5 Tips for Conducting a Security Survey That Could Lead to More Value for…

first_imgDuring interviews for a feature article in an upcoming issue of LP Magazine, asset protection executives and retail security consultants identified the security survey as a central and valuable tool in protecting retail stores after-hours. Alongside operational oversight and investigations, they said periodic audits play a key role in assessing store compliance with security standards and for identifying vulnerabilities.A former director of LP for a major department store chain explained their approach to compliance. Each store had a security manager who had to verify every report, and there was a report on just about everything that the store did.Each one would then go to the regional security office, which would read the reports and okay them, as would the divisional office.- Sponsor – “Most anything a store security department did required a report and then went up the chain so it got two or three reviews in terms of whether it reflected adherence to the law and company policy,” he said. “Anytime there was a report or complaint of something not being done properly, we would do an investigation, sometimes openly, sometimes undercover.” Oversight and investigations, then, were two important points on the compliance triangle. And audits/surveys was the third.There are many types of security surveys, of course. From those narrowly focused to a specific issue or threat, such as a physical security review against the threat of an active shooter; investigative surveys conducted after a significant incident; and data collection for a full-blown vulnerability assessment and auditing of security operations. Big or small, however, these reviews—while critical—can be resource intensive. So it’s worth asking: Could you spend less to do a security survey—and then get more from it?There are obvious ways to reduce the cost of security audits—piggybacking on other store audits, for example. But how else might retailers receive better value from store security reviews? And how can a retailer be sure that audits are driving improvements and not merely rubber-stamping compliance with internal standards, which is then used to justify a demand to provide more from fewer resources?Below are ideas suggested by LP executives, retail security consultants, and other security experts.Prioritize. The Department of Homeland Security uses about 75 protective security advisors to conduct security surveys and vulnerability assessments of the nation’s critical infrastructure and key resources (CIKR). It’s a substantial force but not enough to easily keep pace with need for assessments, so the DHS uses a prioritization program to categorize CIKR at levels based on the consequence to the nation of an attack on the asset. For time-crunched LP departments, the program provides a good model, according to one consultant. Retailers might benefit from using a tiered approach to conducting security surveys so that the most significant business assets undergo more frequent and/or more exhaustive security audits.Normalize. Make sure data is always collected in the same manner for easier and more meaningful analysis. Security survey data—to conduct searches and analysis on it—depends on the consistency of terms and data fields used during data collection.Measure. Make your security survey program is subject to project management best practices. Security audits provide more value when they follow a structured approach and the process is subject to continuous review, say experts. A road map can help direct how the program will be managed, including timelines with milestone dates and goals and metrics to measure progress.Whatever goals are driving store security surveys, they should be written, realistic, and measurable. The use of performance measures—including establishing goals and objectives with specific outcomes or performance targets–is a critical step. Regarding outcomes, it’s also important to measure more than, say, “percentage of problems addressed” or “recommendations implemented” at stores. Corporate LP teams should also measure the extent to which implemented changes have enhanced asset protection and resilience over time.Deliver. Responsibility for heeding lessons from store audits may rest on the shoulders of local managers but corporate asset protection teams can boost cooperation by providing their deliverables identified in surveys in a timely manner, such as if corporate identifies the need to add bollards to protect storefronts from a vehicle attack. In a similar way, corporate teams may need to take responsibility for certain problems identified in assessments. For example, if a certain piece of security technology is not being used, or used improperly, the fault may not be at the store level. It might indicate that training on the system or device was insufficient at the time of installation.Acknowledge. Companies can fall into the trap of using companywide compliance reviews to obscure uncomfortable truths-something that can afflict retail security departments as well. LP leaders need to examine the extent to which its internal compliance procedures permit those who report to the corporate team to provide solely the information they know is being sought.It’s the natural tendency of people to provide answers that a questioner wants, and “yes and no” auditing allows it to happen, warned one expert. For example, a security review of store’s violence prevention effort might ask: “Have store associates been reminded of workplace violence response protocols during the last 12 months? Yes or No?”Such cursory auditing is just a way to be told what you want to hear, the consultant suggested. Instead, a security survey should examine activities by asking open and directed questions. For example: “When was the workplace violence plan last discussed with store staff? What store staff was involved? Who led the discussion? What aspects were discussed?”Only store auditing that is truly designed and committed to finding security flaws can result in positive change. Stay UpdatedGet critical information for loss prevention professionals, security and retail management delivered right to your inbox.  Sign up nowlast_img read more

