Physical Security Enhancement in Higher Institution
|
|
- Sharyl Whitehead
- 6 years ago
- Views:
Transcription
1 Physical Security Enhancement in Higher Institution Siti Riniy Fariza binti Mohd Borham, Hafiza Abas, Azizul Azizan and Sya Azmeela Syariff a Advanced Informatics School, University Technology Malaysia, Jalan Sultan Yahya Petra, Kuala Lumpur, Malaysia. Abstract As we know, in higher institution, the physical security is important as the physical protection of assets, to safeguard personnel, students, faculty, and staff; to prevent unauthorized access to equipment, installations, material, and documents; and to safeguard them against espionage, sabotage, damage, natural disasters, vandalism, and theft. The aim of this project/research is to improve the current/existing best practice and security precaution within the Menara Razak building. This paper identifies the issues and security concerns of implementing access control and perimeter protection in UTM KL building and open space areas. This paper focuses on the lobby/ground floor of Menara Razak building, the parking lot area, and the main entrance guard in UTM KL. Information was gathered through online survey forms, interview and direct observation of the location. The analysis done in the current situation of access control and perimeter protection implementation in UTM KL suggest the solutions to improve the current/existing best practice and security precautions within the location. Keywords: Access Control; Perimeter Protection; Literature Review; Physical Security. 1. Introduction University Technology of Malaysia (UTM) is a leading innovation-driven entrepreneurial research university in engineering science and technology. It is located both in Kuala Lumpur, the capital city of Malaysia and Johor Bahru, which is a vibrant economic corridor in the south of Peninsular Malaysia. UTM Kuala Lumpur (UTM KL) is a graduate campus of University Technology of Malaysia (UTM), and is under the same corporate structure as its main campus in Johor Bahru, Johor. The current UTM KL which is located at Jalan Sultan Yahya Petra, Kuala Lumpur. Currently, there are more than 900 staffs in both academic and non-academic. The administrative and academic support for UTM KL is provided by the major administrative office buildings such as the Office of the Registrar, Bursary, Library, Office of Asset and Construction Management, Centre for Information & Communication Technology and Office of Corporate Affairs, Menara Razak and MJIIT (Malaysia-Japan International Institute of Technology). There are several centers of excellence in UTM KL which carry out research activities and offer some academic programs. * Corresponding Author. Address: srfariza2@live.utm.my 1
2 Security is the quality or state of being secure which means to be free from danger. Physical security is the most important since it is the first layer of security. Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution. In higher institution, the physical security is important as the physical protection around those assets, such as to safeguard personnel, students, faculty, and staff; to prevent unauthorized access to equipment, installations, material, and documents; and to safeguard them against espionage, sabotage, damage, natural disasters, vandalism, and theft. Safe and secure campuses lead to better learning environments. They help attract and retain top faculty and administrators. To help create a safe and secure environment, UTM KL has already taken smart steps such as planning, and implementing physical security technology, including video surveillance cameras, physical access controls, and paging systems to secure the locations and valuable assets. In this paper, a study is conducted on the current issues in the physical security technology in UTM KL to describe the problem and suggest solutions. Therefore, there is a need to analyze the security issues and problems of the current implementation as well as other types of concern before giving recommendations. The aim of this project/research is to improve the current/existing best practice and security precaution within the Menara Razak building which consists of 17 floors. However, the scope of this research is focused on the lobby/ground floor of Menara Razak, the parking area, and the main entrance guard. 2. Literature Review In the context of IT security, physical security is about controlling access to facilities and it is also known as physical asset protection. The physical access control terms refer to the practice of restricting entrance to a property, a building, or a room to authorized persons [1]. Areas and entry points of the physical facility that are identified need different rules of access, or levels of security. These areas have concentric boundaries such as site perimeter and building perimeter or side-by-side boundaries such as visitor areas, offices and utility rooms. This design concept is a layered security and it is known as concentric circles of protection or defense in depth which is also part of the concepts included in Crime Prevention Through Environmental Design (CPTED) [2]. This security measure is to design three layers of security concepts which is the outer protective layer (e.g., natural or man-made barriers at property line. Barriers include walls, fences, doors, bollards, and gates), middle protective layer (e.g., exterior of building) and inner protective layer (e.g., doors within building) [2]. 2
