Approved for 13 CPE's
Approved for 6 CEC's
The Consultant Responsibility
CYBER SECURITY TRACK
Cyber Hardening (double session)
Presenter:David Brent, Bosch Security and Safety
As of 2015, close to 300 million IP cameras have been installed around the world. Many of these cameras have been installed with default user names and passwords and can be accessed from anywhere in the world. For years the question has been "How secure is the video that a system produces?" but that question is changing. Now the question is "Can my security system be used against me?" Most IP cameras are manufactured with an open operating system, or basic kernel, that gives no real consideration to data or cyber security. What are the current fundamental considerations that an organization needs to take into consideration before placing any IP camera on their network?
Cyber - The Integrator Perspective
Moderator:Andrew Lanning. Integrated Security Technologies
Panelists:Phil Aronson, Aronson Security Group (ADT)
John Nemerofsky, CGL Technologies
Rodney Thayer, Smithee Solutions
Bruno Desrochers, Tech Systems
Increasingly, Government and Critical Infrastructure clients are seeking a higher level of cyber assurance from their supply chain partners which includes their security system integration partners. Consultants are uniquely positioned to translate a client's cybersecurity requirements into an electronic security system specification which ultimately goes out to the integrator community for implementation. This session will review, from the integrator's point of view, cybersecurity requirements and cost considerations the consultant could/should be discussing with their client during initial risk assessment, during commissioning/testing, and for post-installation monitoring, testing, and life-cycle management.
Cyber Certification & Specifications
Moderator:Ray Coulombe, SecuritySpecifiers
Panelists:Ray Bernard, PSP, Ray Bernard Consulting Services
Norman Reames, CPP, CISSP, GHD
This session will deal will continue CONSULT's focus on cyber-security specifications. Issues to be discussed include:
- Given the preponderance of cyber standards, which of these should be referenced in a specification?
- What should baseline cyber qualifications/requirements be for both manufacturer and contractor?
- What should initial submittals include in regards to cyber? Final submittals?
- Should a product have passed through third party vulnerability testing?
- What should be reasonably specified for a Contractor to perform on-site in order to cyber harden a system
- Is it enough to follow Manufacturer published cyber recommendations?
- Should Contractor technicians hold a cyber-based certification?
Errors and Omissions (E&O) Insurance Considerations
Presenters:Wayne Dean, McGriff Insurance Services
Hannah Hoeflinger, INSUREtrust
Hear from brokers and underwriters familiar with the security industry regarding the ins and outs of E&O insurance and how that relates to general liability and cybersecurity concerns. Understand how you might be liable for errors or failed products as a reseller or integrator. Learn how your professional liability as a system integrator might overlap with Cyber risk and how package policy forms might fail to address this. Do you know if you are fully covered for financial damages in the event one of the products you install fails to perform as expected? Do you know how your coverages will respond if there is a security concern in one of your Applications that integrates with the technology you sell? How to protect the company against work done by hired Subcontractors.
Cyber Risk and Incurred Liabilities
Presenters:Wayne Dean, McGriff Insurance Services
Hannah Hoeflinger, INSUREtrust
There is a growing acceptance of the need for cybersecurity insurance. But how often do claims get paid…and why? The presenters provide insurance services to PSA Security Network integrators and will discuss the circumstances around several cases where claims against several integrators have been paid. What lessons are to be learned and how can security service providers better prepare themselves to be protected from cybersecurity liability? What are the main costs during a cyber event and how does the current insurance market cover these? Do you know the top Cyber Security and Privacy threats to your business and whether or not your Cyber policy covers these?
Surf the Privacy Wave; Risk Management and Operational Security in an Evolving Privacy World
Presenter:Salvatore D'Agostino, IDmachines
The session will review the current privacy requirements for security and surveillance systems. It will provide an overview of the relationship of privacy to security and how this relationship is evolving both locally and globally at this time. The session will introduce the concepts behind measuring and assessing privacy risk and the creation of a resulting privacy profile. The session will review existing surveillance and privacy codes of conduct, standards, frameworks and references and how these can be used by security and surveillance service providers and professionals. It will look at the particular considerations in the use of analytics and cloud based services as examples of high privacy risk applications. The session will give examples of the countermeasures that can be used to mitigate privacy risk in general and in this particular use case. Finally the session will examine the ways to measure and improve the usability of privacy from the perspective of the enterprise and the individual.
Operations Risk – Holistic & Practical Assessment
Presenter:Benjamin M. Butchko, Butchko, Inc.
Recognizing and evaluating cyber, physical, and operations risks provide for significantly greater delivery of value to the business operation. However, assessment and identification of risk is often performed in silos and from differing perspectives. Go beyond hype and marketing vernacular to see how a holistic view can be achieved through a manageable and repeatable process. Perform assessments that look beyond the tree and provide a clear view of the forest.
