Peggy OConnor
Marketing Manager at ASIS International
The 250 education sessions at the 60th Annual Seminar and Exhibits reflect current, pressing security concerns, said Allan Wick, an ASIS council vice president who helped organize the education programming.
“There’s been a growing interest in ...
Active shooters, school security a focus of ASIS 2014 show
250 educational sessions, new certification courses scheduled
by:
-
ALEXANDRIA, Va.—Active shooters, school security and women in security are among the topics getting more attention this year at ASIS 2014.
The 250 education sessions at the 60th Annual Seminar and Exhibits reflect current, pressing security concerns, said Allan Wick, an ASIS council vice president who helped organize the education programming.
“There’s been a growing interest in active shooters. Companies need that training,” he said. Active shooter sessions are among those ASIS is promoting as its “Ripped from the Headlines” offerings.
Sessions focusing on active shooters include “Active Shooter Prevented: Evaluating a Close Call,” presented by Drew Neckar, regional director for the Mayo Clinic Health System. Neckar will discuss an actual incident in which the shooter was stopped seconds before he became an active shooter and how and why that happened.
Paul Timm, president of RETA Security, school security consulting firm, will present “The Evolution of Active Shooter Procedures for Schools,” which will focus on the tension between school administrators and first responders as government and for-profit entities get involved in changing traditional lockdown procedures. The pros and cons of the A.L.I.C.E. method, Run, Hide, Fight and other strategies will be discussed.
“Physical Security as a Tool for Higher Education Institutions” will examine what physical security components were in place in recent shooting incidents and take a look at best practices and what technology is most helpful. Lawrence Zacarese, an assistant chief of police and director of emergency management with the New York State University Police Department, Stony Brook, will lead that session.
Patrick V. Fiel Sr., of PVF Security Consulting, will speak on "In Search of a Repeatable and Affordable School Security Model," focusing creating a school security plan that can be repeated across campuses of different ages, design, size and use, including urban, suburban and rural schools.
Other active shooter and school security sessions also are scheduled.
Additional topics are designed to address the growing number of women in the industry, including a round-table discussion about the challenges they face and the benefits of mentoring; violence at hospitals and other workplaces; and IP-based security technology, Wick said.
ASIS received more than 500 abstracts, he said. “It was hard to get them down to a workable number” for scheduling purposes.
The conference will be held Sept. 29-Oct. 2 at the Georgia World Congress Center. More than 20,000 security professionals from 80 countries are expected to attend.
Pre-seminar intensives will be offered prior to the official Sept. 29 opening day, including two new ASIS certificate courses that will make their debut at the show, Critical Thinking Skills for Security Solutions and Developing and Implementing an Insider Threat Program.
More information and a complete schedule of education sessions and other events can be found atwww.asisonline.org.
Are You Sleeping at the Security Wheel?
Having security technologies in place, without proper knowledge of how to operate them, is akin to filling an operating room with surgical tools, then bringing in a janitor to perform the roles of a doctor on a waiting patient. This may sound extreme to some, but it is an accurate statement. Technology can only do so much. While a scalpel may be used to remove a tumor, not everyone is qualified to use a scalpel.
There were many instances of breaches that could have been avoided had they been properly addressed. The technology never failed, the design didn’t fail, nor did the deployment. It boiled down to issues of training, having qualified individuals “manning the battle stations.” This is a common theme within many instances of data breaches, not having the proper people in place, or properly training those tasked with certain tools.
Asleep at the wheel
I have stated this before “anyone can go to SEARS and buy every single mechanic tool on display, but it will not make that individual a mechanic.” In the security arena, there is more involved than just containing incidences. Often, we have seen that companies (when infected with malware, or viruses) clean up the mess without taking the time to determine how the mess got there, if they are safe from more malicious activities post remediation, and how they could avoid similar mishaps in the future.
Case in point? The Target breach. “Target Corp’s security software detected potentially malicious activity during last year’s massive data breach, but its staff decided not to take immediate action” [1] How much did this little mishap cost Target? Depends on which view you choose to look at. As of right now, their stock since the fiasco is down 18.26% since the incident. An estimated $200 million USD to replace stolen cards. This does not include the damage to Target’s reputation, lost clients, potential lawsuits lurking, and so forth. How much would it have cost to properly train their employees? Unsure, but I doubt it is even ten percent of the $200 million.
