Embed Size (px)
Citation preview
2017 ASIS Boston Chapter Leadership
Craig McQuate, [email protected]
Joe Crowley, CPP, Vice Chair [email protected]
Pam Perini, PSP, [email protected]
Jim J. Healey, CPP, CFE, [email protected]
www.asis-boston.org
Editorial: Howard Communication AssociatesDesign: MSG Design
The Security BeaconJune 2017 Boston Chapter of ASIS International
In this issue...
Ransomware update 1
Security Expo success 1
Chairperson’s message 2
Don’t click 3
Upcoming Events 4
Tee up for golf 5
Risk management 6
CPP review 7
Please support our generous ASIS Boston
Chapter supporters
Prevent ransomware attacks with these tips
A caution went out last month re-garding a very serious ransomwareoutbreak spreading throughout theglobe. This ransomware, referred toas WannaCry, is still spreading andwe need to continue to watch forany suspicious or fraudulent emails.
Researchers have estimated thatnearly 57,000 computers and morethan 150 countries were infected byend of day Friday May 12th. As of
this article’s publishing, more than 200,000 systems around the world are believedto have been infected. It is by far the most severe malware attack in 2017.continued on page 5
April Security Expo breaks records
Were you there?
ASIS Boston, the leading organization represent-ing security professionals in Eastern Massachu-setts, hosted a landmark Security Expo in Aprilfeaturing more exhibits, more educational pro-grams and more audienceengagement than ever be-fore. The 2017 SecurityExpo provided in-depthlooks at some of the indus-try’s hottest topics, includ-ing cybercrime, culturaldifferences in the security
industry, and targeted violence against security officers. Many thanks to the generous sponsors who supported thisimportant event, including:
Platinum Sponsors: Everbridge Inc., Northland Controls
Gold: Pasek, United Security, Inc.
Silver Sponsors: Axis Communications, Identicard, RSIG Security, US Security Associates, Vistacom, Inc.
continued on page 7
ASIS Boston Treasurer Jim Healey, CPP,congratulates David Spector, CPP, on receiving the 2017 Joseph E. Ewers Distinguished Service Award.
Program Chair ShannonRoddy
June 2017 2
Chairperson’s Message
What a spring it hasbeen! The ASISBoston Chapter en-joyed yet anothersuccessful SecurityExpo with excellent
networking opportunities and three dy-namic speakers. The Expo Committeecontinues to outdo itself each year andthis year was no exception. Manythanks to our sponsors and exhibitors.This year also saw the return to thisevent of the prestigious Joseph E. EwersDistinguished Service Award. Congrat-ulations to member David Spector forhis long and dedicated service to ourChapter.
Eighteen security professionals strivingto obtain their CPP certification at-tended the Chapter’s CPP Review onMay 1-3 at Axis Communications inChelmsford. We even had a colleaguewho flew in from Iowa just to attendour review (See page 7). Next year weare shooting to have an international attendee.
As summer approaches, we have twobig events on the schedule. The first isour Annual Public Safety AppreciationLuncheon on June 22 at the Lantana inRandolph. Bradford Cole, ExecutiveDirector of K9 First Responders, is ourguest speaker and he will speak on thepsychological trauma and unintendedconsequences of critical incidents. Brad-ford will be accompanied by his part-ner, Spartacus. This is our last monthlymeeting before we break for the sum-mer, so don’t miss it.
The second event is the annual J.P.Manning Golf Tournament on July 31at Blackstone Country Club in Sutton,Massachusetts. This is always a goodtime with some friendly competition
between companies and colleagues.Sign up as an individual or get a four-some together. Blackstone is a beautifulcourse and lunch is included. Don’tgolf? No problem! There is a lessonand lunch option.
Your Executive Board will continueworking over the summer in prepara-tion for our fall meetings and other educational opportunities. Your Boardworks hard but it’s all for naught if youaren’t there. We continue to look forvolunteers as well, so if you haven’tgiven anything back to your profession,consider serving the Chapter in somecapacity. Write me [email protected] and I’ll behappy to connect you with one of ourhard-working volunteers.
Have a great summer!
Craig McQuate, CPP, ChairpersonASIS Boston Chapter
The benefits of ASIS
Not an ASIS member yet? Join NOWto take advantage of these career-boosting benefits:
• Members-only savings on CPP, PCIand PSP Board certification applica-tions and exam fees ($450 value)
• Members-only pricing on educa-tional webinars, classroom programs,and e-Learning ($3,500 value)
• Ability to post resumes and explorejobs in the ASIS International CareerCenter (invaluable)
• Volunteer leadership and executivetraining to advance your career (invaluable)
You’ll also receive a free subscription toASIS Boston’s award-winning newslet-ter, The Security Beacon, valuable op-portunities to network and connectwith security professionals throughoutNew England, and money-saving dis-counts on ASIS programs and learn-ing. Become an ASIS member to startbuilding your future today. Go tohttp://ow.ly/K3tR308qm6y to learnmore.
