Menu
Log in


INTERNATIONAL FOUNDATION FOR
CULTURAL PROPERTY PROTECTION

Log in

News


  • August 22, 2017 10:59 AM | Anonymous

    In the wake of more WWII/Nazi era stolen art legal battles, the International Foundation for Art Research (IFAR) has issued a new Provenance Guide, which highlights the importance of archival research, and states that provenance research is “a must” for all art purchasers.  The Provenance Guide includes links to numerous archival websites and databases (including the Getty Research Institute), which will aid in provenance due diligence.  IFAR states that provenance litigation demonstrate that “all available archival materials must be consulted . . . ” because among other things, “documentary evidence may be open to interpretation.”

    See Original Post


  • August 22, 2017 10:56 AM | Anonymous

    Reposted from artnet.com

    As tides and temperatures rise, museums are rallying to protect themselves.

    The Bass Museum in Miami Beach does not think about collecting the same way it did two years ago.

    Situated in a region where sea level rise has tripled over the past decade and located a short walk from rapidly eroding beaches, the Bass has been forced to reckon with climate change more directly than most museums. “Do we feel comfortable purchasing a very humidity-sensitive watercolor for our collection? Or a light-sensitive black-and-white photograph?” George Lindemann, the president of the museum’s board, asked in a recent conversation with artnet News. “Probably not.”

    The Bass isn’t alone. As scientists report increasingly troubling findings about the expected rise in extreme weather around the globe, from droughts in southern Europe to floods on the east coast of the US, a growing number of institutions are realizing that they need to start planning for an uncertain future today. As New York magazine reported recently in a terror-inducing article, most scientists concur that Miami will be underwater within the century, whether or not we stop burning fossil fuel.

    “When I worked on Guggenheim Bilbao, we all mocked the requirement to accommodate the 100-year storm,” says Andy Klemmer, the founder of the Paratus Group, which manages the construction of cultural projects around the world. “Since then, 100-year storms seem to come along every five years…. Every project we work on now tries to predict the worst-case scenario and to accommodate it.”

    Some museums have already been hit hard by extreme weather. The Uffizi Galleries in Florence closed early on August 7 amid a massive heatwave sweeping Europe.

    The Louvre in Paris has been repeatedly battered by violent storms, including a downpour last month that flooded parts of the museum and damaged two works by Nicolas Poussin. The museum stores a quarter of its collection underground near the Seine, according to a 2016 report in the Art Newspaper.

    Klemmer notes that the Morgan Library and Museum’s gutters, designed to accommodate the maximum rainfall for the New York region, were “constantly being overrun” and “we had to make changes.” (According to the New York State Department of Conservation, heavy downpours increased more than 70% across the northeastern US between 1958 and 2010.)

    The Whitney Museum of American Art in New York, meanwhile, had to alter plans for its $422 million Meatpacking District building when Hurricane Sandy hit during construction in 2012, flooding the basement with 30 feet of water. Although the original design had already strategically placed the main exhibition spaces and conservation lab on upper floors, Sandy “was worse than everybody was expecting,” says the project’s lead architect, Elisabetta Trezzani of the Renzo Piano Building Workshop.

    In the aftermath of the storm, the Whitney waterproofed walls, added watertight steel doors to the loading dock, and developed a custom temporary barrier system. The additional measures cost $12 million, according to a Whitney spokesman. The museum now conducts flood drills once a year.

    Some institutions, however, have not bounced back so quickly. The University of Iowa Museum has been stuck in limbo since 2008 when a flood forced the museum to evacuate its collection, which includes Jackson Pollock’s famous Mural (1943). In the years that followed, insurance companies refused to cover any art stored there—but government agencies said the damage was not severe enough to justify federal funds for a new building.

    After nine years, during which curators sent the museum’s treasures on tour and organized programs off-site, the university’s board of regents approved a plan on August 3 to build a new museum above the 500-year floodplain. The new building is expected to open in 2020.

    Most experts agree that these kinds of concerns, barely discussed five or 10 years ago, are steadily making their way to the top of decision-makers’ minds. “Everyone, even the conservative board members who decry climate change, want their investment protected from its effects,” Andy Klemmer says.

