The Consultant Responsibility
CYBER SECURITY TRACK
Cyber - The Integrator Perspective
Moderator:Andrew Lanning. Integrated Security Technologies
Panelists:Phil Aronson, Aronson Security Group (ADT)
John Nemerofsky, CGL Technologies
Rodney Thayer, Smithee Solutions
Wayne Smith, Tech Systems
Increasingly, Government and Critical Infrastructure clients are seeking a higher level of cyber assurance from their supply chain partners which includes their security system integration partners. Consultants are uniquely positioned to translate a client's cybersecurity requirements into an electronic security system specification which ultimately goes out to the integrator community for implementation. This session will review, from the integrator's point of view, cybersecurity requirements and cost considerations the consultant could/should be discussing with their client during initial risk assessment, during commissioning/testing, and for post-installation monitoring, testing, and life-cycle management.
Cyber Hardening (double session)
Presenter:David Brent, Bosch Security and Safety
As of 2015, close to 300 million IP cameras have been installed around the world. Many of these cameras have been installed with default user names and passwords and can be accessed from anywhere in the world. For years the question has been "How secure is the video that a system produces?" but that question is changing. Now the question is "Can my security system be used against me?" Most IP cameras are manufactured with an open operating system, or basic kernel, that gives no real consideration to data or cyber security. What are the current fundamental considerations that an organization needs to take into consideration before placing any IP camera on their network?
Cyber Certification & Specifications
Presenter:Ray Coulombe, SecuritySpecifiers
The two previous CONSULT symposia have dealt with topics of cyber liability and cyber specifications. This session will deal with two primary related topics. The first is the latest iteration of cyber specification language for consideration by consultants to support projects in design. It encompasses such considerations as submittals, product characteristics, asset management, password provisioning, and contractor responsibilities. The second is to address current efforts to formulate a cybersecurity certification around the topic of cyber-secure installation, establishing a knowledge baseline that can be referenced in a specification’s Qualifications section.
Surf the Privacy Wave; Risk Management and Operational Security in an Evolving Privacy World
Presenter:Salvatore D'Agostino, IDmachines
The session will review the current privacy requirements for security and surveillance systems. It will provide an overview of the relationship of privacy to security and how this relationship is evolving both locally and globally at this time. The session will introduce the concepts behind measuring and assessing privacy risk and the creation of a resulting privacy profile. The session will review existing surveillance and privacy codes of conduct, standards, frameworks and references and how these can be used by security and surveillance service providers and professionals. It will look at the particular considerations in the use of analytics and cloud based services as examples of high privacy risk applications. The session will give examples of the countermeasures that can be used to mitigate privacy risk in general and in this particular use case. Finally the session will examine the ways to measure and improve the usability of privacy from the perspective of the enterprise and the individual.
Errors and Omissions (E&O) Insurance Considerations
Presenters:Wayne Dean, McGriff Insurance Services
Hannah Hoeflinger, INSUREtrust
Hear from an insurance company and an underwriter familiar with the security industry about the ins and outs of E&O insurance, and how that relates to general liability and cybersecurity concerns.
Cyber Risk and Incurred Liabilities
Presenters:Wayne Dean, McGriff Insurance Services
Hannah Hoeflinger, INSUREtrust
There is a growing acceptance of the need for cybersecurity insurance. But how often do claims get paid…and why? The presenters provide insurance services to PSA Security Network integrators and will discuss the circumstances around several cases where claims against several integrators have been paid. What lessons are to be learned and how can security service providers better prepare themselves to be protected from cybersecurity liability?
Operations Risk – Holistic & Practical Assessment
Presenter:Benjamin M. Butchko, Butchko, Inc.
Recognizing and evaluating cyber, physical, and operations risks provide for significantly greater delivery of value to the business operation. However, assessment and identification of risk is often performed in silos and from differing perspectives. Go beyond hype and marketing vernacular to see how a holistic view can be achieved through a manageable and repeatable process. Perform assessments that look beyond the tree and provide a clear view of the forest.
Escalation: How to handle a project that goes 'sideways'
Moderator:Rodney Thayer, Smithee Solutions
Panelists:Min Kyriannis, JB&B
+2 Panelists TBA
How do you handle resolving problems with vendor's “solutions” that aren’t solutions at all? The physical security marketplace often shows up ill equipped to handle these situations causing a project to go sideways and responding in an ad hoc manner with one-off band-aid solutions? The answer may well lie in "escalation". Can problems be handled in an orderly manner or is there a need to escalate with extreme prejudice (cancel the purchase order, rip and replace)? Can issues be resolved, leading to a "lessons learned" conversation and ensuring the problem doesn't happen again? This panel will discuss processes, honed in the IT arena, that can be used successfully to manage vendor problems whose severity begs for escalation.
Understanding Security Systems Commissioning
Moderator:James Krile, Heapy Engineering
Panelists:Forrest Gist, Jacobs Engineering
Jim Henry, Securitas ES
+1 Panelist TBA
Have you ever approached a client about a value added service such as commissioning, only to have them respond that "Isn’t this already included in your proposal?". In this session, we will discuss the often mis-understood and sometimes poorly defined project close-out activity referred to as Commissioning. We will explore some of the more essential aspects of Commissioning our increasingly complex and interconnected Security Management Systems. These include (1) What is Commissioning? (2) What is the justification for this value added service; and (3) What does the commissioning process look like?
Mitigating Liability Risks During Hostile Event Response
Presenter:Jerry Wilkins, Active Risk Survival
Applying industry best practices can directly affect an organization’s liability in the aftermath of a hostile event. There is significant published guidance including PASS 4th Addition Partner Alliance for Safer Schools, NFPA-3000 (PS) Active Shooter Hostile Event Response Planning, USSS Enhancing School Safety, and FBI Developing Emergency Operations Plans. Drawing from case studies including Mueller Water Products, the New Zealand Mosque Attack, and MDS High School in Parkland FL, this session will focus on the due diligence (actions and processes) an organization can pursue in preparation for a random tragic event.
Project Success or Fiasco: Dealing with Shocks, Illusions, and Ambushes
Moderator:Ed Chandler, Security by Design
Panelists:+3 Panelists TBA
Every project has its unexpected moments. Sometimes, though, the unexpected can feel like a tidal wave. Manufacturers can be suddenly acquired, client personnel suddenly change, product capabilities have been oversold or forgotten, or the contractor becomes more foe than friend. These and other situations can threaten the success or even viability of a project unless cooler heads prevail. Hear from a panel that has nearly seen it all to understand how they’ve dealt with different project-threatening situations and what they might do differently in retrospect.
CONSULT is a security industry event sponsored by SecuritySpecifiers. SecuritySpecifiers is an online community and network of security professionals established to address the need for the physical security industry to more effectively engage with designers and consultants.