The Noggin Blog

Data from the Global Peace Index shows that civil unrest doubled over the course of the 2010s. Think only high-profile venues need to be concerned? All organisations need to prepare. Not sure how to develop your civil unrest action plan, though? 

The recent Capitol riots in the US shouldn’t have surprised anyone. Civil unrest leading to attacks on places of mass gathering, particularly government buildings and other venues of high symbolic value, have only increased in recent times. How to protect these venues of mass gathering?

Healthcare workers have long faced significant risk of violence on the job. But the hospital security crisis didn’t just happen by chance. Specific reasons explain these high rates of occupational violence.

Think those reasons don’t matter to you? Think again. Many of the underlying, hospital security risk factors are germane to most professional sectors.

When many in-person industries shut down at the beginning of the pandemic, remote work took off. An unintended consequence of these rapidly assembled teleworking arrangements, though, was the steep rise in cyber attacks.

But attacks themselves aren’t the only incidents Security teams and their enterprises have to worry about. There’s also the reporting that comes after. 

What’s the value of international standards in the age of COVID-19? Well, in the case of information management system standard, ISO/IEC 27001, the standard prescribes baselines for securing information assets. If you haven’t noticed, those information assets are increasingly under threat with the sharp rise of cyber attacks.

So, what should Security teams know about the best-practice standard?

Buildings, sites, plants and equipment, materials, and other physical assets remain some of the easiest targets for malicious actors. And when surveyed, security professionals usually despair of their organisation’s inability to protect them.

Why’s that? Under-investment in physical security management has left these larger, (usually) older assets dangerously vulnerable to compromise. What can be done? Well, Security Operations Centres (SOCs) give organisations a chance to improve their operational security posture and better secure people and property. 

It’s obvious that COVID-19 has shifted the focus of physical security management. Guards, formerly responsible for managing physical threats to people and assets, are now being asked to step into a safety protection and promotion role.

How are they faring? Well, the recent hotel quarantine incident in the Australian state of Victoria suggests that the transition hasn’t been seamless. What could help improve the quality of physical security management in the age of COVID-19?         

Oh, how things have changed. Mere months ago, protective security entailed managing all physical security incidents, threats, and operations – reducing risks to keep people and physical assets safe.

Now, in the midst of an ongoing pandemic, organisations have had to redefine the mission of their physical security teams in an effort to ensure that employees and customers avoid likely health threats, specifically community spread of COVID-19. 

We’re proud to announce that our Noggin 2.0 integrated safety and security platform is now available in the AWS Canada Region, in addition to other generally available Noggin 2.0 zones around the world. Launched in December 2016, the Canada Region enables AWS customers in Canada to store data locally and address regional data compliance requirements.

For many organizations, COVID-19 has meant a halt to on-premise operations and the introduction of broad work-from-home policies.

Sure, that pivot has been key to business survival. But it does carry serious risk, including a greater opportunity for physical security incidents from less oversight. How to mitigate that risk with a remote, fragmented staff? Best-practice security standard, ISO 27001 offers some clues.

On the heels of a successful audit of its Noggin 2.0 platform under the Information Security Registered Assessors Program (IRAP), the integrated safety and security management technology provider passes another stringent security audit, designed to protect the confidentiality, availability, and integrity of information.

Why’s a place of mass gathering so difficult to pin down, even for owners and operators? The answer is more complex than you’d think. For one, place of mass gathering is a risk designation, extrinsic to the core function of the venue. Qualifying a venue as a place of mass gathering is its (high) potential to inspire terrorist attacks, which it becomes by concentrating large numbers of people.

As crises grow in kind and intensity, organizations need to take an intelligence-gathering and constant-monitoring approach to building their crisis management competency. This largely cyclical mode of lifecycle crisis management tends to be more strategy-oriented than the tactics-first approach implicit in the popular pre-crisis, crisis, and post-crisis models. For instance, the British crisis management standard, BS 11200, adopts a fairly cyclical framework that includes the following stages:

When surveyed, senior facilities managers admit that their respective organizations are unprepared to deal with the security risk to the built environment. That is even as risk, including threats like workplace violence, environmental incidents, and active shooter incidents, continues to grow.

In 2018 corporate security incidents came for everyone. Unfortunately, 2019 proved no better. But despite the fact that corporate security incidents invite public scrutiny more swiftly than ever, the number of organizations with an appropriate (security) crisis management and communications plan remains stuck around the 50 percent mark worldwide.

Security incidents have become increasingly common in schools and universities. And bomb threats, in particular, are on the rise. Just look at the data.

It’s always been common for practitioners to treat safety and security as different properties – not just entities requiring different systems but distinct vocabularies and frameworks, as well. But increasingly the question is asked, how tenable is continuing to silo safety and security management? The answer: not tenable at all.

What integrated safety and security management capabilities do you need?

As many of you know, we decided, after a short sabbatical, to revive our User Conference initiative, so as to share best practices in safety and security management that we’ve learned over time, best practices which have also informed the development of our next-generation product, Noggin 2.0.

As a Safety leader, you’ve probably built a strong portfolio in the organisation. So too has your counterpart in Security. And now both of you see key safety and security priorities, like keeping employees safe at work or mitigating threats to facilities and people, reflected at the highest levels.

Focus on physical security controls in ISO 27001

Serious about securing your valuable assets, digital as well as physical? Well, international standards prescribe baselines for securing those assets. The ISO 27001 information security management systems standard, in particular, focuses on securing information assets.

The premier, comprehensive homeland security event in the nation, the 2019 National Homeland Security Conference brings together an impressive array of homeland security professionals. 

Take a look at the figures. Eighteen percent of all violent crimes occur in the workplace. Victim deaths are especially high in retail.

Security operations centers offer some pretty clear business benefits: improved situational awareness and visibility, reduced long-term security costs, and less operational security siloing. But despite the manifold benefits, SOC adoption isn’t universal. Far from it: in fact, according to EY’s Global Information Security Survey, 2017-2018, just half (or so) of all surveyed organizations have an SOC. What’s going on with the rest?

From profits to press to badly-need infrastructure projects, major events can bring any number of lasting benefits to organizers and host sites. Conversely, the risks of running a major event are acute and variegated. So too are the penalties for botching it: public opprobrium, reputational damage, possibly even legal challenge and regulatory blowback. For organizers, effective all-hazards planning is the only solution to help mitigate topline risk and keep attendees safe. But with so many variables involved in major-event management, it’s easy to ask, how to get started?

By now, we know the grizzly details of the March 15 terror attacks at the Al Noor Mosque and Linwood Islamic Centre in Christchurch, the deadliest mass shooting incident in New Zealand history. All told, fifty people were killed, and scores injured at the hands of a self-described white supremacist.

A run-through of what happened

How prepared are organizations to tackle critical issues and major crises? That’s the question we at Noggin and our partner Deloitte have been posing to invited guests in our inaugural series of breakfast seminars, exploring the theme of overconfidence and crisis preparedness.

Physical security incidents cause staggering levels of material damage and cost organizations big bucks. In the construction industry, for example, businesses lose between $300 million and $1 billion every year due to the theft of equipment and other high-value materials, according to data from the U.S. National Insurance Crime Bureau.