Cybersecurity

 

 

https://adminsm.asisonline.org/Pages/Book-Review-Small-Wars,-Big-Data.aspxBook Review: Small Wars, Big DataGP0|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a43444652018-11-01T04:00:00ZEli Berman, Joseph H. Felter, and Jacob Shapiro; Reviewed by Ben Rothke, CISSP <p>​Princeton University Press; press.princeton.edu; 408 pages; $29.95.</p><p>A 2012 Forbes article titled "How Target Figured Out A Teen Girl Was Pregnant Before Her Father Did" showed the power of data collection. In that article, author Kashmir Hill wrote that every time you go shopping, you share intimate details about your consumption patterns with retailers, who study those details to figure out what you like, what you need, and which coupons are likely to make you happy. Target figured out how to guess that a baby is on the way long before the parents need to start buying diapers.</p><p>Big data has revolutionized retail, and it has also changed the way nations deal with war and conflicts. In <em>Small Wars, Big Data: The Information Revolution in Modern Conflict</em>, authors Eli Berman, Joseph Felter, and Jacob Shapiro have written a fascinating book that explains how big data and data analytics can be applied to modern warfare. </p><p>The authors show that by using empirical data gathered from battlefields and other locales, countries can create a new paradigm to deal with localized conflicts and save countless lives. While wars of the past had two large armies fighting against each other, today's conflicts often involve small rebel insurgencies. Using data and analytics can make the difference between a battle won and a battle lost.</p><p>It's an old saying that generals always fight the previous war. Small Wars, Big Data shows that some generals have learned that lesson and are using the right data to fight and win these new conflicts.</p><p><em>Reviewer: Ben Rothke, CISSP (Certified Information Systems Security Professional), PCI QSA (Qualified Security Assessor), is a principal eGRC consultant with the Nettitude Group.</em></p>

 

 

https://adminsm.asisonline.org/Pages/TEAM-Software.aspx2018-09-01T04:00:00ZTEAM Software
https://adminsm.asisonline.org/Pages/Blockchain-Buzz.aspx2018-07-01T04:00:00ZBlockchain Buzz
https://adminsm.asisonline.org/Pages/On-Premise-vs-the-Cloud.aspx2018-05-25T04:00:00ZOn-Premise vs the Cloud

 

 

https://adminsm.asisonline.org/Pages/Book-Review-Small-Wars,-Big-Data.aspx2018-11-01T04:00:00ZBook Review: Small Wars, Big Data
https://adminsm.asisonline.org/Pages/Something-in-the-Water.aspx2018-11-01T04:00:00ZSomething in the Water
https://adminsm.asisonline.org/Pages/Book-Review-Online-Danger.aspx2018-10-01T04:00:00ZBook Review: Online Danger

 

 

https://adminsm.asisonline.org/Pages/Release-the-Robots.aspx2018-11-01T04:00:00ZRelease the Robots
https://adminsm.asisonline.org/Pages/Artful-Manipulation.aspx2018-09-01T04:00:00ZArtful Manipulation
https://adminsm.asisonline.org/Pages/Attacks-on-the-Record.aspx2018-06-01T04:00:00ZAttacks on the Record

 

 

https://adminsm.asisonline.org/Pages/Release-the-Robots.aspx2018-11-01T04:00:00ZRelease the Robots
https://adminsm.asisonline.org/Pages/Book-Review---Credit-Card-Fraud.aspx2018-07-01T04:00:00ZBook Review: Credit Card Fraud
https://adminsm.asisonline.org/Pages/Artificial-Adversaries.aspx2018-06-01T04:00:00ZArtificial Adversaries

 

 

https://adminsm.asisonline.org/Pages/Release-the-Robots.aspx2018-11-01T04:00:00ZRelease the Robots
https://adminsm.asisonline.org/Pages/Cybersecurity-for-Remote-Workers.aspx2018-02-12T05:00:00ZCybersecurity for Remote Workers
https://adminsm.asisonline.org/Pages/Mobile-Mayhem.aspx2017-10-01T04:00:00ZMobile Mayhem

 You May Also Like...

