Leadership Experience

A message from Precept, ARC's partner in the Arabian Gulf:

“Impossible means you haven’t found the solution yet”
-CIIM: International Business School

The business world of today is constantly changing, developing and pulsating. Gone are the days when we could sit back and relax; today it is about multi-tasking, modern professionalism, and achieving results. Companies need to adapt to this change and the constant demands of their customers just to stay competitive. At a personal level we also need to constantly develop our skills and knowledge either wise we too run the risk of being overtaken by our colleagues or competitors. The modern professional can no longer afford to be and expert in one field, he/she must also be capable in a variety of roles and situations: team motivation, Problem solving, Coaching and Communicating to name but a few. This training course examines the practical skills that are the requirements of a modern day professional and how to become a high flyer in your organisation.

For details on Precept's Leadership Training Programme in Cyprus, click here.

Emotionally Intelligent Leadership

A message from Precept, ARC's partner in the Arabian Gulf:

Gandhi stated “Our greatest power is our freedom to choose our response.” Through Emotional Intelligence one grasps an understanding of behaviours, and the reason why we do and act in certain ways.

We wouldn’t dream of letting a pilot fly a passenger aircraft without a flight certificate. The consequences would be disastrous. Nor would we allow doctors, IT specialist, engineers, painters and chefs to do their jobs without the right education. Nevertheless, managers and supervisors without any leadership training are asked to lead and manage others. This can have disastrous effects on the organization like poor motivation, mistakes, loss of money, loss of staff motivation and clients or an unfortunate image and bad decisions, poor communication, frustration, lack of trust, stress and conflict. Just as it is necessary to teach a pilot to fly, it is necessary to teach a manager or team leader on how to lead.

For details of Emotionally Intelligent Leadership training in Oman, click here.

Basic Telephone Room Security Measures

1. Lock and alarm the telephone room against intrusion, temperature, fire, water.
2. Lock and alarm telephone distribution closets.
3. Admission to phone rooms should be granted by an executive level employee.
4. Verify that repair work being conducted was actually requested.
5. Keep a log of what was done, when and by whom.
6. Never use phone rooms for storage.
7. Remove unused wiring, including power wires, from all sensitive areas.

This advice is taken from the Protection of Assets Manual, the seminal reference for security professionals, covering almost every conceivable security management subject. Available from ASIS International, it is the main reference source for the CPP certification, the leading international certification in advanced security management.

Study for the November 1st CPP (and PSP) certification examinations begins in June. Click below for details.

http://www.arc-tc.com/pages/asis_cpp_psp.asp

Returning Investment on New CCTV Projects

As IT networks, digital CCTV and telephony become more closely converged it makes sense to consider the introduction of Voice over Internet Protocol (VoIP) when rolling out any new IP CCTV project. In many respects the infrastructure is the same, and the savings in traditional (PSTN) call costs can be staggering, potentially recovering the capital cost of the CCTV system in a year or two.

There are many different types of VoIP configuration on offer, and Tristan Degenhardt of ZDNet takes us through some of them:

http://news.zdnet.com/2424-9589_22-203369.html

The introduction of new technology will be one of the subjects covered in the forthcoming Specifying Security Technology Course, 21-25 July 2008. Click below for more information:

http://www.arc-tc.com/pages/other_accredited_sm.asp#s4

Negotiating with Armed Groups

Companies operating in some areas occasionally have to face the prospect of dealing with armed militias, especially in locations where regular law enforcement have difficulty in operating.

In this regard, the United Nations has produced two informative guidelines which may be of use to corporate security management professionals who find themselves in this situation. They are entitled:

Humanitarian Negotiations with Armed Groups – Manual

Humanitarian Negotiations with Armed Groups – Guidelines

Both documents can be access via the ARC Links web page:

http://www.arc-tc.com/pages/resources_publications.asp#V

They are the two document links at the bottom of the list.

Over 100 Links to Best Practice in Security Management

The dedicated Links page on the new ARC Training website has over 100 hyperlinks to other websites offering best practice in a vast range of security management related subjects. Whether its CCTV or VPSHR, ISPS or K&R, laptop security, leadership or identity theft, avian flu or biometrics, the following link will have something of interest to you:

http://www.arc-tc.com/pages/resources_publications.asp

ARC in Hong Kong

Phil Wood begins June with a week of varied activities in Hong Kong. On 2nd and 3rd of June, Phil will be leading a Crisis Management workshop for members of the ASIS Hong Kong Chapter at the Novotel Century Hotel. The workshop will combine a theory and practical training session with a demanding tabletop exercise to stimulate thought and response to difficult crisis scenarios.

