and

then be mobile. If officers

accurately. It takes time to acquire

of fire.

create a plan so the event can be

remain stationary for too long,

a target and aim and, if bullets are

Combat is chaotic, so good

subjects may employ their own

hitting near him, he might not be

communication is critical. Officers

Using alternate options and simple

countermeasures, so endeavour to

willing to take that time. Accurate

should be constantly talking back

first responder guidelines can save

keep moving. Moving and firing at

fire is what prevails in a deadly

and forth, telling each other where

lives. Be prepared. n

the same time can be inaccurate

force encounter, which is why

the subject is, who is doing what,

and slow down movement whilst

marksmanship is important.

who is reloading, who is firing

being exposed. Maintain smooth,

Covering fire can force the

practiced before it even occurs.

Richard Kay is an

at who and so on. Any subject

internationally certified tactical

stable balance to give a consistent

subject to move in a certain

movement should draw counter-

instructor-trainer, Director

sight picture at all times.

way, allowing officers to deliver

fire – if the subject sticks his head

and Senior Trainer of Modern

Flanking is effective because

accurate shots, or forcing them to

up, he is shot at; if he tries to fire

Combatives, a provider of

of tunnel vision, so officers should

retreat to a position that is more

at officers, he is shot at; if he does

operational safety training for the

continue scanning all around

exposed. It can also confuse or

anything but cower, he is shot at.

public safety sector. Visit www.

to avoid this. Officers should

distract the subject from officer

maintain constant awareness of a

activity. If the subject is too busy

there may not be time for the

subject’s location and avoid getting

cowering from officer fire they are

nuances of precision shooting.

034-037_SSM111 Operations.indd 37

During a violent confrontation, for more information.


20/12/17 4:55 pm



038-041_SSM111 CCTV.indd 38

20/12/17 5:02 pm




The most difficult part in

• the scene scenario

with 3MP resolution and a

high resolution CCTV camera

• the compression level.

retention period of 30 days. The

surveillance used in critical

configuration parameters, chosen

infrastructure projects is the

The following provides examples

to provide the best monitoring

storage of incoming data from

of storage requirements when

quality, are:

cameras, especially when a long

using AXIS Design Tool and

• frame rate: 30fps

retention period is needed. The

provides a preferred design

• video encoding: H.264

size of the storage can be very high,

solution that fulfils the need

• compression: 10 percent

even for a low number of CCTV

for storage of high-quality

• recording: 24 hours per day

cameras. The storage of such data

CCTV images.

The monitoring condition for this

depends on the following factors:

The camera chosen for this

example is the Station monitoring

• the camera resolution

example is the AXIS M3106-L

scenario from AXIS Design Tool,

• the number of frames per

network camera. A total of 24

which produces the highest

cameras are used in the example,

amount of streaming data.

second (fps)

Figure 1: AXIS Design Tool – storage needed for 24 cameras at 3MP resolution and 30-day retention

038-041_SSM111 CCTV.indd 39


20/12/17 5:02 pm

CCTV According to AXIS Design Tool,

enough. The reliability can be

the required storage using 3MP

increased partially for the 24

resolution and 30-day retention is

cameras by implementing one of

one set of 3MP cameras and

another server as a safe

156TB, as shown in Figure 1. This

these arrangements:

one set of VGA cameras. The

redundant solution.

amount of data (36 hard drives

1. The cameras should be

cameras are mounted in

safe redundant solution. 2. Use two sets of cameras –

The VGA resolution data stream can be stored on

x 5TB) needs to be arranged in

configurable multi-streaming

twins and each pair consists

Using the same configuration

three RAID 5 sets, with each RAID

cameras, with one stream

of one 3MP camera and one

parameters as above, according

set consisting of 12 hard drives.

for 3MP configuration

VGA camera side by side,

to AXIS Design Tool, the required

and one stream for VGA

with the same lens and

storage for 24 cameras using

infrastructure requires a higher

configuration. The VGA

sensor characteristics so

VGA resolution and 30-day

level of reliability, so one

resolution data stream can be

the same area is monitored,

retention is 15.2TB, as shown in

CCTV data stream may not be

stored on another server as a

but at different resolutions.

Figure 2.

Dealing with critical

Figure 2: AXIS Design Tool – storage needed for 24 cameras with VGA resolution and 30-day retention

The number of hard disks

data storage. The reason for

Storage Procedure

(SSD RAID) and the tape should

required for the 156TB, 3MP

choosing SSD is the high read/

The success of this method is

be ejected and replaced with a

option is 36 (5MB) arranged in

write speeds.

related to the configuration of

new one.

• In the case of low-budget

the backup software, which

RAID 5 stores 11 x 5 = 55TB. The

conditions, one LTO-6

is the most important part in

The New Scenario

number of hard disks required for

tape drive.

implementing this method.