New phishing attack uses business, personal information toengage victims
The evil airline phishing attack combines all"criminal best-practices" to steal credentials anddrop malware on disk, which is used to thenfurther hack into your network. This highly ef-fective phishing attack tricks a whopping 90%of the victims.
The campaign targets companies that deal with frequent shipping of goods or em-ployee travel, such as logistics, shipping or manufacturing. Almost any organizationwith people that frequently visit customers or business partners is a possible target.
The phishing attack targets the employees and the attackers do quite a bit of re-search before sending the phishing emails. The messages are constructed with sub-ject lines and bodies that include destinations, airlines and other details that arespecific to each victim, helping them appear authentic. Here is a sample subjectline:
Fwd: United Airlines: Confirmation – Flight to Tokyo – 3,543.30 Dollars
“After getting the employee to open the email, the second tool employed by the at-tacker is an advanced persistent threat embedded in an email attachment. The at-tachment, usually a flight confirmation or receipt, is typically formatted as a PDFor DOCX document. In this attack, the malware will be executed upon the open-ing of the document,” said Asaf Cidon, vice president of content security services atBarracuda, in a post explaining the attacks.
"There is a new spin on an existing phishing scam you need to be aware of. Badguys are doing research on you personally using social media and find out whereand when you (might) travel for business. Next, they craft an email especially foryou with an airline reservation or receipt that looks just like the real thing, sentwith a spoofed "From" email address that also looks legit."Sometimes, they evenhave links in this email that go to a website that looks identical to the real airline,but it is fake. They try to do two things: 1) try to steal your company usernameand password, and 2) try to trick you into opening the attachment which could bea PDF or DOCX. If you click on the link or open the attachment, your worksta-tion will possibly get infected with malware that allows the bad guys to hack intoour network.
Remember, if you want to check any airline reservations or flight status, openyour browser and type the website name in the address bar or use a bookmarkthat you yourself set earlier. Do not click on links in emails to go to websites.
June 2017 3
Advance your careerwith certification fromASIS
ASIS certificate programs addressthe competency requirements ofcurrent security professionals andrelated professionals in engineer-ing, law, and/or human resourceswith security management respon-sibilities. To receive a certificate forthe course, you must take a certificate exam.
Programs with corresponding certificates include:
ASIS Assets Protection Course™:Functional Management (APC III)July 2017Grand Hyatt Denver
Executive ProtectionNovember 2017Hyatt French Quarter
Risk, Threat, and Vulnerability AssessmentNovember 2017Hyatt French Quarter
What is the difference between"certification" and a "certificate?"
The CPP, PCI, and PSP are glob-ally-recognized board certificationsthat denote mastery of a body ofknowledge as well as a minimumnumber of years of experience.Maintaining certification requiresongoing learning.
A certificate shows that an individ-ual has successfully met a series ofrequirements around a specificcontent area.
Visit www.asisonline.org for costsand registration information.
Calendar of Events June - October 4
June
5-8
IE/ASIS Program: Effective Manage-ment for Security ProfessionalsMadrid, Spain
7
ASIS Webinar: Security the NorthAmerican Electricity Grid
9
All-Day Training and Annual MeetingGreater Boston Chapter of the Associ-ation of Certified Fraud Examiners9am - 4pmThomas P. O’Neill Federal Building,Boston
18-23
28th Annual ACFE Global FraudConference Music City CenterNashville, TN
22
ASIS Boston Public Safety Apprecia-tion Luncheon with Guest SpeakerBradford ColeLantana, Randolph, MACocktail hour: 11:15 amLuncheon: 12:15 pmClick to register now
Ongoing
ACFE Webinar: Money Laundering inthe Digital Currency EnvironmentOrder online at www.acfe.com or byphoning (800) 245-3321
To register for ASIS International webinars and classroom programs, visitwww.asisonline.org
September
13
ASIS Webinar: Creating EffectiveEmergency Management Tabletop Exercises
21
ASIS Boston September Dinner Meeting
23-24
CPP/PCI/PSP Review ProgramsDallas, TX
25-28
63rd Annual ASIS Seminar and ExhibitsDallas, TX
October
11
ASIS Webinar: Negotiating, Draftingand Enforcing Service Agreements
15-20
ASIS/Wharton Program for SecurityExecutivesMaking the Business Case for Security
19
ASIS Boston October Lunch Meeting
July
10-12
Facility Security DesignGrand Hyatt DenverDenver, CO
10-13
Assets Protection Course™: PracticalApplications (APC-III)Grand Hyatt DenverDenver, CO
Crisis Management Program Planningand Crisis Plan Development Grand Hyatt Denver Denver, CO
12
ASIS Webinar: Soft Target Hardening:Houses of Worship
31
25th Annual JP Manning Golf TournamentBlackstone National Golf Course, Sutton
August
9
ASIS Webinar: Updates in CPTED:Strategies for the 21st Century
23
ASIS Webinar: Writing Security Policies and ProceduresMilan, Italy
Send Us Your News!