3 Figure 1: Defense in Depth Security Map [2]. Physical access control can be achieved by a human operator (a guard, bouncer, or receptionist), through mechanical means such as locks and keys, or through technological means such as access control systems like the mantrap. Research done at Auburn University shows that the main function of access control is to offer a secure environment for students, faculty, staff and guests of the University [3]. Keys and card access were provided to all areas of the campus. Locks on doors and cores in locks were installed, and locks were repaired. Whereas on doors and buildings, card, proximity, and biometric readers were installed. Today, the many physical access control systems in use are incompatible with each other [4]. In a large organization which deals with physical and cyber infrastructure such as a leading telecommunications company or higher institutions, physical access control systems is a difficult task [5]. There are mainly four aspects that have raised complexities of managing physical access control systems [5]: Distributed geolocations of large number of buildings/zones; Different risk levels of buildings, which also have different levels of access control requirements; Different roles of the users who have access to buildings such as permanent employees and an outsourcing workers/visitors; and Constraints of time for accessing the building/areas. For instance, certain areas can be accessed during the day but they are locked during the night. In places like libraries, large organizations and Universities where people must have controlled and authorized access, the physical access control systems are becoming popular. Access control systems that integrate the latest authentication methods like RFID (Radio Frequency Identification) and biometrics have been developed. To control access, such systems required dedicated communication infrastructure, computer systems and specialized hardware [6]. 3
4 Physical Security Threats and Risks Literature shows that there are security threats and risks that need to be concerned and not overlooked. In the context of information security, a threat is an object, person, or other entity that represents a constant danger to the assets of the organization. There are three types of physical threats such as external physical threats, internal physical threats and human physical threats [7]. The external threats whereby some unauthorized people outside the organization who do not have access to the facilities. The unauthorized access is when the personnel/employees entering facilities during unusual hours or unauthorized employees walking through an open door behind an authorized employee (known as "piggybacking"). The examples of the external threats are: Natural events (e.g., floods, earthquakes, wind, hurricane, fire, and tornados); Other environmental conditions (e.g., extreme temperatures, high humidity, heavy rains, and lightning); Intentional acts of destruction (e.g., theft, vandalism, sabotage, espionage and arson); and Unintentionally destructive acts (e.g., spilled drinks, overloaded electrical outlets, and bad plumbing. Internal threats to physical security can come from current or former employees, contractors, and trusted business partners, including custodial staff and security guards. External and internal threats to facilities (and their staff) will continuously grow and so all procedures and technology should be kept under constant review [8]. The risks from these threats include unauthorized disclosure of information, disruption of service, loss of productivity, financial loss and legal implications. In an organization, generally and in higher institutions specifically, most of the security threats and risks are the result of insufficient and inappropriate access control. Hence, physical security controls should be implemented to prevent these threats from becoming reality. Poor access control can expose the organization to unauthorized access of data and programs, fraud, or the shutdown of computer services. One of the safeguards that can be used to prevent unauthorized access to an organization s sensitive or critical information and to minimize the impact to an organization from security breaches is a logical access control. The facilities building need to ensure that the boundary between public and private areas is secure and clearly signed [4]. Therefore, the physical security measures aim by creating a secure environment of the building and rooms to either prevent a direct attack on premises or reduce the potential damage and injuries that can be perpetrated should an incident occur [8]. 3. Methodology To explore the problems and issues within the Access Control (AC) implementation, both qualitative and quantitative approaches are suitable methods for this study. Information was gathered through survey forms (questionnaire) that have been distributed electronically 4
5 using Google forms to gather data relevant to the objectives and research questions. This online survey form allows for ease of distribution, cost efficiency, and reduces the occurrence of errors. Other approaches are through interview questions and direct observation of the location. Survey questions were developed based on literature review and a semi-structured interview is used to collect data from the key users of affected business units as well as guards. Respondents have been divided into three groups such as employee, security officer and student. The exploratory method of the literature review in physical security areas has also been done to explore scientific papers and resources about issues and challenges of implementing physical security perimeter and access control technology areas specifically in higher institutions. 4. Results In this section, several vulnerabilities of Physical Parameter (PP) and AC in UTM KL are analyzed to possibly detect and prevent an intrusion in the facility, where at the end of this study we will suggest the recommendation for physical security protection in UTM KL. Based on the online survey forms that had been filled up by the three (3) groups of respondents which are total of seventeen (17) respondents who completed the survey, there are a few issues or challenges in implementing the access control and perimeter protection in UTM KL. The survey responses were focusing on answering the research questions and objectives. Hence, this analysis is summarized based on research scope and findings that are divided into five (5) sections which are the physical security of the main lobby of Menara Razak, main entrance guard, open space parking area, security policy, and training and awareness. Table 1: The Scope Analysis of Physical Security Issues in UTM KL. No. Scope Issues/Vulnerabilities in MCO 1. Main Lobby of Access Control. There is no access card being implemented at the main lobby. Personnel can just enter the main door in the Menara Razak lobby area without having to touch or show the ID card. Employee or student ID was not frequently checked and is only checked manually by the guard on duty at the reception counter. Doors and Windows. Doors are only locked during the night. Intrusion Alarms. The alarm system is not linked to an outside service / police force. Surveillance System (CCTV). CCTV is only covered at the main lobby entrance door, but not at the external area of the lobby. The CCTV used is the static camera. 2. Main Entrance Guard of Fencing/Gates. It is made from metal. Intrusion Alarms. No alarm system at the main entrance guard. People and Vehicles Movement. The physical inspection was 5