 

 

https://adminsm.asisonline.org/Pages/a-manual-private-investigation-techniques-0013117.aspxA Manual of Private Investigation Techniques<div class="body"> <p> <em> <strong> <span style="color:red;">*****</span> A Manual of Private Investigation Techniques. Edited by William F. Blake. Charles C. Thomas Publishers, Ltd.; ccthomas.com; 326 pages; $39.95; also available as e-book. </strong> </em> </p> <p>The editor of this volume was able to amass an amazing number of beneficial articles for both aspiring and experienced investigators. Although clearly developed for private investigators, its breadth of topics pertaining to various types of investigations gives it significance for investigators working in the public sector as well.</p> <p>The book presents the reader with an array of interesting essays on useful topics such as premises liability, undercover operations, integrity investigations, protecting assets, mortgage fraud, arson investigations, and homicide investigations. Many other investigative topics are explored in this tome as well.</p> <p>The authors of these articles often incorporate information on how the various types of investigations should be conducted. There is worthwhile information in these articles that will enable private investigators to educate their respective clients on potential issues in their businesses that could create vulnerabilities for criminal exploitation. Collectively, the contributing authors adequately spell out the applicable best investigative practices as they survey the various types of investigations.</p> <p>In short, this work is a valuable contribution to the field of investigation, especially in the private sector. The editor did a superb job of collecting meaningful articles pertaining to the study of investigation as well as the investigative process.<br></p> <hr /> <span style="color:#800000;"> <strong>Reviewer: </strong> </span>Hugh J. Martin is a retired police chief from Wisconsin. He is a graduate of the FBI National Academy and a member of ASIS. <p></p></div>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://adminsm.asisonline.org/Pages/Cyber-Trends.aspxCyber Trends<p>​<span style="line-height:1.5em;">The security industry changes daily. And it’s fair to say that cybersecurity is changing even more rapidly as new threats, new attack methods, and new technologies continuously emerge. This means that cybersecurity professionals need to stay up to date as the threat landscape rapidly evolves to ensure that they are ready to meet the challenges of modern- day data security. Here, we look at some of the major issues that these professionals will be tasked with over the course of the remaining year and heading into 2017.</span></p><p>Brexit. In a historic decision in June, the United Kingdom voted to leave the European Union (EU)—a decision commonly known as Brexit. Approximately 52 percent of the population voted to leave the EU, while 48 percent voted to remain—including all of Scotland and a large portion of the population in Northern Ireland.</p><p>While immediate concerns were focused on the economic upheaval, Brexit will also have an impact on data sharing and data privacy agreements that the United Kingdom was previously part of as a member of the EU and its digital single market.</p><p>One major area of regulation that will need to be ironed out is around the EU General Data Protection Regulation (GDPR), which is scheduled to go into effect in 2018. It creates new privacy rights for EU citizens and requirements for businesses that handle EU citizens’ data (for more on this, read “Cybersecurity” from our August issue).</p><p>When the United Kingdom exits the EU, Britain may no longer be subject to the GDPR and may have to adopt its own framework. </p><p>Furthermore, the EU and the United States had negotiated for months to create the Privacy Shield program, which was designed to replace the Safe Harbor agreement that was previously ruled invalid by the EU. The United Kingdom’s exit from the EU, however, means that it may not be covered by Privacy Shield—which went into effect earlier this year.</p><p>Brexit could also be the catalyst to create a different framework altogether, says Yorgen Edholm, CEO of Accellion, a private cloud solutions company based in the United States.</p><p>“The one EU effort we have looked at very carefully is the new Safe Harbor agreement—Privacy Shield,” Edholm says. “I think the United Kingdom can say, ‘We have two options; we’re going to piggyback off of what the EU is doing, or we’re going to do something else with the United States.’”</p><p><strong>Talent shortage</strong>. Another major concern related to Brexit is whether the United Kingdom will be able to recruit talented cybersecurity workers. A recent study highlighted the lack of “digital skills” among people in Britain, which has looked to the EU to recruit employees to fill the void, according to a report by the Science and Technology Committee that was presented to the House of Commons earlier this year.