Posted on Fri, Aug 06, 2010
At last Friday's DEF CON 18 convention in Las Vegas, Hackers, Crackers, Feds and Security Professionals gathered to share their secrets and check out some of the newest security technology - and learn how to bypass it. While DEF CON is primarily focused on network and information security, every year they feature a “lock hacking” team to run some of the latest technology through its paces.
Thanks to Wired Magazine, you can read about some of the results and watch demonstrations in video such as this one:
This video brings up an issue that we address all the time: your security is only as strong as your weakest link. Oh sure, biometrics is really cool and normally very secure, but if you pair it with a cheap, ineffective mechanical lock, you’ve just spent a lot of money for no security at all. If you’re not looking at security holistically, you’re bound to spend huge amounts of money and effort to secure the front door, while leaving the back door completely open.
Recently, we posted a report on how to begin a security solution by building a holistic business baseline titled 9 Critical Questions You Must Ask Before Implementing Your Next Security Solution. Once you’ve built a business baseline to help determine your needs, goals, and resources, the next step is to examine your potential security solution as a whole to determine any weaknesses or gaps that need to be filled or addressed.
But a new security solution isn’t the only thing that should be examined for weakness. Here’s an important question for you: When was the last time you performed an analysis of your existing security solution and how effective it is? This doesn’t mean that you need to hire an outside company or an expensive analyst to do it (though those can be worth every penny). When was the last time you tested your system to be sure it works? When did you last audit for security vulnerabilities? Have you ever tried to hack your own system?
At the end of the day, where will the paperclip hack that undermines your security plan show up at your facility?
Posted on Tue, Jul 27, 2010
When was the last time you agonized over a new security policy launch? You’ve just implemented a new solution, or changed a policy, or have developed new guidelines to improve the security of your organization or the safety of your employees and customers. Now you have to put out a memo or schedule a training class or get the word out about what you’re doing and how things are changing. Do you find your memos being ignored, or maybe people don’t quite understand the instructions? How can you get better adoption of your policies or training programs? Try video. It’s not just for surveillance anymore.
If YouTube is any indication, people are obsessed with making and watching amateur videos on the Internet. Video is an extremely easy and effective way to capture interest and convey information. And with technology that’s easily available today, it’s pretty simple to do. You can make a video with a hand-held camcorder, a webcam, even a smart phone. If you plan to use screenshots, try a screencast instead. There’s plenty of free or low-cost software if you need to cut, clip, splice or rearrange your footage, too.
There are plenty of benefits to using video in your security training program such as:
• Keep the attention of your audience longer
• Create real-world examples of proper procedure
• Appeal to visual learners
• Quickly train a large number of individuals
• Provide a unique way to deliver your information
If you’re interested in letting loose your creative side, here are a few tips to help you put together an effective training, orientation or instructional video.
#1: Don’t Get Too Fancy
Oh sure, you can spend thousands of dollars on a professionally made video and even win an Emmy like Denver Public Schools did with their Getting to School Safely instructional video. But what’s important is not how much you spend, but the relevance of your information to your audience. Even a simple video made with a screen capture tool or webcam can be effective if you focus on telling your viewers what they need to know as simply as possible – and them show them how it’s done.
#2: Prepare Your Script – Don’t Just Wing It
If you think you can just sit down in front of the camera and “wing it” to create your video, you might want to think again. Take the time to write out what you want to say and what order you’re going to say it in. This will help keep you on track and keep things simple and easy to understand. Plus, if you’re afraid of how you’ll look in the video, working from a script will make you appear much more relaxed, prepared and knowledgeable.
#3: Lights, Camera, Action!
While sitting down and talking to your audience is good, nothing is better than a little show and tell. Video is the perfect opportunity to show your viewers how to act and what to do, not just talk about it.
#4: Keep it Short
3-7 minutes is the perfect length of time to get the maximum impact from a video without losing your viewer’s attention. If you need more time, consider recording the video in multiple parts or episodes that work together.
#5: Don’t Forget To Wrap It Up
Start your video by telling the viewers what they are about to learn, then demonstrate the tutorial and finally, summarize what you’ve just told them to wrap it all up. Not only does this summary help future recall of the information, but it cues the viewer that the video is ending and creates a smooth transition that feels complete.
Now that you know a little about making a good video, start brainstorming about how video could help you. What could you do with video to improve your security measures? What about recording emergency drill procedures, or how to follow correct access control measures? You could even record an instructional video for your security technicians on how to use the new Video Monitoring System. As well, if you would like help, please feel free to call us at 800-547-9988 to discuss how to create, store and distribute your security documentation and optimize your user experience. This is part of our Security Process Optimization practice. The possibilities for video are endless.
Share some of your ideas with us. In what ways have you used or would like to use video? We will attempt to publish your ideas and share them in future posts!
Posted on Tue, Jul 20, 2010
For its July issue, Security Magazine interviewed two individuals who head the security operations of very large corporations as well as their supervisors on the executive management team. These two security leaders were Mike Howard, General Manager of Microsoft Global Security and Brad Brekke, Target’s Vice President of Assets Protection.
The gist of the article, titled “Leading Up,” was to find out how a close relationship with the executive management team affects the success of these security leaders and how that type of relationship can be developed by others. One of the interesting things they found during the interview is that the executive level qualification for leadership in security has shifted from a security industry background to a business background. From the article:
Both the supervisors we spoke to view security as one of many business functions, noting that while it is a unique discipline, its leaders should be held to the same standards as all other business leaders.
“I look for the same leadership skills in all of my senior managers or leaders,” says [Frank Brod, Corporate Vice President of Finance and Administration for Microsoft]. “I look for the ability to articulate a clear strategy, to provide motivational leadership, mentoring and coaching of employees, to drive towards impeccable execution of their work tasks and to motivate their group and provide the right rewards, recognition and feedback to help them grow in those roles.”
Tim Baer [Executive Vice President, General Counsel and Corporate Secretary for Target Corporation] ties the work of all Target’s leaders, including security, to corporate goals and strategy. “At Target, we expect our executives to be creative in their respective disciplines, connect their strategies to the broader organization, and to be confident and self-reliant,” he says. …
These executives expect all their direct reports to be leaders first, then experts in their fields. They view security leaders as business leaders. One of the reasons the security leaders in these two organizations have been successful is that they have viewed themselves the same way.
This isn’t a new trend in the security industry. In fact, this exact topic was brought up during the panel at our ASG Security Summit & Expo in March this year. According to our panel experts, organizations are shifting focus from the traditional approach of filling security leadership positions with those individuals who have the most industry experience to focusing on business leadership experience first and industry experience second. Organizations are realizing that security must be managed like any other critical business unit and that requires a specific subset of experience and knowledge.
As these priorities shift, it means that the next generation of security leaders will be business leaders first and security experts second. This leads to the question: if you plan to remain in or obtain a leadership position in security in the future, how will you compete with those individuals who better align to this vision? Can you speak the language of the executive management team? Are you familiar with running a business unit? Or will you need help or training to bridge that gap between security and executive management?
Tell us your experience by commenting. Have you seen your organization shifting focus toward business leadership over security industry experience? If so, what have you done to ensure you keep up with this shifting focus?