Private Security Exam 2
TSA
Transportation Security Administration
UAV
Unmanned aerial vehicles
o Computer access
What is the potential for loss of equipment? What is the impact to the business if computer systems are rendered inoperable? What information is stored on the computer systems that if lost or compromised, could cause the organization damage (to include loss or profits or reputation)?
o The control and supervision of entry into the facility
What method is used to identify employees? How are applicants screened before they are employed? How are visitors (including salespeople, vendors, and customers) controlled? How are privately owned vehicles controlled? Who delivers the morning mail and when? How are empty mail sacks handled? Do you authorize salespeople or solicitors for charity in the facility? How are they controlled? Are their credentials checked? Who does the cleaning? Do they have keys? Who is responsible for these keys? Are they bonded? Who does maintenance or service work? Are their toolboxes inspected when they leave? Are their credentials checked? By whom?
• The Federal Energy Regulating Commission (FERC
has also developed security standards for electric utilities
Public Events and Cultural/City Centers • Yankee Stadium: World Series held immediately following 9/11
o 1,500 police officers on alert in and around the facility o Sharpshooters and fighter jets o Bomb dogs were employed to sniff area o All flights over the stadium were banned o Sent a clear message to any would-be terrorists
Probability
o A mathematical statement concerning the possibility of an event occurring
• US Department of Agriculture (USDA)
o Alerted food and agriculture community workers to monitor feedlots, stockyards, and import and storage areas o Published the Pre-Harvest Security Guidelines and Checklist (2006)
• Security Management Considerations
o Are adequate auditing procedures in effect on all programs and systems? o What are the protocols governing system access? o How is computer use logged? How is the accuracy of this record verified? o How is remote access tracked for LANs, WLANs, or WANs? o Are adequate firewall controls in place? o What is done to determine access from outside sources through the internet, if appropriate? o Are there audits of downloads to laptop computers? o What is the off-site storage procedure? How are such files updated? o Who has keys to computer spaces and how often is the list of authorized key holders evaluated? o What controls are exercised over access, and how often is the list of those authorized to enter updated?
Freight Transportation Security Consortium • Includes businesses involved in:
o Asset tracking o Vehicle monitoring o The freight industry in general
By mid 2004, 20 of the world's largest seaports were partnering with the US in the CSI
o Calls for international security criteria to identify high-risk cargo containers o These containers would be pre-screened at their point of shipment o Difficult to implement, considering the need for international understanding and additional security personnel
Human Resources Organization • Concerns
o Can the area be isolated from the rest of the facility and/or building after hours? o How are door and file keys secured? How is access control to the area managed? o If records are stored on computer systems, are proper controls in place? Can computer files be accessed from remote locations? o Are files kept locked during the day when they are not in use? o What system is followed with regard to the payroll department when employees are hired or terminated?
• For example
o Certain days or seasons may emerge as those on which problems occur o Targets for crime may become evident as more data is amassed. This may enable the security director to reassign priorities o A profile of the types and incidences of crimes—possibly even of the criminal—may emerge o Patterns of crime and their modus operandi on payday or holiday weekends may become evident o Criminal assaults on company property may take a definable or predictable shape or description, again enabling the security director to shape countermeasures better
Threat Assessment • First step in risk analysis is identifying the threats and vulnerabilities of premises
o Consider the specific vulnerabilities in a given situation o Examples: A retailing company may be less concerned about fire hazards than is a manufacturing firm that operates a foundry Retailer will be concerned with shoplifting o Specific threats are not always obvious
• Town Centre Improvement District, Houston - A prime example of what security can accomplish
o Covers 1.5 square miles o Employs approximately 15,000 people and draws over 15 million visitors each year
DHS also created the Homeland Security Advisory System
o Each level of threat was represented by a different color o Seems to have outlived its usefulness • Was replaced with the National Terrorism Advisory System (NTAS) • DHS has recently changed strategies to target only major cities for funding over the next several years
• Companies are suggesting increased security to include:
o Employee identification checks o Communication plans, including increased use of Global Positioning Systems (GPS) o Operator awareness training and incident reporting
The US VISIT Program • A top priority because it:
o Enhances the security of citizens and visitors o Facilitates legitimate travel and trade o Ensures the integrity of the immigration system o Protects the privacy of visitors
Freight Transportation Security Consortium Are suggesting
o Expanded use of Geographical Positioning Satellites (GPS) o All hazardous materials carriers monitored o Vehicles moving from their predetermined route will be spotted early and law enforcement alerted to the possible problem