</p><p>“Removing a flow of talent and expertise from Europe could deprive U.K. tech companies of an essential ingredient for sustained growth,” the International Business Times reported before the Brexit referendum. “Additionally, given that Britain’s tech scene—especially in London—is quite multicultural, start-up founders worry that leaving the European Union will make it much harder to hire the best employees.”</p><p>And this is not just a U.K. problem. Globally, 94 percent of executives reported that they are having trouble finding skilled candidates for cybersecurity jobs, according to a recent survey by the Information Systems Audit and Control Association (ISACA). </p><p>This problem, which is not a new one, is unlikely to go away anytime soon. The 2015 (ISC)² Global Information Security Workforce Study projected that by 2020, there will be 1.5 million unfilled information security positions. </p><p>“Signs of strain within security operations due to workforce shortage are materializing,” the report explained. “Configuration mistakes and oversights, for example, were identified by the survey respondents as a material concern. Also, remediation time following system or data compromises is steadily getting longer.”</p><p>This, in turn, results in IT security professionals increasingly cornered into a reactionary role of identifying compromises and addressing security concerns as they arise, instead of proactively mitigating the contributing factors, according to the report.</p><p>To combat this, many information security departments are increasing expenditures on security tools and technologies, and for managed and professional security service providers to augment existing staff.</p><p>However, more needs to be done to attract qualified workers to the cybersecurity industry. One new effort to do this was announced by Cisco earlier this year. The company will invest $10 million in a Global Security Scholarship and make enhancements to its security certification portfolio to help close the industry skills gap. </p><p>“Many CEOs across the globe tell us their ability to innovate is hampered by their security concerns in the digital world,” said Jeanne Beliveau-Dunn, vice president and general manager of Cisco Services in a statement. “This creates a big future demand for skill sets that don’t exist at scale today. We developed this scholarship program to help jump-start the development of new talent.”</p><p>The scholarship is a two-year program that is designed in partnership with Cisco Authorized Learning Partners to address the critical skills deficit and provide on-the-job readiness needed to meet current and future challenges of network security, according to a press release. As part of the scholarship program, Cisco also plans to offer training, mentoring, and certifications that align with the job of an analyst in a security operations center.</p><p>Scholarship awards became available on August 1 and are available to applicants who meet certain qualifications until the end of July 2017. To be considered for a scholarship, applicants must be at least 18, proficient in English, and have basic competency in one area, such as three years of combined experience in approved U.S. military job roles or Windows expertise.</p><p>Part of Cisco’s efforts will also concentrate on diversifying the IT security workforce so it includes veterans, women, and those just at the start of their careers. Reaching this audience is critically important, says David Shearer, CEO of (ISC)².</p><p>“New young people are not coming into the workforce,” Shearer explains. “That’s not a one- or two-year fix. Only 6 percent of the industry is below the age of 30. That’s a train wreck.”</p><p>Instead, the median age for information security professionals is 42, and workers are 90 percent male. These individuals are working longer hours, which can create problems with burnout and may cause many to move into a different career path “because the grind of the pace of the work is too much.”</p><p><strong>Accountability. </strong>The talent shortage, paired with the rise of cyber incidents, is also placing additional pressure on IT and security executives to communicate actionable data to their boards of directors—or risk termination, a new report says.</p><p>Research of U.S. corporations by Bay Dynamics, a cyber risk analytics company, found that “59 percent of board members say that one or more IT security executives will lose their job as a result of failing to provide useful, actionable information.”</p><p>This may be because boards are placing an ever-higher value on cybersecurity, with 89 percent of board members reporting that they are very involved in making cyber risk decisions for their organizations. </p><p>Twenty-six percent of board members also reported that cyber risks were their highest priority, while other risks, like financial, legal, regulatory, and competitive risks were termed “highest priority” by only 16 to 22 percent of surveyed members.</p><p>Coupled with that, the report found that 34 percent of board members indicated that they would provide warnings that improvements in reporting would need to be made before firing <span style="line-height:1.5em;">a</span><span style="line-height:1.5em;">n executive.