Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECURITY VULNERABILITY ASSESSMENT (SVA). Intellectual Property of Win Noor FAQ  What is Security Vulnerability Assessment (SVA)?  A process of identifying,

Published byShanna Moody Modified over 9 years ago

Similar presentations

Presentation on theme: "SECURITY VULNERABILITY ASSESSMENT (SVA). Intellectual Property of Win Noor FAQ  What is Security Vulnerability Assessment (SVA)?  A process of identifying,"— Presentation transcript:

1 SECURITY VULNERABILITY ASSESSMENT (SVA)

2 Intellectual Property of Win Noor FAQ  What is Security Vulnerability Assessment (SVA)?  A process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a security system.  Is it the same with Security Audit?  No, Security Audit focuses on discrepancies in the implementation of Security System; while Security Vulnerability Assessment focuses on the review of the Security System itself.  Is it similar with Security Risk Management?  SVA is a part of Security Risk Management. SVA is the most well-known form of Security Risk Analysis.

3 Intellectual Property of Win Noor Steps: Security Vulnerability Assessment   Identify Asset   Observe the Environment   Identify Threats   Identify Existing Countermeasures   Calculate risk   Generate alternatives of action

4 Intellectual Property of Win Noor Identify Asset   Things of value  Needs to be protected:  Tangible   Cash   Document,   Equipment,   Goods,   Personnel/Manpower   Premises/Building,   Vehicle  Intangible  Life,  Health,  Process  Image

5 Intellectual Property of Win Noor Observe the Environment   Macro Environment  Employment Rate,  Socio-Economic Conditions,  Crimes trends  Crimes occurring to similar industry,   Micro Environment  Demography,  Culture,  Local Socio-Economic issues,  Life-style,  Conditions of Adjacent areas  Crime occurring in the area

6 Intellectual Property of Win Noor Identify Threats   What can happen ?   When it can happen?   Where it can happen?   Who can make it happen?   Why it can happen?   How it can happen?

7 Intellectual Property of Win Noor Types of Security Threats ThreatCASHDOCEQUIPGOODPERSPREMISEVEHICLEOPS ABDUCTION ARSON ASSAULT BLACKMAIL BOMB HOAX BRAWL BREAKING AND ENTERING DECEPTION EMBEZZLEMENT ESPIONAGE EXTORTION FORGERY

8 Intellectual Property of Win Noor Types of Security Threats ThreatCASHDOCEQUIPGOODPERSPREMISEVEHICLEOPS FRAUD HIJACKING HOSTAGE SITUATION INTIMIDATION MISAPPROPRIA TION SABOTAGE SHOPLIFTING TERRORISM THEFT TRESPASS VANDALISM

9 Intellectual Property of Win Noor Identify Existing Security Countermeasures   Elements of Security Countermeasures  Deter  Delay  Detect

10 Intellectual Property of Win Noor Security Management System Security System Physical Protection Electronic Protection Security Manning Procedural Protection

11 Intellectual Property of Win Noor Security Management System MANPOWER PERIMETER & ACCESS CONTROL PROCEDURES & STRATEGIES ELECTRONIC DEVICE & SUPPORTING EQUIPMENT SECURITY MANAGEMENT SYSTEM (SEMS)

12 Intellectual Property of Win Noor Manpower   Requirements/Competence for Manpower   Sentry Guards and Distribution   Law Enforcement   Intelligence   Internal Audit / Business Ethics Compliance

13 Intellectual Property of Win Noor Perimeter Security and Access Control   Security Fencing Equipped/Capped with Barbed Wire or Razor Wire   Limiting number of Access Points   Limiting personnel provided with access   Types of checks on Access Points   Illuminations   Security Watch Towers   Waste Disposal   Windows   Emergency Doors

14 Intellectual Property of Win Noor Procedures and Strategies   Recruitment Screening Procedures   Access Control Procedures   Body Search Procedures   Patrol Procedures   Key Management   Crime Trend Analysis (as basis to determine strategies)   Deterrence Strategies   Detection Strategies

15 Intellectual Property of Win Noor Electronic Device and Supporting Equipment General Classification  Access Control Device  Detection Device  Non-Lethal Weapon and Protective Equipment

16 Intellectual Property of Win Noor Pedestrian Access  Identification  Electronic  Keypad/PIN  Swipe-Card  Magnetic-Card  Proximity System  Biometric  Finger-print  Voice Identification  Retinal and Iris Scan