• The transition to the Department of Homeland Security has not been smooth
o Failure of FEMA in post Katrina disaster o GAO reports that the DHS has failed to provide adequate support to its mission components • Some legislation passed after September 11, 2001, has failed to achieve any meaningful objectives
Intelligence Reform Act of 2005
o Includes portions of the proposed Private Security Guard Act of 2002 o The American Society for Industrial Security International (ASIS) worked closely with the US government in an attempt to pass industry standards o This act allows employers in all 50 states to receive FBI criminal background checks on all security employees
Cyber Security and Computer Protection • The USA Patriot Act
o Increased the reach of the federal government in investigating computer crimes, among other increased federal powers o Based on The Computer Fraud and Abuse Act
Museums • Have acknowledged the need for improvements in their security • For example:
o Increasing access control measures o Stronger package checking standards o Better identification systems o Installation of security systems
• Nuclear Regulatory Commission (NRC)
o Is requiring additional security in its already significant control measures to protect radioactive materials o There are currently 104 nuclear reactors in 31 states, which account for 19.6% of US electricity generation o Oversight of emergency preparedness is shared with the Federal Emergency Management Agency (FEMA) o Workload and budget limitations have slowed progress in meeting mandated deadlines for security upgrades
• Department of Transportation's Office of Pipeline Safety (OPS)
o Looked at risk associated with pipeline safety and security o Required that pipeline operators identify and address risks in areas where a rupture would have the greatest impact on populations or ecological systems
In 2007, the Homeland security budget was 54.3 billion
o Many state officials complained that too little effort has been made to improve communication of vital intelligence information, and not enough emphasis has been placed on local intelligence operations
• According to the 2007 GAO report, DHS continues to face programmatic and partnering challenges
o Must overcome continuing challenges related to: • cargo, transportation, and border security • systematic visitor tracking • efforts to combat the employment of illegal aliens • outdated Coast Guard asset capabilities
• In contrast, more limited security responses include
o One-dimensional security o Piecemeal security o Reactive security o Packaged security • An integrated or systems approach to security is not always the desired solution (especially for small businesses)
• May include:
o People o Buildings o Machines o Raw materials o Paperwork and information stored in computer systems
American Psychopathological Society (APS) • Focuses on two broad areas
o Prevention • Efforts focus on traditional issues of security, border protection and secrecy o Preparedness • Concerned about early detection of threats, rapid diagnosis and response/recovery
Varied Private Enterprise Response
o Private sector response often prompted by federal mandates o But private industry also initiated many security enhancements on their own
• Immigration and Naturalization Service (INS)
o Proposed more detailed information about persons who enter or leave the United States by boat or plane o Since 2008, all persons entering the U.S. must have legal passports ( includes U.S. citizens crossing Mexican and Canadian borders)
• A good example of public and private cooperation
o Public Safety Wireless Network (PSWN) - A joint initiative between the Departments of Treasury and Justice • US-CERT (U.S. Computer Emergency Readiness Team) o Companies, universities, and government agencies are reporting cyber attack crimes in increasing numbers
City Centers • A 2006 Rand study identified 39 security measures to substantially reduce the risk of terrorist attacks at enclosed shopping centers, including
o Public information campaigns encouraging shoppers to report suspicious packages o Placing vehicle barriers at pedestrian entrances, to block suicide bombers o Search kiosks on a regular basis o Clearly labeling exits for shoppers o Searching bags and requiring shoppers to remove their coats to insure that no one is hiding a bomb
• The Federal Emergency Management Agency (FEMA)
o Publication that includes information on disaster supply kits, emergency planning, how to locate and evacuate to a shelter, etc. o Following the problems associated with the Katrina operation in 2006, Homeland Security established the National Advisory Council to advise FEMA
• The Department of Health and Human Services
o Put local health department; hospitals and medical providers on alert to report any unusual disease patterns o Enhanced inspection of imported foods
• Dollar loss is not simply the cost of the item lost, but also includes
o Replacement cost o Temporary replacement o Downtime o Discounted cash o Insurance rate changes o Loss of marketplace advantage o Impact to company reputation
• Even with training and good intentions there are still problems
o Salt Lake City, Trolley Square, February 14, 2007, 6 people were killed by a single gunman
ASIS Efforts
o Security operations o New certification programs for security professionals -Professional Certified Investigator (PCI) -Physical Security Professional (PSP) • ASIS is also a leader in sponsoring seminars on terrorism issues around the world
• Probability of loss
o Should security dollars be spent to reduce the potential for such a loss? o It is not possible to say until the probability has been assessed o Will a loss certainly occur if nothing is changed, or is the occurrence improbable?
