21 June 2023

Physical Security Talking Points and Fraud



When discussing physical security, there are several important talking points to consider. Here are some key points to include:

  • Risk Assessment: Start by highlighting the importance of conducting a thorough risk assessment to identify potential vulnerabilities and threats to physical security. This assessment helps determine the level of security measures needed.
  • Access Control: Discuss the significance of implementing access control systems, such as key cards, biometric authentication, or security personnel, to restrict unauthorized entry into sensitive areas. Emphasize the need to control and monitor access to ensure only authorized individuals have access.
  • Perimeter Security: Talk about the significance of securing the perimeter of a facility, including fences, gates, and barriers. Highlight the need for surveillance cameras, motion sensors, and alarms to detect and deter intruders.
  • Security Personnel: Discuss the role of trained security personnel in maintaining physical security. This may include security guards, receptionists, or other personnel responsible for monitoring and responding to security incidents.
  • Surveillance Systems: Explain the importance of deploying a comprehensive surveillance system that includes cameras, video analytics, and recording capabilities. Discuss how these systems can deter criminal activity, provide evidence in case of incidents, and aid in investigations.
  • Security Policies and Procedures: Highlight the significance of establishing clear security policies and procedures. Discuss the importance of training employees on these policies, including protocols for reporting security incidents, handling sensitive information, and responding to emergencies.
  • Physical Barriers and Safeguards: Mention the use of physical barriers, such as reinforced doors, locks, and safes, to protect sensitive areas, equipment, and valuables. Explain how these measures can prevent unauthorized access or theft.
  • Emergency Preparedness: Discuss the need for developing emergency response plans, including evacuation procedures, fire safety measures, and protocols for handling natural disasters or other crises. Emphasize the importance of regular drills and training sessions.
  • Visitor Management: Highlight the significance of implementing visitor management protocols, including sign-in procedures, visitor badges, and escorting procedures for guests. This helps ensure that visitors are authorized and monitored while on the premises.
  • Security Awareness: Talk about the importance of creating a culture of security awareness among employees. Educate them about potential threats, social engineering techniques, and the role they play in maintaining physical security.

Next it is vital to understand Physical Security is closely intertwined with human nature. As a Fraud and Loss Prevention Agent I have found it is vital to in include the understanding of human behavior and motivations when designing and implementing effective physical security measures. Here are some key points regarding the relationship between physical security and human nature:

  • Perception of Threat: Humans have a natural instinct to perceive and respond to threats. Physical security measures should take into account the psychological aspects of threat perception to create a sense of safety and deter potential intruders.
  • Deterrence: Humans are more likely to be deterred from engaging in criminal activities if they perceive a high risk of being caught or facing negative consequences. Visible security measures, such as surveillance cameras, access control systems, and security personnel, can act as effective deterrents.
  • Compliance and Rule-Breaking: Human nature is varied, and while most individuals tend to comply with rules and regulations, some may be inclined to break them. Physical security measures should consider human tendencies and vulnerabilities, ensuring that they address potential areas of non-compliance or rule-breaking.
  • Social Engineering: Physical security is not solely focused on preventing unauthorized access or intrusion; it also involves protecting against social engineering techniques. Humans can be manipulated or deceived through tactics such as impersonation, tailgating (following an authorized person to gain entry), or exploiting trust. Training and awareness programs should address these risks.
  • Mistakes and Human Error: Humans are prone to making mistakes and errors in judgment, which can compromise physical security. This may include leaving doors unlocked, misplacing access cards, or failing to follow proper procedures. Security measures should account for human fallibility and strive to minimize the impact of potential errors.
  • Insider Threats: Human nature encompasses both positive and negative aspects. While the majority of employees are trustworthy, there is always a risk of insider threats—individuals who abuse their access privileges or exploit their position within an organization. Robust access controls, monitoring systems, and personnel vetting procedures are important to mitigate this risk.
  • Collaboration and Cooperation: Human nature also includes a natural inclination for collaboration and cooperation. Physical security measures should leverage this aspect by promoting a culture of security awareness, encouraging employees to report suspicious activities, and fostering a sense of shared responsibility for maintaining a secure environment.
  • Response to Emergencies: Human behavior during emergencies can vary, with some individuals experiencing panic or confusion. Physical security plans should consider human reactions in crisis situations and provide clear instructions, evacuation routes, and emergency response protocols to ensure a safe and organized response.