He will then move on to the Hong Kong Convention and Exhibition Centre to man the ARC stand at Asian Securitex 2008. Also, Phil will take part in the panel discussion ‘Keeping Pace Through Professional Development’ at 1645 hrs on 4th June. Phil will be discussing professional development and certification in the security business and their associated benefits.

Phil would be delighted to meet you at either our exhibition stand (number S22) in the Main Hall, or during the panel discussion – or both! If you want to know about developments in professional skills for security managers and how we can assist you, please come along. The Asian Securitex 2008 website can be accessed via this link:

http://www.asiansecuritex.com/index.html

If you owuld like to meet Phil to discuss your professional development requirements, his bio and contact details can be found at the following link:

http://www.arc-tc.com/pages/train_team.asp

ID Theft Risk - Tips on Hard Drive Disposal from CERT

Useful advice on hard drive and optical media disposal can be found at the following link:

http://www.us-cert.gov/cas/tips/ST05-011.html

Detecting Explosives

Last week’s arrest of a contractor entering a Swedish Nuclear facility with traces of the volatile home-made explosive Triacetone Triperoxide (TATP) should serve as a wake-up call to step up explosives detection capabilities at key facilities.

TATP is most notorious in the UK for having been used in the tube and bus bombings in July 2005, but has been a favoured improvised high explosive of militants, direct action and terrorist groups for a number of years. For example, it was used in 2001 by the infamous shoe bomber, Richard Reid, who attempted to blow up an airliner in mid-Atlantic. The ingredients are readily available and instructions on how to make the explosive are on the Net.

Despite the growing popularity of TATP, many portable explosives detection systems are still not programmed to detect the substance. As a consequence, there are many sites around the world where the deployment of explosives detection systems a) lead the target into a false sense of security, and b) inform any terrorist carrying out surveillance that he is dealing with an adversary of inferior knowledge and capability.

Two portable systems work well when deployed against TATP threats. They are the Sabre 4000 and the EVD 3500. But when specifying any explosives detection equipment, always specify the performance requirements and get the supplier’s proposal in writing, eg: “This unit will detect minute traces of TATP etc”.

Protection against Explosive Devices is covered on the Security Management Stage 1 Course, 4-15 August 2008. The workshop can be attended as a stand-alone one-day module on 7 August or as part of the 10-day course. Alternatively, the training can be carried out on site.

See http://www.arc-tc.com/ for details.

Technical Surveillance Countermeasures

Audiotel, a leading manufacturer of technical surveillance countermeasures equipment estimates that there are 200,000 listening devices (bugs) sold in the UK each year. Corresponding figures exist for the US, where some sources put the annual number of devices sold at 1 million!

Protecting against technical eavesdropping devices requires a complex strategy of procedures, physical searches and technical measures, as outlined in the Information and IT Security Module of Security Management Stage 1 (4-15 August 2008). Some organisations are so concerned about on-site eavesdropping vulnerabilities that they take to holding sensitive meetings off site – a risk strategy according to some experts.

Others have invested in the creation of a SCIF – a Sensitive Compartmented Information Facility. This is a shielded, protected room which works on the principle of a Faraday Cage. The construction and shielding of the room prevents RF signals from leaking. But the capital investment in such a facility is likely to be about $200,000.

Another option to reduce overall electronic emissions, both those emanating from malicious eavesdropping devices and stray wi-fi signals, is to fit a product such as LLumar® Signal Defense SD1000 or SD1010 Security Film on windows and glass portions of the building. But experts warn that this is not a complete solution in itself, as LLumar would have you believe. Such a measure only works if deployed as part of a larger architectural shielding effort.

Typical Frauds Committed against Unsuspecting Businesses

Wisconsin Bureau of Consumer Protection has been keeping a list:

http://commerce.wi.gov/BDdocs/BD-SBO-FraudAgainstBusiness.doc

Closing the Gate on ID Thieves

As governments prepare to get tough on companies that lose computer-based personal private information, the US Federal Trade Commission has published an excellent guide for small (and large) businesses on how to protect personal private information.

