SlideShare una empresa de Scribd logo

Physical Security Assessment

Descargar como PPTX, PDF
Faheem Ul Hasan
Faheem Ul Hasan

best one with Security professional

1 de 20
Physical Security Assessment
Agenda Physical Security – Baseline Definitions and Convergence Drivers What is a Risk Assessment; When Should You Do One; and Why? Determining Your Company’s/Organization’s Unique/Individual Risk Appetite Getting Started – The Project Plan Sample Risk Assessment Tools Your Corrective Action Plan – Basics to Consider
Physical Security Baseline Definitions Physical security involves measures undertaken to protect personnel, equipment and property against anticipated threats. ,[object Object]
Active measures include the use of proven systems and technologies designed to deter, detect, report and react against threats.ISO 27001 role of physical security – Protect the organization’s assets by properly choosing a facility location, maintaining a security perimeter, implementing access control and protecting equipment. The physical security office is usually responsible for developing and enforcing appropriate physical security controls, in consultation with the computer security management, program and functional managers, and others, as appropriate. Physical security should address not only central computer installations, but also backup facilities and office environments. In the government, this office is often responsible for the processing of personnel background checks and security clearances. What is the impact of convergence (merging IT security and physical security) on this role and how does it play into the responsibilities for physical security risk assessments and action plans?
Security Roles and Responsibilities Operational Security ,[object Object],Facilities Management ,[object Object],Information Security ,[object Object],[object Object]
The purpose of the risk assessment is to assess the system’s use of resources and controls (implemented and planned) to eliminate and/or manage vulnerabilities that are exploitable by threats to the organization. It will also identify any of the following vulnerabilities:Risks associated with the system operational configuration System’s safeguards, threats and vulnerabilities New threats and risks that might exist and, therefore, will need to be addressed in the corrective action plan ,[object Object]
The risk assessment should:Provide a clear definition of the scope of the assessment such as present configuration, physical, environmental, personnel, telecommunications, and administrative security services provided Identify which assets need to be protected and assign a value to each asset, identify owners and label its business criticality. Identify any and all threats. ,[object Object]
Once identified, prioritize threats along with means to counter and respond to them,[object Object]
When Should You do a Risk Assessment? Your Company has a policy to conduct a periodic or annual enterprise risk assessment You are opening a new facility or moving You have had an audit finding You have had a breach / other identified vulnerability Compliance to legal and regulatory requirements Mergers, acquisitions, divestitures Outsourcing Partnerships and alliances You are implementing a new technology Other?
Why Should You Do a Risk Assessment? ,[object Object]
Since 911 everyone is increasingly concerned with safety of tenants and employees
If you don’t have an integrated risk assessment, how do you know what your security program should be, what to do first, second, etc.?
How do you justify costs, resources, schedules, etc. without the output of a risk assessment?
How do you know if you are compliant to legal and regulatory requirements?
How do you know what an acceptable level of risk is for your organization and how do you communicate that and implement policies and procedures around that?
Through the process of the risk, threat and vulnerability assessment you will learn and discover things about your environment that were previously unknown.
Depending on time and available resources, quantitative and qualitative assessments both have value. There are pros and cons to each.,[object Object]
What level of risk exposure requires immediate action? Why?
What level of risk requires a formal response strategy to mitigate the potentially material impact? Why?
What events have occurred in the past, and at what level were they managed? Why?Each question is followed by a “why” because the organization should be able to articulate the quantitative and/or qualitative basis for the appetite, or it will come off as backwards-looking (based only on historical events) or even arbitrary. Develop a risk appetite table.