6 No. Scope Issues/Vulnerabilities in MCO UTM KL not done to all vehicles whereby the car boot inspection was only done to certain vehicles. Security Guards. The weakness of the security guard, whereby guards did not check personnel ID. Surveillance System. The surveillance camera is not a motion detection camera, instead, it is a static camera. Hence, it does not cover all areas in the main entrance and no connection to an outside service or police force. 3. Open Space Parking Area 4. Information Security Policy 5. Training and Awareness Barrier. There is no barrier gate (boom barrier) or any other access control form while entering or exit the parking area. Segregated Parking. The student parking is not segregated from employee parking as well as visitor parking. Surveillance System. There is no video surveillance camera (CCTV) installed in the parking lots. Security Guards. There is no security guard duty in the parking area. Information Security Policy Not Updated. The policy and procedures are not updated and through observation, the existing security policy and procedures need a review and updates. Not all employee / student awareness about the security policy. Not all security officers received the properly certified training related to security. 5. Suggestion and Recommendation Based on the findings and results of perimeter and access control assessment, there is a need to improve the physical and environmental security in University Technology of Malaysia especially in areas as in Table 2. The recommendations are based on the research scope and findings that are divided into five (5) sections which are the physical security of the main lobby of Menara Razak, main entrance guard, open space parking area, security policy, and training and awareness. Table 2: Recommendation of PP and AC Enhancement in UTM KL 6
7 No. Scope Recommendation 1. Main Lobby of Physical Perimeter Security. It is recommended to implement CPTED that may help to enhance the AC and PP protection Menara Razak through environmental design. It can be accomplished by safeguarding the environment through natural surveillance or natural access control implementation. Natural forms of access control that can be implemented includes fences, low walls, benches, landscaping, gates and any barrier that is natural for the environment. Doors, Windows, Keys, Locks, and Security Devices. Mechanical forms of access control can be complemented to the natural access control such as organized forms such as security patrols and/or locks and alarms surrounding the area. Smart card security as a choice for securely controlling physical access to enter the Menara Razak building. The smart card for the physical access system (doors) can be used to easily authenticate a personnel s identity, define the correct level of access, and physically admit the cardholder to the building. The physical access device can be used, for example, the Gallagher Cardax Device. These devices are often used to control access to inner security areas and at facility entry and exits entrances. Physical Intrusion Detection/Surveillance Systems. The intrusion and detection system need to be improved using the effective alarm system and visualized surveillance. The motion detection camera for CCTV can resolve the monitoring issues which is can monitor and protect specific security critical area. The alarm system has to be integrated with the CCTV. An adequate external lighting will help to improve the abilities of CCTV systems if it is carefully designed and used. Effective CCTV systems may help to prevent a terrorist attack. If there is any intrusion incident, the good quality images can provide crucial evidence in court. 7
8 No. Scope Recommendation 2. Main Entrance Guard of Access Control System. The security concern that must be improved at the main entrance is on the AC of individual and vehicles. There is no effective access control implementation on UTM KL the physical entrance. Therefore, a security badge or pass system is recommended to be implemented to ensure that only authorized personnel enter, occupy, or leave a secure area, and to indicate limitations placed on access. For an effectiveness the AC, the card reader and coded credentials may be used to complement or replace badge checks as a means of access control. Then, it will be integrated with the Visitor Management System that can enhance the visitor access to the facility. Integrated Barrier System. It is suggested to implement an integrated barrier access system with sensors for authentication mechanism such as using an access card (smart card) or plate number recognition to detect any intrusion and to prevent an authorized access to the facility. By implementing this barrier system, the AC of the vehicle and visitor can be improved. To avoid the bottleneck of access at the main gate, there is a segregated boom gate between employee/student and visitor entrance Physical Intrusion Detection/Surveillance Systems. It is recommended to put a motion detection camera to get an effective image of the vehicle or personnel. It complements with the adequate lighting to illuminate all critical areas. 3. Open Space Parking Area Barrier Gate (Boom Gate). It is recommended to implement a barrier gate such as the installation of a boom gate to control access of vehicles in the parking area. Vehicle barrier is used to prevent penetration into security areas when such access cannot otherwise be controlled. To improve security, a boom gate with a smart card access authentication can be implemented. This can act as a second layer of access control. Physical Intrusion Detection/Surveillance Systems. It is also recommended to install a surveillance camera (CCTV) at the parking lots. With CCTV, it can deter a person with the intention of intruding, other criminal activities and provide valuable evidence to a case such as a car theft. But, CCTV is not complete without adequate lighting. Lighting Systems. It needs adequate lighting to illuminate all areas in the parking lots and provide a good quality image of the CCTV (Exterior lighting suitable for night guard surveillance). Segregated Parking/Far from Emergency Exit. To improve security, by implementing another safeguard such the parking 8