Understanding human nature and behavior is crucial in designing physical security measures that are effective, user-friendly, and aligned with the natural tendencies and vulnerabilities of individuals. By considering these factors, organizations can create a more robust and comprehensive approach to physical security. Always remenber the concept of the Fraud Triangle in your planning.  The fraud triangle is a concept developed by criminologist Donald Cressey to explain the factors that contribute to the occurrence of occupational fraud. It suggests that three elements must be present for an individual to commit fraud: opportunity, pressure, and rationalization. Let's delve into each element:

Opportunity: The first element of the fraud triangle is the presence of an opportunity. This refers to the conditions or circumstances that enable an individual to carry out fraudulent acts without detection. Factors such as weak internal controls, lack of oversight, or inadequate segregation of duties can create opportunities for fraudsters to exploit.

Pressure: The second element of the fraud triangle is pressure or incentive. Financial difficulties, personal debts, addiction, or the desire to maintain a lavish lifestyle are common examples of pressures that can motivate individuals to commit fraud. These pressures create a perceived need for additional financial resources or personal gain.

Rationalization: The third element of the fraud triangle is rationalization, which is the process by which individuals justify their fraudulent behavior to themselves. They may convince themselves that they deserve the ill-gotten gains or that they are only "borrowing" the money temporarily and will repay it later. Rationalization helps fraudsters reconcile their actions with their own moral compass, allowing them to continue their fraudulent activities.

The fraud triangle suggests that all three elements must be present for occupational fraud to occur. Removing or effectively addressing any one of these elements can significantly reduce the likelihood of fraud. For instance, implementing strong internal controls, promoting ethical behavior, fostering a transparent organizational culture, and providing employees with resources to address financial pressures can help mitigate the risk of fraud.



While the fraud triangle is primarily focused on understanding the factors that contribute to occupational fraud, it can also be applied to physical security design. By considering the elements of the fraud triangle, organizations can develop effective physical security measures to deter and detect fraudulent activities. Here's how the fraud triangle can be related to physical security design:

  • Opportunity: Physical security design should aim to reduce or eliminate opportunities for fraudulent activities. This involves implementing access control systems, surveillance cameras, and physical barriers to restrict unauthorized access to sensitive areas. By controlling and monitoring access, organizations can minimize the opportunity for individuals to commit fraudulent acts.
  • Pressure & PS: While physical security design cannot directly address personal financial pressures or other individual motivations, it can indirectly influence them. For example, by implementing strong security measures and controls, organizations can create a deterrent effect that increases the perceived risk of detection. This, in turn, may reduce the pressure or motivation for potential fraudsters to commit illegal acts.
  • Rationalization & PS: Physical security design can help shape an organizational culture that discourages rationalization of fraudulent behavior. By promoting ethical values, transparency, and accountability, organizations can foster an environment where individuals are less likely to justify or rationalize engaging in fraudulent activities.

Additionally, physical security design should take into account other human factors that may contribute to fraud. For example:

  • Surveillance Systems: Deploying visible surveillance cameras throughout the premises can act as a deterrent and remind individuals that their actions are being monitored and recorded. This can discourage fraudulent behavior.
  • Access Control and Segregation of Duties: Implementing proper access controls and segregating duties can help prevent collusion and unauthorized access to critical assets or information. This reduces the opportunity for fraud and increases the difficulty of carrying out fraudulent acts undetected.
  • Reporting Mechanisms: Physical security design should include mechanisms for employees to report suspicious activities or potential security breaches confidentially. This encourages a culture of vigilance and enables timely detection and prevention of fraud.

By integrating principles from the fraud triangle into physical security design, organizations can create a more robust security posture that not only deters unauthorized access but also addresses the underlying factors that contribute to fraudulent behavior.

Genetec, Milestone, and Avigilon are three leading providers of IP video surveillance solutions, each with its own strengths and features. Here's a comparison of these solutions

Genetec:

  • Genetec offers Security Center, a comprehensive video management system that integrates video surveillance, access control, and license plate recognition in a unified platform.
  • Security Center provides advanced features like video analytics, event management, and real-time monitoring.
  • Genetec emphasizes scalability, making it suitable for small to enterprise-level deployments.
  • It has a strong focus on cybersecurity, with robust encryption and authentication measures.
  • Genetec supports a wide range of third-party camera manufacturers and offers flexibility in hardware choices.

Milestone Systems:

  • Milestone offers XProtect, an open platform video management software (VMS) that supports a large number of camera manufacturers and integrates with various third-party systems.
  • XProtect is known for its flexibility, scalability, and customization options, allowing users to tailor the system to their specific needs.
  • It provides a broad range of features, including video analytics, centralized management, and mobile access.
  • Milestone has a strong partner ecosystem, enabling integration with other security systems such as access control and video analytics.

