Successful Security Consulting

Transcription

1 Successful Security Consulting Preparing a Responsive, High-Impact Consultant s Report Presenter John M. White CPP, CHPA Principal Consultant, Protection Management, LLC 1

2 Authoritative (Def) Someone or something having power, influence or the right to control and influence decisions. Someone who knows a great deal about a certain subject and who is generally considered an expert. A book (or report) written by an expert on certain subject matter is an example of an authoritative work. 2

3 What are the Security Differentiators? Type of Business or Environment Example: Utilities - What makes utilities different? Critical infrastructure, responsibility for sustainability Highly regulated energy management solutions Emphasis upon safety & security, liability Islands of utility assets, sometimes urban environment, diverse protection base Multiplicity of functions & purposes Culture of safe and secure vs free and open campus access Complex collaboration w/other utilities, institutions, individuals & industry plus the government Implement emerging & oftentimes immature technologies 3

4 Common Types of Reports 4

5 5

6 Security Assessment Reports Owner Key Questions What Is to Be Protected? Protected Against? Consequence of Loss? Level of Protection? Specific Requirement? Protection Constraints? Integrated System/response? Return on Investment? 6

7 Assessment Report Scope Observations of security practices employed by employees, contractors, vendors and visitors while on-site at occupied facilities. A review of security policies and procedures in place for each facility and observations of proprietary and contracted security personnel during their application of security measures. An assessment of existing security equipment installed at each facility; any installation plans for new security equipment, if applicable; building infrastructure; perimeter and building lighting; perimeter barriers and/or fences; and portable security equipment. Interviews of key stakeholders, employees, business unit mangers and security personnel at each facility to assess security measures in place and security related concerns relating to the facility. In locations where a tenant or landlord relationships existed between and other independent businesses, interviews are conducted with representatives of the businesses. 7

8 Assessment Report Scope Report Cover Acknowledgements & Security Table of Contents Executive Summary Introduction & Scope Facilities Description, Security Context Existing Security Program Risk Analysis, Design Basis Evaluation & Observations Findings & Recommendations Conceptual Security Plan/Master Plan for Security Interview Results Appendices 8

9 Security Assessment Report 1.00: PROJECT BACKGROUND Holly Springs Development Site : FLCC SITE RISK ASSESSMENT Overall Risk Environment Pandemic Preparedness Risk Assessment Approach FLCC Asset Analysis FLCC Threat Analysis Site Risk Assessment CAPRisk ANALYSIS Risk Conclusions : GENERAL FLCC SECURITY CONCEPTS Overall Security Objectives Overall Security Options Overall Space Standards Overall Security Requirements : FLUCC FACILITIES SECURITY CONCEPT Site Risk Management Site Perimeter Site Lighting Site Parking Location and Protection of Critical Components Loading Dock Security Management System Facilities Access Control Windows/Glazing Lobby Security CCTV Assessment & Surveillance Communications Intrusion Detection Complex Infrastructure Information Technology, Personnel Securityand Employee Awareness Programs : FLUCC FACILITIES SECURITY OPERATIONS Site Security Operations Site Security Space Allocation FLCC SECURITY APPLICATIONS CONCEPTS

10 Security Assessment Report 6.1 Site Perimeter Security Administration Building Bulk Manufacturing Fill Finish and Packaging Warehouse Facility Operations Other Facility Security Concepts : SAMPLE GATES/BARRIER DEVICES PRELIMINARY CONSTRUCTION COST ESTIMATES RISK REDUCTION BENEFIT

11 Anatomy of a Basic Assessment Report 11

12 Outside Cover 12

13 Inside Cover 13

14 Acknowledgements 14

15 Security Notice This report contains sensitive and confidential information. It includes methodology, descriptions, and targets of opportunity to circumvent security, access control, intrusion detection and CCTV surveillance systems at the Company facilities in Cleveland, Ohio. This report also contains proprietary methodologies and approaches belonging to PRISM Security, Inc. Intentional or inadvertent disclosure of the contents of this report outside the normal distribution established by Sample Company could compromise the safety and security of company employees, visitors, and resources at the facility upon completion of planned construction. This information is furnished to the intended addressee in confidence. No other use or distribution, direct or indirect, of this document or the information contained herein, other than by the addressee is authorized. The recipient shall not publish or otherwise disclose or distribute the information to others except as determined by Company security department staff, who collectively have a need to know without written permission. 15

16 Table of Contents 16

17 Executive Summary 17

18 Introduction & Scope 18

19 Description of Facilities 19

20 Description of Existing Program 20

21 Risk Analysis 21

22 Consultant s Evaluation & Opinion 22

23 Findings and Recommendations 23

24 Appendices 24

25 Summary of Recommendations 25

26 Selling Security to Management Are we secure? Gaps? Corrections? Total program cost? Hardware? Personnel? Facilitate business operations? Culture? Percent of budget allocated to strategies? Cost effectiveness per strategy? Needed? Similar industries? Same or different strategies? Older strategies eliminated? Updated? Impact of laws, codes, ordinances, insurance? Annual maintenance cost? Systems upgrades? Return on investment? Recurring or capital? Anticipated improvements? Results? 26