    And these concerns are likely to have an impact not only on where and how new museums are built, but also what they look like. Elisabetta Trezzani notes that New York City, for one, is encouraging architects to use aquarium-style, flood-resistant glass on lower floors and to install mechanical equipment on the roof of buildings rather than in the basement. “As an architect, it means you have to think about things in another way,” she says.

    Nevertheless, some believe museums have still not tackled the issue as forcefully as they should. “There’s a disconnect between the daily practice of museum work and climate concerns,” says Sarah Sutton, the founder of Sustainable Museums, which consults museums on environmental sustainability.

    One problem, Sutton notes, is that it can be difficult to convince donors to dedicate money to a threat that may be years, or even decades, away—especially when there are always worthy, more pressing matters to address, like educational programs or acquisitions.

    Politics poses another problem. “As climate change has become less of a scientific issue and more of a political issue, museums are afraid that even if they are acting on the science, they could be seen as acting on politics, or even lobbying,” Sutton says.

    (Indeed, in his conversation with artnet News, Lindemann went out of his way to note that the Bass’s board does not “have a political opinion on what is causing climate change, or even to what extent the climate is changing.”)

    Still, many experts agree that museums have a particular stake in these issues—if for no other reason than because they are charged with preserving cultural heritage for future generations. They are playing a long game.

    “There is a certain responsibility when you build a cultural institution,” Trezzani says. “Museums plan to be around forever, so you need to plan for that.”

    Some museums are not waiting for storms to hit before they take action. The newest addition to the National Mall in Washington, DC, the National Museum for African American History and Culture, installed a top-of-the-line, $300,000 floodgate at its loading dock. Thanks to a built-in flotation device, the gate automatically rises with the increased water level.

    The Smithsonian Institution has been developing a climate change adaptation plan since 2014, investigating which museums are most vulnerable to flooding and what can be done to protect them.

    As a result, the National Museum of American History in Washington, DC, is now moving the storage of its collections to higher floors or other facilities, and the loading dock at the National Air and Space Museum will be redesigned in upcoming renovation. Staff across the Smithsonian are also receiving emergency training. “We expect more of these types of emergencies and for them to be more intense,” a Smithsonian spokeswoman says.

    Meanwhile, the Dia Art Foundation in New York is having internal discussions about how to confront the effects of climate change on important works of land art. Nancy Holt’s Sun Tunnels (1976) in the Great Basin Desert may become prohibitively hot for visitors if droughts worsen in the American Southwest. Robert Smithson’s Spiral Jetty (1970) in Utah is becoming overtaken by salt crystals as the Great Salt Lake recedes over time.

    Although Smithson believed in the importance of entropy and recognized that Spiral Jetty would inevitably change, Dia is beginning to ask for the first time if there is a particular point at which the work might require additional intervention or conservation.

    “This conversation is something we are having internally, and we’re consulting with many different people,” says Kelly Kivland, a curator at Dia. “I’m sure Smithson envisioned a time when the climate would be significantly different. I don’t know if he realized it was going to be so soon.”

    At the Bass, George Lindemann and a group of fellow board members have been working for the past nine months to draw up a list of considerations about long-term sustainability that all staff will need to address before making major decisions moving forward.

    Such questions include: If a show will be on view during hurricane season, how quickly can it be deinstalled and moved to a higher floor? Is a show of delicate sculpture (Lindemann uses the example of Sarah Sze) inappropriate for a volatile month like June? If a board member wants to join the museum’s ranks, does he or she have business ties that could bias the museum’s decision-making?

    This new approach “may sound like a minor thing,” Lindemann says, “but it’s really not minor at all. These questions are major.”

    See Original Post


  • August 08, 2017 3:00 PM | Anonymous

    by Steve Woolley

    ELEPHANT IN THE ROOM

    Since the last time…

    We have talked until now about:

    • Roles
    • Contribution Statements to those Roles
    • Connecting our Activities/Actions to solid related behaviors and the Objectives of our Job
    • Keeping our Contribution relevant…real
    • Measuring…but…Measuring What Matters Most
    • Discipline to Objectives/Goals (Say Do)
    • Seeking Feedback (seeing things as they really are)
    • Courage to change as needed
    • Ask
    • Are we listening ?
    • What do we hear ?
    • What will we do…Really?

