New Year Is Great Time For Comprehensive Security Review

Jan 1, 2004 12:00 PM, Thomas W. Leo


         Subscribe in NewsGator Online   Subscribe in Bloglines

Conducting a comprehensive security review should be an accepted business process, designed to identify potential or actual weak areas within companies and guard forces — areas vulnerable to possible losses of which there might otherwise be no indication, and for which cost-effective solutions may be available.

However, prior to implementation of the review, a business entity must take the time and dedicate the effort to identify its assets — never mind the current “buzzwords” — people, information, property. This process is concomitant to identification of vulnerabilities: Where might your business be hurt the worst — possibly in the least amount of time?

Obviously a value must be placed on each asset, since management will be required to support expenditures designed to protect that asset.

Ideally, the process begins with a threat and vulnerability analysis, then proceeds to security evaluations of the site(s), and concludes with recommendations designed to mitigate the identified problem areas, always keeping in mind what factors are critical to the operation, and what they are vulnerable to.

This article will identify four recommended phases. To a degree, they are independent; however, the most important and instantly effective is the site/business security evaluation (Phase II).

Thomas W. Leo is a graduate of the United States Military Academy at West Point and has more than 30 years of experience in the security industry. His Delaware-based consulting operation services the business, government and legal communities. He is a lifetime CPP and has served on the Board of Directors of ASIS International. E-mail him at thomasleo@mindspring.com

SHARE YOUR STORY…

Every month, we are offering information about managing guard services and leading in-house staff. Among other things, this page will offer an opportunity for readers to share the management lessons they have learned and to provide other helpful information to their peers in the industry. To offer suggestions, or to contribute to this page, contact Jennifer Pero at (770) 618-0135 or e-mail jpero@primediabusiness.com

PHASE I.

Initial Risk Identification (What are the potential problem areas?) Consider these factors:

BUSINESS RELATED

  • Competitors
  • Customers
  • Technology Change
  • Political Change
  • Legal Change
  • Markets Restructure
  • Regulatory Change

ORGANIZATIONAL/LEADERSHIP

  • Reorganization
  • Communication Breakdown
  • Change in Performance Incentives
  • Limits of Authority

PEOPLE-RELATED

  • Loss of Key People

  • Fraud, Theft, Burglary, Forgery, Embezzlement

  • Ethical Failures

  • Theft/Loss of Intellectual Property, including Trade Secrets

  • Crime

  • Strikes/Labor Action

  • Sabotage

FINANCIAL AND COMMERCIAL ASPECTS

  • Interest Rates
  • Currency, Cash Flow
  • Financial Markets
  • Contractual Breakdown
  • Litigation
  • Intellectual Property Challenge

OPERATIONAL IMPACTS

  • Fire — deliberate or accidental

  • Natural Hazard — (tornado, flood, storms, earthquake)

  • S.H.E. Incident

  • Supplier Failure, raw materials

  • Product Tamper/Recall/Contamination

  • Terrorism (domestic/industrial), bomb threats, extortion.

  • Civil or Political Unrest

INFORMATION-RELATED IMPACTS

  • Loss of data

  • System Integrity, access, vulnerability

PHASE II.

Security Evaluation (What is your current, existing posture?)

EXTERNAL

  • Lighting evaluation

  • Security Force

  • Perimeter Protection — Access Control

INTERNAL

  • Lock and Key Control
  • Alarms and Electronics
  • Theft Control Procedures
  • Proprietary Information Protection
  • Personnel Security
  • Emergency Procedures
  • IT/Data Security
  • Fire Safety

PHASE III.

Business Recovery/Disaster Planning/Crisis Management

PLANS (BUSINESS- INCLUDING IT/IS)
TOP MANAGEMENT APPROVAL
DESIGNATED, SPECIFICALLY TRAINED LEADER AND BACKUP
IN WRITING
UPDATED REGULARLY, OFFSITE COPIES
REHEARSED
GOVERNMENT. (LOCAL, STATE AND FEMA) INVOLVEMENT

PHASE IV.

Decisions (What do you do?)

NOTHING — STATUS QUO — NO CHANGE — ACCEPT IDENTIFIED RISKS
CHANGE — SUDDEN, PHASED IN, PHILOSOPHICAL, CULTURAL
INSURE — (SELF, OUTSIDE — YOUR CHOICE)

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

Today's New Product

Product 1 Image

JVC PTZ Network Dome Camera

The indoor pan/tilt/zoom (PTZ) VN-V686U network dome camera from JVC Professional Products Co. features a 36x optical zoom lens that is powerful enough to capture an image of a ring on the finger of an intruder from far away. A silent direct drive mechanism provides subtle, fast and accurate PTZ operation. Other features include an auto-tracking function, which allows the system operator to tag a moving object for the camera to follow; 0.25-in. CCDs with 380,000 effective pixels; and full-motion, dual-stream JPEG and MPEG-4.

To read more...


Govt Security

Cover

SUBSCRIBE

This month in Access Control

Popular Stories

Quick Links

Webinar

Mass Notification Systems

Join AC&SS and ADT as they discuss the crucial role of mass notification systems before, during, and after emergency situations.
March 26 at 2pm ET

Register Now!

Back to Top