In today’s security programs, we often lose sight of the forest for the trees and forget the basics. Removing an employee’s ability to access company property – whether physical access or access to corporate networks – is so basic that it too often gets overlooked. This article from InfoSecurity is a painful reminder of how lax many security programs are. …
The maximum fine for any violation of the Jeanne Clery Act has increased from $35,000 to $54,789. The new fines posted by the US Department of Education in the Federal Register are effective for civil penalties imposed on or after August 1, 2016, whose associated violations occurred after November 2, 2015. The costs for non-compliance just got higher. In recent …
Above all, a security strategy is about integrating people, processes, and technology. Although there are some significant differences, these strategies apply to any other campus as well, not just colleges and universities. From the original article: Colleges and universities must develop a security strategy that protects the heart of their campus: students. Digital tools can help schools improve their physical …
How important is a security program? The first role of any organization’s leadership is the protection of the organization. In higher education, reputation is an institution’s greatest asset. Reputation attracts the talent – students, faculty/staff, business collaboration, and academic and non-academic recruitment. Reputation also attracts the resources – research, innovation, donors/investors, and funding. As security consultants, we have seen organizations …
How can companies build a culture of security? We say it all the time, but it’s nice to hear it from a colleague for a change. “Security is everyone’s business” is popular truism in the industry. However, how many security managers can honestly say that their companies practice this philosophy? Read more in How to Build a Culture of Security …
How much customer data do you have? Is it secure? If so, you should read High Stakes Cyber as published in Security Management. In brief, the FTC can hold companies liable for failing to maintain adequate cybersecurity, even though the commission has not defined minimum cybersecurity standards through rules or regulations. Even in this case, the court did not articulate …
While attending the NCMS Carolinas Chapter meeting at Cisco Systems recently, I saw a presentation by Mark Whitteker, MSIA, CISSP, ISP. Mark comes out of the IT security world, so most of his presentation focused on IT security. He also presented a segment on Building a Comprehensive Security Architecture Framework that might benefit all of us. Mark shared with the …
Every security program must be an integrated whole and each element must grow out of the specific needs dictated by the circumstances affecting the facility to be protected. Nevertheless, the first and basic defense is still the outer perimeter of the facility. Planning this defense is neither difficult nor complicated, but it is the product of common sense. Whereas the …
The human component of an integrated security plan can be in one or more of several forms. These forms become choices that need to be addressed depending on the mission, environment, culture, population, and security philosophy of the organization and specifically the site to be protected. Full-time and part-time are two choices that must be made regarding the staffing of …
The human component of an integrated security plan can be in one or more of several forms. These forms become choices that need to be addressed depending on the mission, environment, culture, population, and security philosophy of the organization and specifically the site to be protected. Probably the most profound choice in the paradigm is between sworn and non-sworn officers. …