Recomendados

Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security AssessmentGary Bahadur
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
Physical Security
Physical SecurityPhysical Security
Physical SecurityKriscila Yumul
 
Physical Security Management System
Physical Security Management SystemPhysical Security Management System
Physical Security Management SystemDaniel Suchy, CPP, MSyI
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.pptFaheem Ul Hasan
 
Physical security
Physical securityPhysical security
Physical securityDhani Ahmad
 
Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplacedougfarre
 

Recomendados

Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security AssessmentGary Bahadur
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
Physical Security
Physical SecurityPhysical Security
Physical SecurityKriscila Yumul
 
Physical Security Management System
Physical Security Management SystemPhysical Security Management System
Physical Security Management SystemDaniel Suchy, CPP, MSyI
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.pptFaheem Ul Hasan
 
Physical security
Physical securityPhysical security
Physical securityDhani Ahmad
 
Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplacedougfarre
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security AssessmentsTom Eston
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security PresentationWajahat Rajab
 
Physical Security.ppt
Physical Security.pptPhysical Security.ppt
Physical Security.pptBiggBoss4Unseen
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Security Site Surveys and Risk Assessments
Security Site Surveys and Risk AssessmentsSecurity Site Surveys and Risk Assessments
Security Site Surveys and Risk AssessmentsEnterprise Security Risk Management
 
6 Physical Security
6 Physical Security6 Physical Security
6 Physical SecurityAlfred Ouyang
 
The Six Stages of Incident Response
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response Darren Pauli
 
7. physical sec
7. physical sec7. physical sec
7. physical sec7wounders
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
The Perimeter Protection Issues, Technique and Operation
The Perimeter Protection Issues, Technique and OperationThe Perimeter Protection Issues, Technique and Operation
The Perimeter Protection Issues, Technique and OperationHafiza Abas
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
Security Training Incident Investigation And Report Writing.Ppt
Security Training Incident Investigation And Report Writing.PptSecurity Training Incident Investigation And Report Writing.Ppt
Security Training Incident Investigation And Report Writing.PptFaheem Ul Hasan
 
Module 10 Physical Security
Module 10 Physical SecurityModule 10 Physical Security
Module 10 Physical Securityleminhvuong
 
Security supervisor ppt
Security supervisor pptSecurity supervisor ppt
Security supervisor pptAccord Group
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical SecurityJorge Sebastiao
 
JPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportJPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportDivya Kothari
 
Guarding Against Robbery & Assault
Guarding Against Robbery & AssaultGuarding Against Robbery & Assault
Guarding Against Robbery & AssaultFaheem Ul Hasan
 

Más contenido relacionado

La actualidad más candente

Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security AssessmentsTom Eston
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security PresentationWajahat Rajab
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
The Six Stages of Incident Response
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response Darren Pauli
 
7. physical sec
7. physical sec7. physical sec
7. physical sec7wounders
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
The Perimeter Protection Issues, Technique and Operation
The Perimeter Protection Issues, Technique and OperationThe Perimeter Protection Issues, Technique and Operation
The Perimeter Protection Issues, Technique and OperationHafiza Abas
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
Security Training Incident Investigation And Report Writing.Ppt
Security Training Incident Investigation And Report Writing.PptSecurity Training Incident Investigation And Report Writing.Ppt
Security Training Incident Investigation And Report Writing.PptFaheem Ul Hasan
 
Module 10 Physical Security
Module 10 Physical SecurityModule 10 Physical Security
Module 10 Physical Securityleminhvuong
 
Security supervisor ppt
Security supervisor pptSecurity supervisor ppt
Security supervisor pptAccord Group
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical SecurityJorge Sebastiao
 

La actualidad más candente (20)

Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security Assessments
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security Presentation
 
Physical Security.ppt
Physical Security.pptPhysical Security.ppt
Physical Security.ppt
 
information security management
information security managementinformation security management
information security management
 
Security Site Surveys and Risk Assessments
Security Site Surveys and Risk AssessmentsSecurity Site Surveys and Risk Assessments
Security Site Surveys and Risk Assessments
 
6 Physical Security
6 Physical Security6 Physical Security
6 Physical Security
 
The Six Stages of Incident Response
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response
 
7. physical sec
7. physical sec7. physical sec
7. physical sec
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
The Perimeter Protection Issues, Technique and Operation
The Perimeter Protection Issues, Technique and OperationThe Perimeter Protection Issues, Technique and Operation
The Perimeter Protection Issues, Technique and Operation
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
 