Evernote Beta for Mac Adds Sharing and Notebook Stacks

first_imgRelated Posts Evernote continues to roll out improvements to its note-taking and storage app regularly, and while Evernote says that it normally doesn’t promote Beta versions, the features in this update are among its most requested. Evernote 2.0 Beta for Mac adds in-app notebook sharing, as well as a new organization feature, Notebook Stacks. Before today, sharing Notebooks meant using the Web version of Evernote. But with this update, it all can be done within the desktop client. There’s now a new tab in the left panel, splitting your notes and those you’ve shared. You can set the sharing to public so that anyone can view or you can invite individuals and groups to the notes. You can also establish whether or not you’ll require people to sign in to Evernote in order to view them. You can establish how frequently you’d like the app to check for updates and sync these linked notebooks.Shared notes can be edited by those you’ve invited only if you have a Premium account. Premium Evernote subscribers also have access to note history for these shared notebooks, so you can view all the changes that have been made.If you’re an avid Evernote user (like me), have a lot of notebooks (like me), and are methodical about your filing system (that’s me too), then the second feature in this update will make you happy. You can finally “stack” your notebooks in Evernote, so you can group together and better organize certain notebooks – a good feature for those who use some of the apps in Evernote’s Trunk such as Awesome Note. Tags:#news#web A Web Developer’s New Best Friend is the AI Wai… Why Tech Companies Need Simpler Terms of Servic… In order to get this version, click on the “Update to Beta” checkbox in the Software Update Tab in Evernote for Mac preferences. But remember: it is Beta, a “work-in-progress.” audrey watters 8 Best WordPress Hosting Solutions on the Market Top Reasons to Go With Managed WordPress Hostinglast_img read more

As Systems Get More Complex, Programming Is Getting “Reactive”

