Subscribe to RSS - access control

access control

TSA’s quest to merge cybersecurity and information technology

 - 
Wednesday, January 15, 2020

We’re about two weeks into the new year, and suffice to say, gearing up for travel is top of mind for security professionals. The “big” industry shows always seem so far away at this point, but before we know it, ISC West will be here in March, followed by ESX in June; GSX in September; ISC East in partnership with ASIS NYC in November; and more. In addition to these, are the smaller, boutique-type events, such as our SecurityNext conference in February (It’s not too late to register, btw!), not to mention all the companies that host events throughout the year. This puts you and your personal data in quite a few airports’ computer systems, screening technologies, etc., which can be a hacker’s paradise. 

Fortunately, while you’re on your yearly security quests, TSA is on a “quest” of its own: “to merge cybersecurity and information technology,” according to a special notice issued on January 7, 2020. And, they aren’t going at it alone. The agency has the support of America’s airport facilities, working together to create a cybersecurity culture by adopting the requirement “cybersecurity by design” to ensure cybersecurity is at for forefront, as opposed to being an add-on or afterthought. 

In addition to merging cyber and information technology, there are other “requirements for the information security and security screening technologies industry to ensure everyone is working towards a common goal,” it said in the notice. Other requirements include: 

  • Implementation of adequate access control and account management practices by enabling multi-level access to equipment sources and the ability to restrict users;
  • The ability for airport operators to change system level passwords;
  • Use of unique identification of individuals, activity and access to security equipment; 
  • Protection of screening algorithms form compromise, modification and rendering equipment inoperable, and provide immediate alert when algorithms have been accessed;
  • Covering USB ports are covered and access to ports, cables and other peripherals are protected from unauthorized use;
  • Employing automated measures to maintain baseline configurations and ensure systems protections;
  • Proper management of internal and external interfaces and encryption of ingress and egress traffic;
  • Implementing methods to update security equipment affected by software flaws; 
  • Running security assessment tools on devices to ensure appropriate configuration and patch levels, and that no indicators of compromise are present; 
  • Full support to ensure security equipment hardware, software and operating system vulnerabilities are identified and remediated; 
  • Use of an approved encryption method to ensure integrity of all data at rest on security equipment; 
  • Providing comprehensive list of all software and hardware that compromise security equipment; 
  • Demonstrating the ability to update equipment design and capabilities to align with changing cyber intelligence and threat reporting; and 
  • Vetting all local or remote maintenance personnel with the inclusion of background checks. 

TSA hopes that these requirements will “increase security levels; raise the bar of cybersecurity across screening solutions; provide vendors an opportunity to demonstrate their cybersecurity credentials; and provide an aligned approach across the industry—making it easier for vendors to adapt to end user requirement.”

Sounds like a win for anyone involved in travel. 

 

MedixSafe now offers Bluetooth-enabled mobile readers on cabinets

 - 
12/13/2019

MEMPHIS, Tenn.—MedixSafe, a leader in the access control market, announced that its Key Access Ready Enclosure (KARE) key control cabinets are now available with Bluetooth format card readers.

U.S. International Trade Commission rules in favor of Nortek

 - 
12/06/2019

CARLSBAD, Calif.—Nortek Security & Control, a global leader in wireless security, home automation, access control, and health and wellness technology, announced that an administrative law judge (ALJ) of the U.S.

Q&A with new Boon Edam President Valerie Anderson

 - 
11/05/2019

Security Systems News (SSN) recently sat down with Anderson to discuss her role with the company, industry trends and the expanding diversity of the security industry workforce.

Arcules and Siemens partner

Alliance provides organizations with next-generation cloud video solutions
 - 
11/05/2019

IRVINE, Calif.—Arcules, an innovator of integrated cloud-based video and access control services, announced their partnership with Siemens Smart Infrastructure (SI) to provide its Integrated Video Surveillance Service to modern enterprises.

State of the physical access control market, part II

Market gaps and strengths, and a future look into physical access control
 - 
10/02/2019

YARMOUTH, Maine—Security brands and companies offer varying technologies, products and services within the physical access control (PAC) market today; therefore, all security companies and professionals must work extra hard to stay relevant.

RS2 Technologies releases ACT365 Cloud-based access control and video management solution

 - 
09/18/2019

MUNSTER, Ind.—RS2 Technologies, a leading provider of access control systems, recently announced the addition of the ACT365 cloud-based access control and video management solution.

From the mouth of a director of safety and security at a U.S. school district

 - 
Wednesday, September 11, 2019

I just completed an article about perimeter school security, “The undogging debacle: perimeter security in a school environment,” in which I had the opportunity to speak with a director of safety and security for a school district, who also has a 14-year background at the local police department, most recently of which was supervisor for the School Resource Officer Unit. He told me something that really opened my eyes and I think that all security professionals involved in the school security niche need to hear. 

Here’s the question I asked: “If you could pick only one security measure that all school environments must have, what would that be and why?” 

The response: “If you limit me to just one security measure, I would have to say it would be hiring the right people, and training them properly in school safety and security,” Mike Johnson, director of safety and security at Rock Hill Schools, said.  

Read that again … limited to ONE security measure, he relies on people, but not just any people, though, trained people, not equipment or services. 

“The people we have in critical places, from administrators and teachers to support staff, are the biggest asset and the strongest point of any safety and security program,” Johnson continued. “Without quality people who are versed in safety and security, we would have nothing.”

Of course, without equipment or services, school security would be impossible in our modern day of school shootings, cyber-attacks, physical breaches, etc.; however, the key to it all is training. Equipment and service users, the people, must be properly trained to use the equipment and services to effectively and efficiently achieve their security goals. Any school could have the latest and greatest security equipment and services deployed, but if it’s not being used properly or even at all, then, really, what’s the point? 

“All the best products in the world are worthless if you don’t have the right people, who are properly trained, using them,” Johnson said. 

So, security professionals, I ask you, “Who is responsible for this training?” I would hope that every security professional, whether an integrator, consultant, sales person, manufacturer, etc., answered with, “I am responsible.” 

I would love to hear your feedback! Please comment here, over on Twitter @SSN_Ginger or email me directly

 

The undogging debacle: perimeter security in a school environment

 - 
09/11/2019

YARMOUTH, Maine—Across the nation, teachers and staff at K-12 schools recently welcomed new and vetted students and their parents to campus to begin the 2019-2020 school year full of quality education with challenging, relevant and meaningful curriculums in a safe, nurturing environment that is conducive to teaching and learning.

Roundtable discussion: security system lifecycle considerations, effectiveness and cost control

 - 
08/23/2019

A substantial focus of the security industry is on the selection and installation of security systems, and there is no doubt that this is a critical element of the process.

Pages