Security Training Incident Investigation And Report Writing.Ppt
Security Training Incident Investigation And Report Writing.PptSecurity Training Incident Investigation And Report Writing.Ppt
Security Training Incident Investigation And Report Writing.Ppt
 
Module 10 Physical Security
Module 10 Physical SecurityModule 10 Physical Security
Module 10 Physical Security
 
Security supervisor ppt
Security supervisor pptSecurity supervisor ppt
Security supervisor ppt
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
8 Access Control
8 Access Control8 Access Control
8 Access Control
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical Security
 

Destacado

JPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportJPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportDivya Kothari
 
Guarding Against Robbery & Assault
Guarding Against Robbery & AssaultGuarding Against Robbery & Assault
Guarding Against Robbery & AssaultFaheem Ul Hasan
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
Example security risk assessment tool july 2010
Example security risk assessment tool july 2010Example security risk assessment tool july 2010
Example security risk assessment tool july 2010WarrenGreen
 
Sample Risk Assessment
Sample Risk AssessmentSample Risk Assessment
Sample Risk AssessmentScott Johnson
 
DHL eCommerce - International Product Portfolio
DHL eCommerce - International Product PortfolioDHL eCommerce - International Product Portfolio
DHL eCommerce - International Product PortfolioIan Butters
 
Social networking present 5 20
Social networking present 5 20Social networking present 5 20
Social networking present 5 20Victor Hurdle
 
FEMA - Workplace Violence Awareness
FEMA - Workplace Violence AwarenessFEMA - Workplace Violence Awareness
FEMA - Workplace Violence Awarenessbeff57
 

Destacado (12)

JPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportJPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment Report
 
Guarding Against Robbery & Assault
Guarding Against Robbery & AssaultGuarding Against Robbery & Assault
Guarding Against Robbery & Assault
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professional
 
Example security risk assessment tool july 2010
Example security risk assessment tool july 2010Example security risk assessment tool july 2010
Example security risk assessment tool july 2010
 
Sample Risk Assessment
Sample Risk AssessmentSample Risk Assessment
Sample Risk Assessment
 
Chapter008
Chapter008Chapter008
Chapter008
 
DHL eCommerce - International Product Portfolio
DHL eCommerce - International Product PortfolioDHL eCommerce - International Product Portfolio
DHL eCommerce - International Product Portfolio
 
HIPAA security risk assessments
HIPAA security risk assessmentsHIPAA security risk assessments
HIPAA security risk assessments
 
DHL GoGreen
DHL GoGreenDHL GoGreen
DHL GoGreen
 
Social networking present 5 20
Social networking present 5 20Social networking present 5 20
Social networking present 5 20
 
Workplace Security
Workplace SecurityWorkplace Security
Workplace Security
 
FEMA - Workplace Violence Awareness
FEMA - Workplace Violence AwarenessFEMA - Workplace Violence Awareness
FEMA - Workplace Violence Awareness
 

Similar a Physical Security Assessment

2. Improving an Existing Sec Sys
2. Improving an Existing Sec Sys2. Improving an Existing Sec Sys
2. Improving an Existing Sec SysMicheal Isreal
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comCh08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comphanleson
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Tammy Clark
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of securityciso_insights
 
Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practicesphanleson
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfalokkesh
 
BLE 1213 MUST.pptx- basics principles of Physical Security
BLE 1213 MUST.pptx- basics principles of Physical SecurityBLE 1213 MUST.pptx- basics principles of Physical Security
BLE 1213 MUST.pptx- basics principles of Physical SecurityMajor K. Subramaniam Kmaravehlu
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji JacobBeji Jacob
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniyaseraljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniYaser Alrefai
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security backgroundNicholas Davis
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!Heather Salmons Newswanger
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
A Guide for Businesses.pdf
A Guide for Businesses.pdfA Guide for Businesses.pdf
A Guide for Businesses.pdfDaviesParker
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoMark John Lado, MIT
 