Mitigating Liability Risks During Hostile Event Response
Presenter:Jerry Wilkins, Active Risk Survival
Applying industry best practices can directly affect an organization's liability in the aftermath of a hostile event. There is significant published guidance including PASS 4th Addition Partner Alliance for Safer Schools, NFPA-3000 (PS) Active Shooter Hostile Event Response Planning, USSS Enhancing School Safety, and FBI Developing Emergency Operations Plans. Drawing from case studies including Mueller Water Products, the New Zealand Mosque Attack, and MDS High School in Parkland FL, this session will focus on the due diligence (actions and processes) an organization can pursue in preparation for a random tragic event.
Project Success or Fiasco: Dealing with Shocks, Illusions, and Ambushes
Moderator:Ed Chandler, Security by Design
Panelists:Joe Fallon, Faith Group
Kelly Stewart, Newcastle Consulting
Brad Wilson, RFI Communications
Every project has its unexpected moments. Sometimes, though, the unexpected can feel like a tidal wave. Manufacturers can be suddenly acquired, client personnel suddenly change, product capabilities have been oversold or forgotten, or the contractor becomes more foe than friend. These and other situations can threaten the success or even viability of a project unless cooler heads prevail. Hear from a panel that has nearly seen it all to understand how they've dealt with different project-threatening situations and what they might do differently in retrospect.
Escalation: How to handle a project that goes 'sideways'
Moderator:Rodney Thayer, Smithee Solutions
Panelists:Bret Emerson, CommTech Design
Min Kyriannis, JB&B
James Stroud, J.P. Morgan
How do you handle resolving problems with vendor's “solutions” that aren't solutions at all? The physical security marketplace often shows up ill equipped to handle these situations causing a project to go sideways and responding in an ad hoc manner with one-off band-aid solutions? The answer may well lie in "escalation". Can problems be handled in an orderly manner or is there a need to escalate with extreme prejudice (cancel the purchase order, rip and replace)? Can issues be resolved, leading to a "lessons learned" conversation and ensuring the problem doesn't happen again? This panel will discuss processes, honed in the IT arena, that can be used successfully to manage vendor problems whose severity begs for escalation.
Understanding Security Systems Commissioning
Moderator:James Krile, Heapy Engineering
Panelists:Paul Benne, Sentinel Consulting
Jim Henry, Securitas ES
Forrest Gist, Jacobs Engineering
Have you ever approached a client about a value added service such as commissioning, only to have them respond that "Isn't this already included in your proposal?". In this session, we will discuss the often mis-understood and sometimes poorly defined project close-out activity referred to as Commissioning. We will explore some of the more essential aspects of Commissioning our increasingly complex and interconnected Security Management Systems. These include (1) What is Commissioning? (2) What is the justification for this value added service; and (3) What does the commissioning process look like?
Elliot A. Boxerbaum Award Presentation
Elliot A. Boxerbaum Award Presentation Sunday's Lunch will feature the presentation of the Elliot A. Boxerbaum Award for the 2018-2019 Security Design Project of the Year. The award is the security industry's only award recognizing excellence in security system design. It is specifically for companies engaged in security engineering and design. It recognizes collaboration, design excellence, uniqueness, creativity, and administration factors which contributed to a highly successful security project. Elliot A. Boxerbaum, MA, CPP, CSC, was founder and president of Security Risk Management Consultants, Inc., an independent security consulting organization providing security vulnerability assessment, master planning, design development, technical specification, and project and program management support services to a wide range of clients throughout the United States and abroad. He passed away in June 2014, from ALS. Once again, his wife, Debbie, will present the award.
WW II Navajo Code Talker
Our country's Navajo people were key to our victory in World War II. In the Pacific Arena, the Japanese managed to crack every communication code the United States used. The Marines turned to their Navajo recruits to develop a secret military language. Navajo Marines created the only unbroken spoken code in modern warfare. In 2007, Judith Avila met Navajo code talker Chester Nez and convinced him that his story needed to be heard. Chester, the last of the twenty-nine original Navajo Code Talkers of WWII, insisted that he “had done nothing special, only his duty.” Still, he agreed to tell Judith about his life. Judith recorded Chester's narrative, then committed the memoir to paper. Penguin published Code Talker: The First and Only Memoir by One of the Original Navajo Code Talkers of WWII in 2011. It soon became a best-seller and is still going strong. Judith, a graduate of Duke University, discovered writing after working as an air traffic controller and a computer consultant. She will speak at Monday's lunch and be joined by Chester's son, Mike, and grandson, Latham.
CONSULT is a security industry event sponsored by SecuritySpecifiers. SecuritySpecifiers is an online community and network of security professionals established to address the need for the physical security industry to more effectively engage with designers and consultants.