• Health Care Agencies
o Smallpox vaccinations for soldiers
The International Ship and Port Facility Security Code • Took effect in July 2004
o The code allows the state controlling ports to deny access to ships not meeting security standards o Requires: Ship operators to develop security plans The appointment of ship and company security officers Maintaining a minimum of on-board security personnel
• Criticality
o The impact of a loss as measured in dollars
Analyzing the Facility
o The issuance of main entrance keys to all tenants in a building. How often are entrance locks changed? What is the building procedure when keys are lost or not returned? How many tenants are in the building? What businesses are they in?
• Patriot Act II
o The new bill was received with negative reaction when leaked to the public. Opposition is plentiful, with many who believe that the actions violate judicial oversight and 4th Amendment protections o The Act was disassembled and parts inserted into other legislation o For example, the Intelligence Authorization Act of 2003 increases the use of surveillance measures and significantly expands FBI powers o President Obama extended the Patriot Act without reforms or modifications
Analyzing the Facility
o The perimeter. Check fencing, gates, culverts, drains, lighting (including standby lights and power), overhangs, and concealing areas o The parking lot. Are employees' automobiles adequately protected from theft or vandalism? Is the lot sufficiently isolated from the plant or office to prevent unsupervised back-and-forth traffic? Are there gates or turnstiles for the inspection of traffic, if that is necessary? Are these inspection points properly lighted? Can packages be thrown over or pushed through the fence into or out of the parking lot? o All adjacent building windows and rooftops. Are spaces near these adjacencies accessible to them? Are they properly secured? o All doors and windows less than 18 feet above ground level. How are these openings secured? o The roof. What means are employed to prevent access to the roof?
Hospitals • Working to increase access control as a primary means of mitigating problems such as
o Theft o Terrorism o Vandalism o Narcotics problems o Handling the mentally ill and disgruntled • Added measures for increasing access control - e.g.: o Access control cards o CCTV o Identification systems o Metal detectors
• Recent changes in sports facilities security
o Tightened restrictions on bags, coolers, etc. o Gate inspections o Lock down between events o Greater credentialing of staff o Monitor air intakes
• Key goals:
o To develop a front line defense against today's immediate threats • e.g., sharing information regarding network vulnerabilities, threats, and events within and between the federal, state, and local governments o To defend against the full spectrum of threats • e.g., enhancing the US government's counterintelligence capabilities and increasing the security of the supply chain for key information technologies o To strengthen the future cyber security environment • e.g., expanding cyber education and research to deter hostile or malicious activity in cyberspace • All of this will be done in coordination with the Executive Branch's Cyber-security Coordinator
• These guidelines were passed on to the North American Electric Reliability Council (NERC)
o Vulnerability/risk analysis o Threat response o Emergency planning o Business continuity o Communications o Physical security o Cyber issues o Intrusion detection o Backgrounding/screening
• The International Council of Shopping Centers has held anti-terrorism training since 2004
o e.g., how to spot suicide bombers; behavioral and situational awareness
• In 2003, approximately $600 million was released to the states from the Homeland Security Department
o funds were designated for equipment, planning and training exercises for first responders • In addition, $750 million was released for firefighters •
• Risk management
thus defined as making the most efficient before-the-loss arrangement for an after-the-loss continuation of business o Allows risks to be handled in a logical manner
• A promising security tool may be unmanned aerial vehicles (UAVs
used since 2003 to monitor offshore oil fields for leaks and potential thieves • Also, infrared technology works well to detect oil and gas leaks
Comprehensive National Cyber Security Initiative (2009)
• A comprehensive approach to secure the nation's digital infrastructure
Report of the Survey
• A report should be prepared, indicating those areas that are weak in security • Recommendations that might reasonably bring the security of the facility up to acceptable standards, mitigating potential areas of risk • It must be understood that security directors will rarely get all of what they want. It is almost always too costly to completely eliminate risks.