If the same parameters as above

The backup should start after

are used again, but the retention

conditions, one LTO-6 tape

midnight by one or two hours, but

period is changed to one day,

library that covers the

this timing can be changed after

according to AXIS Design Tool, the

retention period.

testing. It should be configured

required storage for 24 cameras

to backup only the files that have

using 3MP resolution is 5.19TB,

been created and completed

as shown in Figure 3. This is well

before the current date. For

covered by SSD hard disks 9–10TB RAID 5.

three RAID 5 sets, where each

the 15.2TB, VGA option is 5 (4MB) arranged as RAID 5, 4 x 4 = 16TB.

Preferred Method The second arrangement – using one 3MP resolution camera and

• In the case of high-budget

• The LTO-6 tape storage capacity is 6.25TB compressed.

one VGA resolution camera in each pair – is the best option for a

Required Software:

example, if the backup starts at

better redundancy level.

• A backup program, such as

2am on 20/9/17, files up to 19/9/17

Required Hardware:

• The server that is used for VGA

Arcserve from CA. • A server with 10–11 SSD (1TB) arranged in RAID 5 for


038-041_SSM111 CCTV.indd 40

should be included in the backup; any file that is still open should

resolution data storage can be

not be included. The backup files

used for the backup program.

should be deleted from the server

20/12/17 5:02 pm

Figure 3: AXIS Design Tool – storage needed for 24 cameras with 3MP resolution and 1-day retention At the beginning of the day, after

The benefits of this method:

the data has been stored in the

1. Less hard disks are required,

5. The number of CCTV cameras can easily be doubled and

backup program, process the

which means lower probability

what is required is a new SSD

backup of the stored data into the

of a hard disk crash and lower

RAID 5 set and another LTO-6

LTO-6 tape 6.25TB compressed;

power consumption.

drive with LTO-6 tape set plus

the size of this data in the SSD RAID is about 5.19TB (the daily stored data). The backup program

2. A safe copy of the tape can be created and kept in another location.

then deletes all the original files

3. It is easier to restore the data

from the SSD RAID and enough

information from any day

storage space is ready for the new

for forensic requirements

incoming data from the cameras.

without affecting the data

To cover the storing of streamed data for the whole retention period, there should

maximum frame rate and low compression. n Lamie Saif is a communication engineer, expert in CCTV

resolution server.

surveillance and computer

4. The retention period can be easily extended by increasing

retention period; in case of a 30-

the number of LTO tapes and

day retention period, 30–31 tapes

the VGA resolution server

are required.

storage capacity.

038-041_SSM111 CCTV.indd 41

data is at the highest level,

streaming into the high-end

be enough tapes to cover the

a new 5 HD x 4 TB RAID 5 set. 6. The quality of the stored

“The most difficult part in high resolution CCTV camera surveillance used in critical infrastructure projects is the storage of incoming data from cameras, especially when a long retention period is needed.”

networks and an inventor with two patents.


20/12/17 5:02 pm



042-045_SSM111 Business.indd 42


21/12/17 3:58 pm

Individual And Corporate Risks Are Not The Same In the first of a four-part series, Alex Sidorenko, founder and CEO of Risk-Academy, explains how the key to managing corporate risks is often through dealing with the individual risks of decision makers first.

042-045_SSM111 Business.indd 43



21/12/17 3:58 pm

BUSINESS If there is one thing I learned

impact the achievement of

these challenges, I aim to do

into account. This will help

in my previous role as head

strategic objectives as somewhat

the following:

to cement the message

of risk at a multibillion-dollar

remote or distant.

• Demonstrate how proactive

that risk management

sovereign investment fund, it is

The important lesson is that if

risk management can benefit

is a part of normal

that risk management is not about

risk managers want management

individuals within the firm

managing risks. It is about helping

to pay serious attention to

and solve their personal

management make strategic,

corporate risks, they should

risks. Even basic things like

corporate objectives and

operational and investment

first help them deal with their

creating a paper trail for key

KPIs are also set based on the

decisions while keeping the risks

individual or personal risks.

decisions and risks taken

outcomes of risk analysis to

in mind.

Personal risks include things

by management can protect

help make the targets more

like maintaining their area

against any future enquiries.

