Tag Archives: physical security

Most Influential in Security 2015 -IFSEC

You may want to vote for someone on the IFSEC list from last year – like Mike Gillespie who was 8th, or you may have someone else in mind. Either way, you have till June 8th (9am) to get your vote in.

Good luck to everyone nominated and long may you continue to be a force for good in security!

Best Practice Man


SMEs and Security or How SMEs can impact UK PLC Security (image)

BIS visual v2.0

PCI-DSS PA-DSS (v3.0) Expected Change Highlights (v1.0) Tool

As mentioned in previous blog post, the payment card processing standard has some changes coming up. The standard should be issued in full next month, in the meantime and as promised, we are offering  a free guide to the anticipated changes to allow you to get ahead of the curve.

You can get it free from the Advent IM website on the news page or on the dedicated PCI-DSS page


European Security Blogger Awards – Voting Time! (Get yours in before Sunday 21st April)

ID-10045442We are delighted to have been nominated in the following categories:

  • Best Corporate Security Blog as has our Security for UK Legals Blog
  • Most Entertaining Blog
  • Most Educational Blog
  • Best New Security Blog (For our School Security Blog)
  • And Grand Prix for Best Overall Security Blog

You can vote for your choice here. https://www.surveymonkey.com/s/EUSecurityBloggerAwards

Winners Announced during Infosec (At the Security bloggers Meet-Up http://securitybloggersmeetup.eventbrite.ie/ ) – watch this space for news

image courtesy of freedigitalphotos.net

Advent IM at INFOSEC Europe and Counter Terror Expo 2013

The Security Insititute, Mike Gillespie, Advent IM Director

Mike Gillespie – Advent IM MD, newly elected Director for The Security Institute, is speaking at CTX

It is that time of year again and the great and good of the world of security will be gathering in our nation’s capital for two of our industry’s key events. This year is an exciting one for Advent IM as Mike Gillespie our Director will be speaking at Counter Terror Expo. More further on…

Advent IM will be around at both events and if you are hoping to meet up then there are a couple of options. If you are at Infosec on 23rd (day 1), we will be represented on the Malvern Cyber Security Cluster stand  – K84 as we are a member of this group. Or you can live tweet us and arrange a meet up @Advent_IM using the hashtag #AdventInfosecinfosec logo

Advent IM CTX Counter Terror ExpoIf you are attending Counter Terror Expo, you may be interested to know that Mike will be speaking at the Cyber Security and Electronic Terrorism Conference on the 24th at 9.30am. His subject will be The Cyber Threat to the Built Estate. Click here for details. If you want to meet up with one of the team you can live tweet us @Advent_IM using the hashtag #AdventCTX

If you are a Security blogger then you might be interested in the Security Bloggers Meet-Up on the evening of the 23rd April. You can sign up here and don’t forget you can also vote for your favorite Security blogs. The results will be revealed at the Meet-Up. 

If you are a member of The Security Institute then you will also be able to find us at the reception on the evening of the 24th. Again if you want to arrange to meet up via Twitter then you can tweet us @Advent_IM using the hashtag #AdventSyI

We look forward to meeting you and hope you enjoy these events.


The Security Institute votes Advent IM Managing Director onto the Board of Directors.

From the Press Release:

Following voting by Security Institute members at their Annual General Meeting on March 26 2013, five new members of the Board of Directors were announced. One of those new Directors will be Mike Gillespie, Managing Director of the Independent Security Consultancy, Advent IM Ltd. 

The Security Insititute, Mike Gillespie, Advent IM Director

Mike Gillespie – Advent IM MD, newly elected Director for The Security Institute

“I am really excited to have been elected. I have so many ideas to share and am so thrilled to be able to be a part of the future of the Security Institute, which is in turn, the future of our profession.” Mike is a relative newcomer and considered his chances of election to be quite slim, “I was so pleased at being nominated in the first place, it was quite unexpected and felt like I had achieved something, so to actually get elected is a privilege.  I have been talking a lot about converging  Information Assurance (IA)  with the physical world and bringing cyber security to the forefront, but I will have to wait until I attend my first Director’s meeting in April and get my portfolio” 

The Board of Director’s next business will be to elect a Chairman.


Why Physical Security in NHS Trusts needs a major health check

Young Nurse Tending to Young Woman with Neck Brace and Arm Cast

Traditionally the NHS has primarily focused its security efforts on the problems associated with violence and aggression toward staff.  This is because it is still perceived as the major concern and so continues to be the main focus of resource expenditure. Whilst the threat of aggression is clearly an issue that needs to be in scope, there are other areas that not only need attention for the wellbeing of the people involved, but also to help guard against spiralling cost – a pariah to any NHS Trust.