The handbook can be downloaded from the following link:

http://www.ftc.gov/bcp/edu/pubs/business/privacy/bus69.pdf

Crime Figures Up Your Street

Thinking of opening up new UK offices and want a rough idea of the local crime profile? Click below:

http://www.upmystreet.com/enter-location/local/police-crime/figures/l/

Researchers Find New Ways to Steal Data

Source: InfoWorld

In two separate pieces of research, teams at the University of California, Santa Barbara, and at Saarland University in Saarbrucken, Germany, describe attacks that seem ripped from the pages of spy novels.

In Saarbrucken, the researchers have read computer screens from their tiny reflections on everyday objects such as glasses, teapots, and even the human eye. The UC team has worked out a way to analyze a video of hands typing on a keyboard in order to guess what was being written.

For more, click below:

http://www.infoworld.com/article/08/05/19/Researchers-find-new-ways-to-steal-data_1.html?source=rss&url=http://www.infoworld.com/article/08/05/19/Researchers-find-new-ways-to-steal-data_1.html

VPSHR and Use of Armed Force

One of the areas covered by the Voluntary Principles on Security and Human Rights, an undertaking to which many extractive sector companies have committed, is the conduct of law enforcement and military forces when deployed to protect company facilities.

In this regard the UN Basic Principles on the Use of Force and Firearms by Law Enforcement Officials provide a useful reference point. Click on the link below for details:

http://www.unhchr.ch/html/menu3/b/h_comp43.htm

Putting Together a Bomb Emergency Response Plan

The threat of no warning car-bomb or walk-in suicide attacks means radical alterations to old bomb threat response plans, many of which focussed on an orderly search and evacuation to an assembly area, following receipt of a threat.

Delegates attending the recent Security Management Stage 1 Course in the UK were asked what they felt should now be included in a organisation’s Bomb Emergency Response Plan. These are their suggestions:

Threat assessment; detecting hostile reconnaissance; liaison with authorities; suspicious device recognition characteristics; actions on discovery of a suspect device; evacuation and assembly areas (internal and external); safe havens for blast survivors; actions in the event of a blast inside the building; actions in the event of a blast outside the building; first aid, casualty stabilisation and rescue procedures; searching for missing persons; command, communication, coordination and control; activation of emergency room/command post; use of PA system; actions on telephone bomb threat; actions on alert level rise; actions on suspicious mail; proactive and reactive searching and search team organisation, procedures and control; incident management and cordon control; reoccupation plan; logistics

For information on future ARC courses click below:

www.arc-tc.com

Trends in Proprietary Information Loss

A recent “Trends in Proprietary Information Loss Survey Report,” sponsored by Pricewaterhouse Coopers, revealed that the U.S. Chamber of Commerce and the ASIS International Foundation found that both Fortune 1,000 and small- to mid-sized businesses, were likely to experience proprietary information and intellectual property losses ranging from $53 and $59 billion. These losses involved:

Research and development (49 percent);
Customer lists and related data (36 percent); and
Financial data (27 percent)

Data loss occurs every day through various channels, including current and former employees, competitors and on-site contractors.

The report recommends five strategies for better information security:

1. Assess your inventory and risk
2. Implement new policies
3. Access controls and authorization
4. Ongoing communication
5. Maintain a clear accountability trail

An explanation of each of these headings can be found at:

http://securitysolutions.com/corporate/five_ways_protect_data/index.html

http://www.asisonline.org/newsroom/pressReleases/093002trends.xml

The entire report can be downloaded at:

http://www.asisonline.org/newsroom/surveys/spi2.pdf

Risk Management Focus

Risk management is a difficult process sometimes, as many ARC delegates will testify. The main problems are being able to accurately consider the probability of a threat becoming a reality and to make an accurate assessment of what specific threats may arise. In reality, what most security and risk managers tend to do is look to the past and base their risk assessments on previous experiences or incidents. This is probably not the best way to do things. This short article from ‘Continuity Central’ http://www.continuitycentral.com/feature0582.htm
discusses the tendency to ‘fight the last war’.

Unfortunately – it doesn’t provide a solution to the problem!!

