INTERNATIONAL FOUNDATION FOR
CULTURAL PROPERTY PROTECTION

Log in

News


  • January 04, 2022 8:54 AM | Office IFCPP (Administrator)

    Reposted from Artnet News

    How’s this for an early Christmas present? As the sudden surge of the Omicron variant leaves the world reeling, the U.K.’s department for digital, culture, media, and sport is doubling its current round of emergency funding for the arts to £60 million ($80.4 million).

    “We understand how devastating the uncertainty caused by Omicron has been. This new funding… will support the sector as we together face this difficult time,” Rishi Sunak, the chancellor of the exchequer who approved the funding, said in a statement. “We’ve supported the cultural sector throughout the pandemic, and we’ll continue to do so.”

    Now, an additional £30 million ($40 million) is available to museums, cinemas, theaters, and heritage sites across the country through Arts Council England. The government has also extended the deadline to apply for the aid by an extra week, to January 18, 2022. Grants range from £25,000 ($33,500) to £3 million ($3.9 million), with limits for organizations that have already received funding in earlier rounds.

    The funding is part of a larger £1 billion ($1.3 billion) support package previously greenlit by Sunak, which also includes £1.5 million ($2 million) earmarked for creative freelancers impacted by the pandemic. The nonprofit Theatre Artists Fund and Help Musicians will each distribute £650,000 ($87,000) directly to freelancers, while the Artists Information Company, a charity for visual artists, will hand out £200,000 ($260,000).

    “Christmas is a very important time of year for so many of our brilliant arts and culture organizations who have now found themselves impacted by the Omicron variant,” culture secretary Nadine Dorries said in a statement. “It is absolutely right that we support them through this challenging time, which is why we’ve doubled the emergency funding available from the Culture Recovery Fund.”

    The government first issued emergency cultural funding in July 2020, with a £1.57 billion ($1.9 billion) bailout for the struggling sector. An additional £76 million ($98 million) followed in the fall, and £485.8 million (around $677 million) this spring.

    So far, the Culture Recovery Fund has distributed more than £1.5 billion ($2 billion) to around 5,000 organizations nationwide. The most recent round of funding went out in November, with £100 million ($134.5 million) split between close to 1,000 cultural organizations, including the Leeds Grand Theatre and Opera House and the London Transport Museum.

    See Original Post

  • December 16, 2021 5:03 AM | Office IFCPP (Administrator)

    Reposted from AAM

    Over the course of its distinguished 120-year history of art education, the Toledo Museum of Art (TMA) has offered classes that extend beyond simple drawing and painting into topics ranging from shop window design to robotics. As unusual as this territory may seem for an art museum, it is part of an underlying understanding: that the concepts of art history and art education can be applied to the world in practical ways.

    This notion has become an increasing focus for TMA’s operations in recent years, through a collaboration between the museum’s Deputy Director (now Director) and a retired senior corporate executive of a Fortune 500 company. Working together, we have discovered an unexpected application of visual literacy that has grown over the past three years into a business that is both profitable for the museum and life-saving for the people who participate.

    The Center of Visual Expertise

    Even though Owens Corning, a Toledo-based manufacturer of building materials, won recognition for its accomplishments in safety—including the Green Cross, the highest honor bestowed by the National Safety Council—it still saw injuries at the workplace, like almost all companies in every industry do. Over the past few decades, companies have made huge strides in engineering their environments to be safer, but when injuries do happen, a shockingly common refrain has been and continues to be: “I walked past that hazard every day, and I just didn’t see it.” People were getting hurt because they could not see what was right in front of them.

    This problem inspired Doug Pontsler, then the Vice President of Operations Sustainability and Environmental, Health, at Owens Corning and Adam Levine, then the Deputy Director at TMA, to ask a question: Could we harness applied art history to make people safer? The answer, it turns out, is a resounding yes. We learned that if you can teach employees to look at their workstations the same way an art historian looks at a painting, they spot more hazards. As a result, incident rates decrease, employees are safer, worker’s compensation claims go down, and companies save money.

    Since we founded the Center of Visual Expertise (COVE) three years ago, COVE has established a thought leadership position in the EHS field and counts numerous Fortune 500 companies among its clients. COVE generates hundreds of thousands of dollars in revenue, allowing us to metabolize the considerable start-up costs of a services business. This past year, in the face of a global pandemic, COVE turned its first profit. But more important than COVE’s thought leadership or economic contribution is its demonstration of the social value that museums can have, as it uses art history to save lives and livelihoods.

    The Approach

    At COVE, we train workers in applying visual literacy, a fluency with visual cues, which is a crucial skill in every field. Participants join instructor-led workshops, which are primarily conducted live and leverage TMA’s collection in order to share visual language lessons. During the COVID pandemic, we pivoted to offering virtual workshops, which offer a different participant experience but, we have found, the same learning outcomes.

    The flagship Foundations of Visual Literacy workshop is two days in length and focuses on what visual literacy is, why it matters to us as individuals, and how it improves our ability to live and work safely. The content is a combination of classroom teaching and experiential learning through group work and exercises. COVE offers open workshops for multiple-company participation and dedicated workshops for single-company participation. It also offers a license model that includes a train-the-trainer program. Through workshop revenue and license fees, COVE was imagined as, and has become, a revenue source supporting museum programs and education activities.

    The workshops have confirmed our belief that visual literacy as a form of critical thinking can be exercised beyond traditional audiences and applications. The positive feedback from participating companies, as they learn how something from art education can improve safety, has demonstrated that the museum can be relevant to industry in a new and different way, enabling further engagement and expanded opportunities for patronage.

    Lessons Learned

    As museums seek to create sustainable business models, finding ways to leverage their expertise can provide an important contribution to their earned income potential. But despite some notable exceptions, museums are not particularly experienced as incubators of early-stage ventures, and starting any business requires capital and a tolerance for risk. TMA got comfortable with this risk and the start-up investment by validating the existence of a market before ever launching COVE. Through a two-year collaboration with Doug and Owens Corning, TMA was effectively able to do all our “research and development” work with a partner committed to saving lives but also committed to supporting the museum.

    COVE was imagined and treated as a separate entity from the outset. TMA maintained some governance oversight through an advisory board, which the director chairs, but COVE was left to manage itself as a business, not as a department of the museum.

    Though TMA is hardly the first museum to start a business, a business focused on industrial hygiene may seem on the surface as far removed from a museum’s core operations as can be. However, we’ve found that forming a connection to this industry has been an invaluable asset, particularly during this global pandemic. Doug generously agreed to sit on the museum’s COVID task force, providing TMA with surely one of the most qualified experts to offer safety guidance in our entire sector. Whether a museum starts a business or not, our experience with COVE reminds us how much we can learn from organizations outside the arts and culture space.