</span></p><p>But the report also highlighted “significant contradictions, such as while the majority (70 percent) of board members say they understand everything they’re being told by IT and security executives in their presentations, more than half believe the data presented is too technical.”</p><p>Overall, however, the report shows that boards are engaged and holding IT and security executives accountable for reducing risk, said Ryan Stolte, chief technology officer at Bay Dynamics, in a statement.</p><p>“Companies are headed in the right direction when it comes to managing their cyber risk,” Stolte explained. “However, more work needs to be done. Part of the problem is that board members are being educated about cyber risk by the same people (IT and security executives) who are tasked to measure and reduce it. Companies need an objective, industry standard model for measuring cyber risk so that everyone is following the same playbooks and making decisions based on the same set of requirements.”</p><p><strong>Encryption. </strong>By the end of this year, 65 to 70 percent of Internet traffic will be encrypted in most markets, according to a report by Sandvine, an intelligent broadband networks company. This year, 2016, was a major milestone in the life of encryption as companies from Apple to Facebook to Twitter to cloud service providers to WhatsApp embraced encryption across the board.</p><p>However, this move has ramifications for corporate security, which can’t always see what’s happening in its network due to encrypted traffic, and for law enforcement as it loses its ability to gather certain kinds of digital evidence—an issue the FBI terms “Going Dark.”</p><p>“The issue for us is the inability to get access to digital evidence,” says Sasha Cohen O’Connell, the FBI chief policy advisor for science and technology. “This is not a situation where the U.S. Department of Justice is looking for new authorities; it is about exercising the authority we already have…and our inability to access content data, even with due process.”</p><p>To combat this, the FBI has gone to court against private companies to demand access to encrypted data, such as when it filed suit against Apple to gain access to an iPhone 5c used by one of the San Bernardino, California, shooters.</p><p>It has also been encouraging companies to use a form of encryption it terms provider access—where, for example, the data is encrypted on a smartphone but the smartphone’s manufacturer has the key to decrypt that data if it’s served with a court order to do so.</p><p>This approach, however, has been met with criticism by technical experts who say that introducing that access point into encrypted data is making it vulnerable. </p><p>“Academically, they are correct,” O’Connell says. “Any entry point, no matter how managed, does introduce vulnerability. Of course it does. But over in the real world, where we use real products every day that for convenience, for advertising, for spam tracking, for a thousand reasons that make sense to us, we’re still within a reasonable risk or what the market has accepted as a risk.”</p><p>For more on the FBI’s stance on encryption and Going Dark, visit Security Management’s website for an exclusive interview with O’Connell.  </p>GP0|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://adminsm.asisonline.org/Pages/July-2018-ASIS-News.aspxJuly 2018 ASIS News<h4>​GSX Promises Vegas Flair</h4><p>World-class networking is a hallmark of the ASIS annual event. In Las Vegas this September, the Society is pulling out all the stops for Global Security Exchange (GSX), formerly the Annual Seminar and Exhibits. From bowling to luncheons to a reception at Drai's Nightclub, GSX offers countless opportunities to forge new connections and cement existing relationships at the industry's premier networking events.</p><p>Kick off the week on Sunday, September 23, by teaming up with friends and colleagues for the ASIS Foundation Golf Tournament at Bali Hai Golf Club, located next to the Las Vegas Strip. Registration includes breakfast, player gifts, and a buffet lunch, with event proceeds benefiting the ASIS Foundation. </p><p>On Sunday evening, the popular Brooklyn Bowl will be transformed into the GSX Opening Night Celebration. Don your bowling shoes and join thousands of peers for a fun-filled night of food, music, and catching up with friends. </p><p>The U.S. Outstanding Security Performance Awards (OSPAs) Luncheon on Monday provides an opportunity to celebrate excellence across the industry—from young professionals to managers to consultants, and more. The deadline to enter for U.S. OSPAs consideration is July 23. Apply at us.theospas.com/enter.</p><p>In addition to opportunities to connect with colleagues in the halls and while perusing the exhibits, the ASIS International Happy Hour on Tuesday on the show floor will celebrate the end of the first day of exhibits. Grab a drink and relive the highlights of the day.</p><p>Close the week in style at the annual President's Reception at Drai's Nightclub. At one of Las Vegas's most exclusive venues, guests will be treated to an evening of live entertainment, food and drinks, networking, and a view of the Strip from the 11th story capstone of the Cromwell hotel.