State/Local Response
• All areas of the country are seeing various local responses to the potential threat of terrorism o Overall, such added security measures are costly
Federal Identification Cards
• An effort to develop a federal identification card failed to receive support when included in the Patriot Act II • The federal government continues to discuss options that would allow for higher levels of trust in identification systems currently controlled by most states -- i.e., driver's licenses, birth certificates, death certificates • Some opponents are concerned that tracking technology would be embedded in the cards and the federal government could actively monitor a citizen's whereabouts
The Security Survey (Vulnerability Analysis)
• An exhaustive physical examination of the premises and a thorough inspection of all operational systems and procedures • Overall objective is to determine the existing state of its security, locate weaknesses in its defenses, determine the degree of protection required, and ultimately lead to recommendations • Motivation to set the survey in motion should come from executive management • The survey may be conducted by staff security personnel or by qualified security specialists • Whoever undertakes the survey should have training in the field and should also have achieved a high level of ability
Security Files
• As these files are broadened, they will become increasingly useful • Given the present atmosphere of litigation for failure to provide adequate security, these files showing an efficient security operation can be invaluable
Information Systems
• Computer-related security problems have become more critical to companies as they increase their dependence on information systems
Agriculture
• Concern over agro-terrorism has resulted in tighter security over investigations as recommended by federal agriculture inspectors • USDA's department of Animal and Plant Heath Inspection Service—Veterinary Services (APHIS-VS) o Has received support for expanded services to monitor borders
Foreign Conference Visitors
• Concern that foreign students and professors, who are working for their government or terrorist organizations, will try to infiltrate seminars in larger numbers o Solution—increased background checks of attendees
Construction Industry
• Construction Specifications Institute (CSI) o Plans to revise its MasterFormat system to include more specifications on security o Recommendation for contractors - e.g.: Construction requirements Products and activities
Port/Shipping Security
• Container Security Initiative (CSI) (2002) - has major international components
• Homeland Security Presidential Directive/Hspd-12 (2004)
• Created a standard for federal identification of federal employees
Securing the Nation's Computers
• Creation of the Cyber Warning Information Network (CWIN) o The development of a private, compartmentalized federal network for government agencies and private sector experts, to share information during major events Not governmentally driven but rather an industry-led activity to find solutions
Anti-Bioterrorism
• DHS BioWatch program established in 2003 o Monitors air for possible biological attack in approximately 30 cities o But no detailed plan on how to respond in the event of positive alarms
Protection of Chemical Manufacturing Sites
• DHS is attempting to set standards
Federal Response in the United States
• Department of Homeland Security - Established in 2003 o Folds twenty-two law enforcement, security, and intelligence agencies into one conglomerate organization o Overarching mission - To preserve freedoms while protecting the US from potential land, sea, air, or in-country terrorist attacks
The Student and Exchange Visitor Information System (SEVIS)
• Department of Homeland Security initiated a $36 million computer tracking system to monitor student and exchange visitors at universities • Designed to track approximately 500,000 foreign students who come to the United States each year to attend school
Airport Security
• Dramatically impacted by the events of September 11, 2001 o In 2006, the TSA confiscated over 13 million prohibited items at airport security checkpoints
• 2005, President Bush requested $44 million for the Water Sentinel program
• Early warning system in key cities to monitor water systems for chemical and biological contaminants • Implementation is challenged by current congressional budget cuts
Electrical Grid Issues
• Edison Electric Institute (EEI) developed guidelines for protecting electrical facilities
• Safe Drinking Water Act
• Enforcement is a top federal government priority • EPA estimates that $276.8 billion is needed over 20 years, to comply with current regulations • $1 billion is needed for security alone
Risk Management
• First step is recognizing the threats • It costs a company great sums of money to protect assets, information, and personnel • The progressive manager recognizes that property risks are formidable and that they must be managed
Federal Building Security Initiatives