Similar a Physical Security Assessment (20)

2. Improving an Existing Sec Sys
2. Improving an Existing Sec Sys2. Improving an Existing Sec Sys
2. Improving an Existing Sec Sys
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.comCh08 8 Information Security Process it-slideshares.blogspot.com
Ch08 8 Information Security Process it-slideshares.blogspot.com
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
 
Convergence innovative integration of security
Convergence innovative integration of securityConvergence innovative integration of security
Convergence innovative integration of security
 
SDET UNIT 5.pptx
SDET UNIT 5.pptxSDET UNIT 5.pptx
SDET UNIT 5.pptx
 
Ch09 Information Security Best Practices
Ch09 Information Security Best PracticesCh09 Information Security Best Practices
Ch09 Information Security Best Practices
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdf
 
BLE 1213 MUST.pptx- basics principles of Physical Security
BLE 1213 MUST.pptx- basics principles of Physical SecurityBLE 1213 MUST.pptx- basics principles of Physical Security
BLE 1213 MUST.pptx- basics principles of Physical Security
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
 
Testing
TestingTesting
Testing
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Information security background
Information security backgroundInformation security background
Information security background
 
Connection can help keep your business secure!
Connection can help keep your business secure!Connection can help keep your business secure!
Connection can help keep your business secure!
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
 
A Guide for Businesses.pdf
A Guide for Businesses.pdfA Guide for Businesses.pdf
A Guide for Businesses.pdf
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
 

Más de Faheem Ul Hasan

Workplace Safety And Security Hotel.Ppt
Workplace Safety And Security Hotel.PptWorkplace Safety And Security Hotel.Ppt
Workplace Safety And Security Hotel.PptFaheem Ul Hasan
 
Terrorism And Its Hazards
Terrorism And Its HazardsTerrorism And Its Hazards
Terrorism And Its HazardsFaheem Ul Hasan
 
Terrorism A Global Threat
Terrorism A Global ThreatTerrorism A Global Threat
Terrorism A Global ThreatFaheem Ul Hasan
 
Safety & Security Hotel
Safety & Security HotelSafety & Security Hotel
Safety & Security HotelFaheem Ul Hasan
 
Fundamentals Of Fire Extinguishers
Fundamentals Of Fire ExtinguishersFundamentals Of Fire Extinguishers
Fundamentals Of Fire ExtinguishersFaheem Ul Hasan
 
Fire Extinguisher How To Used
Fire Extinguisher How To UsedFire Extinguisher How To Used
Fire Extinguisher How To UsedFaheem Ul Hasan
 
Chemical Suicides Presentation
Chemical Suicides PresentationChemical Suicides Presentation
Chemical Suicides PresentationFaheem Ul Hasan
 
South Asia Intelligence Report
South Asia Intelligence ReportSouth Asia Intelligence Report
South Asia Intelligence ReportFaheem Ul Hasan
 
W Kplace Violence & Security Presentation
W Kplace Violence & Security PresentationW Kplace Violence & Security Presentation
W Kplace Violence & Security PresentationFaheem Ul Hasan
 
South Asia Weekly Intelligence Report
South Asia Weekly Intelligence ReportSouth Asia Weekly Intelligence Report
South Asia Weekly Intelligence ReportFaheem Ul Hasan
 
Pakistan Security Report 2010
Pakistan Security Report 2010Pakistan Security Report 2010
Pakistan Security Report 2010Faheem Ul Hasan
 

Más de Faheem Ul Hasan (20)

PATROLLING
PATROLLINGPATROLLING
PATROLLING
 
Bomb threat checklist
Bomb threat checklistBomb threat checklist
Bomb threat checklist
 
Workplace Safety And Security Hotel.Ppt
Workplace Safety And Security Hotel.PptWorkplace Safety And Security Hotel.Ppt
Workplace Safety And Security Hotel.Ppt
 
Terrorism And Its Hazards
Terrorism And Its HazardsTerrorism And Its Hazards
Terrorism And Its Hazards
 