    Growing a business within a museum is not for the faint of heart, but the process can be de-risked, and the benefits to a museum, its culture, and to the world beyond the arts can be significant.

    See Original Post

  • December 16, 2021 5:01 AM | Office IFCPP (Administrator)

    Reposted from Museums Association

    The museum sector is facing a “moment of great vulnerability” as Covid restrictions tighten again without previous financial support measures in place.

    New “Plan B” regulations were announced in England this week to slow the spread of the Omicron variant, while the devolved governments have refused to rule out further restrictions in the weeks ahead if cases surge as predicted.

    “New Covid restrictions in England and lower visitor confidence across the UK mean that this will be another very challenging winter for museums,” said MA policy manager Alistair Brown. “This comes at a moment of great vulnerability for the sector – when furlough has ended and emergency funding is coming to an end, but without a return to normal business conditions.

    “The MA has spoken with the Department for Digital, Culture, Media and Sport and devolved governments this week about our concerns and we will continue to make the case for appropriate support from government throughout the Covid crisis. We are also urging members to contact us with any concerns or new information about the impact of the latest wave of Covid so that we can advocate as effectively as possible on the sector’s behalf.”

    Plan B measures in England include:

    • A requirement for people to work from home where possible from Monday 13 December, as well as compulsory face coverings in most indoor venues, including museums and galleries, from 10 December. Hospitality settings remain exempt from face covering regulations.
    • A requirement for people to show proof of vaccination or a negative lateral flow test via their NHS Covid Pass before entering venues where large crowds gather, including unseated indoor events with more than 500 people, unseated outdoor events with more than 4,000 people and all events with more than 10,000 people. This will come into force on Wednesday 15 December.
    • Everyone urged to take regular lateral flow tests, particularly before entering high-risk settings involving people they wouldn’t normally be in contact with, or when visiting a vulnerable person.
    • Instead of self-isolation, daily tests will be introduced for contacts of a positive Covid case in order to minimise disruption.

    Scotland, Wales and Northern Ireland already have the majority of restrictions introduced in England under Plan B.

    In a briefing today, Scotland’s first minister Nicola Sturgeon said it was “virtually certain” that there would be a surge of cases in the coming weeks driven by the Omicron variant. She did not rule out bringing in further restrictions in response.

    Currently, the Scottish Government is asking people to work from home where possible and has urged workers to postpone their office Christmas parties.

    In addition to restrictions already in place in Wales, the Welsh Government is “strongly advising” people to take a lateral flow test before going out, and to wear face coverings in hospitality settings when they’re not eating or drinking.

    The top medical advisors to the Northern Ireland Executive have also not ruled out further measures to slow the spread of the virus, saying restrictions such as social distancing may need to be reintroduced in January.  

    Emergency funding

    The latest round of the Arts Council England Culture Recovery Fund supports cultural organisations in England that were financially sustainable before Covid-19 but are now at imminent risk of failure and have exhausted all other options for increasing their resilience.

    This is a rolling programme and applications can be submitted until 28 January 2022. Decisions will be communicated within six weeks, where possible.

    Apply via the Arts Council England website.

    The Culture Recovery Fund for Heritage – Emergency Resource Support, run by the National Lottery Heritage Fund (NLHF), is open until 11 January. It supports heritage organisations and businesses in England at imminent risk of failure.

    Apply via the NLHF website.

    See Original Post
  • December 16, 2021 4:57 AM | Office IFCPP (Administrator)

    Reposted from NPR

    Thomas Gavin may be one of the most prolific artifact thieves in U.S. history.

    There are no movies or books about him, and no wild police chases or Indiana Jones-like adventures. In fact, until a couple of years ago no one even knew who he was.

    But Gavin had been on a tear in the '60s and '70s, hitting nearly a dozen museums on the East Coast. He mostly stole antique firearms and stashed them in his hideout — a cluttered, non-descript barn in rural Pennsylvania.

    Gavin's crime spree was so under the radar, no one caught on until 2018, when he tried to unload a rare, Revolutionary-era rifle to a local antiques dealer.

    At first, Kelly Kinzle didn't know what he was looking at.

    "I looked at it and I said, 'Well, this is a copy of a famous rifle,' " Kinzle recalls. "I said, 'This isn't the original — has to be a copy.' And he didn't say anything, didn't correct me, and I bought it literally for a copy of a famous gun."

    But when Kinzle brought it home, he still had a feeling that bothered him and kept looking at the gun.

    "I took it apart and when I took it apart. It was period. It was correct. I went to a reference book — I had bought an old out-of-print book — and I flipped through it and I found a photograph of the gun," he says. "And under the photograph, the caption was: 'Stolen from the Valley Forge Historical Society in 1970.' "

    It wasn't just any old gun, but one of the few surviving rifles made by master gunsmith John Christian Oerter.

    The copy Kinzle thought he bought for $4,000 was actually valued at $175,000.

    The FBI, of course, was looking for the rifle. And when they questioned Gavin about how he got it, the long jig was up. That was in 2019, and now finally the saga has made its way to the courts and a ruling. 

    It's unclear how many items the now 78-year-old Gavin pilfered. It's been so long that a lot of the places he claimed to hit don't exist anymore, or they don't have a record of the thefts. And most of the statutes of limitations on the items he stole have expired.

    In court last week, Gavin pleaded guilty to one count of disposal of an object of cultural heritage stolen from a museum. The judge took Gavin's age and declining health into consideration and, incredibly, sentenced Gavin to one day in prison for decades of theft.

    Still, Kinzle, who spent a lot of his own money to help solve this crime, isn't upset with Gavin's light sentence.

    "I think he's trying to do the right thing now and and get some of these things back," Kinzle says. "Or at least, you know, nobody's ever going to be made whole.

    "Personally, I wish I never got the call and never had to be involved in this. But you know, I think in the end, we're all going to come out better for it."

    And as for the rifle? It's now on display the Museum of the American Revolution in Philadelphia, where it's on loan from the Pennsylvania Society of Sons of the Revolution.

    See Original Post

  • December 16, 2021 4:51 AM | Office IFCPP (Administrator)

    Reposted from Artnet News

    There are a near-record 10.5 million job vacancies in the United States, according to the latest figures from the Bureau of Labor Statistics. The hiring crunch has left the upper echelons of the art world empty, with almost two dozen openings for what may be the most coveted role in the cultural sector: museum director.

