With cyberattacks making headlines almost on a daily basis, the role of the chief risk officer (CRO) is important now more than ever before. In addition to analyzing, monitoring, predicting, mitigating and evaluating many types of risks and conditions, chief risk officers (CRO) are held responsible for ensuring compliance to rapidly evolving industry regulations and analyzing IT operations to prevent data leakage.
Over the past few months, airport security hasn’t exactly made good headlines. Except for Miami International Airport. Unlike other airports across the U.S., Miami International Airport screens all employees that enter and exit the secured area of the airport. Miami has four checkpoints for employee screening, seven access gates for inspections of vehicles entering into the airfield, random background checks of employees and a mandatory security awareness class. Last year, the airport confiscated 209 employee ID badges for security violations. The airport has nearly 38,000 employees with ID badges, and 35,000 who have access to restricted areas. I spoke with Lauren Stover, Director of Public Safety and Security at Miami-Dade Aviation Department at the Miami International Airport (MIA) about the proactive stance that she and her team take each day.
As far too many companies victimized by data breaches can attest, we are in a “blame the victim” environment, where the breach victim is treated like an accessory to the crime. Time and time again, Congress, regulators, the courts and the media treat victim companies as if they are guilty until proven innocent, or rather “negligent until proven reasonable.”
What does leadership mean to you? We all have our own ideas about what it means to be a good leader. For example, some people think leadership means guiding others to complete a particular task, while others believe it means motivating the members of your team to be their best selves. But while the definitions may vary, the general sentiments remain the same: leaders are people who know how to achieve goals and inspire people along the way.
According to frequent headlines in the press, cybersecurity is an issue that has seized the attention of corporate boards and the executives who report to them. The reality is probably more nuanced. Although the largest companies in some sectors are engaged in extensive risk management efforts, the broader business community in the middle market remains at best uneven in its response, says Matthew F. Prewitt, partner with law firm Schiff Hardin in Chicago, chair of Schiff Hardin’s data security and privacy team and co-chair of the trade secrets and employee mobility team.
Want happy employees? It’s more than the occasional catered office lunch. It’s providing an environment where employees can be productive, collaborate with colleagues and find creative ways to power through their to-do lists. Mobile devices play a primary role in this movement, but so have the widespread adoption of public and private cloud applications, which have provided workers access to their files, and each other, anywhere, anytime and from any device.
Anew term starts today for Security magazine – the business publication that provides solutions for enabling and assuring business. I am proud to introduce Chris Ward as publisher of Security magazine, both print and online.
Tailgating is one of the most common and innocent security breaches – an employee opening a door and holding it open for others, visitors without badges, or the passive acceptance of a uniformed worker. The problem with these lax situations and common courtesy is that they open your building to undocumented and unauthorized entry by individuals who could intend harm to your property and employees.
Vanderbilt University has earned many distinctions, including Princeton Review’s top ranking for colleges with the happiest students. The school’s latest endeavor is taking the plunge and going mobile with access control.
There is a common plot line that underlies most of the breach stories in the news. Software written by bad guys gets into places on the corporate network where it shouldn’t be. It looks around, finds vulnerable systems, grabs valuable data and transmits it off the network. The term most commonly used to describe this behavior is Advanced Persistent Threat (APT).
Not all employees are saboteurs or malicious actors, but without education, unwitting employees could cause just as much damage as a targeted data theft in the long run. Read how to prevent this in the August 2015 issue of Security. Also read how building stronger relationships with local and national law enforcement can aid in school security awareness and response, learn about the dangers of continuing to use old credit card terminals, and see the ASIS International 2015 product review.