Looking at the Threat Landscape

In many cases, NHS Trust security is managed by former Police Officers who have a wealth of experience in dealing with aggression. .  However, it has to be acknowledged that the threat landscape, is far more varied than this head-on threat. Security threats come from a variety of sources and not all revolve around outright aggression.

The perception of the Security Officers duties in NHS Trusts is that they are to provide reassurance to the public, hospital staff and visitors in the event of violent behaviour.  In fact, there are a myriad of duties that they are called upon to carry out, some of which they are not trained to perform. These duties can include; searching for missing patients; attending patients on suicide watch; supervision of patients awaiting Mental Health professionals; foot patrols; cashier runs;  car park patrols; smoking patrols and issuing parking contravention notices, to name but a few.

Drugs: Expensive and potentially dangerous

Drugs: Expensive and potentially dangerous

The NHS is no different from any other organisation as far as security is concerned, security components are more often than not, bolted on as funding becomes available and usually without any long term objective in mind.  In a recent NHS Trust project, we was discovered that the absence of a strategic vision meant that funding had in fact, been wasted.  For example; additional CCTV cameras were installed without an understanding of what they were actually needed to do.  The CCTV system was not integrated with other security systems and this lack of integration represented not only a wasted opportunity to increase efficiency as well as improve security, it also wasted scarce financial resources. A CCTV audit revealed that there were actually too many cameras but few were positioned where they were needed. Furthermore, many cameras were capturing images that were actually unusable. (This problem only increases when you add in multi sites, using different systems.)  A rationalisation of the CCTV estate and review of their fitness for purpose is in many cases, the best way to proceed.

Another very important aspect to using CCTV systems that is often overlooked or perhaps not fully understood is the Data Protection Act.  The images that are recorded, stored and deleted constitute personal data that has to be properly handled and then when appropriate, properly destroyed.  This means everyone who monitors, has access to, stores or manages these images, needs to be properly trained, aware of their responsibility and understand how to treat the data properly.

In any organisation, loss creates cost and this is something each and every Trust is currently facing.  A recent Daily Mail article highlighted theft from the NHS as a serious issue.  Some equipment and facilities are very expensive. Loss or damage not only drive cost but can endanger lives.  The absence of a security-aware culture or one that is almost entirely focused on an aggression-based threat, allows loss to flourish as the investment can be made ineffectually, as we read about the CCTV example. Staff may prop open frequently used doors, or share door entry cards for convenience.  These are commonly found issues in security procedures in Trusts. What if that door gave access to drugs, vital equipment or confidential medical data?  If the cameras are also ineffectual, a thief could wander around and help themselves to thousands of pounds worth of equipment, or steal personal data that the NHS trust would be held accountable for.

During a recent project, a consultant found that no one challenged his presence in a medical record archive and said he could have easily made his way into a RESTRICTED information area by tailgating through the door; such was the lack of awareness.

iStock_000015534900XSmallSo how do Trusts shift the security mind set?

  • The Threat environment has changed and security needs to be approached as a cyclical, on-going process.  It needs to be reviewed and tested regularly.
  • The narrow view of security within the NHS as being aggression-based and the responsibility of the manned guarding component needs to be dispelled.  Everyone working within any organisation has a personal responsibility for security; an NHS Trust is no different.   A cultural change within Trusts is required to instil awareness . Only this way will everyone feel part of the security fabric and not something that is done by someone else.
  • Security Training and education should be standard in all Trusts; this should include an understanding of the real rather than perceived threat landscape.
  • Senior management need to understand how to maximise the effectiveness of their security infrastructure for the benefit of the Trust. This encompasses understanding all of the above plus a willingness to forget the mantra of “this is the way we’ve always done it” and move toward excellence. After all, effective security will prevent harm to staff, patients, visitors and contractors, protect costly equipment and dangerous drugs, prevent damage to other assets and loss of sensitive or personal information.
  •  A proper security review can identify areas where cost savings can be made or wasted costs controlled, such as the CCTV estate review – removing cameras that are not fit for purpose will reduce the maintenance bill. The review will also determine if cameras are fit for their purpose and placed in an appropriate location to mitigate the identified threats thus ensuring that the Trust meets its Duty of Care for staff, visitor and patient safety.

Advent IM Senior Security Consultant – Paul Smith MSc MSyI