    The openings are the product of a perfect storm. There’s a generational shift among leaders sparking a wave of retirements, while controversies, pandemic-induced budget shortfalls, and demands for increased DEAI engagement are pushing other leaders out the door. According to an analysis by Artnet News, no fewer than 22 director positions are currently open at important art institutions across the country. 

    The organizations seeking new leadership range from some of the country’s largest and wealthiest, like the J. Getty Paul Getty Trust, the San Francisco Museum of Modern Art, and the Philadelphia Museum of Art, to smaller ones that serve as pillars for their local communities, such as the San Antonio Museum of Art, the Frist Art Museum in Nashville, and the Wadsworth Atheneum in Hartford, Connecticut.

    “There is a tremendous amount of leadership transition underway,” said Bruce Thibodeau, president of the Arts Consulting Group, which is currently helping PlayPenn, a Philadelphia incubator for playwrights, find a new artistic director. Many executives who had planned to retire in early 2020 delayed their departures because of the pandemic, he said, but are now leaving their posts alongside those who had originally planned to depart this year. Both groups are “making their transitions simultaneously, which is creating more vacancies than normal.”

    The question now is whether there are enough qualified—and, perhaps more importantly, interested—candidates to fill these roles at a time when the job of museum director is considerably less desirable than it used to be. 

    “People really don’t want to be directors right now because the jobs are emotionally unsustainable and it’s a challenge to navigate the wealth gap between low-paid staff and wealthy trustees,” said Laura Raicovich, a museum executive who recently published a book on the political and economic challenges facing art institutions today.

    New Pressures

    Oftentimes, the public reads organizational failings as a reflection of bad management. Some museum directors said this leaves them feeling like lightning rods responsible for absorbing shock while the trustees escape scrutiny—despite having the final say in major decisions like acquisitions, workplace policies, and building expansions.

    The Cooper Hewitt Smithsonian Design Museum in New York is on its second interim director after ousting Caroline Baumann from its top position last year. The Smithsonian had launched an investigation into potential problems regarding the procurement of a dress and venue for Baumann’s 2018 wedding. Two people close to the inquiry told the New York Times that the investigation turned up evidence of an apparent conflict of interest. Baumann has since rejected the investigation’s findings, calling it a “sham report.”

    Newfields in Indiana has had an interim president for nearly nine months since its former leader, Charles Venable, resigned after he was criticized for a job posting that described the museum’s core audience as “white.” Around the same time, SFMOMA’s director Neal Benezra announced that he would be stepping down after the institution completed a major expansion in 2016 and, more recently, faced criticism for its response to George Floyd’s murder and alleged censorship of Black employees. The directors of Museum of Contemporary Art, Detroit, and the Cantor Arts Center at Stanford University also left in response to complaints from staff about abusive work environments. 

    While such controversies can reflect the harsh management philosophies of directors, there is a growing awareness of the pressures directors are under from their boards. Museum experts said that the three-way relationship between staff, leaders, and trustees is more complex than it appears—and contributes to the challenge of the director role.

    ere are a near-record 10.5 million job vacancies in the United States, according to the latest figures from the Bureau of Labor Statistics. The hiring crunch has left the upper echelons of the art world empty, with almost two dozen openings for what may be the most coveted role in the cultural sector: museum director.

    The openings are the product of a perfect storm. There’s a generational shift among leaders sparking a wave of retirements, while controversies, pandemic-induced budget shortfalls, and demands for increased DEAI engagement are pushing other leaders out the door. According to an analysis by Artnet News, no fewer than 22 director positions are currently open at important art institutions across the country. 

    The organizations seeking new leadership range from some of the country’s largest and wealthiest, like the J. Getty Paul Getty Trust, the San Francisco Museum of Modern Art, and the Philadelphia Museum of Art, to smaller ones that serve as pillars for their local communities, such as the San Antonio Museum of Art, the Frist Art Museum in Nashville, and the Wadsworth Atheneum in Hartford, Connecticut.

    “There is a tremendous amount of leadership transition underway,” said Bruce Thibodeau, president of the Arts Consulting Group, which is currently helping PlayPenn, a Philadelphia incubator for playwrights, find a new artistic director. Many executives who had planned to retire in early 2020 delayed their departures because of the pandemic, he said, but are now leaving their posts alongside those who had originally planned to depart this year. Both groups are “making their transitions simultaneously, which is creating more vacancies than normal.”

    The question now is whether there are enough qualified—and, perhaps more importantly, interested—candidates to fill these roles at a time when the job of museum director is considerably less desirable than it used to be. 

    “People really don’t want to be directors right now because the jobs are emotionally unsustainable and it’s a challenge to navigate the wealth gap between low-paid staff and wealthy trustees,” said Laura Raicovich, a museum executive who recently published a book on the political and economic challenges facing art institutions today.

    “The director serves at the pleasure of the board and there is always a complicated relationship in having to be the visionary who is inspiring trustees but at the same time reporting to them,” said Raicovich, who attributed difficulties to the growing wealth gaps between wealthy board members and everyone else. “I know very few directors who don’t deeply empathize with their staff.”

    Over the summer, Timothy Rub, the Philadelphia Museum of Art’s director and chief executive officer, announced his plan to retire after 13 years in 2022. More than a year ago, Gail Harrity, who joined the museum in 1997 and became its president and chief operating officer, announced her departure; her role remains unfilled.

    While experts say it is not unusual for museum leadership to turn over after the completion of a major capital campaign, the PMA also experienced a turbulent year of employees alleging sexual and physical misconduct against former managers as well as a financial squeeze wrought by the pandemic that resulted in 85 layoffs and more than 40 buyouts.

    A Case Study

    Philadelphia, a city that has seen leadership turnover at nearly every one of its major cultural organizations over the past year, serves as a valuable case study for what happens when executive turnover meets the financial challenges of the pandemic. “Philadelphia may be the canary in the coal mine,” Raicovich said. 

    Public spending for the arts was one of the first things to go when the city was facing an estimated $749 million budget shortfall last year. Allocations for the arts through the Philadelphia Culture Fund decreased from more than $3 million to $1 million after cuts, reducing the amount of organizations that received support by nearly 40 percent, according to the city. 

    In addition to the Philadelphia Museum of Art, the Pennsylvania Academy of the Fine Arts lost its museum director, Brooke Davis Anderson, who went to lead a philanthropic fund based in New York. The academy is also searching for a president and chief executive officer. 

    “Sometimes individuals determine that their future lies elsewhere,” said Priscilla Luce, interim head of the Greater Philadelphia Cultural Alliance, which also happens to be searching for its next leader. “I certainly think the stress and strain of Covid-19 has added to the equation.”