Share your knowledge of the security industry by writing forThe Security Beacon. Email articles and photos [email protected]
april 2017 5
J.P. Manning Memorial Golf Tournament tees off on Monday, July 31
It's time again for some golf, barbecue and camaraderie, with a little friendly competition to keep things interesting. Blackstone National Golf Club is rated byGolfWeek Magazine as one of the best courses to play. Bring your clients and co-workers to enjoy a day of play at this beautifully-designed and playable course in Sutton, MA. Click to register NOW.
• Four-Person Scramble:We will be playing a Four-Person Scramble which allows even new golfers to enjoy the day. In a Four-Person Scramble, all four teammembers tee off on each hole. The team then selects the best-positioned ball andeach player plays from that position. Once a ball is holed, the hole is over. Men willplay from the blue tees and women from the red. This format gives every golfer, regardless of skill, a chance to participate and contribute. Everyone enjoyed thespeed of play and the “fun-for-all” format.
• Team Competition: Put together a team(s) and compete against each otherand for one of the top three trophies for the three lowest-scoring teams. You caneven award your own trophy for the winning team among the foursomes you signup or perhaps you want to challenge some of your business competitors. The four-person scramble format encourages “having fun,” so you can invite clients or fellowemployees who aren’t good golfers. They may like to get out occasionally, and then,have to reveal their own scores or handicaps. Use your imagination to create yourteams, i.e., a company’s security supervisors against client representatives (sure,you’ll let the clients win); one company team against another team for the com-pany trophy/prize, or one company against another company they compete againstfor business or bragging rights.
• Individuals: If you are not lined up with a team, sign up as an individual andwe’ll team you up with others who aren’t on a team. The objective is for everyoneto have a fun day and contribute to the John P. Manning Leadership Fund. We also
Enjoy a delicious lunch of your choice of steak or chicken prepared and served bythe catering team at Blackstone National Golf. Also included are golf bag valet atcheck-in; golf carts with state-of-the-art GPS, and driving range access.have avail-able a Golf Instructor Lead Lesson and Lunch option! continued on page 7
Prevent Ransomeware, cont’d pg 1
What can WannaCry do to your system?
This particular type of ransomwareworks by encrypting most or even all ofthe files on your computer. The soft-ware then demands that a ransom bepaid in order to have the files de-crypted. WannaCry demands that thevictim pay a ransom of $300 in bitcoinsat the time of infection. If the ransom isnot paid within three days, the amountdoubles. The screenshot on page 1 depicts what would appear if youclicked on a link containing the WannaCry ransomware:
How can you protect yourself?
DO NOT click on links within emailsyou are not expecting or from unknownsenders. Follow these helpful tips whenchecking emails:
• Hover your mouse over links BEFORE clicking to verify the destination;
• Make sure you recognize the sender;
• Check for spelling or grammatical errors;
• Send any suspicious or fraudulent emails to your Help desk or IT department.
June 2017 6
ASIS Book Review:Enterprise Risk Management– Straight to the PointAn Implementation Guide Function by Function(Viewpoints on ERM)
By Al Decker and Donna Galer Reviewed by Mark H. Beaudry, PhD, CPP
In Enterprise Risk Management: Straightto the Point, authors Al Decker andDonna Galer provide a clear workingframework for understanding how toput together a risk management pro-gram from a practical standpoint. Partof the value is the recognition that notall enterprise risk is purely financial andthat other operational departments alsocreate or manage risk that can be disas-trous to the organization. The readerwill find this to be a practical guide forestablishing an enterprise risk manage-ment (ERM) program that works for allorganizations.