Selecting a Guarding Contractor

Selecting a Guarding Contractor is a subject which is covered on both the Security Management Stage 1 and 2 courses. On a recent Security Management Stage 1 Course delegates were asked to identify the pros and cons of proprietary (in-house) vs contract guards. These are their answers based on varied experiences:

Advantages In-House

Assume and radiate authority; better continuity; communicate with workforce better; more aware of the company image and culture; they can multitask or be reassigned to other duties; better motivated; familiar with site, operations and loopholes; better relationship with union.

Disadvantages In-House

They can develop a union mentality and there can be a loss of control; cost more; usually unregulated; difficult to introduce change; difficulty in managing poor performing guards, or those with bad attitudes; prolonged period of sickness have to be covered by the company; more aware of the loopholes they can exploit; too familiar with employees.

Advantages Contract

Cheaper; avoidance of human capital issues; may be regulated; medical cover and insurance provided by contractor; contractor deals with many of the management issues; contractor responsible for damage; impartial rule enforcing; have experience from other assignments; client not responsible for out-of-hours misconduct; already trained.

Disadvantages Contract

Difficult to dig into background, even if “vetted” - could one or two be “in the pay” of an adversary?; greater risk of organised criminal penetration; may "import" criminal practices from previous assignments; don’t understand corporate culture; require increased supervision; poorly paid so easier to corrupt; may project image and attitude of being quasi-police; often no selection of who is on site if the contract is poorly negotiated; poorly trained; they may be the ones who pose the real security threat!!

Please note that these are delegates' answers based on experiences, not ARC textbook answers, so please don’t be offended!

ARC courses are designed to maximise delegates interaction. A typical training method is for the tutor to present best practice, and then ask delegates to discuss and modify this according to their own first-hand experiences, such as in the exercise above. This makes for a very profitable learning experience.

Forthcoming university accredited training courses are:

Security Management Stage 1, 4 - 15 August 2008
Security Management Stage 2, 30 June - 11 July 2008

Click here for details.

Click here to read what previous delegates have said about ARC Training courses.

Seeding Security Across the Business

This week David has been in Johannesburg, South Africa, working the security focal points of one of the world’s largest multinational oil and gas companies. The two-day workshop drew in delegates from as far as Namibia and Mauritius. As well as covering the core issues of security management, the programme tackled some of the more difficult security management issues such as the role that security management can play in providing support to HR in pre-employment screening, how to work with Procurement to select reliable guarding contractors, and measures to manage the risk of workplace violence, including armed hold up. Experience in South Africa has shown that a simple incorrect response in a hold-up situation can lead to fatal consequences.

The security approach taken by the client of this week’s training is typical of many leading multinationals – that good security is achieved through the everyday actions of employees, and having a trained network of multi-hatted security focal points seeded throughout the business is the best way to achieve this.

Security Managers Focus on Espionage

The old days of ‘cold-war’ espionage have not completely gone away, as security management professionals undertaking the Security Management Stage 3 (SM3) course have been discovering this week.

In this day long session led by business intelligence practitioners, delegates have been concentrating on the nuances and impact of intelligence activity. For companies, the risks of being targeted by intelligence gatherers, be they malicious adversaries or business competitors, continue to increase. During this course the delegates have delved deeply into the issues raised by intelligence activities and also on the various adversaries who may attempt to target them.

Further information on Security Management Stage 3, and other university accredited security management courses, can be found on the new ARC Training website here.

Laptop Security

Useful resources - a bit old, but much is still valid:


http://www.securityfocus.com/infocus/1186

http://rf-web.tamu.edu/security/SECGUIDE/V1comput/Laptops.htm#Security%20of%20Laptops

Protecting People at Risk

The Protection of “People at Risk” was one of the topics discussed in detail by delegates attending the recent Security Management and Coordination Course in Oman.

From an Arabian Gulf perspective, delegates identified three risk groups: high net-worth or high profile senior local employees; expatriates; and business visitors. The group consensus was that it was business visitors who were at greatest risk due to their unfamiliarity with their surroundings and lack of cultural awareness. Other groups doing the same exercise previously have often placed expatriates ahead of visitors in the risk ranking due to their inherent sense of “adventurism”!