• Following September 11, 2001, the GAO was asked to consider how well the concerns voiced after the Muir bombing had been addressed o Auditors found that only 50% of the agencies had completed security assessments o The GAO continues to monitor progress
The Security Industry has Undergoing Dramatic Changes
• For example, the creation of the Transportation Security Administration (TSA) and federalization of the national airport security and passenger screening system, which was traditionally handled by the private sector • Federal involvement is also visible in other transportations fields
Concerns
• In the big picture, most businesses and institutions do not represent viable targets for terrorist attacks • The emphasis on protection from terrorism may be diverting attention and funding away from other more significant and real threats • The United States government has established the largest new cabinet level department since World War II • The concern about balancing the need to monitor with the citizen's right to privacy
How Much Insurance?
• Insuring to the amount of replacement is clearly the wiser course to follow • Property values, or more specifically building costs, rarely decline • Replacement cost coverage is more expensive than is cash value coverage • Insuring at replacement cost will not, as a rule, cover the full cost involved in a major disaster
Asset Assessment
• It is important to have a clear understanding of what assets are being protected, and of the nature and type of business being protected • May be as simple as protecting a person, or protecting billions of dollars of materials
The Public Security and Bio Terrorism Act
• Mandates that water systems serving over 100,000 persons must meet vulnerability assessments by March 31, 2003 • Estimates are that it would cost over $450 million to bring smaller water systems into compliance with this act
Specific State Responses (Examples)
• Mississippi o Illegal to possess or release harmful biological substances • Illinois o Mandated that all municipalities with populations over 1 million adopt an ordinance mandating emergency procedures for high rise building • Denver, Colorado o Monitor early symptoms of bio terror attack • Port Authorities of New York and New Jersey have spent $2.7 billion on security-related costs since the 9/11 attack • Chicago Transit Authority (CTA) has the potential to have the police monitor live views inside CTA buses
• A key element in the battle against potential agro-terrorism - the farmer
• Must learn about the potential of attack and what to look for
Over the Road
• Over 4 million miles of interstates, national highways and other roads in use by the trucking industry • Government and trucking industry are working to monitor hazardous material carriers
Hospitals cont.
• Parking facilities are being carefully monitored using CCTV, security officers, and/or emergency call boxes • High-risk areas such as the emergency room, obstetrics/pediatrics, psychiatric unit, cash handling areas, pharmacy, research department, operating rooms, and locker rooms are controlled with increased access control that include alarmed doors, detectors, card readers and CCTV • Open door policies, while still in use, are no longer safe
Basis of Probability Calculations
• Physical location • Physical aspects of the facility • Procedures • Policies • History of the industry • Specific site history • State-of-the-art of the criminal element
Global Security
• President Bush's declaration of war on terrorism o Resulted in worldwide coalition and support • To date, the war on terrorism has cost the US $545 billion
Homeland Security's Primary Concerns
• Prevention of terrorist attacks within the United States • Reduction of American's vulnerability to terrorism • Minimize damage and recover from attacks that do occur (which now includes natural disasters)
The Transportation Security Administration (TSA)
• Randomly search vehicles outside airport terminals during heightened security alerts o It is likely that such warrantless, random searches will be legally challenged • Zero tolerance enforcement policy on vehicles left unattended or loitering at curb check-in areas • Cell phone waiting lots for arriving passenger pickups are far removed from the terminal, to help the TSA monitor suspicious behavior
National Terrorism Advisory System (NTAS)
• Replaced the Homeland Security Advisory System (the original system developed in 2002) • Designed to improve coordination and cooperation among all levels of government and the public • Intended to offer a common vocabulary to understand the threat of terrorism • Includes the Ready Campaign, designed to educate the public on potential threats and steps in proper planning • The new warning system of the Ready Campaign is designed to be more effective than the original (color coded) system, which was seen as ineffective and overly alarmist • A key aspect of the new NTAS (and overall emphasis of DHS) is to share responsibility
Retail