Target is not the only instance of this occurring. Here are some snippets from the Government Accountability Office [2] which illustrate the same hiccups, with regards to incident response, the technologies, and the ball being dropped:
In a malware incident, sensors on an agency’s network recorded an agency computer contacting an external domain known to host malicious files, and downloading a suspicious file. Incident handlers closed the ticket without recording any actions taken to contain or otherwise remediate the potential malware infection. [2]
Anyone operating any security event information management (SIEM) system can tell you that these devices generate an awful lot of alerts, and events. Imagine purchasing a system that is to “be on the lookout for” cars. A red car drives by, you get an alert. A blue car? Alert. Thousands of cars later, you begin to ignore the alerts. It is only when a catastrophe occurs that in hindsight, you state: “Darn I should have paid attention.” With SIEM devices, most if not all, have mechanisms to alert on specifics: “Show me ONLY the BLUE cars where anyone inside of the car is wearing a mask.” Properly tuning the technology is not that difficult, but determining what should be flagged, can become tricky.
In a malware incident, incident handlers noted that they had requested the creation of network blocks to isolate the infected computer and the collection of its hard drive for analysis, but the ticket had not been updated to indicate whether the incident handlers had performed the requested actions or any subsequent actions. [2]
Another common hurdle is collaboration. In the event mentioned above, we have seen this occur quite frequently. I will now share a real world incident with a client. A client from the health care industry, took “change management” to the extreme. While having proper policies, and guidelines in place, the client was stepping on its own toes because of their policies. Whenever something needed immediate fixing, their triage was as follows: “Submit a request for change/modification. The form will need to be signed by four people. Meeting needs to be set up with four people. This takes a week. Once approval is given, the task can only be done during non business critical hours (this is usually a Saturday, or Sunday circa the 1AM mark).” Compromise? Well that will have to wait until we determine who’s on first, and what’s on second. All the while any malicious attacker is not governed by any rules or regulations
Imagine having to contain an incident under these conditions. While policies and guidelines are amust, businesses, and security managers must also realize that attackers follow no guidelines, care little about policies, won’t think twice about using MALICIOUS tools against a network, let alone trusted security tools. Yet professionals tasked with security responsibilities, are acting a bit irresponsible in their own right. Security is more than just technology, it is more than a guideline, baseline, standard, framework. It is a process that changes rapidly. Awareness, and education complement any security application, any program, and is the bridge between keeping your infrastructure safe.
– Posted by Blue
Quality Communication with Industry
Nick Nayak, Ph.D.
July 14, 2014 2:02 PM
During my time in Government, I realized that Quality Industry-Government Communication is the key to successful partnerships with industry.
So I hired two individuals to redesign how Federal agencies communicate with industry. One of them (Jose Arrieta) partnered with me to author the article below. Let me know what you think.
Nick
http://read.nxtbook.com/ncma/contractmanagement/may2014/understandingthebalancingact.html
Best iPad Keyboards Reviewed: Logitech Ultrathin Keyboard, ClamCase, Apple, ZaggFolio
By JOANNA STERN (@joannastern)
July 18, 2012
The iPad has surged in popularity because it's great for surfing the web, watching video, playing games, and navigating beautiful apps. No one will dispute that.
But work? Real work, like typing emails, writing documents, creating presentations? That's a bit harder on a tablet. And no one will dispute that either.
While the on-screen keyboard is fine for basic typing here and there, when it comes time to type a longer draft you will likely find yourself reaching for the laptop. The virtual keyboard can be difficult to type on for a long time. It takes up half the screen, and many can't type on it as fast as a real keyboard, with keys that click and clack.
That's where an iPad keyboard accessory fits in. There are a bunch of options that pair with the tablet via Bluetooth. But which one will let you get the most real work done?