Moving on to discuss travel security awareness for their staff travelling overseas, the group felt that while free-to-access services offered by organisations such as the UK FCO were a good and accurate starting point, business travellers required more detailed information. The group felt that a traffic light system (green – low risk; orange – medium risk: red – high risk) was preferred, with these indicators being broken down into the following categories:

General Crime
Political Unrest
Corruption
Terrorism
Kidnap

The tutor, David Cresswell, felt that from his own many experiences in travelling to over 50 countries, there should also be a special box for taxi driver risk!

For more on Business Travel Security awareness training for your travelling staff contact David.

For more on the one-week Security Management and Coordination Course click below:

UK: http://www.arc-tc.com/pages/other_accredited_sm.asp#s1

Overseas: http://www.arc-tc.com/pages/reg_train.asp

US Continues to Voice Concerns over Europe as a Terror Launchpad

US Homeland Security Chief Michael Chertoff recently reiterated what the nation’s top intelligence official earlier told Congress about concerns that terrorist organizations are actively trying to recruit Western Europeans for attacks in Europe and the US.

US counterterror intelligence officials have been increasingly concerned that Al Qaeda and affiliated terror groups are recruiting Europeans with valid passports for possible attacks on the US, since valid passport holders do not require US visas.

CPP Examination Preparation - Around the World

The first week in May saw David in Bangladesh conducting CPP review training for a group of 12 security managers from the Bangladeshi Security Management Forum, led by Brig Gen Ashfaque Faruque (BAT).

Brig Gen Ashfaque, having achieved his CPP certification last year, is now in the process of establishing Bangladesh’s first CPP Chapter, with the objective of hosting the CPP examination this coming November.

The decision of Bangladeshi security managers to transform their loose association into a fully-fledged ASIS International Chapter, and to work towards the CPP, is indicative of a great desire for professionalism, underpinned by formal qualifications, in this part of the world. Many of the security managers undergoing the training already have MBAs, and a number are also working towards the work-based Security Management MSc with ARC Training.

ARC has a very well-developed CPP Preview Programme which can be delivered locally, anywhere in the world on request. Studying for the examination requires a minimum of 200 hours of study, of which 40-70 hours is usually classroom based.

All ARC trainers are dual CPP/PSP certified.

Contact David for details.

Security Guards Implicated in Bank Robbery

How well do you know your security guards? Could they be corrupted by criminals to work against you? With security guards amongst the lowest paid workers in the world, this is a reality. In some countries contract security guards received just $25 a month, while prices of many staple foods have doubled. In South Asia over 3/4 of this sum could be taken up by food alone, leaviong little for rent, medicine, education etc. When then put in charge of assets worth hundreds of thousands of dollars they become easy prey for organised criminals.

In the Philippines this week robbers executed nine employees of a bank south of Manila and emptied its vault. Police suspect two security guards, who have since gone missing, as having colluded with the robbers.

How to Find out if Your Next Employee is a Thief

Workers accused of theft or damage could soon find themselves blacklisted on a register to be shared among employers. It will be good for profits but campaigners say innocent people could find it impossible to get another job. To critics it sounds like a scenario from some Orwellian nightmare.

An online database of workers accused of theft and dishonesty, regardless of whether they have been convicted of any crime, which bosses can access when vetting potential employees.
But this is no dystopian fantasy. Later this month, the National Staff Dismissal Register (NSDR) is expected to go live.

Read on here:

http://news.bbc.co.uk/1/hi/magazine/7389547.stm

ARC Team exhibiting at IFSEC 12-15 May

Put names to faces and visit members of the ARC Team next week (12-15 May) at IFSEC, the UK's premier security exhibition at the NEC Birmingham.

Hall 7 – Stand 460.

For more informatino about IFSEC visit the exhibition website at: http://www.ifsec.co.uk/

If you are unable to attend the exhibition, but would like to know more about our accredited security management courses, please visit our new website at http://www.arc-tc.com/ or contact Janet.

CCTV Focus

Most organisations these days rely on CCTV as a vital part of their asset protection strategy. We at ARC have always insisted that, although CCTV is an extremely useful 'force multiplier' when correctly installed and managed,the benefits can be negated by a lack of thought, planning and control. What is more, if an adversary detects a gap in the system, he will exploit it andtake advantage of the weakness. A report by BBC News, dated 6th May,highlights the difficulties faced by the police in the UK, which has more CCTV cameras than any other country in the world covering public areas.