    But a spate of new hires in Philadelphia also offers a glimpse at what the future of the sector might look like. After a lengthy recruitment process, the African American Museum recently announced that Ashley Jordan, previously an executive with the National Underground Railroad Freedom Center in Cincinnati, would become its next president and chief executive.

    “There is great opportunity for the next generation of Philadelphia’s museum directors as art history evolves and the status quo is challenged,” said Jordan, who, at 37, belongs to the city’s new cohort of young leaders. Last year, Philadelphia’s Institute of Contemporary Art hired Zoë Ryan as its new director; in 2019, the Fabric Workshop & Museum tapped Christina Vassallo, 41, to lead the organization. 

    New Blood

    Both within Philadelphia and elsewhere in the U.S., the majority of museums that have completed their executive searches over the past year have chosen women and BIPOC candidates to lead their organizations. That includes institutions like the Peabody Essex Museum in Massachusetts, the Bronx Museum in New York, and the Saint Louis Art Museum in Missouri.

    “Directors now have the chance to ask boards about how willing they are to rethink their strategy, especially in the areas of diversity and inclusion,” said Jane Hsu, an associate vice president at the Arts Consulting Group. “Nobody wants to step into a position and realize there is a major issue.”

    If the trio of new directors in Philadelphia is any indication, the future of museums will be more digital and more collaborative than ever before. All three women are now embarking on projects aimed at expanding their museums online after the pandemic tanked their attendance figures. Their institutions recently received a combined $856,200 in grants from the Pew Center for Arts & Heritage meant to help reshape business and revenue models. 

    The African American Museum’s $256,200 grant will fund two new staff positions responsible for bringing the nonprofit’s exhibitions and programming online. “Young leaders want to help their museums move forward,” Jordan explained. “I’m already feeling a great synergy among us directors in the city of brotherly love.”

    The directors have also formed a consortium that helps arts leaders from across the city collaborate. The group has experimented with joint fundraising and programming; it’s now focused on improving communication among institutions and challenging “the values underlying what museums do, who they serve, and how they function,” according to its website.

    For now, executive recruiters say that prospective museum directors have the upper hand in negotiations. That type of leverage gives new leaders a chance to challenge board directors and other structural barriers that might have hampered their predecessors.

    “It’s a job seeker’s market,” said Hsu, the arts consultant. “You could get some great finalists for a museum job, but maybe they are candidates for multiple other positions.”

    See Original Post

  • December 01, 2021 4:50 AM | Office IFCPP (Administrator)

    Reposted from Security Management Magazine

    When the COVID-19 pandemic suddenly turned millions of U.S. employees into remote workers, some leaders began to worry whether their staffs were actually working or, instead, whiling away the hours watching Netflix or helping their children with schoolwork.

    The consequences of a lack of trust can be significant, impacting employee productivity, engagement, and ultimately retention.

    It's a particularly relevant issue now, as many organizations consider whether to offer a hybrid workplace going forward. A recent survey by PwC found that almost 70 percent of executives want employees in the office at least three days a week, while more than half of employees want to work remotely at least three days a week and almost 30 percent would prefer to permanently work from home.

    “Trust is the foundation of every relationship in our life,” says Jen Fisher, U.S. chief well-being officer for the consultancy Deloitte. “Every positive relationship starts from a place of trust.”

    Trust also serves as a foundational component of a healthy and well work environment, adds Fisher, co-author of Work Better Together: How to Cultivate Strong Relationships to Maximize Well-Being and Boost Bottom Lines. And in this time of uncertainty caused by the pandemic, trust may be more important than ever.

    Fisher notes how the COVID-19 outbreak accelerated changes in technology and remote work. “The pandemic has catapulted us into the future in many ways,” she says. “With uncertainty, you need trust and meaningful and supportive relationships.”

    But how can organizations make this happen?

    “In order to gain trust, you should give people as much stability as possible,” says Liane Hornsey, executive vice president and chief people officer at Palo Alto Networks based in Santa Clara, California. The cybersecurity company has about 9,000 employees who have been working remotely for more than a year. To foster stability and security, the company announced early on that there would be no pandemic-related layoffs and said employees wouldn't return to the workplace until this month at the earliest.

    Organizations “move at the speed of trust,” says Elaine Yang, HR business partner manager at Lever, which offers a software platform that helps companies hire and grow. So having a workplace built on trust can lead to quicker decisions and better collaboration. “Efficiency and productivity depend on the trust of teammates,” she says.

    Setting a Tone

    A culture of trust needs to be set at the top, and the HR department has a key role to play in advising senior leadership to help establish the right tone for the organization, says Paul Eccher, president and chief executive officer of the Vaya Group, a talent management consultancy based in Warrenville, Illinois.

    At Lever, whose 185 employees primarily worked in the company’s offices in San Francisco and Toronto before the pandemic hit, the biggest change in the past year has been increased communication and transparency between leaders and employees. Open discussions are held on everything from companywide decisions to goals and projects, Yang says, and all-hands meetings are conducted every two weeks with an extensive question-and-answer session at the end of each meeting.

    Stephanie Stewart, SHRM-CP, HR director at Reconciled, a virtual bookkeeping and accounting service for small businesses, sees trust as a driver for employee engagement. “If employees feel trusted, they feel more engaged,” she says. “Nobody likes to be micromanaged.”

    The Burlington, Vermont-based company, which has about 50 employees and 30 contractors, discusses autonomy with job candidates during the interview process, Stewart says. Employees generally work Monday through Friday from 9:00 a.m. to 5:00 p.m., but the company doesn't dictate what they work on or when they work on it. “We trust you to manage your schedule, prioritize work, and reach out when you need help,” she explains.

    In a recent survey, 97 percent of Reconciled employees said they felt trusted to do what was expected of them and 92 percent said they trusted their co-workers. “That's really important to us in a remote organization,” Stewart says.

    Reconciled holds a monthly all-hands staff meeting, where employees can discuss topics such as self-care or their goals for the year, as well as regular department meetings and team meetings, all of which are virtual.

    Watchful Eyes

    Palo Alto Networks has employed remote workers for years. “It’s not where you work that really matters; it’s how you work,” says Hornsey, who adds, “I would not work for somebody I don’t trust.”

    But not all organizations are ready to embrace trust. Even before the pandemic began, half of organizations monitored employees’ e-mail and social media posts, says Reid Blackman, founder and CEO of Virtue, an ethics consultancy based in New York City.