    So many times we think ourselves into a frame of thought that ignores the "Key Issue”…

    The “Job to be Done” around us…that the “Situation is the Boss” is pushed into the corner…kicked down the road…”until later”, “not now”…The Elephant in the Room…

    In “The Inquisitive Man” written in 1814 by Ivan Andreevich Krylov, the fable tells of a man who goes to a museum and notices all sorts of things, but fails to see the elephant. This proverbial phrase has taken on meaning…

    An issue that everyone is acutely aware, but nobody wants address…”The Job to be Done”

    What’s our “Elephant”?

    So often we look outside…rather than inside.

    “So and So…needs to…”

    “The Project is so messed up !”

    “Why can't this get fixed…?”

    How inquisitive are we of ourselves…and the “Elephant” in our room…?

    Are we courageous enough to consider what that Elephant may be..?

    The real “Job to Be Done”

    Marshall Goldsmith in “What Got You Here, Won’t Get You There” has a number of great ideas,

    thoughts and methods that can support our growth…The Job to Be Done…for the Elephant in the Room…


  • August 08, 2017 2:57 PM | Anonymous

    Reposted from The Washington Post

    Welcome to the dark side of the art world.

    U.S. prosecutors recently seized a 2,300-year-old vase, painted by the great Greek artist Python, which had long been on display at the Metropolitan Museum of Art. Evidence showed that tomb raiders had looted it in Italy in the 1970s. It is expected that the vase will ultimately be returned to Italy, as was the Euphronios Krater, another Greek vase that was illegally excavated in Italy in 1971, bought by the Met in 1972, and returned to Italy in 2008.

    Both vases passed through the hands of Giacomo Medici, an Italian art dealer who, in 2004, was convicted of dealing in looted antiquities, many of which ended up in the collections of museums.

    How is it possible for looted objects to find homes in esteemed cultural institutions such as art museums, and what have governments done to try to stop this? Here is what you need to know about the dark side of the art world and the attempts to fight what goes on there.

    This is how looted antiquities are laundered 

    The plundering of archaeological sites is a common problem afflicting archaeology-rich countries, especially in the developing world. The clandestine excavation and removal of antiquities can cause enormous and irreparable damage to the looted sites, destroy much of the historical information that the antiquities carry, and rob communities of their cultural heritage. The looted antiquities then flow to rich countries, where they obtain a veneer of legitimacy and become museum exhibits or collector items.

    Such laundering is possible, since most antiquities surface on the market and are sold without provenance: They carry no ownership history or information as to where and when they were found. The secrecy that typically shrouds the identities of buyers and sellers in the art market further complicates any attempt to trace an antiquity to its source. Excavated and exported illegally, antiquities often change hands several times before dealers and auction houses sell them to museums or private collectors. Any details of the objects’ illegal origin are erased or lost in the process: They often cannot be recognized as looted.

    Unsurprisingly, art-trade practitioners try to minimize this problem, arguing that many unprovenanced antiquities come from legitimate sources and are not necessarily looted. Yet archaeologists identify the art market as the culprit and denounce the no-questions-asked approach that prevails there: the failure to verify the legitimacy of antiquities and the willful blindness to their dubious origins. According to archaeologists, the indiscriminate acquisition of unprovenanced objects, especially by U.S. art museums, fuels demand for plundered antiquities and hence encourages looting.

    There is resistance to international cooperation

    Many of the “source countries” where objects originate have laws saying that all antiquities found within the national territory are under national ownership and cannot be exported. Because source countries have failed to enforce the export prohibition, they want the market countries where antiquities are sold to prevent the import of looted material, shifting the burden of curbing the illicit antiquities trade.

    In the 1960s, under the auspices of UNESCO (the U.N. agency that coordinates international cooperation in cultural matters), source countries initiated an international agreement that imposes significant controls on the movement of antiquities. This initiative, however, got a skeptical response from market countries, including the United States, Britain and Switzerland. These countries didn’t want to bear the costs of controlling imports of antiquities and wanted to protect their art markets, into which the looted antiquities flowed.