To learn more about this, follow the link: http://news.bbc.co.uk/1/hi/uk/7384843.stm

ARC covers CCTV deployment and technologies in number of its courses,contact Janet for details.

Security Management Focus

The week beginning 12th May will see security professionals converging once more on ARC’s training centre in Berkshire for the latest Security Management Stage 3 (SM3) course. This course, revamped for 2008, is designed to allow delegates to address the issues, problems and solutions related to security management at the higher corporate level. As this is the final course in our 3-phase programme, and which provides a total of 80 credits towards the Middlesex University MSc, the subject matter is detailed, strategic in nature and academic with a clear focus on emerging risks and their global impact – and what can be done to deal with them.

As with all ‘SMs’, the course involves a detailed and demanding course project, which requires a great deal of hard work and the ability to think beyond security as simply protecting against current adversaries, and instead to anticipate and plan for what is over the horizon. Successful graduates from SM3 leave with an expanded skill set and vastly increased awareness of these wider issues and thus have the potential to add real and substantial value to their company operations.

If you are interested in the challenges and benefits that ARC’s courses can provide, please check our website http://www.arc-tc.com/ for details or contact Janet.

Business Continuity Focus

Phil Wood continues his Business Continuity Management 'campaign' with a 2-day Crisis and Business Continuity workshop to be delivered to ASIS members inHong Kong on 2nd and 3rd June. The workshop will discuss the challenges to business when a crisis arises and the options for keeping operations up and running through and beyond a disaster. See Phil's thoughts on the links between the various crisis disciplines in this article, recently published in 'Security Management Today' magazine:

http://www.info4security.com/story.asp?storycode=4118356

ARC is able to provide training in this increasingly important subject,tailored to your company's specific needs and concerns. Contact Phil orJanet for more information.

Voice over Internet Protocol – The Insecure Side

One imaginative way to create dynamic return on security investment is to build in Voice over Internet telephony when implementing a large-scale IP CCTV project. In essence, the basic infrastructure for the two systems is the same, and the cost savings are potentially phenomenal – in some cases an entire IP CCTV system can be paid for in savings in telephony costs by the end of the first year of operation.

But before recommending this to your CEO, consider the downside of VoIP. Without stringent controls maintained by network managers and Internet service providers, VoIP communication are just as susceptible to hackers as unsecured WiFi connections to the Internet. A hacker could, for example, tap into a corporate VoIP system and listen to confidential calls. Another typical security risk involves hackers slipping into a call center using VoIP and listening as customers give sensitive information like Social Security numbers and financial account information to call center workers.

VoIP security is one of many subjects covered during the forthcoming Specifying Security Technology Course, 21-25 July 2008. Click below for details:

http://www.arc-tc.com/pages/other_accredited_sm.asp#s4

Arabian Gulf - Will Israel Launch a Pre-Emptive Strike against Iran's Nuclear Facilities?

The prospect of a pre-emptive air or missile strike by Israel against Iranian nuclear facilities took a step closer to realisation this week with a warning by Israeli Transportation Minister Shaul Mofaz that Iran’s nuclear technology advancement now is at the point that Iran could develop an atomic bomb in a year, and not the five or more years many Western intelligence authorities have believed it would take.

Analysts are divided over the potential of such an attack to create political instability in neighbouring Arabian Gulf countries, since many moderate Gulf countries fear Iran’s regional aspirations.

CPP Examination Preparation

CPP candidates undertaking a week of intensive examination preparation in the UK took a break from their studies today to listen to Peter French CPP, European Senior Regional Vice President for ASIS International, outline is vision for ASIS International as a future lead body on security in Europe.

The European region of ASIS International, in common with other international regions, is seeing year-on-year growth in both membership and those studying for certification. The European Region now boasts 2,500 members, providing a unique network of colleagues across 30 European countries.

ASIS International is expanding across the world, and with it certification. And ARC’s certification review programmes, regarded internationally as second-to-none, are experiencing a surge in demand. David will be travelling to Bangladesh on Friday to conduct a CPP review for a group of security managers intent on setting up a new chapter in Dhaka. Peter will be travelling to Nigeria in the summer to conduct PSP, and there are plans for ARC to begin CPP training in Oman next year, where a new chapter is about to be established.