9 No. Scope Recommendation lots must be segregated between employees, students and visitors. To the greatest extent possible, the parking area should be inconveniently far from building emergency exits, therefore it is discouraging employees or students from using those exits as convenience accesses to their vehicles. 4. Information Security Policy 5. Training and Awareness Information Security Policy. The policy must be communicated to all employees and students clearly. Employees and students need to be exposed to a security policy by placing on the notice board and in the classroom as well as through or portal. The university needs to regularly update the policy as the technology and employee requirements change frequently. The security officers need to attend the certified training. We should also increase the awareness of safety through the awareness programs to let the employees and students realize the importance of physical security, and how to use the AC and PP technology in a correct manner. 6. Conclusion Through assessment of the current access control and perimeter protection implementation has been done through online survey forms, interview session, and direct observation. Our research suggested a comprehensive recommendation to resolve the security issues and concerns. The gathered information enables us to find the security concern and overcome it with suggestions and recommendations. Based on the recommendations, it can conclude that in the future, UTM KL can improve the security of perimeter by implementing the use of the integrated smart card physical access system. It is believed that a successful academic program cannot be guaranteed without a safe environment and each employee and student must be assured of an environment that is free from harm and satisfactory to teaching, learning and working. This research will help other researchers to understand the best practice that could be used to identify and analyze the security issues in physical security in UTM KL. It can be very helpful when assessing the suitable solutions/method that can be used to enhance the physical security implementation which will benefit UTM KL. 9
10 References [1] W. M. Fitzgerald, F. Turkmen, S. N. Foley, and B. O Sullivan, Anomaly analysis for Physical Access Control security configuration, 7th Int. Conf. Risks Secur. Internet Syst. Cris. 2012, [2] SecurityInfoWatch, Convergence and Layers of Security. [3] Auburn University, Access Control, [4] B. Alhalabi and C. Carryl, Universal physical access control system, Proc. - IEEE 14th Int. Conf. Bioinforma. Bioeng. BIBE 2014, pp , [5] E. Geepalla, B. Bordbar, and X. Du, Spatio-temporal Role Based Access Control for Physical Access Control Systems, 2013 Fourth Int. Conf. Emerg. Secur. Technol., pp , [6] I. Daradimos, K. Papadopoulos, I. Stavrakas, M. Kaitsa, T. Kontogiannis, and D. Triantis, A Physical Access Control System that utilizes existing networking and computer infrastructure, EUROCON Int. Conf. Comput. as a Tool, pp , [7] BestInternetSecurity.Net, Physical Threats and Security Control, [8] C. for the P. of N. Infrastructure, Physical security. [9] Z. J. Alach, Mapping the elements of physical security towards the creation of a holistic physical security model Master of Science ( Security Science ) at Edith Cowan University, no. May, [10] M. P. Coole, Physical Security Professional s Body of Knowledge : a cultural domain analysis of physical security s knowledge structure, no. May, [11] Carnegie Mellon University, Insider Threats and Physical Security of Organization, [12] H. Lin, M. Ross, and T. Mack, Design of a physical security perimeter fencing system, in 44th Annual 2010 IEEE International Carnahan Conference on Security Technology, 2010, pp
U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC)
U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC) Security Risk Assessment Tool Physical Safeguards Content Version Date:
More informationData Centre Security. Presented by: M. Javed Wadood Managing Director (MEA)
Data Centre Security Presented by: M. Javed Wadood Managing Director (MEA) EPI history and global locations UK origin, 1987 Singapore office, 1999 9 EPI offices worldwide Global partner network spanning
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationHIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationAirport Security & Safety Thales, Your Trusted Hub Partner
Airport Security & Safety Thales, Your Trusted Hub Partner www.thalesgroup.com/shield Securing People Ensuring Business Continuity Protecting Assets Thales Credentials Thales is a leading international
More informationASSURING BUSINESS CONTINUITY THROUGH CONTROLLED DATA CENTER
ASSURING BUSINESS CONTINUITY THROUGH CONTROLLED DATA CENTER IT Audit, Information Security & Risk Insight Africa 2014 Johnson Falana CISA,MIT,CEH,Cobit5 proverb814@yahoo.com Overview Information technology
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationBest Practices for Campus Security. January 26, 2017
Best Practices for Campus Security January 26, 2017 Welcome to Safe University (Safe U ) Protecting People, Property, and Tradition: The Safe University (Safe U SM ) Program By G. Michael Verden, Owner
More informationSchool Safety & Security: Priorities for Facilities
School Safety & Security: Priorities for Facilities Speakers Brett Hobza, AIA DLR Group Principal/K-12 Sector Leader Phil Wentz Tigard-Tualatin SD Facilities Manager Clem Spenner Willamette ESD Threat
More informationChemical Facility Anti-Terrorism Standards. T. Ted Cromwell Sr. Director, Security and
Chemical Facility Anti-Terrorism Standards T. Ted Cromwell Sr. Director, Security and NJ ELG Operations Meeting Today s Presentation ACC Action Major Rule Components Select Risk-Based Performance Standards
More informationPhysical Security. Introduction. Brian LeBlanc
Physical Security Introduction 1 Physical Security Provides for the protection of property, personnel, facilities, and material against unauthorized entry, trespass, damage, sabotage, theft, or other criminal
More informationDelivering Safety in Education
HIKVISION: Delivering Safety in Education An Overview of Hikvision s Integrated Security Solutions for Educational Institutions and Campuses Technology that Ensures Student Safety & Security is our No.