    Therefore, market countries initially refused to join the agreement signed in 1970: the Convention on the Means of Prohibiting and Preventing the Illicit Import, Export and Transfer of Ownership of Cultural Property. In 1995, another international agreement was signed, which was intended to facilitate legal action for the return of looted antiquities. Market countries shunned that agreement as well, viewing it as a threat to their art markets.

    Even still, cooperation evolved over time

    The United States was the first market country to reverse its early opposition to international antiquities regulation  and join the 1970 UNESCO Convention. My research shows that this transformation was the product of public scandals, which exposed the unethical practices of American museums and collectors, as well as the efforts of the U.S. archaeological community. Archaeologists educated policymakers about the destruction that the illicit antiquities trade causes — and how the American art market fuels it. They urged U.S. participation in the UNESCO Convention to save the world’s cultural heritage and improve the United States’ image.

    Yet policymakers also came under pressure from antiquities dealers and art museums. Those vehemently opposed the convention, arguing that it undermines the public interest in the enjoyment of art and unjustifiably asks the United States to solve other countries’ problems. Given this opposition, although the United States did join the UNESCO Convention in 1983, it implemented it in a limited fashion: Import restrictions on antiquities are imposed selectively, through bilateral agreements with source countries or on an emergency basis.

    It took two decades for other market countries to follow the United States’ example. In 2002, Britain joined the UNESCO Convention after a series of scandals that called attention to the questionable practices of the London art market and its involvement with looted material. Other market countries, including Japan, Switzerland  and Germany, joined the convention in following years. Ultimately, these countries came to accept the principle that they had rejected early on: their responsibility to contribute to the prevention of looting through controls on the movement of antiquities.

    Pressure on museums is growing

    In recent years, the acquisition of antiquities by U.S. art museums has diminished. U.S. import restrictions — which many in the art community regard as too strong — have reduced the supply of antiquities. Museums caught unlawfully in possession of antiquities might become embroiled in legal battles over ownership and possibly even face criminal charges. The Association of Art Museum Directors has published guidelines that require museums to ensure the legitimacy of the antiquities they acquire. Media attention to the problem of looted antiquities has contributed to growing public awareness and concern, which pushed museums to behave more responsibly and made them susceptible to the pressure of source countries — such as Italy’s demand for the return of the Euphronios Krater.

    Archaeologists maintain that, notwithstanding changing policies and practices, the U.S. art market continues to be a catalyst for looting. Yet it is clear that the ethical environment has changed fundamentally: No longer operating on the basis of the free movement of antiquities, the art world has come to accept significant constraints that are necessary for the protection of the world’s archaeological heritage.

    See Original Post


  • August 08, 2017 2:56 PM | Anonymous

    Thieves posing as city workers managed to steal some of Paris’ most beloved street art by French urban artist ‘Invader,’ who painted the city in Space Invader themed pieces.

    A Paris City Council spokeswoman said the city only became aware of the theft after receiving several complaints from residents who assumed it was a governmental organization behind the removal.

    However, the council said on Friday it "quickly realised that those were not our agents, nor our vehicles or our jackets," AFP reports.

    A spokeswoman for the council also said because the thieves had posed as Paris city workers, it had “decided to file a complaint for abuse of functions.”

    The thieves tore more than dozen pieces off various walls across the city over several days.

    The pixelated mosaics were inspired by the 1978 video game Space Invaders, and Parisians have already taken to Twitter to lambaste the thieves that stole them.

    The artist behind the works of art, whose real name and identity, much like Banksy, is not known, previously said it would be impossible to steal the work in its original form.

    "Given the type of tiles I use, to steal the work is impossible. These individuals by removing the mosaics destroy the piece and then have to buy ceramics to repair or recreate the work," ‘Invader’ wrote on his website.

    I can only hope that soon enough nobody will be tempted to buy or steal pieces in the streets and therefore that this nonsense and painful destruction will stop,” he added.

    Over 3,500 pieces of Space Invader artwork can reportedly be found on the streets of some 72 cities around the world including Amsterdam, Berlin, Miami, New York, Tokyo, and Hong Kong.

    In 2000, Invader began monetizing his passion by showcasing his work in galleries. So far, his exhibitions have appeared in galleries in Paris, Rotterdam, and most recently at the Museum of Contemporary Art (MOCA) in Los Angeles.