first_img7 Types of Video that will Make a Massive Impac… How to Write a Welcome Email to New Employees? Tags:#application development#development#Jonas Bonér#React#Reactive Programming#typesafe Matt Asay Why You Love Online Quizzescenter_img Hardware keeps getting smaller, more powerful and more distributed. To keep up with growing system complexity, there’s a growing software revolution—called “reactive” development—that defines how to architect applications that are going to participate in this new world of multicore, cloud, mobile and Web-scale systems. Jonas BonérOne of the leaders of the reactive-software movement is distributed computing expert and Typesafe co-founder and CTO Jonas Bonér, who published the original Reactive Manifesto in September 2013. Similar to the early days of the “agile” software development movement, reactive programming got early traction with a hardcore fan base (mostly functional programming, distributed computing and performance experts) but is starting to creep into more mainstream development conversations as high-profile organizations like Netflix adopt and evangelize the reactive model. See also: Netflix’s Chaos Engineering Should Be Mandatory—EverywhereI caught up with Bonér to ask him about reactive’s traction on the eve of publishing version 2.0 of the Reactive Manifesto. Beware: This stuff gets deep very quickly.A Reactive Solution To Broken DevelopmentReadWrite: So what’s not reactive about software today, and what needs to change? Jonas Bonér: Basically what’s “broken” ties back to software having synchronous call request chains and poor isolation, yielding single points of failure and too much contention. The problem exists in different parts of the application infrastructure.At the database layer, most SQL/RDBMS databases still rely on a thread pool or connection pool accessing the database through blocking APIs. So if you exhaust the thread pool by blocking all available threads then everything stops. This problem goes all the way down to the native drivers that the vendors provide, and the JDBC standard specification (for accessing relational databases)—which doesn’t support non-blocking/asynchronous access. It will take years before it’s supported. In the service layer, we usually see a tangled mix of highly contended, shared mutable state managed by strongly coupled deep request chains. This makes this layer immensely hard to scale and to make resilient. The problem is usually “addressed” by adding more tools and infrastructure; clustering products, data grids, etc. But unfortunately this won’t help much at all unless we address the fundamental underlying problem. This is where reactive can help; good solid principles and practices can make all the difference—in particular relying on share nothing designs and asynchronous message passing. See also: How One Developer Set Out To Make The Internet Of Things ManageableIn the Web layer, we often see request chains executed in a completely serial fashion, meaning that the response time is the sum of the time it takes to do everything, which can sometimes be hundreds of different service calls. This means that keeping latency under control—bounded, within the SLAs and predictable—while allowing for scale, is both technically very challenging and requires a lot more hardware thanks to inefficient usage of resources. In a reactive application you would split up the work in many small composable chunks and run them in parallel—which will bound the latency to a max of the longest performing chunk and make very efficient use of the resources available. There are many other ways that today’s software is not reactive, but those are a few of the big ones.Defining ReactiveReadWrite: What’s the goal of the reactive movement? What are you trying to accomplish?JB: A lot of companies have been doing reactive without calling it “reactive” for quite some time, in the same way companies did agile software development before it was called “agile.” But giving an idea a name and defining a vocabulary around it makes it easier to talk about and communicate with people. It makes it easier to explain and bring to market a set of principles that are known to work well together. Not everyone’s view of agile fits into the agile definition, but what has become agile—and the reason for all these experts to write up the Agile Manifesto—is that they knew which principles worked well together and completed each other in a cohesive story. This is what reactive is all about. We found these core principles to work well together in a cohesive story. People have used these approaches years before, but this grouping and this reactive story has meaning, in the same sense of agile. And it provides a baseline for solving problems against the wish-list of application behavior that everyone wants. The Future Of Reactive ProgrammingReadWrite: What are the next steps for the reactive movement? JB: The reactive principles trace all the way back to the 1970s (e.g., Tandem Computers) and 1980s (e.g., Erlang), but scale challenges are for everybody today. You don’t have to be Facebook or Google anymore to have these types of problems. There’s more data being produced by individual users, who consume more data, and expect so much more, faster. There’s more data to shuffle around at the service layer; replication that needs to be done instantaneously, and the need to go to multiple nodes almost instantaneously. And the opportunities have changed, where virtualization and containerization make it easy to spin up nodes and cost almost nothing—but where it’s much harder for the software to keep up with those nodes in an efficient way.So in many ways the next steps for reactive are to just keep refining its view of that problem set—and the application characteristics that developers should aspire to—to conquer them. Martin Thompson, Roland Kuhn, Dave Farley and I have in fact just rewritten the Reactive Manifesto, taking a lot of great feedback we have been getting from the community into account, distilling it into a much shorter and simpler document. But the big next step for Reactive is expanding beyond principles, to also bring in more specific tools, techniques, patterns and best practices, thereby making it approachable for the masses. We are planning to write an appendix to the Reactive Manifesto in which we can dive in and provide more hands on practical advice on how to design and implement reactive systems. We’re also starting to see more vendors provide solutions and tools that support building reactive systems, more technical books being published about reactive, and more presentations (and and even full tracks) at events tied to reactive—so this is already happening. One good example of this is the React conference that I’m helping to organize, which will be a great place to learn how to build reactive systems from some of our top thought leaders in the industry and discuss its principles and practices.ReadWrite: What are the green field areas that you think will drive the requirements for reactive in the future?JB: There are several:One interesting area that has a lot of debate is around “microservices”—which basically is a conversation around what the smallest ideal isolation of a single “service” and its behavior looks like. Another is the emerging need is to stream large volumes of potentially infinite data streams in real-time, while keeping latency predictable and without overloading the server. This ties in to the rising need of reactive Big Data solutions (sometimes called “fast data”)—providing (close to) real-time analytics and data processing. Internet of Things is another huge driver for new approaches to application infrastructure, where machines and devices are generating new challenges for managing and replicating bursts of data throughout distributed environments, and where individual nodes have new requirements for starting/stopping/dealing with failure based on events.   Lead photo by nerovivo Related Posts Growing Phone Scams: 5 Tips To Avoidlast_img read more