More informationPhysical and Environmental Security Standards
Physical and Environmental Security Standards Table of Contents 1. SECURE AREAS... 2 1.1 PHYSICAL SECURITY PERIMETER... 2 1.2 PHYSICAL ENTRY CONTROLS... 3 1.3 SECURING OFFICES, ROOMS AND FACILITIES...
More informationGlobal Risks Peculiar to Resorts: Richard G. Hudak Managing Partner Resort Security Consulting Inc.
Global Risks Peculiar to Resorts: Prevention, Management, Litigation Richard G. Hudak Managing Partner Resort Security Consulting Inc. www.resortsecurity.com Presenters Richard G. Hudak, Managing Partner,
More informationSecuring Data Centers: The Human Element
Securing Data Centers: The Human Element Michael Rozin Zvi Kremer April 12, 2018 Perpetrators, Threat Actors Security Personnel Targets, Enablers Securing Data Centers: The Threat Verizon London, Dec 6,
More informationPhysical and Environmental Security Policy Document Number: OIL-IS-POL-PES
Physical and Environmental Security Policy Document Number: OIL-IS-POL-PES Document Details Title Description Version 1.0 Author Classification Physical and Environmental Security Policy Physical and Environmental
More informationSelect Agents and Toxins Security Plan Template
Select Agents and Toxins Security Plan Template 7 CFR Part 331.11, 9 CFR Part 121.11, 42 CFR Part 73.11 Prepared by U.S. Department of Health and Human Services (HHS) Centers for Disease Control and Prevention
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationEXHIBIT A. - HIPAA Security Assessment Template -
Department/Unit: Date: Person(s) Conducting Assessment: Title: 1. Administrative Safeguards: The HIPAA Security Rule defines administrative safeguards as, administrative actions, and policies and procedures,
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationVulnerability Assessment. Detection. Aspects of Assessment. 1. Asset Identification. 1. Asset Identification. How Much Danger Am I In?
Detection Vulnerability Assessment Week 4 Part 2 How Much Danger Am I In? Vulnerability Assessment Aspects of Assessment Vulnerability Assessment is a systematic evaluation of asset exposure to threats
More informationCenteris Data Centers - Security Procedure. Revision Date: 2/28/2018 Effective Date: 2/28/2018. Site Information
Section 01 Document Information Creation Date: 12/1/2016 Centeris Data Centers - Security Procedure Revision Date: 2/28/2018 Effective Date: 2/28/2018 Section 02 Site Information Site Information Document
More informationworkplace hazards inspection form
workplace hazards inspection form Workplace Violence Company: Location: Floor Section: Date: Building: Name: (optional) Parking Lot Are the entrances and exits well marked? Does the lot have signs with
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationSecurity Guideline for the Electricity Sub-sector: Physical Security Response
Security Guideline for the Electricity Sub-sector: Physical Security Response Preamble: This guideline addresses potential risks that can apply to some electricity sub-sector organizations and provides
More informationSAND No C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department
SAND No. 2012-1606C S 0 606C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy s National Nuclear Security Administration
More informationInsider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm
Insider Threat Program: Protecting the Crown Jewels Monday, March 2, 2:15 pm - 3:15 pm Take Away Identify your critical information Recognize potential insider threats What happens after your critical
More informationGallagher Critical Infrastructure Solutions
Gallagher Critical Infrastructure Solutions Gallagher secures from the perimeter including gates, through to the facility access points and interior areas security.gallagher.co 2 Introducing Gallagher
More informationCYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018
CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018 Cyber fraud attacks happen; they can t all be stopped. The higher order question must be how can we, as fraud examiners and assurance professionals,
More informationENABLING DATA-DRIVEN PHILIPPINE ENTERPRISES VITRO DATA CENTER MAKATI A NEXCENTER-CERTIFIED FACILITY
ENABLING DATA-DRIVEN PHILIPPINE ENTERPRISES VITRO DATA CENTER MAKATI A NEXCENTER-CERTIFIED FACILITY TOTAL BUILDING AREA: TOTAL FLOOR AREA OF SERVER FARMS: RAISED FLOOR HEIGHT: 18,700SQM 6,800SQM 900MM
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationE-guide Getting your CISSP Certification
Getting your CISSP Certification Intro to the 10 CISSP domains of the Common Body of Knowledge : The Security Professional (CISSP) is an information security certification that was developed by the International
More informationPresented by Joe Burns Kentucky Rural Water Association July 19, 2005
Infrastructure Security for Public Water and Wastewater Utilities Presented by Joe Burns Kentucky Rural Water Association July 19, 2005 Public Health Security and Bioterrorism Preparedness and Response
More informationL E C T U R E N O T E S : C O N T R O L T Y P E S A N D R I S K C A L C U L A T I O N
L E C T U R E N O T E S : C O N T R O L T Y P E S A N D R I S K C A L C U L A T I O N Revision Date: 7/31/2014 Time: 1 hour OBJECTIVES The following objectives are covered in this Lecture Note. These objectives
More informationDATA SECURITY THE PROTECTION OF YOUR INFORMATION IS OUR PRIME DIRECTIVE
DATA SECURITY THE PROTECTION OF YOUR INFORMATION IS OUR PRIME DIRECTIVE OVERVIEW building security theft alarms point of entry interior & exterior closed-circuit camera monitoring impact-resistant windows
More informationNorfolk & Suffolk Crime Prevention Guidance Note Building Site Security
Norfolk & Suffolk Crime Prevention Guidance Note Building Site Security. The construction industry loses an estimated 43m a year through theft or vandalism, that s almost 1m per week (source: Home Office).