    The number of companies monitoring their employees has likely climbed during the pandemic. According to a 2020 Gartner survey of executives at 119 organizations, 60 percent use technology tracking tools to monitor some or all of their hybrid or remote employees.

    A company that uses monitoring software should be transparent about it, Blackman says. Otherwise, such monitoring threatens to deteriorate trust and create a bad relationship between employees and the employer.

    Employers may use the information generated by monitoring to make ill-informed decisions on who to fire, promote, or give bonuses to, he says. Such data often provides insight into the quantity, rather than the quality, of an employee’s work.

    But, Blackman says, “It’s not crazy for employers to be concerned about employees working less and producing less. It’s an entirely reasonable fear.”

    Opening Up About Struggles

    With the uncertainty caused by the pandemic, employees “need to trust that leaders and the company are there for them,” says Maggie Laureano, vice president of human resources for the Americas at Bureau Veritas. The company, headquartered in Paris with 78,000 employees worldwide, offers testing, inspection, and certification services.

    HR can “encourage leaders to be open and flexible with a strong line of communication between the employee and employer,” Laureano says, so employees feel comfortable acknowledging when they need extra support, such as from an employee assistance program. HR can also help leaders understand how to read employees’ body language and detect when something is wrong, she adds.

    Plus, Fisher says, by “being open and authentic about how I’m doing and how I’m feeling, it creates a reciprocal environment. It’s OK to not be OK.” Just about everyone had experienced a major challenge over the past year, such as mental health, childcare, or elder care issues, she adds. While such issues have always been present, addressing them was not a top concern for employers prior to the pandemic.

    Employees are also more willing to trust and open up if managers are empathetic, says Caroline Walsh, vice president in the HR practice of Stamford, Connecticut-based research and advisory company Gartner. Empathy is particularly important in this era of remote work, she notes.

    “In a high-empathy-based management environment, performance is about three times higher,” she adds.

    While some people are naturally empathetic, empathy is a skill that can be taught to those who are not, Walsh says. HR can establish peer coaches who work with managers to help them develop empathy and learn how to have challenging conversations with employees.

    Some organizations are taking tasks off managers’ plates to give them time to check in with their remote employees or to learn new skills, she adds.

    According to Laureano at Bureau Veritas, HR has worked to support employees by offering a total well-being program with webinars on such topics as stress management, meditation, yoga, sleep, diet, and financial well-being. “Leaders have really upped the ante in terms of the programs we provide,” she says.

    Creating Certainty

    As employees face uncertainty caused by the pandemic and a return to physical workplaces, organizations need to strive to create a sense of stability.

    While many organizations have temporarily eliminated performance appraisals, Hornsey says, Palo Alto Networks continues to set goals and milestones because doing so gives employees something to hold on to and brings a sense of achievement.

    Organizations also need to provide meaningful feedback, which can help build trust, says Adam Hickman, content manager at analytics company Gallup in Washington, D.C. “They hear what employees want and need and respond.”

    Things fall apart for employees, Hickman says, “if they don’t know what's expected of them so they don't know what to do.” It's important for HR practitioners to be clear and honest, he notes.

    Adds Eccher of the Vaya Group: “The more you trust someone, the more they tend to show more trust in return.”

    Organizations also need to help employees trust themselves, Eccher says, by upskilling the workforce so it's better prepared to succeed in a remote-work environment. Before the pandemic, employees who worked remotely often were those with stellar track records who had gained the trust of managers, he notes. Today, younger workers and those without previous remote-work experience may have “no confidence they can work effectively from home,” he says, while managers may not “truly trust themselves to lead a remote workforce.”

    Managers need to give employees autonomy, empowerment, and accountability, Eccher says, and focus on outcomes as they work to demonstrate and increase trust.

    Trust Among Employees

    Along with fostering trust between an organization and its workers, HR has a role to play in building trust among employees.

    Co-workers “all experienced the pandemic together,” Fisher says. “That brought people together in a different way.”

    Stewart says Reconciled schedules fun virtual events such as game days and regular coffee hours with employees and the CEO to discuss nonwork topics.

    At Lever, the HR team holds regular check-ins on Mondays, Wednesdays, and Fridays. But they also mix it up with yoga sessions, dance parties, and trivia contests. With employees missing out on opportunities to run into one another at the watercooler or break room, Yang says, “we have to build in intentional opportunities to have small talk.”

    Palo Alto Networks has set up groups called “circles” that bring together employees with similar interests, such as those who are home schooling their children or interested in cooking, Hornsey says. Employees are trained to facilitate the sessions.

    Previously taboo subjects, such as politics and racial justice, are also permeating today's workplaces. “Employees are absolutely talking about important political and social issues in the workplace,” Walsh says, which can lead to mistrust and contentious relationships between employees.

    Walsh adds that in response, some organizations are publishing conversation guides for managers. HR has a role to play in helping employees address negative emotions. “This is an anxiety-provoking, difficult time,” she says.

    Some organizations are hosting gatherings so employees can share their honest reactions to current events, such as the anniversary of the death of George Floyd, Walsh says. By encouraging workers to share in a collaborative environment, employers communicate that they trust employees.

    Onboarding Challenges

    Developing trust can be more challenging when new hires come onboard in a remote-work environment.

    At Reconciled, new employees film a video introduction to the staff in which they answer random questions about themselves, Stewart says. In addition, new hires are paired with a mentor for 90 days so they can ask questions, adjust to a remote-work environment, and discuss their struggles. The mentors provide a safe space for the new hires, she says, and the pairs typically form a close relationship.

    “A core value is for people to feel connected to the company, not alone and isolated,” Stewart says. “It takes a lot of intentionality.”

    Since the pandemic began, Palo Alto Networks has hired about 1,500 new employees, some of whom are recent graduates, Hornsey says. A group has been set up for new hires to discuss and share, and those who are early in their careers are assigned a mentor.

    Fisher explains that being paired with a buddy can help a new employee learn a company’s culture, and it can create a sense of belonging. Being part of a team “impacts job satisfaction and loyalty to an organization,” she says.

    While leaders and managers are being told to overcommunicate with employees right now, Eccher says it can be something of a balancing act. It’s one thing to touch base and see how employees are doing and another to constantly check up on and micromanage them. It can make an employee think, “I feel like a second-grader. I'm not trusted to do my job anymore.”

    If an organization lacks trust, it runs the risk of creating an environment in which employees feel it’s better to cover up mistakes or withhold important input and feedback, he adds.