• Security operations in malls have come under scrutiny • Many stores retain their proprietary security forces to catch shoplifters and internal thieves • Stores located in malls also rely on security personnel to provide protection to shoppers in the mall commons and parking areas
Conference Sights and Hotels
• Security, which was often invisible, is now expected to be seen, in order to quell perceptions of fear by visitors • At a minimum, security professionals at hotels and resorts are expected to review disaster and crisis management plans, and in some cases conduct drills for employees
• The Center for Disease Control and Prevention
• The Center for Disease Control and Prevention
Summary
• The area of risk analysis, as with law, can be complicated • Security managers who assume major responsibility for risk management should consider enrolling in courses directed toward risk management, cyber security, and insurance • Dollars may be spent on security measures that have little impact on the actual protection of company assets while other assets remain vulnerable to destruction, theft or other vulnerabilities • Insurance has become part of the overall loss prevention plan • Security planning in turn has an impact on the cost associated with insurance • The more comprehensive the security plan, the lower the costs
The Cost-Effectiveness of Security
• The average losses suffered by the industry in general, or the reduction in losses by the organization over a given period o Example: If a security operation costing $400,000 annually were estimated by some formula using a mix of the data mentioned previously to have saved a potential in theft and vandalism of $300,000, would it be deemed advisable to reduce the department's operating budget by $100,000 or more? (Obviously not.)
Bus Security
• The bus transportation system is represented by the American Bus Association o Established an Anti-Terrorism Action Plan Promote security vigilance among operators through training and partnerships with law enforcement agencies Assist companies in the development of plans Preserving the bus industry as a strategic transportation reserve Protect the transportation infrastructure
The Costs • The following timeline provides some insight into the high cost of the "war on terror" over the past decade:
• The governor of Illinois reported that the orange alert terror status had cost the state about $20,000 a day • Estimated that municipalities spent approximately $2.1 billion on equipment in 2002 • Cities of over 30,000 were spending $70 million a week on security in 2003
Joint Public/Private Initiatives
• The need for cooperation between public law enforcement and private security has never been greater • Initiatives will need to overcome traditional issues of trust, jargon, and objectives
Emergency Response Plans
• The plans fill a need in case of a terrorist attack, and are also useful in cases of natural disasters o Plans need to be multi-jurisdictional in the nature of the response and the need o These plans have been developed utilizing a variety of sources, including FEMA
Rail Security
• The rail companies have been asked to increase security at major facilities and key rail hubs • At the request of DOT, railroads are required to monitor shipments of hazardous material, as well as increase security measures on trains carrying such materials • There are over 140,000 miles of rail line, carrying over 2 million loads of hazardous materials each year • The TSA does not have the budget to protect the rail system, although they rank attacks against chemicals in transit and stored as among the nation's most serious risks
Rail Security
• The sheer number of daily travelers and cargo transported makes extensive security measures a challenge • However, Amtrak and regional metro systems have increased security, in some cases requiring rail staff to check tickets prior to train boarding • In large rail terminals, taxi stands have been moved to the street and away from their previous underground rail locations • States and local governments have been asked to provide either police or National Guard protection for selected rail bridges
Oil and Gas Facilities
• There are over 2.2 million miles of gas, oil and hazardous material pipelines in the United States • Refineries and oil/gas fields are also potential targets • Prior to 9-11 there were minimum security standards for this morass of pipelines
Periodic Review
• To be effective a security plan must be dynamic • Must change regularly in various details to accommodate changing circumstances in a given facility
Transit Security
• Transit agencies have taken many steps to improve security o Conducting vulnerability assessments o Revising emergency plans o Training employees • Still many challenges o Funding o Transportation network must remain open and accessible
o Security:
• Uses mounted patrols • Contracts services with local law enforcement departments • Visibility has made employees and shoppers feel safe
The Intent in Protecting the US from Further Attacks Reflects Several Issues