It sounds simple enough,

performance management. • Work with strategy to ensure

realistic and achievable.

but it is anything but. Over four

of influence, building a solid

columns, I will share four valuable

reputation, advancing their career,

policies and find out how the

roles and responsibilities

lessons about integrating risk

not losing their job and protecting

bonus payments are calculated

into existing job descriptions,

management principles and

themselves from investigations

to understand whether it

policies, procedures and

methodologies into day-to-day

or prosecution.

drives any excessively risky

committee charters to reinforce

decision making. There is a big difference

Another aspect that has a

• Review existing remuneration

behaviour and what periods

• Include risk management

ownership and accountability.

huge impact on the quality of

are particularly vulnerable. For

Risk managers need to be

between the risks that the board

decision making, and hence the

example, employees usually

prepared that some managers will

is concerned about, such as

quality of risk management,

make much riskier decisions

ignore risks and take uncalculated

corporate risks, and the risks

is remuneration policy. Many

just before bonus entitlements

risks for a reason. Therefore, it

that individual managers worry

people are driven by their

are calculated.

is critical to understand what

about – often their personal risks.

financial self-interest much

It is quite natural for humans to

more than any corporate values

resources to ensure existing

consider risks that can potentially

or best practices. This has a

individual objectives and

some practical suggestions on how

impact them personally as

huge implication on the work

key performance indicators

to overcome cognitive biases when

significant and the risks that

of risk managers. To address

(KPIs) adequately take risks

managing risks. n


042-045_SSM111 Business.indd 44

• Work with human

motivates each individual. In my next column, I will share

21/12/17 3:58 pm



042-045_SSM111 Business.indd 45

21/12/17 3:58 pm



046-051_SSM111 Cover Story.indd 46

21/12/17 3:37 pm


Economist Richard Thaler and

Tversky, flipped this whole idea

simple changes, called “nudges”,

that the motivation to avoid loss

psychology professor Daniel

on its head. Through a series of

can make huge differences when

is often twice as strong as the

Kahneman have something very

research studies, they showed

it comes to purchasing behaviour.

motivation to gain a reward.

unique in common. Besides both

that consumers are mere humans,

They cited an example from a

In the new method, exercisers

being authors of best-selling

who do not always behave in ways

school canteen seeking to address

commit to hand over a sum

books, they are both recipients

that reflect a rational, considered

the unhealthy food choices

of money (for example, $100)

of the Nobel Prize in Economic

decision-making process. Rather,

typically made by students.

if they do not adhere to their

Sciences, reflecting their

they often make decisions that are

contributions to the advancement

specifically irrational with regard

their customers to make better

specified amount of weight. Since

of the field. It makes sense that

to their longer term economic,

meal choices for the sake of their

the motivation to avoid losing

an esteemed economist could be

financial or security interests.

longer term health, a hard sell

the money is so strong, people

recognised in this way, but how on

They are susceptible to making

to hungry teenagers in any case,

are more likely to comply with

earth does a psychology professor

errors based on cognitive or

canteen staff took a different

their exercise programs under

win a Nobel prize in economics

emotional responses. The good

approach. They made subtle

these conditions.

and what could either of these

news is that we are not just stupid

changes to the way the food

From the Nudge Unit that

people have to do with security?

when it comes to decision making;

options were presented, like

was initially set up as part of

we are predictably stupid.

varying the order of the menu, or

the Cabinet Office in the UK

rearranging the display so that

government, to creative marketing

Their contribution to the field of economics comes down, most

It was Kahneman and Tversky

Rather than trying to convince

exercise regime and lose a

simply, to consumer decision

who introduced us to the term

healthier options were positioned

agencies applying the principles

making. Traditionally, economists

“behavioural economics”, setting

at eye level, to nudge customers

of behavioural economics to sell

went about their field of study

the stage for a huge paradigm shift

toward making healthier choices.

more products, nudge tactics

working to the theoretical

and changing the way economists

In another example, Thaler

assumption that consumers make

thought about economics. Thaler

and Sunstein applied Kahneman

to affect the way that people

decisions by carefully weighing

took the concept a step further

and Tversky’s concept of loss

make decisions.

the pros and cons, the costs

and coined the term “choice

aversion (described later)

and benefits of each decision,

architecture” to describe the

to propose a better solution

architecture is fancy and you

and choosing to maximise their

process by which designers can

for weight loss than positive

are looking for extra titles to add

chances of success. Decision

influence decision makers by

reinforcement. Rather than

to your CV, you too can quite

making was thought to be a

manipulating the way that choices

rewarding exercisers for

easily become a choice architect.

rational, considered process.

are presented to them.

adherence to their routine and

According to Thaler, “If anything

kilograms lost per week, they

you do influences the way people

And then along came Daniel

In his best-selling book Nudge,

are being used across the globe

If you think the term choice

Kahneman who, together with

Thaler, together with co-author

devised an alternate intervention

choose, then you are a choice

his late research partner Amos

Cass Sunstein, explained how

based on the understanding


046-051_SSM111 Cover Story.indd 47


21/12/17 3:37 pm


Security Solutions Magazine #111  

Security Solutions is a leading security resource for business, government and the security industry. Through Security Solutions, readers en...

Security Solutions Magazine #111  

Security Solutions is a leading security resource for business, government and the security industry. Through Security Solutions, readers en...