    See Original Post


  • August 08, 2017 2:54 PM | Anonymous

    Reposted from NBC5.com

    Vermont Natural History Museum works with fellow UVM departments to salvage items

    Less than 24 hours after a fire, sparked by construction work, ripped through the roof of Torry Hall, recovery has begun.

    “I drove in yesterday morning and said well, that could be it, that could be the end of my life, my professional life. I started here 43 years ago, when I was hired as curator of this collection,” Pringle Herbarium director Dr. Dave Barrington said.

    Luckily, the majority of the artifacts in the Vermont Natural History Museum were unharmed.

    “We've got a collection, it's essentially intact, and we are just going to go forward and figure out and secure the little damage there is,” Barrington said.

    Barrington also said some items in the Vermont Natural History Museum do have major water damage.

    “There is always material that is in process, it's getting ready, it's getting prepared to be added to the collection, and those collections took a hit,” Barrington said.

    In 2014, the university received a $470,000 grant to upgrade the museum.

    It allowed for metal cases to be installed. Without that protection, things could have been much worse.

    “The wooden cabinets would have incinerated, we would have lost the whole thing,” Barrington said.

    Buildings and organizations across campus are now stepping up, offering temporary space for artifacts.

    Wet items will be laid out to dry or put in a freezer to be slowly worked on.

    It will take many months for Torry Hall to be fully repaired. The hope is that it will eventually be the permanent home for the museum.

    See Original Post


  • August 08, 2017 2:51 PM | Anonymous

    Reposted from asisonline.com

    ​Sexual harassment allegations involving high-profile public figures have appeared in the news repeatedly this year, spurring broad debate on the prevalence of the problem, as well as the potential effectiveness of different prevention measures. 

    Although their views may differ regarding the value of different prevention components, many security professionals seem united on a core issue: harassment is a serious workplace issue both in the United States and around the world, and it is one that deserves more attention and more prevention programs.

    “Unfortunately, most people do not consider sexual harassment as a workplace violence issue, but this is a serious mistake,” the ASIS International Crime and Loss Prevention Council said in a white paper, Sexual Victimization, issued last year. “…It is imperative that we in the security industry each gain a greater awareness of the prevalence of this crime.” 

    One preventative measure that has attracted recent attention is the use of company phone hotlines for anonymously reporting incidents of workplace harassment. The harassment hotline concept came into focus after intense media coverage of harassment allegations made against prominent Fox News broadcaster Bill O’Reilly by several female coworkers and program guests. The allegations eventually led Fox News to terminate O’Reilly’s contract in April 2017. 

    O’Reilly said that the allegations were spurious, and he maintained that no complaints against him had ever been reported on the company’s harassment hotline. But some experts say that a lack of hotline calls is never surprising and does not accurately reflect frequency of incidents. 

    Brian Lee, practice leader at CEB (now part of Gartner), a consultancy specializing in workplace incidents, says that, on the one hand, hotlines or “helplines” can be a valid component of an overall safe workplace programs. “But they are certainly not as helpful as people would want,” he adds. In part, this is because many companies employ a hotline for legal reasons, but do not publicize the actual phone number, which is sometimes embedded in a corporate policy handbook. “If you poll their employees, many have no idea what the number is, or how to get it,” Lee explains.

    Another reason for low hotline use is that some employees suspect that the hotline isn’t truly anonymous, even if it is billed as such. Media reports of cases like the Wells Fargo fake account scandal of 2016, in which supposedly anonymous reports were still used for retaliation against whistleblowers, “have a chilling effect” on hotline use, Lee says.  

    In addition, the hotline can feel too impersonal, like taking a complaint and “dropping it in a box somewhere,” says Stephen Hollowell, CPP, vice chair of the ASIS International Crime and Loss Prevention Council and a member of the ASIS International Healthcare Council. Hollowell helped prepare the Sexual Victimization white paper. 

    A recent CEB global study on workplace misconduct seems to support Hollowell’s view. Only about 7 percent of respondents reported that they had used a hotline to file a complaint, compared with 68 percent who reported the incident to their direct managers. “The use of helplines tends to be much lower than people think,” Lee says. “It is far from the most popular way [of reporting].”