Terrorism A Global Threat
Terrorism A Global ThreatTerrorism A Global Threat
Terrorism A Global Threat
 
Safety & Security Hotel
Safety & Security HotelSafety & Security Hotel
Safety & Security Hotel
 
Fundamentals Of Fire Extinguishers
Fundamentals Of Fire ExtinguishersFundamentals Of Fire Extinguishers
Fundamentals Of Fire Extinguishers
 
Fire Exinguisher
Fire ExinguisherFire Exinguisher
Fire Exinguisher
 
Fire Extinguisher How To Used
Fire Extinguisher How To UsedFire Extinguisher How To Used
Fire Extinguisher How To Used
 
Terrorism South Asia
Terrorism South AsiaTerrorism South Asia
Terrorism South Asia
 
Chemical Suicides Presentation
Chemical Suicides PresentationChemical Suicides Presentation
Chemical Suicides Presentation
 
Risk Advisory
Risk AdvisoryRisk Advisory
Risk Advisory
 
South Asia Intelligence Report
South Asia Intelligence ReportSouth Asia Intelligence Report
South Asia Intelligence Report
 
Global Terrorism
Global TerrorismGlobal Terrorism
Global Terrorism
 
Terrorism Update
Terrorism UpdateTerrorism Update
Terrorism Update
 
Khyber Assessment 2011
Khyber Assessment 2011Khyber Assessment 2011
Khyber Assessment 2011
 
Travel Risk Advisory
Travel Risk AdvisoryTravel Risk Advisory
Travel Risk Advisory
 
W Kplace Violence & Security Presentation
W Kplace Violence & Security PresentationW Kplace Violence & Security Presentation
W Kplace Violence & Security Presentation
 
South Asia Weekly Intelligence Report
South Asia Weekly Intelligence ReportSouth Asia Weekly Intelligence Report
South Asia Weekly Intelligence Report
 
Pakistan Security Report 2010
Pakistan Security Report 2010Pakistan Security Report 2010
Pakistan Security Report 2010
 