• What are the respective roles of the states and private enterprise? • With consideration for the events of 9-11, the Federal government is exploring efforts to control segments of American life that have not been previously subject to government scrutiny
School Safety
• the DHS has encouraged local school districts to implement emergency response and crisis management plans
o Department of Justice report (2007)
60 percent of 120 mall directors surveyed reported that training of security personnel had not improved since 9/11
• Water utilities throughout the nation have spent hundreds of millions of dollar in infrastructure costs including
Water monitoring Physical security systems Emergency training and planning
Events that create lasting impressions -- September 11, 2001
-Creation of the Department of Homeland Security (DHS) -Largest reorganization of the United States federal government since 1947 -Tom Ridge sworn in as the first Secretary of the Department of Homeland Security (January 24, 2003)
• A good risk management program involves four basic steps:
1. Identification of risks through the analysis of threats and vulnerabilities 2. Analysis and study of risks, which includes the probability and severity of an event 3. Optimization of risk-management alternatives Risk avoidance Risk reduction Risk spreading Risk transfer Self-assumption of risk Any combination of the above 4. Ongoing study of security programs
ASIS
American Society for Industrial Security
o Landscaping.
An important aspect of the security survey. Are bushes, overgrowth, and trees pared back enough to ensure there are no hiding places for a potential criminal?
o Keys and key control (traditional or electronic
Are keys properly secured when they are not in use? Are locks replaced or recorded when a key is lost? Are locks and locking devices adequate for their purpose? Are all keys accounted for and logged? What system is used for the control of master and sub-master keys? Is there adequate security to prevent unauthorized access and use of computer keying systems?
o Computer systems and network
Are the computer equipment and network properly protected from fire, water damage and physical attacks? Is there a backup system? Are computer files properly backed up? Where are backups stored? Does the computer system have a backup power system or protection for power surges? What types of access measures exist? How is the system protected from unauthorized access? Are firewalls in place?
o Fire
Are there sufficient fireboxes throughout the facility? Are they properly located? Is the type and number of fire extinguishers adequate? Are they frequently inspected? How far is the nearest public fire department? Have they ever been invited to inspect the facility? Does the building have automatic sprinklers and automatic fire alarms? Are there adequate fire barriers in the building?
CWIN
Computer Warning Information Network
DARPA
Defense Advanced Research Projects Agency
DHS
Department of Homeland Security
o All areas containing valuables.
Do safes, vaults, or computer rooms containing valuables have adequate alarms? What alarms are in place to protect against burglary, fire, robbery, or surreptitious entry? Are computers protected from hackers and unauthorized employee use? How are hardware, software, and media protected?
FBI
Federal Bureau of Investigation
FEMA
Federal Emergency Management Agency
Summarize the purpose and functions of the Department of Homeland Security. Key Points
HSAS Merged 22 federal agencies Prevention of terrorists attacks against the U.S. Reduction of vulnerability to terrorists attacks in the U.S. Minimize damage and establish good recover from attacks that do occur
o The off-hours when the facility is not in operation and all nighttime hours
How many guards are on duty at various times of day? Are guards alert and efficient? How are guards equipped? How many patrols are there, and how often do they make their rounds? What is their tour? What is the guard communication system? Are post orders documented and up-to-date?
INS
Immigration and Naturalization Service
o Video surveillance.
Is there a video surveillance system in place? Are cameras properly located and protected? Who monitors the system or is it monitored? What type of system has been designed for review and destruction of old video footage or digital records? What controls assure that images cannot be manipulated?
What role has the American Society for Industrial Security—International played in shaping private security policy and professionalization since 9-11
Key Points Unified standards New certifications Sponsor terrorism seminars
NSA
National Security Agency
• Risk Analysis
Once security goals and responsibilities have been defined, and an organization has been created to carry them out, the ongoing task of security management is to identify potential areas of loss, and to develop and install appropriate security countermeasures. o Implicit in this approach is the concept of security as a comprehensive, integrated function of the organization.
SEVIS
Student Exchange Visa Information System