    But unlike hotlines, other components of workplace safety programs have been shown to be effective, says Hollowell, who is an advocate for treating harassment with the same seriousness as other incidents of workplace violence. One such component is harassment training for all employees, which starts with orientation but does not end there. 

    “You don’t just do it one time in orientation and then forget about it,” he says. Companies should provide periodic updates. Hollowell was involved in one organization that used the company’s weekly internal magazine to remind people that they should not hesitate to speak to their manager or call the firm’s helpline to report an incident. 

    Experts often say that there are two main reasons why many harassment incidents go unreported: fear of retaliation, and previous demonstrated inaction by the company. Given this, a rigorous prevention program should address both these concerns, Hollowell says.

    To do this, managers should make clear that the company’s workplace is one free of harassment and violence, and that this ethos is reflected in the procedures for reporting complaints. Hollowell uses his own program as an example: if a complaint is reported to a supervisor and the supervisor does not take action, the employee is encouraged to take the complaint to the supervisor’s supervisor, or to another department like human resources or security. “We make it very clear,” he says. Additional action will take place immediately, if the complaint is valid, he adds. 

    Another point that should be made clear is that whistleblowers are protected. If an employee is penalized by a manager for filing a complaint in any way–such as by being assigned extra work or by having privileges taken away–“we make it very clear you need to come forward and make us aware of it,” Hollowell explains. “That could lead to [the manager’s] termination.” 

    However, it is also a workplace reality that, occasionally, false harassment allegations are made. This is one reason Hollowell does not like anonymous reporting—it makes it easier for disgruntled employees to target certain people, such as a coworker or supervisor they hold a grudge against, with false complaints.   

    Given the possibility of false claims, impartial investigations are crucial, Hollowell says. Investigators take a “just the facts” approach, sticking to exactly what happened, and following wherever the facts lead. “If you start assuming, you’re not following the facts,” he says. Finally, keeping people informed of procedures and policies is crucial. “Transparency really is the watchword,” he adds. 

    For many years, harassment prevention programs would emphasize that company leaders needed to set a good example in their behavior, because the tone at the top was key. “But increasingly, that is just table stakes now,” Lee says. More firms are realizing that a coworker’s behavior is just as important as a manager’s behavior. “Employees are far more influenced by what they see around them than what they see at the top,” he adds. 

    Indeed, that philosophy is at the heart of a recommendation made recently by the U.S. Equal Employment Opportunity Commission (EEOC) Select Task Force on the Study of Harassment in the Workplace. In a report issued last year, the task force cochairs recommended exploring an “It’s On Us” campaign for U.S. workplaces.

    “It’s On Us” is a social movement first created in 2014 by the White House to prevent sexual assault on college campuses. The campaign urged everyone on campus to be an active part of the solution, not passive observers. Launching a similar campaign in workplaces across the country would be “an audacious goal,” and not easy, the EEOC task force concedes. 

    “But doing so would transform the problem of workplace harassment from being about target, harassers, and legal compliance,” the task force argues, “and make it one in which coworkers, supervisors, clients, and customers all have roles to play in stopping harassment.” ​

    See Original Post


  • August 08, 2017 2:50 PM | Anonymous

    Reposted from helpnetsecurity.com

    All organizations, regardless of how well they think their walls are fortified, will at some point fall victim to an attack. How they respond to the attack could mean the difference between recovering with minimal loss to shutting the organization down.

    In this podcast recorded at Black Hat USA 2017, Susan Carter, Sr. Manager Threat Intelligence and Incident Response Services at NTT Security, talks about how to select a suitable incident response program for your organization, and outlines the options organizations have to help them prepare for that imminent attack or breach.

    Here’s a transcript of the podcast for your convenience.

    Joshua Corman, founder of I am the Cavalry and Director of the The Cyber Statecraft Initiative, stated in a recent keynote that for all vulnerabilities disclosed anywhere, commercial databases currently track only 80% of those vulnerabilities. CVEs tends to have 60% of that 80%. So, when an organization is making a risk decision, they’re doing it with a blind spot of about 50%.