    Looking Ahead

    When trust is missing, that can also fuel turnover. A report commissioned by the Achievers Workforce Institute found that more than half of the 2,000 respondents surveyed in February are looking for a new job. Many said they feel less connected to their company and have noticed a change in the company's culture since the pandemic began. As many organizations contemplate a complete return to the workplace or a hybrid work environment, trust will continue to be an important factor.

    At Bureau Veritas, more than 70 percent of the company’s employees in the United States and Canada are considered essential workers, and they have been working in the field or in laboratories throughout the pandemic. It’s not clear when the office workers who switched to remote work will return to the workplace, Laureano says.

    It’s important for those who work in labs or in the field to be able to trust that Bureau Veritas’ leadership will keep them safe by providing personal protective equipment, as well as current information on COVID-19 testing and vaccinations, Laureano says. She explains that the company partners with the Cleveland Clinic and has hosted town hall meetings to provide all of its employees with the most current information regarding COVID-19.

    For Hornsey, “trust is a differentiator,” and the pandemic “has thrown into sharp focus what we should have known anyway.”

    See Original Post

  • December 01, 2021 4:48 AM | Office IFCPP (Administrator)

    Reposted from Security Management Magazine

    Even before the COVID-19 pandemic changed so much of daily life, there was a transformation happening in workplaces. Physical boundaries were no longer the only perimeter defining secure workplace access. Identity became a new—and often the only—perimeter.

    Both perimeters must now be protected to ensure a secure, safe, and productive workforce, requiring a new approach to physical identity and access management that unifies physical access and cyber/IT access. This approach encompasses credential management, multi-factor authentication, and secure visitor management, as well as the management of guard tours. It also embraces the same touchless access experiences that have been pivotal to re-opening the workplace during the pandemic.

    Secure Visitor Management

    A more hybrid workforce that is not permanently based in an office complex requires a visitor management solution that can handle multiple types of visitors to a site: contractors, employees, customers, suppliers, and partners.

    The latest solutions have enabled organizations to go touchless during the COVID-19 pandemic with self-service visitor badging kiosks, while automating wellness and other screening questionnaires. The solutions can also be used to monitor and analyze activity if there is a COVID-19 outbreak. They can simplify retrieval of historical visit reports, while making it easier to generate a workplace occupancy map and timeline, thereby automating and enforcing evolving compliance with visitor access and policy-based registration.

    Remote work and its virtual perimeters must also be flexibly supported. An enterprise-grade, cloud-based authentication solution accomplishes this by making it easier to support employees who need to as simply and safely access enterprise resources from not just inside but also outside the office. In practice , this means employees may securely login to their workstation, company network, and access any application from home, while traveling, at an alternate office location, or simply at their usual workplace.

    Authentication for Remote Workers

    Adding multi-factor authentication to a unified physical identity and access management solution significantly improves remote work security. One of its biggest benefits is eliminating the vulnerabilities associated with passwords that are typically hard for users to track, remember, and manage. As a result, they resort to weak passwords or reusing passwords that enable cybercriminals to easily breach company systems and data. Passwords also often make their way to the Dark Web following a data breach, which hackers can use to gain access and plan future intrusions or attacks.

    Multi-factor authentication solutions solve this problem, protecting an organization’s networks, applications and data by requiring a second validation via, for example, a mobile app before granting access.

    Multiple authentication form factors and methods should be supported so that there are sufficient options to meet security needs. For instance, mobile push authentication enables users to log in securely with a simple swipe of their phone to quickly authenticate to prove their identity before accessing protected applications. It is just as easy to swipe and deny a fraudulent login attempt.

    Organizations can also choose from biometrics, cards, or security keys enabled with industry-recognized security technologies such as FIDO, PKI, and one time passwords, to provide a seamless, passwordless experience. The inclusion of a bundled Certificate Authority (CA) gives organizations a choice of a publicly trusted or private dedicated CA for strengthened security.

    In addition to incorporating high assurance smart cards and security keys that provide a single sign-on authentication experience, organizations should also include technology compatible with physical access control infrastructure to ensure a drop-in replacement for any access control card. Additionally, providing employees with a single, secure authenticator for both logical and physical access streamlines and simplifies the overall workplace experience.

    Credential Management

    Today’s cloud-based credential management services automate and simplify the issuance of physical access badges, as well as digital credentials, while eliminating inefficient, manual processes. Organizations have access to detailed insights about issued credentials including who has them, what they are for, why they have been credentialed, and for how long. Credential revocation is also automated, which mitigates insider security risks.

    These services also provide details of active credentials, wherever they are being used. Today’s ISO27001-certified platforms simplify employee access to the physical and digital workplace while solving administrative issues, regulatory compliance, and other business challenges. Including unified authentication back-end functionality allows organizations to choose the optimal security protocol for each use case while maintaining consistent rules and audit management capabilities.

    Guard Patrol Checkpoints Also Move to the Cloud

    Even in today’s hybrid work environments, there are still requirements to patrol a physical perimeter. This can be automated and enhanced by combining Near Field Communications (NFC) technology and cloud-based authentication into Internet of Things (IoT) applications for accurately tracking security checkpoints.

    Using this approach, trusted NFC tags can be deployed to identify assets, checkpoints, and people throughout the facility. Security guards on patrol can then simply tap their NFC-enabled smartphone to these tags at each checkpoint on his/her designated tour, without any manual sign-in process. The checkpoint is identified by name, and timestamp information is automatically uploaded. Databases are updated in real time, enabling security guards to digitally prove their patrol stop took place at the proper location, and instantly respond and report fraudulent activities throughout the building.

    Touch-Free Perimeter Protection

    Touch-free trusted-identity technologies are proliferating across a wide variety of use cases that benefit from the safety, security, convenience, and efficiency of contact-free interactions with both the physical and digital worlds. They enhance perimeter protection by simplifying how users enter secured areas and access print resources and other building services.

    As an example, mobile IDs carried on smartphones and other devices eliminate person-to-person ID card issuance or revocation, as well the need to physically touch cards, readers, or keypads when accessing secured areas. Users simply present their device to a reader to open doors, gates, and elevators. Visitor management is similarly a more hands-off experience now as cloud-based solutions limit face-to-face interaction through self-service check-in. Even the badging process no longer requires visiting a crowded issuance center—today’s cloud-based solutions enable cards to be designed and printed from any office or satellite campus, on any device via a web interface.

    Hybrid work environments are redefining the perimeter. Organizations must protect both the physical perimeter and a new perimeter defined by the identities of people and things. Cloud-based solutions are increasingly being used to protect these perimeters by simultaneously addressing both cyber and physical security, compliance, and business challenges, as well as the traditional guard patrol in today’s dynamic work environment.