27 Conceptual Design Report 27

28 Design Concept Report Introduction Methodology Protection Elements Cost Estimates Recommendations/Options Conclusion Attachments Pricing Worksheets Sketches 28

29 29

30 Where It Fits in the Process Analyze Plan Design Integrate Implement Operate Conceptual Design bridges the gap from Planning to Design The very first conceptual designs are done during planning to serve as a basis of Rough Order of Magnitude (ROM) cost The final conceptual design serves as the design template that is given to the designers (architects & engineers) 30 30

31 Why Have A Conceptual Design? Conceptual design is the result of applying available technologies and processes to the functional design requirements. Conceptual design includes the solutions that will meet the functional requirements (design basis) but not in great detail. Conceptual design allows the project team to evaluate how the system should or would work before a lot of design effort is put fourth

32 Design Selection REQUIREMENT: Control access to the facility and audit access and egress to sensitive restricted areas within the facility such that headcounts can be established through a combination of intelligent barriers, access control electronics, and effective procedures. 32

33 Design Selection REQUIREMENT: Detect unauthorized intrusion attempts and provide a central monitoring and display capability in the most secure area of the facility. 33

34 Conceptual Solutions Functional Objectives Deter Signs Barriers Presence Delineation Delay/Deny Barrier Architectural feature Natural feature Automated response Control Restricted access/egress Card ID Detect Interior Exterior Assess/Surveil Human CCTV Display Display Alarms Transactions Size / Color / Touch Flat Screen Monitor Visual/ audible Exception only 34

35 Conceptual Solutions Functional Objectives Communicate Voice/Radio Hardwire Copper/coax/fiber Radio frequency Coordinate Security/safety Command Personnel Supervision Person/tech interface/console Service/Respond Dispatch Standards/Policy Intervene Response Procedure Defeat Automated Armed/unarmed Record Report(s) Archive/Manage Recover Contingency plan Instill Awareness Responsibility for asset protection 35

36 Security Concept Design Focus Site Perimeter/grounds Parking/remote Areas Facility Exterior/access Points Lobby and Entry/exit Areas Production/admin/office Computer/finance/accounting Shipping/receiving/distribution Common Areas/cafeteria/vending Support Systems/waste Management 36

37 Effective Security Concepts People Reliable, trained, & motivated Integrated Procedures Purposeful, understandable, easily enforced Integrated Technology Effective, easy to use, reliable & responsive Facilities Support function Information Reporting for proactive response 37

38 Schematic Design Typical drawings w/device types & locations Riser diagram Cost estimate Specification outline Schedules (only if requested): Door Wiring/Cable 38

39 Protective Measures Cost Effectiveness Operational Impact Lost Throughput Physical Reconfiguration $ Safety and Operational Efficiency Vulnerability / Risk Reduction Reduced Loss Experience $ Increased Coverage Reduced Loss Risk Reduced Insurance Cost of Operation Installation and Operations $ Life Cycle Maintenance Manpower Savings User Confidence Nuisance Alarms Deterrence Value Increased Safety / Security 39

40 Cost Estimating Rules of Thumb Exterior intrusion systems - $7-20/ft Interior intrusion systems - $75-200/ea Exterior CCTV Fixed $2,000 Exterior CCTV PTZ $3,500 Interior CCTV Fixed $500-1,000 Interior CCTV PTZ $1,500-2,500 CCTV Switching/Recording $500-1,000/input High Security Portal $50,000 Screening Point $25,000 CCTV Lighting $2,000/100M Zone 40

41 Cost Estimating Rules of Thumb Retractable bollards Hydraulic $8,000 ~ Manual $2,000 Passive Vehicle Barriers Buried tires $14/8ft Concrete Barriers $200/800 Berm/Ditch $ / 100LF Cable in fence $5/LF King Tut $600 Planter $800 Crash Gate 24 $35K Fencing Chain link 7 $12LF With outriggers $17 Ornamental $25-200LF Obscuration $5-40LF Gate House $6-10,000 Bullet resistant doors $4K(low) - $6K (hi) Bullet resistant windows $300(low) - $600(hi) LF Blast resistant glass $50 (1/8 ) - $300 (polycarb.) LF 41

42 Crime Prevention STRATEGIES NATURAL ACCESS CONTROL: Built And Natural Obstacles NATURAL SURVEILLANCE: Sight Lines, Natural Views NATURAL TERRITORIAL REINFORCEMENT: People Can Have Psychological Ownership of Space DESIGN CONCEPTS Mechanical Concepts: Target Hardening Organizational Concepts: Personnel Natural Concepts: Physical and Spatial Features 42

43 It gets easier after the first 100 or so 43

44 Questions & Discussion 44