    All organizations today, regardless of how well they think their walls are fortified, will at some point fall victim to an attack. It’s almost guaranteed because of the statistics from Joshua Corman, and it’s only going to get worse. How the organization responds to the cyber attack could mean the difference between recovering with minimal loss to shutting the organization down.

    Not only can the financial impact of an attack due to downtime, lost business, cost of mitigation and cleanup and possible regulatory fines be astronomical; other facets such as loss of intellectual property and reputation are hard to put a price tag on. Just one catastrophic critical incident of security concern could shutter an organization for good.

    The U.S National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber attack. In my experience, the only way to insure survival of an attack today is to invest in a solid incident response program, and that investment needs to include talent, time and money.

    The organization needs to ensure they have an incident response program that is championed by a C-Level executive. This will ensure visibility to other C-level execs, assurances that understanding the importance of the program from above it is a priority, and that an investment of some kind is promised to ensure a successful program.

    In my opinion, organization have a few options to help them prepare for that imminent attack or breach. All three options have different degrees of commitment and investment with slightly different results, depending on the organizations size and funding commitments.

    First, this may be the only option for a smaller organizations with limited funding. Realizing the importance of having a plan of action in case of critical incident is half the battle. These organization usually have a very small in-house IT staff, if any, so it’s prudent to contract in advance with and third party incident response for on-demand retainer services.

    With the assurance that expert help is just a phone call away, and that help can be reached 24/7, is of upmost importance. Many of these providers, like NTT Security, may have contract options is place that allow the organization to convert the retainer hours at the end of the contract to other services. This way it’s better than an insurance policy, the organization can still get value out of the investment even if they didn’t experience a need to use it during that contract year.

    Even if you have a third party in your back pocket, I would like to caution that it’s not a buy and pray for the best solution. It’s important to understand that there will be requirements of the organization during an incident response cleanup, or forensic investigation that require a little advanced planning. The provider will be asking for logs, system images, copies of gold images and other evidence. Being prepared in advance of these request will make a difference between a successful IR engagement with minimal impact to a very costly engagement.

    The second option is for organizations that have in incident response plan written but don’t have the skill set or resources to support a major breach or their program is still in the maturing stages. Companies in this position would greatly benefit in partnering with a third party incident firm that offers program assessments and validation services.

    We at NTT offer a proactive service where we come in an assess written documents from the organization, and we do an assessment against best industry standards and practices such as NIST and ISO, along with their own years of experience in the space.

    We offer advice on how to improve the program. Once the assessment is complete and documentation updated, a test of the execution of the plans can take place to determine the effectiveness of the plan along with identifying other areas that can be improved. Like identifying at what point legal needs to be brought in and when third party providers should be called, or even if you know who to call.

    If an organization does not have an incident response plan in place, or would like to supplement their incident response plan with specific runbooks or playbooks, NTT can help with that development as well.

    An incident response program is not something that can be developed and forgotten. I see companies that are most successful and confident in handling incidents when they partner with a third party on an annual basis for program review and assessment, and to facilitate testing of the organizations incident response team.

    Like a firefighter, they spend a good amount of time training and practicing so that instinct comes into play when they have to respond to a fire. It’s the same for your incident response team.

    A residual benefit of utilizing NTT proactive services is that the analyst that go in to assess an organization incident response program will most likely be the analyst that will respond if they have a breach, and call in the cavalry for backup. The organization will know the analyst and their capabilities, and the analyst will already be familiar with organizations environment and the staff that will be working with them. This will speed up the response tremendously. And we all know time is money when it comes to breaches.

    The third and final options is for organization that have the capability, talent and financial backing to define, build, mature and maintain an effective incident response capability. However, in cases where incident response capabilities are handled by an internal team, I have observed circumstances where special expertise is needed to support advanced response requirements. For instance, many internal incident response teams do not have training in detailed forensic analysis, or reverse-engineering of malware. Some organizations will elect to put a third party incident response service on retainer to assist in those situations.

    In my experience, an attack never comes at a convenient time. It will be the Friday afternoon before a holiday weekend when your smartest IT guy is unreachable because he’s enjoying his ten year anniversary with his wife on a luxury cruise liner with minimal to no access to the outside world; or during the change control freeze to ensure production systems stay stability during critical times such as the Christmas shopping season.