    See Original Post

  • December 01, 2021 2:57 AM | Office IFCPP (Administrator)

    Reposted from AAM

    Museums make their communities better, stronger, and more resilient in myriad ways. Some of these are directly related to their missions: enriching local education, improving health and well-being via arts engagement, providing context from history and science that helps citizens to make informed decisions. But museums are also incredible resources simply by virtue of the operational resources they amass—space, equipment, skills, expertise, connections. In the current era of rising risk, museums’ resources can be a vital part of a community’s capacity to respond to emergencies such as heat, flood, fire, storm, and civil unrest. Today on the blog, Chief Operating Officer ZeeAnn Mason tells us how the Museum of the American Revolution stepped up to help neighbors in need in the wake of disaster.

    –Elizabeth Merritt, Vice President, Strategic Foresight and Founding Director, Center for the Future of Museums, American Alliance of Museums

    As a new museum in 2018, we at the Museum of the American Revolution—home to General George Washington’s War Tent—had yet to celebrate our first Presidents’ Day weekend. We were pulling out all the stops for the February 17-19 weekend with special programming and events. On Saturday, we were pleased to welcome over 2,000 guests. Sunday was anticipated to be an even bigger day, with a sold-out brunch featuring a costumed George Washington interpreter. Little could we have imagined that instead of serving visitors, we would be serving our community that day.

    At 3:13 a.m. on Sunday, a fire broke out across the street from the Museum’s location in historic Philadelphia. Apartment dwellers and hotel guests evacuated the buildings across the street in their night clothes. It was a cold night. The fire raged, growing to two, three and four alarms. More people were evacuated as the fire escalated. Miraculously, the Museum was unscathed. City busses were brought in to keep people warm.

    Staff security notified our operations team who rushed to the scene. A call came from the fire chief—could we open the museum to house those who were evacuated? There was no question or discussion—of course. Staff led roughly 60 displaced neighbors to our classrooms. We could offer warmth, restrooms, and water. Soon we were able to offer more.

    Our catering team had somehow managed to arrive on-site despite the nearly impassable streets that were clogged with emergency vehicles. They were preparing the sumptuous brunch for the 85 registered guests. By 7am, with the fire intensifying, it became clear we would not be opening to the public that day. What better use of that delicious food than to offer it to our evacuated neighbors? They were surprised, delighted, grateful.

    Firefighters battled the fire for more than nine hours, declaring the fire under control – but not yet out – at 12:23 p.m. No injuries were reported. Said Noelle Foizen, deputy director of the city’s Office of Emergency Management. “It was a rager, so they were really fortunate that they got everyone out.”

    On Tuesday, we were offered another opportunity to help our neighbors when we received a call from staff from the hotel across the street. Their building had suffered extensive smoke and water damage and would be closed indefinitely. They wondered if we could provide office space and telephones for their sales team so they could begin contacting and cancelling more than 800 bookings. Among the more difficult calls they needed to make were to the brides whose weddings were planned for the coming weeks.  We were happy to set them up in a spacious office to do their work and heartened to learn how the local hotel community responded with generous offers to help, often greatly reducing their rates to match what the client had been contracted to pay.

    Over the ensuing months and years, as demolition, rebuilding, and the investigation into the cause of the fire ensued, we were happy to offer meeting space for fire, police, staff from license and inspections and emergency management. We collected donations from our guests who were eager to assist the displaced residents.

    Just this year, the cause of the fire was made known. We were pleased that footage from our external security cameras became critical evidence that enabled the authorities to pin down the time of the fire and how and where the initial explosion occurred. It also captured footage of a passer-by who was ultimately charged with arson.

    The aftermath of the fire continues to this day. Several businesses never recovered, and tenants have yet to return to their apartments. The hotel is scheduled to reopen in early 2022.

    Our museum is the newest addition to this historic block. We were honored – at a moment of crisis—to be able to contribute to our community in such a meaningful way—not as a cultural institution, but as a neighbor, doing what we could for other neighbors in need.

    See Original Post

  • November 17, 2021 3:51 AM | Office IFCPP (Administrator)

    Reposted from Associations Now

    The Great Resignation is real. A recent Gallup poll found that 48 percent of America’s workforce is actively job searching or watching for opportunities, and a record 4 million people quit their jobs in April alone, according to the Labor Department. A lot of business leaders are wondering why this mass exodus is happening.

    It’s not that employees are discovering something different about themselves they didn’t know before the pandemic, said Josh Christopherson, CEO of technology and coaching companies iCUE Technology and Achieve Today. Normally lots of people have different points in their career when they wonder if they are happy and fulfilled in their jobs. But when the pandemic hit and everyone went home at once, it caused many people to reassess everything.

    “It wasn’t anything unusual that was happening to the individual,” Christopherson said. “It’s just that the circumstances caused everybody to do it all at the same time.”

    A Culture of Communication

    When everyone shifted to working from home, a lot of leaders expected their managers to suddenly know how to manage remote workers. At Christopherson’s companies, leadership recognized that managers didn’t necessarily have those skills and so they focused on training them on how to deal with issues employees might be having at home, how to address them, and how to be sensitive about it, he said.

    Traditional quarterly reviews suddenly seemed irrelevant for remote work, so managers were retrained on how to review remote employees and determine their production levels, while also keeping challenges they might be facing in mind. Because management was checking in to see how employees were doing at home and asking if they needed help, it built a better culture of communication.

    “We’ve talked very openly about what’s going on and that we’re here to support our employees through it,” Christopherson said. “Communication is a huge part of it.” And it comes from the top down so employees are comfortable coming to their managers, or even Christopherson, to talk about issues they are struggling with. “It’s being willing to have those conversations, being transparent, and working with each other,” he said.

    Act on Staff Input

    Another way the companies foster a positive culture is by sending out quarterly, anonymous employee surveys to find out what changes and improvements staff would recommend. They use a Google form, which is free, and keep it to three simple questions:

    1.) How satisfied are you with your experience? (The answer field is a scale from 1 to 10 ranging from “totally unsatisfied” to “I love it here!”)

    2.) What is one thing you would like to change or discuss?

    3.) What is one thing you really like?

    The senior team picks three survey responses every quarter to work on, advance, and implement. It helps build trust and show staff that their concerns matter and, more importantly, will be addressed.

    There are also weekly strategy team meetings for managers where they can talk about challenges they are experiencing in their departments, or with employees, and then the strategy team works together to come up with solutions on how to fix the issues and move forward.