Avigilon:

  • Avigilon specializes in high-definition IP video surveillance solutions.
  • Avigilon Control Center (ACC) is their flagship VMS, offering advanced video analytics capabilities like facial recognition, object detection, and behavior pattern analysis.
  • ACC provides a user-friendly interface with powerful search and playback functionalities.
  • Avigilon cameras are known for their high-quality imaging and advanced features like self-learning video analytics.
  • Avigilon solutions are designed to work together seamlessly, offering end-to-end video surveillance systems.
When choosing between these solutions, consider your specific requirements and priorities. Here are some factors to consider:

  • Feature set: Evaluate the features and functionalities offered by each solution and determine which aligns best with your needs, such as video analytics, scalability, or integration options.
  • Scalability: Consider the scalability of the solution to ensure it can grow with your organization and handle an increasing number of cameras and users.
  • Integration capabilities: Assess the ability of the solution to integrate with other systems you might already have in place, such as access control or video analytics.
  • User experience: Take into account the user interface and ease of use of the software to ensure it meets your operational requirements.
  • Budget: Consider the cost of the solution, including licensing fees, camera compatibility, and any additional hardware or software requirements.

It's advisable to reach out to the vendors, discuss your specific needs, and even request a demonstration or trial to assess how well the solution aligns with your requirements.

Feenics and Genetec are two prominent providers of cloud-based access control solutions. Here's a brief overview of each:


Feenics: Feenics is a leading provider of cloud-based access control solutions known for their product called Keep by Feenics. Keep is an open platform that offers flexible and scalable access control capabilities. It allows organizations to manage access to their facilities and streamline security operations from a centralized cloud-based interface. Feenics' solution emphasizes ease of use, customization, and integration with various third-party systems and devices.

Feenics is a leading provider of cloud-based access control solutions. Their flagship product is called Keep by Feenics. Here are some key features and highlights of Feenics' access control solution:

  • Cloud-based architecture: Keep by Feenics leverages a cloud-based infrastructure, allowing organizations to manage their access control systems remotely from any location with an internet connection. This provides flexibility and convenience for administrators.
  • Scalability and flexibility: Feenics' solution is designed to accommodate organizations of all sizes, from small businesses to large enterprises with multiple sites. The system can scale to meet changing requirements, making it suitable for growth and expansion.
  • Open platform: Keep by Feenics is built on an open platform, allowing for seamless integration with a wide range of third-party systems and devices. This enables organizations to create a comprehensive security ecosystem by combining access control with other systems such as video surveillance, intrusion detection, and visitor management.
  • Mobile app and remote management: Feenics provides a mobile application that allows administrators to manage access control systems, view real-time data, and respond to security events from their mobile devices. This enables remote management and enhances operational efficiency.
  • Multi-tenant cloud infrastructure: Feenics offers a multi-tenant cloud architecture, which enables managed service providers (MSPs) to deliver access control services to their clients. This feature is especially beneficial for organizations that require centralized management of access control across multiple sites or buildings.
  • Data analytics and reporting: Keep by Feenics includes advanced reporting capabilities and data analytics tools that provide valuable insights into access events, user activity, and system performance. This helps organizations identify trends, improve security protocols, and make informed decisions.
  • Enhanced security measures: Feenics places a strong emphasis on security. Their solution incorporates encryption, multi-factor authentication, and regular security updates to protect the access control infrastructure and data from potential cyber threats.

Feenics' Keep solution has gained recognition for its flexibility, scalability, and integration capabilities. It offers organizations a cloud-based approach to access control management, providing convenience, remote accessibility, and the ability to create a comprehensive security ecosystem.

Genetec is a renowned provider of security and access control solutions, and they offer a cloud-based access control solution called Genetec Synergis Cloud Link. This solution is part of the broader Genetec Security Center platform, which integrates various security systems for unified management and enhanced situational awareness.

Here are some key features and highlights of Genetec's cloud-based access control solution:

  • Hybrid deployment options: Genetec offers hybrid deployment options, allowing organizations to combine cloud-based access control with on-premises systems. This flexibility enables organizations to tailor their access control infrastructure to their specific needs and requirements.
  • Scalable and adaptable architecture: Genetec Synergis Cloud Link is designed to scale and adapt to organizations of different sizes and complexities. Whether it's a single site or a multi-site enterprise deployment, the solution can accommodate the growth and changing needs of the organization.
  • Integrated security management: Genetec Security Center integrates access control with other security systems, such as video surveillance, intrusion detection, and analytics. This integration provides a comprehensive security management platform, allowing organizations to monitor and respond to security events efficiently.
  • Mobile app and remote management: Genetec provides a mobile application that enables administrators to remotely manage and monitor access control systems. This mobile app empowers administrators to stay connected and respond to incidents on the go, improving operational efficiency.
  • Compliance and privacy features: Genetec Synergis Cloud Link incorporates features to help organizations meet compliance requirements, such as GDPR (General Data Protection Regulation). It ensures the privacy and protection of personal data, enhancing data security and compliance with regulations.
  • Automatic updates and maintenance: Genetec manages system updates, patches, and maintenance tasks, ensuring that the access control solution is up to date and secure. This alleviates the burden of managing infrastructure updates and allows organizations to focus on their core operations.
  • Genetec has established a strong reputation in the security industry and is known for their focus on innovation, reliability, and customer satisfaction. Their cloud-based access control solution, Genetec Synergis Cloud Link, offers organizations the benefits of scalability, integration, mobile management, and compliance features. It provides a robust and comprehensive access control management platform for organizations seeking cloud-based solutions.

Both Feenics and Genetec have established themselves as reputable providers of cloud-based access control solutions, offering robust features, integration capabilities, and a focus on security and scalability. When considering any access control solution, it's important to evaluate your specific needs, conduct thorough research, and engage with the vendors to understand how their offerings align with your organization's requirements.


25 April 2021

Learn More About The Ascom Healthcare Platform

 The Ascom Healthcare Platform integrates disparate systems within the healthcare environment to close digital information gaps to help streamline and improve patient care and staff workflows.

Ascom Patient Response System Overview









12 May 2020

SECURITY-ONLY NETWORKS HELP LIMIT EXPOSURE



In the last 20 years, critical infrastructure security professionals have recognized that their systems are potentially vulnerable to both physical and cyber-attacks. Organizations have invested huge sums to identify and remediate potential vulnerabilities in physical protection systems and computer network operations. Yet, in many ways, physical security and cybersecurity remain separate and independent disciplines. Their analyses are performed by separate teams and documented in separate reports, with remediation plans generated and implemented by separate organizations with very different cultures (e.g., “geeks” versus “cops”).

However, today infrastructure systems consist of both physical and cyber components that interact with one another in complex ways.  Cyberattacks are one of the greatest threats facing global businesses today. Hardly a day goes by that there is not a report of hackers breaching company networks and stealing sensitive customer or personal data.   At ADT Commercial we help enhance your physical and cybersecurity efforts with interactive network managed services. We own two Network Operations Centers (NOC) as part of our Integrated Solutions Division. From the NOC we can design, implement, install, commission, manage, and monitor a separate and dedicated IT network for your security applications. We can also with your IT resources to determine if partitioning your existing network to segment your critical business data from other functions is a better option for your operations. In Addition, our team can help manage broadband connections, guest WiFi, etc.

HAVING A MANAGED AND MONITORED IT INFRASTRUCTURE HELPS ALLOW FOR:
  • Remote health checks of IP-enabled devices on the network such as cameras, DVRs and NVRs, hard drives, sensors, card readers, and intercoms.
  • Email and voice notification of potential problems or data breach attempts.
  • A data protection and disaster recovery program in place.
  • Remote repair or technician dispatch if a problem is discovered, such as a camera dropping off the network or unusual hard drive usage or failure.
  • Monitoring point-to-point tunnel, local site connectivity, and network up/down status.
  • Monthly health summary reports, annual tests, preventive maintenance, audits, and compliance tracking.
  • Up-to-date firewall and anti-virus software, since we will monitor for new releases/latest patches and automatically install remotely.
  • Monitoring for cybersecurity threats including email breaches.
  • 24/7/365 visibility into your network

Our employees hold certifications in both Cisco and Meraki, providing them with advanced knowledge in designing and implementing an integrated security solution for your business.

For a whitepaper to review the concepts in more detail or to start a conversation call me at (774) 218-5140 or email me at JamesMcDonald@ADT.com.

11 October 2019

08 February 2019

Going to HiMSS19 in Orlando?

The 2019 HIMSS Global Conference & Exhibition, February 11–15, 2019 in Orlando, is the leading health information and technology conference, bringing together 45,000+ professionals from 90+ countries for the education, innovation and collaboration they need to transform health through information and technology – all at one time, all in one place. Choose from 300+ education sessions, 1,300+ vendors, hundreds of special programs and endless networking events.

If you are going, please stop by and see my friends at ASCOM 

Physical Security Talking Points and Fraud

When discussing physical security, there are several important talking points to consider. Here are some key points to include: Risk Assessm...