Words Per Minute: 86
Let's start with the one that Apple makes -- the Apple Wireless Keyboard. The Bluetooth keyboard wasn't made only for the iPad -- it also works with Macs -- but it works like a charm with the tablet. Of all the keyboards I've tested here, I was able to type the fastest on it because of its wide footprint. The keys are spacious and the size of the ones on Apple's MacBook Pro laptops. I typed most of this review on the keyboard and got out an impressive 86 words per minute. It really was just like typing on a laptop.
But while the keyboard was fine at my desk, it wasn't great when I left the desk. It doesn't latch on to the iPad in any way. You also have to have a separate stand for the iPad, though Apple's Smart Cover can do the trick. Still, while it is the best for typing on in one place and is only $69, there are much more mobile options out there.
Words Per Minute: 73
The ZaggFolio is an all-in-one keyboard and case for the iPad. Inside the plastic (or polyurethane) folding case is a Bluetooth keyboard which is very easy to pair with the iPad. (The basic on / off button might not seem like the best design, but the simplicity can't be beat.) The cover protects the back and front of the iPad, and the top folds up to help prop up the iPad. There is also a slot to hold the iPad in place above the keyboard itself.
Speaking of the keyboard, it isn't as wide or large as Apple's but the keys are well spaced for their size and are firm and sturdy. I was able to type fairly fast on it at 73 words per minute, though the small Delete key did bother me. However, the iPad-specific shortcut keys make up for that. They include volume controls, search, and copy and paste, all along the top row. The case is a tad heavy, but at $99.99 it's a good value.
Another plus? It comes in number of different colors, including black, red, pink and blue.
Words Per Minutes: 76
If your mission is really to turn your iPad into a laptop or netbook, the ClamCase might be the best solution. You can put your iPad in it and close it up and it looks like a little laptop.
But the design is versatile. You can also flip the screen around and turn it into a stand without the keyboard showing. However, there is a major sacrifice for all that: it is a clunky and heavy case. On the one hand, the iPad stands up vertically and very solidly, but on the other, you have a package that weighs 1.7 pounds -- and that's not including the iPad.
I also didn't love the feel of the keyboard. And for $150, I was actually hoping it would feel better-made. The keys seemed flimsy and mushy. That said, I was still able to type quickly on it at 76 words per minute. It also has iPad shortcut keys along the top, which are very helpful.
Words Per Minutes: 71
The Logitech Ultrathin Keyboard Cover might be the one that gets it just right. Like Apple's Smart Cover, the Ultrathin Keyboard has magnets on its edge and the keyboard latches on to the side of the iPad to fold right over it. When folded up, it is very thin -- ultrathin, even -- just 0.5 inches.
The keyboard dock is basic -- there is the keyboard with a slot above it in which to stand the iPad. The plastic keys are very comfortable, but, like the Zagg, it has a shrunken Delete key. Also, because the panel is thin the keys don't depress as much as on other keyboards. Still, I was able to type fairly quickly at 71 words per minute. There are also dedicated function keys and a large space bar. For $99 I found it to be the best blend of all of the units I tested.
Words Per Minute: 43
This isn't really a keyboard dock or a full keyboard, but it is a typing companion for the iPad. The Touchfire is a piece of transparent rubber you can put over the touch keyboard on the iPad's screen to give you physical feedback when you type. The rubber (yes, it sounds and even looks like a condom) has imprints of keys to make them easier to find for touch typists -- those who don't have to look at the keyboard while typing.
It's an interesting concept, but I just couldn't type as fast on it as the others. Actually, my words-per-minute count on the Touchfire -- 43 -- was only about half what I got from other keyboards.
Also, when you change screens on the iPad -- away from one that doesn't have the keyboard -- you have to remove the keyboard from the screen. Touchfire does compensate for that with magnets that clip on to the side of the iPad and onto a smart cover, but it's still an extra step. It is priced at $50, less than its competitors, but that's actually a lot for a piece of rubber, and I would say the others are worth the extra money.
After spending time with each of the options above, I came away liking the Logitech Ultrathin the most. For $99, it has the best mix of portability, comfort, and build for the price. The ZaggFolio is also a good choice, as is the Apple Keyboard if you aren't looking for high portability.
Now, go get some work done.
|