Security Technology Executive

SEP-OCT 2018

Issue link:

Contents of this Issue


Page 57 of 59

Customize your access control More than just power. ™ John McCumber is a securit y and risk professional, and author of "Assessing and Managing Securit y Risk in IT Systems: A Struct ured Methodology," from A uerbach Publications. If you have a comment or question for him, e-mail Cool _ as _ McCumber@ 58 SECURIT Y TECHNOLOGY E XECUTIVE • September/October 2018 • www. COOL AS McCUMBER By John McCumber Lessons from Hacker Summer Camp given their all-hours activities, and boxes and cases of electronic equipment. It doesn't take much foresight to see this wouldn't end well. Security Encounters of the Wrong Kind Several of our colleagues were understand- ably shaken up by the aggressive enforce- ment of room checks, and there were several reports of (hopefully) hotel security staffers walking in on people who were asleep or in various stages of undress. The led many to complain and file grievances with hotel management. Conference organizers were thrown into the middle, and many attendees are demanding a new venue for these large conferences held there each summer. On top of this mash-up of physical security personnel vs cybersecurity personnel, some attendees proudly adopted that troublesome moniker of 'hacker', and enjoyed labeling themselves as such to warn innocent tourists and holidaymakers to not use WiFi or ATMs in the hotel and environs because of their nefarious skills. That was not a smart move to promote our profession or our activities. This attitude also sparked more detailed scrutiny from hotel security as attendees were ejected from the hotel for possession of lockpicking tools and making vague references to 'attacks' and 'victims' on social media. As we enter a new era of new and evolv- ing threats, it makes sense to carefully evalu- ate your role in developing and enforcing new security policies. It is also a good time to reevaluate how you present yourself and our security profession. Our goal must be to equip the humans we support to become more effective safeguards for their own safety. Whatever you do, please don't make it worse. I just returned from what is euphemis- tically called Hacker Summer Camp. Three popular conferences all take place within a two-week period each summer in Las Vegas: BlackHat, BSidesLasVegas, and DefCon. This year, I was speaking at BlackHat which was hosted at Man- dalay Bay, and DefCon was down the street at Caesar's Palace. It was a balmy 110 degrees, so I wasn't eager to be hiking around Las Vegas between events, so I stuck around BlackHat for the most part, and in my spare time found an artist to give me my first tattoo. It was a very busy few days for me with meet- ings, events, speaking, and reminiscing with old friends. I enjoyed the overall event as it was energetic with intriguing speakers and active and engaged attendees. Of course, we were also treated to a variety of conference participants who take the opportunity to dress up in kilts, costumes, animal outfits, or even as their favor- ite superhero. In many ways, this summer event has morphed into a cross between a stuffy tech- nical conference and ComicCon. Viva Las Vegas? I must admit an acquired distaste for Las Vegas conferences. I have been to dozens of them in Las Vegas over my career, and the bloom has long withered on the rose stem. The cacophony of slot machines, hordes of sunburned tourists, and walkways jammed with inebriated partiers are all I really perceive anymore. In fairness to the Chamber of Commerce, I am not a gambler, I've eaten at most of the restaurants, and the 24-hour-a-day party atmosphere is no longer my scene if it ever was. This year, two very different security cul- tures clashed in vivid color. In the wake of the sniper shooting from Mandalay Bay last year, Las Vegas resorts and hotels have been imple- menting new security procedures to prevent a repeat catastrophe. One of the new security pro- tocols is to send staff members to rooms where guests decline daily room services. The security personnel would visit these room, knock, and proved to be aggressive in ensuring the room was inspected for potentially lethal contents brought in by guests. The "hacker" community made a perfect target for these new procedures Healthcare Security Section: Emerging Threats in Healthcare Page 20 Mitigating Workplace Violence Page 24 How to Handle an Active-Shooter Page 28 Video Storage Variables & the Bottom Line Page 32 Access Control Roundtable Page36 The Growing Ransomware Threat Page 46 RISK MITIGATION STRATEGIES AND SOLUTIONS FEBRUARY/MARCH 2018 • VOL. 28/NO. 1 POWERED BY See page 5 inside for more details Join Forces with Security Robots 5 Steps to a Risk-Free M&A CSOs share best practices for ensuring security Page 16 Scott Soltis is the Director of Global Security for Catalent Pharma Solutions POWERED BY RISK MITIGATION STRATEGIES AND SOLUTIONS • MAY/JUNE 2017 • VOL. 27/NO. 2 Building Organizational Resiliency The Boeing Company's All-Hazards Approach Page 16 SO or CISO: ho Makes ecurity Policy? ge 22 Customizing our GSOC ge 26 onverging uilding Automation ge 28 deo Analytics: eyond Security ge 32 hysical Security at the Edge ge 42 Renew/ Subscribe to Security Technology Executive today! FREE! GO TO subscribe and enter priority code 2018MAG Information is POWER. SOFT TARGETS Mitigating Vehicle Ramming Attacks Page 16 RISK MITIGATION STRATEGIES AND SOLUTIONS • JULY/AUGUST 2017 • VOL. 27/NO. 3 POWERED BY Technology in the Classroom Page 20 Anti-terror barriers were installed on London Bridge to protect the public from car terror attacks. Planning for Mass Notification Page 24 VMS Solutions on Campus Page 28 Upgrading the Network Page 32 Total Retrofit RISK MITIGATION STRATEGIES AND SOLUTIONS • NOVEMBER/DECEMBER 2017 • VOL. 27/NO. 5 POWERED BY Sedgwick County correctional facility earns security project of 2017 with Elliot A. Boxerbaum award Page 18 Critical Infrastructure Issue: Protecting the Power Grid Page 24 8 Lessons Learned on Perimeter Security for Healthcare Executives Page 28 CIP Standards Work to Protect Power Grid Page 32 Why Can Uber Find Me But Emergency Services Can't? Page 36 5 Threat Trends for the Coming Year Page 40 FUNCTIONAL RISKS: Adapt or Die Resilience leaders walk a fine line Page 16 Special Secured Cities Section: Enterprise Surveillance Transformation Page 22 Collaborative Approaches to Citywide Surveillance Page 26 Enhancing Situational Awareness Page 32 Critical Event Management Page 36 Unique Role of a SOC Page 40 RISK MITIGATION STRATEGIES AND SOLUTIONS • SEPTEMBER/OCTOBER 2017 • VOL. 27/NO. 4 POWERED BY

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Technology Executive - SEP-OCT 2018