More informationAccess Easy Control System From anywhere just a click away!
Access Easy Control System From anywhere just a click away! 2 Easily Deployed, Easily Managed, Easily Scalable Like in most small and midsized enterprises, it s crucial for you to be able to control access
More informationThe University of British Columbia Board of Governors
The University of British Columbia Board of Governors Policy No.: 118 Approval Date: February 15, 2016 Responsible Executive: University Counsel Title: Safety and Security Cameras Background and Purposes:
More informationNIBS Building Innovation 2014
NIBS Building Innovation 2014 Integrated Rapid Visual Screening Process to Assess and Design Safe Schools Mila Kennett Department of Homeland Security Science and Technology Resilient Systems Division
More informationUnit 3 Cyber security
2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 3 - revised September 2016 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning
More informationA Safer World. A Secure Tomorrow. SECURITY AUDITS CONSULTANCY TRAINING.
A Safer World. A Secure Tomorrow. SECURITY AUDITS CONSULTANCY TRAINING www.consultmipl.com MIPL is a security consulting company from India, offering sustainable designs and solutions for security management.
More informationLaguna Honda Hospital and Rehabilitation Center. Security Management Plan
Laguna Honda Hospital and Rehabilitation Center Security Management Plan 2018-2019 REFERENCES California Code of Regulations, Title 8, Sections 8 CCR 3203 et seq. California Code of Regulations, Title
More informationIT Service Delivery And Support Week Eight - Data Center
IT Service Delivery And Support Week Eight - Data Center IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao 1 Data Center 101 Facility-Based Controls Physical security HVAC Fire Suppression
More informationSTATE OF NORTH CAROLINA
STATE OF NORTH CAROLINA AUDIT OF THE INFORMATION SYSTEMS GENERAL CONTROLS ELIZABETH CITY STATE UNIVERSITY JULY 2006 OFFICE OF THE STATE AUDITOR LESLIE MERRITT, JR., CPA, CFP STATE AUDITOR AUDIT OF THE
More informationBusiness Continuity: How to Keep City Departments in Business after a Disaster
Business Continuity: How to Keep City Departments in Business after a Disaster Shannon Spence, PE Red Oak Consulting, an ARCADIS group Agenda Security, Resilience and All Hazards The Hazards Cycle and
More informationPHYSICAL AND ENVIRONMENTAL SECURITY
PHYSICAL AND ENVIRONMENTAL SECURITY 1.0 STANDARD FOR PHYSICAL AND ENVIRONMENTAL SECURITY - EQUIPMENT 1.1 PURPOSE The purpose of this standard is to establish baseline controls to prevent loss, damage,
More informationChapter X Security Performance Metrics
DRAFT February 19, 15 BES Security s Working Group Page 1 of 7 Chapter X Security Performance s 1 3 3 3 3 0 Background The State of Reliability 1 report noted that the NERC PAS was collaborating with the
More informationINTELLIGENT BUILDING MANAGEMENT SYSTEMS: Guidance for Protecting Organizations
INTELLIGENT BUILDING MANAGEMENT SYSTEMS: Guidance for Protecting Organizations David J Brooks Michael Coole Paul Haskell-Dowland This guidance provides both the security and facility professional with
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationCritical Energy Infrastructure Protection. LLNL CEIP Approach
Critical Energy Infrastructure Protection LLNL CEIP Approach LLNL-PRES-654239 This work was performed under the auspices of the U.S. Department of Energy by under Contract DE-AC52-07NA27344. Lawrence Livermore
More informationManagement. Port Security. Second Edition KENNETH CHRISTOPHER. CRC Press. Taylor & Francis Group. Taylor & Francis Group,
Port Security Management Second Edition KENNETH CHRISTOPHER CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an informa business Preface
More informationSECURING OUR DATACENTERS
SECURING OUR DATACENTERS Jeffrey Lam ACP, RCDD AXIS COMMUNICATIONS 17 Nov 2016, 4.30pm SECURING OUR DATACENTERS Security is not a product nor a feature; it s an integration of culture, policies & systems
More informationNIGERIA SECURITY AND CIVIL DEFENCE CORPS INSTITUTE OF SECURITY OF NIGERIA
NIGERIA SECURITY AND CIVIL DEFENCE CORPS IN COLLABORATION WITH THE INSTITUTE OF SECURITY OF NIGERIA 2015/2016 ADMISSION INTO MANDATORY BASIC PROFESSIONAL CERTIFICATE COURSES FOR PRIVATE AND PUBLIC SECURITY
More informationQuickBooks Online Security White Paper July 2017
QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationCardiff University Security & Portering Services (SECTY) CCTV Code of Practice
Cardiff University Security & Portering Services (SECTY) CCTV Code of Practice Document history Author(s) Date S Gamlin 23/05/2018 Revision / Number Date Amendment Name Approved by BI annual revision Date
More informationNew York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief
Publication Date: March 10, 2017 Requirements for Financial Services Companies (23NYCRR 500) Solution Brief EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker s advanced
More informationWorkbench Software Customer Portal Security. By Workbench Software, LLC. Creation Date: January 2011 Last Updated: May 2011 Version: 2.