</p><p>Register for an All-Access Pass before August 10 and save $100 on your ticket to these events and more. Visit GSX.org/register to sign up.​</p><h4>SECOND QUARTER GLOBAL EVENTS</h4><p>Excitement is building towards GSX this September in Las Vegas, as evidenced by the energy at the following events that took place in the second quarter of 2018. </p><p><strong>CSO Summit</strong></p><p>Transparency battles. Global rules in flux. Artificial intelligence. </p><p>Global chief security officers and deputies who attended the 11th Annual CSO Summit April 29 through May 1 at Target Plaza Commons in Minneapolis, Minnesota, grappled with how these and other change drivers will affect the security profession. </p><p>While key conversations and experiences—such as a private security tour of U.S. Bank Stadium—were prevalent, at center stage was a forward-looking agenda aiming to make sure security executives adapt and remain relevant to their organizations. </p><p>Futurist and cybersecurity professional Scott Klososky led off the conference by emphasizing that security leaders are responsible for looking into the future and—before anyone else—understanding how the world, their industry, and their businesses are changing, especially with an eye toward future risk. </p><p>For every cutting-edge technology solution or strategic advantage discussed throughout the event, there was equal and appropriate caution regarding unintended consequences. </p><p>For example, artificial intelligence will help security by enabling analysis of logarithmically more data, such as using HR records to identify insider threats, but it has to be implemented properly and with auditability because it can lead to algorithmic bias—that is, it could systematically discriminate against certain groups.</p><p>A common theme across the two days was to define security initiatives in terms of drivers and enablers of business and savings, rather than as sunk costs. Speakers shared examples of strategies they used to calculate the cost savings of implementing new security projects to justify those programs to the C-suite. </p><p>Another common theme was that the path forward for corporate security, and sustainable success in business, requires effective implementation of enterprise security risk management (ESRM), where the organization formally and holistically manages risk. </p><p>This can go hand-in-hand with a DevSecOps approach, where all employees are empowered to contribute to organizational safety and security, especially as it becomes more difficult to centralize response to the growing activities and vast data sources generated by modern business processes and systems.</p><p>CSOs and their deputies will have the opportunity to continue exploring the evolution of these change drivers and attend exclusive educational sessions in the CSO track at GSX in September. </p><p><strong>ASIS NYC</strong></p><p>Thousands of security and law enforcement professionals gathered at the Jacob K. Javits Center May 16 and 17 for the ASIS 28th New York City Security Conference and Expo to dive into networking, education, and exhibits at the Northeast's leading security event.</p><p>The event started with a Security Rocks welcome party at the Hard Rock Cafe on Tuesday evening. Live entertainment set the scene for fun and networking worthy of the Big Apple.</p><p>Conference education began Wednesday morning with a keynote from JPMorgan Chase Crisis Management Head Scott Morrison, who discussed emerging threats and trends. </p><p>The emerging trends theme continued throughout the day, via a panel discussing the legal and practical applications of drone technologies, a crash course on implementing ESRM to earn security a "seat at the table," and a talk from Facebook Chief Global Security Officer Nick Lovrien, who explored the challenges associated with securing Facebook's open office environment.</p><p>Thursday's education focused on active assailant attacks, with sessions devoted to emergency preparedness and vehicle-involved attacks. At Thursday's Person of the Year Luncheon, the ASIS New York City Chapter honored His Eminence Timothy Cardinal Dolan for his service to the people of New York.</p><p>On both days, a bustling expo floor provided attendees the opportunity to meet with some of the region's foremost solutions providers.</p><p><strong>ASIS Toronto Best Practices</strong></p><p>ASIS Toronto's largest educational event of the year, the 2018 Best Practices Seminar held on April 19, was its largest ever, with a full house of 200 attendees and speakers. It was the 25th annual seminar for the chapter.</p><p>For the first time, the event was held in the Grand Banking Hall of the Dominion Bank building at One King West in downtown Toronto. Attendees enjoyed a jam-packed day of presentations set against the historic ballroom's dramatic backdrop.</p><p>Themed #SecurityEmerging, the seminar featured topical sessions including hyperloop, ESRM, and cannabis. John Minster, physical security manager, TD Bank, discussed video analytics, demonstrating examples of how to apply basic analytics in a variety of real-world applications, with measurable results to the organization. The day concluded with a panel of experts who discussed the role of the security professional in dealing with workplace sexual assault. </p><p>The 26th Annual Best Practices Seminar will be held on April 11, 2019. Visit asistoronto.org for details.