Posted on Mon, Apr 19, 2010
By Eric David Scott
As any security executive who has been involved in the design and construction of a new facility knows, effective physical security design for a new facility requires the consideration of a multitude of human, physical, geographical, spatial, and logistical factors. In fact, these factors are so varied, numerous, and prone to change that it is nearly impossible for most architects and designers to keep up with them as well as focus on their trade. In situations like this, best-in-class architects and designers get help by consulting security specialists for the development and production of the security design.
I'd like to share a few best practices that best-in-class architectural firms implement in order to assist their clients in taking advantage of the full potential of their architectural design and provide enhanced security to the organization.
- Utilize a large number (often ten to fifteen) of collaborating consultants on various specialties in the overall building design (security, mechanical, electrical, etc.) to ensure design efforts are coordinated between disciplines.
- Employ a security consultant who possesses a broad background in more than just security. This security consultant should possess knowledge of architectural design as well as the subsystems where security intersects with the rest of the facility.
- Engage the security consultant during the programming phase, where research and decision-making is done, in order to ensure that security is factored into the scope of work to be designed.
- Consult a security expert along with the client's security stakeholders during schematic design phase which occurs in the first 10% of the design development. This early participation ensures that security is fully compatible with the larger facility design rather than forced into the design as an afterthought.
Obviously the most important aspect of these best practices is to engage security in the design process early on, not simply at the end. Consulting, programming, and planning are large parts of architectural design, and security should not be neglected in these crucial stages.
A perfect example of these best-in-class architects is NBBJ. NBBJ is an international architecture and design firm that consistently conforms to best practices when it comes to security design. I have long been impressed with the way they handle security in the architectural design process and ASG invited one of their Architects to speak at our recent ASG Security Summit & Expo in order to discuss how security stakeholders can become engaged during the early stages of the architectural design process to improve security’s value to the organization.
Now that you know what some of the best architectural design firms are doing to improve security for their clients, what have your experiences been when dealing with the architectural process? Are you seeing consistent challenges in influencing the design phase, or do you see it as an unnecessary complication? Please, share your challenges and successes in the comments below so we can further this conversation.
Posted on Mon, Apr 19, 2010
The following Microsoft Security Patches have been evaluated and approved by Lenel for computers running the Lenel OnGuard Software:
Approved
- MS10-018 Cumulative Security Update for Internet Explorer (980182) Critical
Not Applicable
- MS10-017 Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150) Important
- MS10-016 Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)
For past updates, go to: www.lenel.com
Support > Downloads > MS Patches
Posted on Fri, Apr 09, 2010
Many security stakeholders are aware of Enterprise Risk Management (ERM) which analyzes and seeks to mitigate the risks that an organization faces such as financial, strategic, and accidental risk. Unfortunately, ERM traditionally neglects risks associated with security. Enterprise Security Risk Management (ESRM) is a methodology that exists to ensure that these risks are properly considered by an organization.
In October 2009, ASIS International, a membership group of the senior-most security executives from the world’s largest organizations, conducted a survey of its CSO Roundtable and international members. This survey focused on ESRM and what risks were most challenging, where organizational support for ESRM initiatives came from, which business elements were included, who has the ultimate responsibility for risk, and what security’s role is in these initiatives. ASIS International also conducted an interview with 11 senior security executives from some of the world’s largest and most well-respected companies who have first-hand experience in creating and executing ESRM initiatives.
Recently, ASIS International released the results of the survey and interviews in their whitepaper Enterprise Security Risk Management: How Great Risks Lead to Great Deeds. This whitepaper is a great read for any individual who is interested in learning more about ESRM and how such programs impact an organization. But more importantly, the survey results indicate that a number of organizations are either currently enacting ESRM initiatives or have an ERM structure that includes security (according to the survey, nearly 60% of the respondents indicated that security was a part of their organization’s risk management efforts from the outset). The survey also indicates that an increasing number of security departments are focusing on or involved in issues that are typically non-security risks (nearly half of all respondents said they are involved in researching, prioritizing, mitigating, or evaluating non-security risks).
Of course, ASG has been advocating a holistic approach to security for some time now, so it’s no surprise to us that more and more of the world’s top organizations are learning that security can be run so as to create value to the organization, not just function as a costly expense. But I begin to wonder, how many of our readers know what their role in this ESRM structure is? Perhaps your organization applies a different term to this structure. Or maybe (similar to one of the interviewees) your organization organically developed a holistic view of risk across the organization without a formal process. But as holistic risk management becomes a greater priority to executive level management, do you know where you fit in your organization’s ESRM vision?