Workbench Software Customer Portal Security By Workbench Software, LLC Creation Date: January 2011 Last Updated: May 2011 Version: 2.0 Page ii Contents Workbench Software Security 3 Overview 3 Workbench
More informationPolicy and Procedure: SDM Guidance for HIPAA Business Associates
Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:
More informationINHERENT SECURITY: PROTECTING PROCESS PLANTS AGAINST THREATS
INHERENT SEURITY: PROTETING PROESS PLANTS AGAINST THREATS by Paul Baybutt Primatech Inc., 50 Northwoods Blvd., olumbus, OH 43235 paulb@primatech.com This paper has been accepted for publication in hemical
More informationTSA/FTA Security and Emergency Management Action Items for Transit Agencies
TSA/FTA Security and Emergency Management Action Items for Transit Agencies AACTION ITEM LIST Management and Accountability 1. Establish Written System Security Programs and Emergency Management Plans:
More informationElectronic Security Systems Process Overview
US Army Corps Infrastructure Systems Conference Electronic Security Systems Process Overview Electronic Security Center 4 August 2005 Outline About the Electronic Security Center Physical Security System
More information2015 Risk Element: Extreme Physical Events
2015 Risk Element: Extreme Physical Events Industry Webinar October 15, 2015 Administrative Items NERC Antitrust Guidelines It is NERC s policy and practice to obey the antitrust laws fully and to avoid
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationHosted Testing and Grading
Hosted Testing and Grading Technical White Paper July 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or
More informationCIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra
CIP-014 JEA Compliance Approach FRCC Fall Compliance Workshop Presenter Daniel Mishra Acronyms & Terminologies DHS Department of Homeland Security JEA It s not an acronym JSO Jacksonville Sheriff's Office
More informationIntroduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?
Introduction Controlling Information Systems When computer systems fail to work as required, firms that depend heavily on them experience a serious loss of business function. M7011 Peter Lo 2005 1 M7011
More informationYour single source for a safe, secure, and sustainable airport
Your single source for a safe, secure, and sustainable airport Innovative and comprehensive solutions www.usa.siemens.com/es Answers for infrastructure. Turning challenges into sustainable success Every
More informationHIPAA Security Checklist
HIPAA Security Checklist The following checklist summarizes the HIPAA Security Rule requirements that should be implemented by both covered entities and business associates. The citations are to 45 CFR
More informationHIPAA Security Checklist
HIPAA Security Checklist The following checklist summarizes the HIPAA Security Rule requirements that should be implemented by both covered entities and business associates. The citations are to 45 CFR
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationIN A FAST MOVING WORLD YOU CAN RELY ON AC2000; A POWERFUL ACCESS CONTROL AND SECURITY MANAGEMENT SYSTEM AC2000
IN A FAST MOVING WORLD YOU CAN RELY ON ; A POWERFUL ACCESS CONTROL AND SECURITY MANAGEMENT SYSTEM WHAT CAN OFFER YOU? CEM MANUFACTURES BOTH THE HARDWARE AND SOFTWARE, OFFERING ONE OF THE MOST COMPREHENSIVE,
More informationThe City of Mississauga may install Closed Circuit Television (CCTV) Traffic Monitoring System cameras within the Municipal Road Allowance.
Policy Number: 10-09-02 Section: Roads and Traffic Subsection: Traffic Operations Effective Date: April 25, 2012 Last Review Date: Approved by: Council Owner Division/Contact: For information on the CCTV
More informationSecurity Management Models And Practices Feb 5, 2008
TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related
More informationSecuring Information Systems
Chapter 7 Securing Information Systems 7.1 2007 by Prentice Hall STUDENT OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationInformation Security Management System
Information Security Management System Based on ISO/IEC 17799 Houman Sadeghi Kaji Spread Spectrum Communication System PhD., Cisco Certified Network Professional Security Specialist BS7799 LA info@houmankaji.net
More informationThe University of Sheffield CCTV and Body worn cameras (BWC) Privacy Impact Assessment
The University of Sheffield CCTV and Body worn cameras (BWC) Privacy Impact Assessment 1. INTRODUCTION 1.1 This Privacy Impact Assessment (PIA) CCTV and BWC is recommended in The Surveillance Camera Code
More informationWORKPLACE VIOLENCE HAZARDS INSPECTION FORM 1
WORKPLACE VIOLENCE HAZARDS INSPECTION FORM 1 Date: Conducted By: Campus: Building: Location: Parking Lot Are the entrances and exits well marked? Does the lot have signs with security reminders (e.g. lock
More informationISSP Network Security Plan
ISSP-000 - Network Security Plan 1 CONTENTS 2 INTRODUCTION (Purpose and Intent)... 1 3 SCOPE... 2 4 STANDARD PROVISIONS... 2 5 STATEMENT OF PROCEDURES... 3 5.1 Network Control... 3 5.2 DHCP Services...