​</p><h4>ESRM: MID-YEAR UPDATE</h4><p>By Tim McCreight, CPP, and Rachelle Loyear.</p><p>The ASIS ESRM Initiative is now at its halfway point for 2018. During the leadership sessions held in Washington, D.C., in January, ASIS made it clear that enterprise security risk management (ESRM) is a priority for the Society today, and into our future. As co-chairs of this important work, we are pleased to share a status report detailing the efforts to infuse ESRM into the Society's programs and services. </p><p>It is with great pride we can say that in the past six months, the ESRM Initiative has accomplished a number of significant achievements. Four value streams were established, each led by a subject matter expert and a representative from the ASIS Board of Directors. </p><p>They focus on Education, Standards and Guidelines, Marketing/Branding, and Maturity Model Tool. We are already seeing the fruits of these groups' labor with the following initiatives well underway:</p><p>•   Education. An ESRM webinar, including definitions and key points, was developed to ensure that all the ESRM presenters at Global Security Exchange (GSX) are "singing from the same songbook." In addition, a draft glossary of terms has been created and an ESRM 101 training will be available by GSX. </p><p>•   Standards and Guidelines. A draft ESRM guideline is on track to be completed by GSX. This document outlines an approach to security program management using risk principles to link an organization's security practice to its mission and goals. The working guideline also describes the concept of ESRM, including its four principal elements, as well as additional steps security professionals can take to strengthen an ESRM effort, bring it to maturity, and maintain it over time. </p><p>•   Maturity Model Tool. Require­ments for the tool have been established and a request for proposal for a supplier has been disseminated. </p><p>•   Marketing and Branding. An ESRM slide deck was distributed to all chapter and council leaders, and several articles have been written detailing the need for security professionals to apply ESRM within their organizations. </p><p>There is a great deal of rigor and project management going on behind the scenes within the ESRM Initiative, and it shows. The value streams are all on track to deliver their key project updates by GSX, and there will be a number of educational sessions at GSX to showcase some of the deliverables, including a pre-conference program workshop.</p><p>Check the GSX program guide to see all the ESRM sessions for 2018, and feel free to contact us at esrm@asisonline.org if you have questions or would like more information on any of the value streams.</p><p>Tim McCreight, CPP, is ESRM Initiative board sponsor, and Rachelle Loyear is ESRM Initiative program manager.​</p><h4>EXECUTIVE PROGRAM</h4><p>Wharton/ASIS Program for Security Executives: Making the Business Case for Security.</p><p>October 21-26.</p><p>Philadelphia, Pennsylvania.</p><p>With so many new threats confronting today's organizations, corporations are challenged by competing security priorities, as well as how to invest their resources wisely. </p><p>How do they best protect their employees and their organizations' networks and data from harm? As a security professional, how do you communicate the security story so leaders fully understand the costs, benefits, and risks of not having a comprehensive strategy?</p><p>Designed for senior security leaders, the Wharton/ASIS Program for Security Executives will enhance participants' business acumen and effectiveness in key areas of strategy, negotiation, critical thinking, and managing change. Attendees will gain the leadership and management skills needed to help them work more effectively and communicate the bottom-line impact of security decisions to the C-suite—so security priorities can be moved forward. </p><p>Through interactive lectures, exercises, and case studies, both in the classroom and in smaller work groups, this custom-designed program will enable participants to create effective security strategies in a fast-changing, global environment. Attendees will come away with a strategic toolbox that will help put these business skills into immediate practice, as well as recognition of their own leadership and communication strengths.</p><p>ASIS members save $1,000 (and CSO Center members qualify for an additional discount) on the regular program fee—which includes all meals and accommodations. Visit asisonline.org/wharton to learn more and apply.​</p><h4>IT SECURITY COUNCIL SPOTLIGHT</h4><p>"Cybersecurity is like painting a bridge," says ASIS Information Technology Security Council Vice Chair Robert Raffaele, CPP. "As soon as you decide on a practice and implement it, it's time to start over again. The technology advances so rapidly that documented best practices can quickly become obsolete."</p><p>The IT Security Council carries the unique burden of sharing its members' world-class information security expertise in forms that won't be outdated by the time they reach their audience.