    Incidents will happen, and if your org is not prepared with a plan and practiced it could be the difference between the organization surviving the incident or shutting the doors.

    Our view is that incident response should be looked at as a continuous process rather than a reactive process that can enable an overarching security strategy and is necessary to survive in today’s world.

    See Original Post


  • August 08, 2017 2:48 PM | Anonymous

    Reposted from krqe.com

    It’s no secret Albuquerque has a crime problem. Now the city is doing something about it, using security cameras as their weapons.

    The plan is to combine security cameras from business owners and residents into one large database, allowing law enforcement to keep a better eye on the city.

    For some business owners, there’s still some questions about the new initiative.

    “I came in on Sunday morning approximately at 10:00 a.m., to discover that my barbecue pit had been missing,” said Daniel Morgan, the owner of Peppers Ole Fashion Barbecue on San Pedro.

    In his nine years at that location, he had only experienced minor thefts, until this weekend.

    “I just felt very agitated and frustrated,” said Morgan.

    Morgan has a security camera, but unfortunately it didn’t catch the criminal.

    “Today we are announcing the SCAN system, which stands for Security Camera Analytical Network,” said Mayor Richard J. Berry.

    The Mayor’s Office, prosecutors, and law enforcement are joining forces to find a better way to not only deter crime, but catch the bad guys when they do strike.

    It allows homeowners and business owners to put their security cameras in the city’s database.

    “Use the collective resources of this community and bring people together to try and join and fight crime against this community,” said District Attorney Raul Torrez.

    The network will help police be more efficient when working to solve crimes so they don’t have to spend so much time hunting down surveillance video.

    It’s an idea that Morgan is willing to participate in, but he still worries about response time. The Albuquerque Police Department has admitted it is overwhelmed.

    “If the database is set up with the city and the authorities, when they are contacted they can act. That’s the only benefit in my eyes,” said Morgan.

    Mayor Berry says the new system won’t decrease response times, but it will allow the officers to be better informed.

    “If you’re tied into the Real Time Crime Center, information that those officers can get potentially on the way to the call,” said Mayor Berry.

    The Mayor wants to emphasize for homeowners who are concerned about their privacy, officers will only have access to your home video when a crime is committed and they can’t watch it live.

    Business and homeowners who want to register their cameras can do so on the city’s website.

    See Original Post


  • August 08, 2017 2:46 PM | Anonymous

    In today’s business environment, emergency response plans are crucial to keeping employees, tenants and visitors safe when and if a dangerous event arises. An essential component of any emergency plan is communication. How you choose to communicate the incident, the severity and response protocols can make a difference.

    From workplace violence to weather emergencies, many organizations are implementing incident and mass notification processes. Gone are the days of endless employee call trees. When an emergency strikes, communication must be fast, timely and accurate.

    When developing an incident notification plan as part of your overall emergency response approach, you must consider:

    • Types of Notifications – The notification process you decide on may depend on your industry, location and business environment. Not all notification tools will be appropriate across the board, as there is not a one-size-fits-all approach. Work with your security provider to assess your environment and provide tailored recommendations.
    • Technology – There are numerous technology options, including alarms, intercom systems, text message and email alerts, just to name a few. When evaluating solutions consider ease of use, reliability, scalability, features and functionality.
    • Responsibilities – Designate a point person for message or alert deployment. They must be well-trained on your approach, and comfortable with the technology options you choose.
    • Integration – Incident notification plans cannot be created in a vacuum, but must actively involve all stakeholders, neighboring businesses and local law enforcement. These plans will only be effective if they are communicated and practiced regularly.


    Communicating with a large number of people can be a daunting task, add to that the panic of an emergency situation, and there is a probability that things will go wrong. A well-organized and rehearsed incident notification process is crucial to employee safety and business continuity.

    Learn more about the importance of an incident notification plan in the on-demand webinar, “
    Incident Notification – Fast, Timely, Accurate.”

    See Original Post


  
 

1305 Krameria, Unit H-129, Denver, CO  80220  Local: 303.322.9667
Copyright © 1999 International Foundation for Cultural Property Protection.  All Rights Reserved