The book offers eight guide points thatdescribe ERM for the reader to get thebasic idea of what the term means, aswell as the importance of approachingall the risks in a cohesive fashion. The
authors then provide a brief discussionof five major points in ERM: Identify,Prioritize, Mitigate, Report and Meas-ure. This is followed by a discussion ona sample of the five functions of an or-ganization: finance, human resources,marketing, Information Technology,and Investor Relations.
Decker, who has 30 years of experiencein private industry and public account-ing and is a recognized authority onERM, information security and privacy,and internal controls, concludes with apractical case study involving a softwarecompany. The appendix also includestemplates for heat maps, risk categories,and likelihood as well as a sample riskID questionnaire and more. Numerousexamples provide insight into embark-ing on an ERM project and establish anexcellent guide for anyone in the riskmanagement field.
Decker and Galer have done an excel-lent job in describing a real-world ap-proach for business owners andexecutive boards to use in translatingtheir top business strategies into actionplans. Unfortunately, most businessstrategies fail for lack of effective execu-tion. This book should be read by allfunctional department managers andprocess owners that must collaborate onidentifying and mitigating risks thatcould preclude the success of corporatestrategies.
Straight to the Point is well-written, logi-cal and to the point. Its content isclearly and succinctly presented andmakes a complex subject as simple as itcan be. The steps to implementing anERM framework are well-explained.The examples provide a basis for ex-tending the model to cover large andstructurally-complex organizations.This is a great book for helping to edu-cate large and small enterprises about
Read any good bookslately?
Write a review of a book you’veread about security or a relatedsubject and submit it to The Security Beacon for an upcomingissue. Book reviews should be250-350 words in length. Questions? [email protected].
ERM and provide a framework for im-plementation. The authors have done agreat job organizing the material to“level set” the enterprise. The tools,charts and case studies all will assist thereader.
This book also provides a good descrip-tion of the fundamental ERM processesthat are critical for leaders and man-agers and help readers understand theessential roles and responsibilities forsuccessful participation in risk planningand mitigation. The book is very user-friendly and offers practical, usable ad-vice for organizations of all sizes.
Dr. Mark H. Beaudry, CPP, is a frequentcontributor to The Security Beacon. He ischairman of the ASIS Foundation ResearchCouncil and a member of the ASIS Leader-ship and Management Practices Council.
June 2017 7
Golf Tournament, cont’d pg 3
For further questions or assistance,please contact Bob Nicol, 100 Leo M.Birmingham Parkway, Brighton, MA02135.
Monday, July 31, 2017 • 8am Shotgun Start
Blackstone National Golf Course227 Putnam Hill RdSutton, MA 01590
$130/Person$60/Golf Lesson and Lunch$35/Lunch Only $500/Foursome
Sponsorship OptionsAll proceeds go directly to the BostonChapter’s scholarship fund named afterJohn P. Manning, a long-time ASISBoston member and leader.
Foursome w/Hole Sponsorship $625/foursome
Hole Sponsorships$150/hole
Sponsor Gift Bags $250
Sponsor Breakfast/Lunch$250
Custom DonationTo make a custom donation, please click here.
Donate prizes to be auctioned off orawarded through a drawing by bringingthem to the event or sending them witha script to: Bob Nicol, 100 Leo M.Birmingham Parkway, Brighton, MA02135.
Annual Boston CPP Review attracts cross-country attention
Eighteen security colleagues came together to attend theannual CPP Review Course held by the ASIS BostonChapter on May, but only one traveled more than1,130 miles to get there.
Brett Mott, an Iowa Chapter member, chose to attendthe annual ASIS Boston program because, he said,“Passing the CPP examination has been a personal andprofessional goal of mine for some time. I checked theASIS web page and found there are not as many reviewsessions scheduled as you might think. The timing forBoston's review session was perfect for me and the tripwas definitely worth it.”
The ASIS Boston CPP Review is an annual course delivered by volunteer instruc-tors from the ASIS Boston Chapter. We are very fortunate to have a dedicatedgroup of instructors committed to helping our next generation of security leaders.We are also grateful to Axis Communications for donating the use of their trainingfacility in Chelmsford for this purpose.
As of press time, we are happy to report that one student, Richard Savickas of Fi-delity Investments, passed the CPP exam with flying colors only a few days after at-tending the course. Congratulations, Richard!
Chapter Chair Craig McQuate
with CPP course attendee Brett
Mott from Iowa
(From l) ASIS Boston Past Chairperson and Program Chair Shannon Roddy, Security Expo Chair Bonnie Michelman,
CHPA, CPP, ASIS Boston member David Spector, CPP, Treasurer Jim Healey, CPP, and Security Expo Exhibit Coordina-
tor Jim Stankevich
Security EXPO, cont’d pg 1