</p><p>Earlier this year, the council published Security on the Internet of Things: An Enterprise Security Risk Management Perspective, a white paper examining risks security professionals need to keep in mind as today's devices become more and more connected.</p><p>Given the nature of IT security, the council emphasizes person-to-person knowledge-sharing—timely advice delivered when it's needed most. This September, the council will sponsor  11 education sessions at GSX. These sessions will cover topics like cyber terrorism, mobile device security, cybersecurity for physical security professionals, emerging technologies, safe cities, and more.</p><p>The council also offers itself as a yearlong resource, connecting security professionals with the appropriate council members and trusted industry experts needed to tackle real-time IT security problems.</p><p>"In security, trust is such a big factor," says 2018 Council Chair Jeff Sieben, CPP. "It's so much easier to rely on a particular process when that process has been vetted by someone you trust. As a council, we're happy to be that bridge between members and the reliable, immediate information they need."</p><p>Sieben says the council's role is to be a consultative body of subject matter experts. </p><p>"This council's greatest asset is members who stay current and are available to talk about current topics," he says. "Our members are plugged into the greater IT security sphere, contributing to ISACA, ISSA, SIA, (ISC)2, and more."</p><p>To consult with the IT Security Council, email council leadership or message a council member on ASIS Connects. The full council roster can be found on the council's community page. Search "Information Technology Security Council."​</p><h4>ASIS LIFE MEMBERS</h4><p>ASIS congratulates Eduardo Martinez Fulgencio, CPP; Leonard A. Rosen; and H. John Bates, CPP; who were granted lifetime ASIS membership.</p><p>Fulgencio served as an ASIS assistant regional vice president for many years. He also held the positions of chapter newsletter chair, chapter chair, treasurer, and chapter program chair for the Philippines Chapter of ASIS. He has been a member of ASIS for more than two decades.</p><p>Rosen and Bates were automatically honored with the lifetime award for their continuous membership of more than 50 years. ASIS is grateful for their loyalty for more than half a century.  ​ </p><h4>MEMBER BOOK REVIEW</h4><p><em>Private Security and the Law, Fifth Edition</em>. By Charles P. Nemeth. CRC Press; crcpress.com; 739 pages; $89.95.</p><p>As the security profession makes strides in education and training, there is a concurrent need for books that light the path. Dr. Charles Nemeth has written such a book: <em>Private Security and the Law. </em>This fifth edition is a big one, both in size and what it has to say. The author has significant experience as both a security practitioner and a scholar. In this book, he nimbly toggles between the two worlds, presenting a viewpoint that is unbiased and comprehensive.  </p><p>Nemeth acknowledges the tension between public policing and private security, while showing how the two can work symbiotically. The first chapter presents the historical underpinnings of the profession, giving a rich history of private security protection. </p><p>The next chapters focus on regulation and licensing; the law of arrest, search, and seizure; civil causes of action; criminal culpability and the private security industry; and evidentiary issues. These chapters help the reader understand how complex areas of the law relate to the security profession.  </p><p>As both an attorney and a professor of security management, I would refer to this book because it presents statutory and common law elements and legal explanations in a straightforward manner, while also presenting case law and helpful study questions. I appreciate the standout inserts that allow readers to update their knowledge, as well as the citations of websites, handy tables, charts, and sample forms sprinkled throughout the book.</p><p>Bringing it all together are Chapter 7, a model for cooperation between public and private law enforcement, and Chapter 8, a compilation of seminal case law. Nemeth has this to say about the roles of public policing and private security: "Factionalism is surely not a fixed state for either side of the policing model. What appears more likely on the horizon is the recognition that these are two armies operating under one flag."</p><p>I highly recommend this book for the classroom, the security practitioner seeking to know more about the law, and the lawyer representing a security provider as a client. This fifth edition is a monumental work, deserving of space in the libraries of students, lawyers, and security professionals.</p><p><em>Reviewer: Lydia R. Wilson, CPP, is an attorney admitted to practice law in Virginia, New York, and Florida. She is a member of the ASIS Information Asset Protection and Pre-Employment Screening Council.</em></p>GP0|#3795b40d-c591-4b06-959c-9e277b38585e;L0|#03795b40d-c591-4b06-959c-9e277b38585e|Security by Industry;GTSet|#8accba12-4830-47cd-9299-2b34a4344465