Physical Security Assessment

  • 2. Agenda Physical Security – Baseline Definitions and Convergence Drivers What is a Risk Assessment; When Should You Do One; and Why? Determining Your Company’s/Organization’s Unique/Individual Risk Appetite Getting Started – The Project Plan Sample Risk Assessment Tools Your Corrective Action Plan – Basics to Consider
  • 3.
  • 4. Active measures include the use of proven systems and technologies designed to deter, detect, report and react against threats.ISO 27001 role of physical security – Protect the organization’s assets by properly choosing a facility location, maintaining a security perimeter, implementing access control and protecting equipment. The physical security office is usually responsible for developing and enforcing appropriate physical security controls, in consultation with the computer security management, program and functional managers, and others, as appropriate. Physical security should address not only central computer installations, but also backup facilities and office environments. In the government, this office is often responsible for the processing of personnel background checks and security clearances. What is the impact of convergence (merging IT security and physical security) on this role and how does it play into the responsibilities for physical security risk assessments and action plans?
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. When Should You do a Risk Assessment? Your Company has a policy to conduct a periodic or annual enterprise risk assessment You are opening a new facility or moving You have had an audit finding You have had a breach / other identified vulnerability Compliance to legal and regulatory requirements Mergers, acquisitions, divestitures Outsourcing Partnerships and alliances You are implementing a new technology Other?
  • 10.
  • 11. Since 911 everyone is increasingly concerned with safety of tenants and employees
  • 12. If you don’t have an integrated risk assessment, how do you know what your security program should be, what to do first, second, etc.?
  • 13. How do you justify costs, resources, schedules, etc. without the output of a risk assessment?
  • 14. How do you know if you are compliant to legal and regulatory requirements?
  • 15. How do you know what an acceptable level of risk is for your organization and how do you communicate that and implement policies and procedures around that?
  • 16. Through the process of the risk, threat and vulnerability assessment you will learn and discover things about your environment that were previously unknown.
  • 17.
  • 18. What level of risk exposure requires immediate action? Why?
  • 19. What level of risk requires a formal response strategy to mitigate the potentially material impact? Why?
  • 20. What events have occurred in the past, and at what level were they managed? Why?Each question is followed by a “why” because the organization should be able to articulate the quantitative and/or qualitative basis for the appetite, or it will come off as backwards-looking (based only on historical events) or even arbitrary. Develop a risk appetite table.
  • 21. Getting Started Develop a project plan and schedule (follow traditional project management discipline and methodology) Identify policies and guidelines to follow models and methodologies Identify areas to be reviewed, measurement criteria and resources Decide on scoring methodology (quantitative or qualitative analysis) Identify other existing resources/inputs and how that information will factor in Scorecards, metrics, audit findings, compliance assessments, incidents, vulnerability assessments, etc. Define end state and all output (documents, reports, presentations, action plan, etc.)
  • 22. Security Risk Assessment Outline Background Purpose Scope Assumptions Description of System System Attributes System Sensitivity Systems Security Administrative Security Physical Security Technical Security Software Security Telecommunications Security Personnel Security System Vulnerabilities Technical Vulnerability Personnel Vulnerability Telecommunications Vulnerability Environmental Vulnerability Physical Vulnerability Glossary of Terms Acronyms
  • 23. Simple Assessment Checklist Facilities and Physical What preventative measures do you currently have in place? (Yes, No, N/A) Access to secured areas limited to necessary personnel. Monitor and review the distribution of keys and/or access codes. When employee terminates, keys are collected and/or access codes are terminated. Physically secure equipment that is portable and located in open access areas. Use of security cameras in areas where equipment cannot be easily secured or monitored (for example in computer labs and classrooms). Use the 'STOP' Program to track property and equipment. Require employees to attend vehicle safety training offered by Environmental Heath & Safety. Reported previous losses to Public Safety at the time they were discovered. Implement specific preventative measures in direct response to a loss.
  • 24.
  • 25. Is the system safe from excessive sunlight, wind, dust, water, or extreme hot/cold temperatures?
  • 26. Is this system located in a monitored, isolated area that sees little human traffic?
  • 27. Is the room/building in which the system is located secured by lock and alarm system to which only a few trusted / identified personnel have access? Are these locks and alarms locked and armed during off hours?
  • 28. Is the console of the system secured to prevent someone from casually walking up to the system and using it (even if just for a few seconds)? Are all users logged out from the console?
  • 29. Is the power and reset switches protected or disabled?
  • 30. Are any input devices to the system secured/turned off: are all removable disk drives locked/secured? Are the parallel/serial/infrared/Bluetooth/USB/SCSI ports secured or removed? Are any attached hard drives physically locked down to the systems?
  • 31.
  • 33. Information System(s) Network – Physical Security
  • 37.
  • 38.
  • 39. Card Readers (integration of physical and logical access)
  • 40.
  • 41. Receptionist desk at main entry point
  • 42.
  • 43. Policies and Procedures (continued) Involve and cooperate with other organizations that can affect the utility’s security. For example, contact chlorine and other chemical suppliers to discuss the need for adequate security during transport as well as to develop protocols to respond to missing or delayed shipments. Maintain replacement parts and emergency repair kits for critical assets, such as generators, that are important during emergencies. Maintain redundant equipment, critical replacement parts, etc. in a separate or isolated location. It can be on site or nearby, but not within the same building or room. Develop a utility vehicle use policy (including locking vehicles and tool bins, securing tools, etc). Establish procedures for night shift workers, including regular check-ins with supervisors. Establishing published guidelines so that all future procurements and designs address security issues and incorporate solutions. All requests for proposals should include a security portion so that responding consultants are reminded that security must be addressed in their work and in their own operational practices. Continuing to monitor the visitor entrance. Establish a policy for facility tours delineating who is authorized to approve access, areas that can be accessed, and the times that tours are allowed.
  • 44. Impact of Information Security Legislation
  • 45.