    “Not only are we helping our employees, but we’re also helping our managers have a community of people they can talk to and go to for solutions,” Christopherson said.

    See Original Post

  • November 17, 2021 3:47 AM | Office IFCPP (Administrator)

    Reposted from Security Management Magazine

    When it comes to cybersecurity, there are many terms and concepts that are beneficial for physical security professionals and IT professionals alike to understand. Oftentimes, these terms are incorrectly used or interchanged—which can create confusion.

    Vulnerabilities versus Exploits versus Backdoors

    Three of the most confused terms are vulnerability, exploit, and backdoor. Each of these terms has its own distinctly different definition and purpose.

    vulnerability is a flaw in a system, or in some software within a system, that could provide an attacker with a way to bypass the security infrastructure of the host operating system or of the software itself. It isn’t an open door but rather a weakness that, if attacked, could provide a way in. All software has flaws or vulnerabilities, which are usually discovered over time. A software company’s internal testing will generally try to eliminate all of them before release, but it’s impossible to test software in every different network and system integration.

    Once an attacker finds a vulnerability in a software’s code or in a system, an exploit is achieved by painstakingly figuring out how to take advantage that vulnerability for the purpose of a malicious act. Exploiting is the act of trying to turn a vulnerability (a weakness) into an actual way to breach a system. A vulnerability can be “exploited” to turn it into viable way to attack a system.

    Turning a software vulnerability into an exploit can be hard. Google, for example, rewards security researchers for finding vulnerabilities in its Chrome Web browser. The payouts Google makes are in the range of $500 to $3,000. However, it also runs competitions for security specialists to present exploited vulnerabilities. These specialists are awarded much larger sums—as much as $60,000—for their work. The difference in payouts reflects the magnitude of the task when trying to exploit a vulnerability.

    Backdoors are entrances often to the management functions of a device, intentionally placed there by the code developer. This is commonplace in the development of code since it can be difficult to predict what may happen when new code or features are being added. If something goes wrong during the development process, the backdoor allows the developer to get back into the code or device. The backdoor is then typically removed from the code before it is released for use by customers.

    Vulnerability Scan versus Penetration Test

    Like the aforementioned terms, assessments or tests related to cybersecurity are often confused. Two of the most common are the vulnerability scan and the penetration test (also known as a pen test or pentest).

    vulnerability scan is an automated, high-level test that looks for and reports potential or known vulnerabilities. In contrast, a penetration test is a detailed, hands-on examination conducted by a real person who tries to detect and exploit weaknesses in your system.

    Vulnerability scans are a snapshot in time that compare known vulnerabilities to a product’s current software/firmware version and configuration. A vulnerability scan doesn’t mean that the vulnerability has been exploited. Furthermore, vulnerability scans are unable to predict future vulnerabilities. Since they simply scan devices seeking documentation, they are not proof of any overall system security and should be followed up on.

    Governance, Risk Management, Compliance, and Regulation

    Governance, risk management, and compliance (GRC), along with regulation, are all closely related concepts that aim to assure an organization reliably achieves objectives, addresses uncertainty, and acts with integrity. 

    Governance is the combination of processes established and executed by the directors (or the board of directors) that is reflected in the organization’s structure and how it is managed and led toward achieving goals.

    Governance comprises not only the external regulations a business must comply with, but also the internal guidance a business applies to itself to manage risk and threats. This further protects the business beyond just what regulations mandate. As an example, PCI-DSS (Payment Card Industry Data Security Standard) imposes regulations on a bank regarding using encryption to protect payment and credit card data. The internal governance from the bank can take things a step further by writing a policy that requires the encryption of all data on the company network. Now the bank is not only protecting the payment data, but all its data—thereby further reducing the risk of other critical business information from being intercepted.

    Risk management involves predicting and managing risks that could hinder the organization from reliably achieving its objectives under uncertainty.

    When it comes to risk management, a good starting point is for businesses to evaluate their potential cybersecurity risks in terms of their probability and their potential impact. In doing so, it’s important for a business to identify the data, devices, systems, and facilities that help it achieve its goals, as well as identify who’s responsible for them. This includes inventorying devices, systems, software, firmware, etc.; identifying mission-critical objectives; identifying procedures and security policies; and then performing a risk assessment and determining a risk management plan. There are solid risk management frameworks that exist to support companies in their evaluation process. A good example is the NIST Cybersecurity Framework.

    Compliance is the adherence to mandated boundaries (laws and regulations) and voluntary boundaries (corporate policies, procedures, etc.).

    Essentially, compliance is the process of ensuring that the business is adhering to the control objectives outlined by governance and regulations. It can consist of testing (penetration testing or internal testing) to ensure that (like in the bank example) all data is encrypted. It also provides documentation or proof that a business is backing up its stated policies with actions.

    This is important because in some regulations—like ISO 27001, SOC2, or U.S. Department of Defense’s Cybersecurity Maturity Model Certification—external auditors will verify that the business is doing what the policies say they are doing.

    This process is important because if someone misconfigures a device and it’s not encrypted, a breach could occur. In this instance, the bank must prove to a court that it was not negligent. The bank will need to demonstrate through policies, testing, and auditing that the business did take steps to prevent the breach. Compliance helps prove that the business wasn’t reckless. Obviously the fine or penalties the business would pay would be many times more if it is found negligent.

    Regulation is management by a governmental administrative agency that has been granted the authority to oversee and enforce proper conduct—via regulations or rules—within a given area of responsibility.

    Regulations (and legislation, or proposed regulations) are what a business is mandated to do. Regulations come in three basic forms: contractual, statutory, and regulatory. Depending on the type of business a company is running, it will have more or fewer regulatory obligations compared to other companies. For example, a chain of coffee shops will have far fewer regulatory obligations than a hospital, bank, or a government contractor.

    At the end of the day, a business must comply with regulations—the minimum requirements. The intent should be to take these minimum requirements and create policies and extract control objectives out of them. Regulations are often the starting point for policies.

    Risk versus Threat

    Risks and threats are two other terms that are often used interchangeably, and thus incorrectly. To better understand these terms, consider that you have an asset that you’re trying to protect and, like all assets, it has a vulnerability. With a vulnerability, there exists the threat that someone could exploit that vulnerability. The magnitude of the threat depends on the likelihood of someone exploiting the vulnerability. The risk is the potential impact to or loss of the asset to the business if the threat does occur or the vulnerability is exploited.    

    See Original Post

  
 

1305 Krameria, Unit H-129, Denver, CO  80220  Local: 303.322.9667
Copyright © 2015 - 2018 International Foundation for Cultural Property Protection.  All Rights Reserved