More informationData Protection Privacy Notice
PETA Limited Page 1 of 7 Data Protection Privacy Notice PETA Limited provides a range of services to both members of the public and to those employed within business. To enable us to provide a service,
More information2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY
2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY Purpose: The purpose of this policy is to provide instruction and information to staff, auditors, consultants, contractors and tenants on
More informationPhysical Security Standard
Physical Security Standard Version: 1.6 Document ID: 3545 Copyright Notice Copyright 2018, ehealth Ontario All rights reserved No part of this document may be reproduced in any form, including photocopying
More informationSecurity Guideline for the Electricity Sector: Physical Security
1 Security Guideline for the Electricity Sector: Physical Security Preamble: It is in the public interest for NERC to develop guidelines that are useful for improving the reliability of the bulk electric
More informationCYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME
FACULTY OF LAW DEPARTEMENT: CIVIL LAW MASTER STUDY THEME: CYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME Mentor: Prof. Ass. Dr. Xhemajl Ademaj Candidate: Abdurrahim Gashi Pristinë, 2015 Key words List
More informationLayer Security White Paper
Layer Security White Paper Content PEOPLE SECURITY PRODUCT SECURITY CLOUD & NETWORK INFRASTRUCTURE SECURITY RISK MANAGEMENT PHYSICAL SECURITY BUSINESS CONTINUITY & DISASTER RECOVERY VENDOR SECURITY SECURITY
More informationInformation Technology Disaster Recovery Planning Audit Redacted Public Report
1200, Scotia Place, Tower 1 10060 Jasper Avenue Edmonton, Alberta T5J 3R8 edmonton.ca/auditor Information Technology Disaster Recovery Planning Audit Redacted Public Report June 12, 2018 City of Edmonton
More informationREMOTE MONITORING. Why Your Security Force Needs Support
REMOTE MONITORING Why Your Security Force Needs Support In today s security industry, emerging technologies and an increased level of connectedness are creating opportunities for facility managers, IT
More informationDISASTER RESPONSE & RECOVERY PLANNING. Information Technology Services
DISASTER RESPONSE & RECOVERY PLANNING Information Technology Services Review Frequency: Annual Review Schedule: March 2016 ADDITIONAL DETAILS Vendor list details redacted from this version. Effective:
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers
All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision
More informationATTACHMENT 3 ZAB Page 1 of 8. The police department feels that the expanded use and hours are okay with the recommended security upgrades.
Page 1 of 8 From: White, Byron E. Sent: Wednesday, April 24, 2013 8:28 AM To: Greene, Elizabeth Subject: Re: 1799 University comments The police department feels that the expanded use and hours are okay
More informationContent Protection & Security Standard
Content Protection & Security Standard GOVERNANCE AND SECURITY CULTURE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND AWARENESS BUSINESS RESILIENCE Content Protection
More informationBuilding Automation & Control System Vulnerabilities
1 Building Automation & Control System Vulnerabilities by Is there an open door into your facility? Dave Brooks, PhD Associate Professor, Security Science School of Science 1 2 OVERVIEW Background of Research
More informationSecurity in Depth Webinar
Security in Depth 050213 Webinar Welcome and thank you for standing by. All parties will be in a listen-only mode for the duration of today s conference call. Today s call is being recorded; if anyone
More informationManagement Information Systems. B15. Managing Information Resources and IT Security
Management Information Systems Management Information Systems B15. Managing Information Resources and IT Security Code: 166137-01+02 Course: Management Information Systems Period: Spring 2013 Professor:
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationHUMANITARIAN COORDINATION TRAINING. Safety & Security in Humanitarian Coordination
HUMANITARIAN COORDINATION TRAINING Safety & Security in Humanitarian Coordination Pre-Departure Security Considerations Make appointment for pre-departure security briefing with your organization Research
More informationData Processing Amendment to Google Apps Enterprise Agreement
Data Processing Amendment to Google Apps Enterprise Agreement The Customer agreeing to these terms ( Customer ) and Google Inc., Google Ireland, or Google Asia Pacific Pte. Ltd. (as applicable, Google
More informationUnit 2 Essentials of cyber security
2016 Suite Cambridge TECHNICALS LEVEL 2 IT Unit 2 Essentials of cyber security A/615/1352 Guided learning hours: 30 Version 1 September 2016 ocr.org.uk/it LEVEL 2 UNIT 2: Essentials of cyber security A/615/1352
More information