17 Intellectual Property of Win Noor Vehicle Access  High Security Rising Barriers  Short And Medium Range Rising Barriers  Short And Medium Range Rising Barriers

18 Intellectual Property of Win Noor Vehicle Access Cont’)  Rising Bollard  Road Blocker

19 Intellectual Property of Win Noor Pedestrian Access  Tripod Turnstiles  Automatic Gates

20 Intellectual Property of Win Noor Pedestrian Access (cont’)  Speed Doors  Speed Doors  Full Height Turnstiles  Full Height Turnstiles

21 Intellectual Property of Win Noor Pedestrian Access (cont’)  Man Trap Doors/ Lock Gates

22 Intellectual Property of Win Noor Detection Device  Detection on pedestrian and vehicle access  Door/Window Intrusion Detection  Perimeter Intrusion Detection  Area Intrusion Detection

23 Intellectual Property of Win Noor Detectors - Access  Handheld Metal Detectors  Walkthrough Metal Detectors  Bomb Detectors (=Sniffer)

24 Intellectual Property of Win Noor Door/Window & Indoor Intrusion Detection  Ultrasonic Sensor  Passive Infrared

25 Intellectual Property of Win Noor Door/Window & Indoor Intrusion Detection (cont’)  Photo-Electric Beam  Microwave Sensor

26 Intellectual Property of Win Noor Door/Window & Indoor Intrusion Detection (cont’)  Magnetic Contact  Glass Break

27 Intellectual Property of Win Noor Outdoor Intrusion Detection Buried Line  Seismic Pressure  Magnetic Field  Ported Coaxial cable  Fiber Optic cable

28 Intellectual Property of Win Noor Outdoor Intrusion Detection (cont’)  Video Motion Detection  Bistatic Microwave

29 Intellectual Property of Win Noor Outdoor Intrusion Detection (cont’)  Passive Infrared  Active Infrared

30 Intellectual Property of Win Noor Perimeter Intrusion Detection  Sensor cables  Microwave Barrier

31 Intellectual Property of Win Noor Tracker  GSM/GPRS Tracker  Geo-Fence

32 Intellectual Property of Win Noor Visual Aids  Thermal Imaging / Flash Termo Sight Vision  Infra Red Night Vision Goggles

33 Intellectual Property of Win Noor Explosive  Blast Wall

34 Intellectual Property of Win Noor Non Lethal Weapon  Expandable Baton  Point-Blank Tazer

35 Intellectual Property of Win Noor Non Lethal Weapon  Pepper Gun  Long-Range Tazer

36 Intellectual Property of Win Noor Protective Equipment  Stab-Proof Vest

37 Intellectual Property of Win Noor Group Discussion   Discuss on specific types of security countermeasures based on categories (Manning, Access Control & Perimeter Security, Electronic Device, Procedures & Strategies) and element types of each countermeasure applicable for certain types of threats

38 Intellectual Property of Win Noor Discussion Sheet ThreatCountermeasureDominant Element

39 Intellectual Property of Win Noor Threat versus Countermeasure   Is it still possible for threat to succeed with the existing countermeasure?   Example: External Theft   Perimeter Fencing   Sentry Guards   Intelligence   CCTV   Motion Sensor Device   Access Control Device

40 Intellectual Property of Win Noor Threat versus Countermeasure (cont’)   Example: Embezzlement   Background Check / Screening   Life-Style Check   Internal Auditing   Business Ethics Agreement   CCTV in cash vault   After all the existing countermeasures, how high is the possibility for the threat to succeed?   Use of Professional Judgment

41 Intellectual Property of Win Noor Risk Calculator

42 Intellectual Property of Win Noor Generating Alternatives for Action  Root-Cause Analysis  Information Collection  Analysis  Testing / Verification

43 Intellectual Property of Win Noor RCA: Information Collection  To find the facts on an event, issue, and/or condition. Not (yet) to find the cause, whose fault, or what should have happen  To find signs or symptoms of the event, issue, and/or condition.

44 Intellectual Property of Win Noor RCA: Analysis  What factors causes the event, issue, and/or condition?  Are there more than one factors influencing the event, issue, and/or condition?  Why? Why? Why? Why? Why?

45 Intellectual Property of Win Noor RCA: Testing/Verification  To ensure that the result from the analysis is (close to) accurate.  How?  Re-Analyze  Group Analysis  Run through your colleagues, subordinates, or superiors.

46 Intellectual Property of Win Noor SVA Exercise GROUND RULES!  Think like a criminal!!!  Don’t just believe what your source (from the Assessment Object) tells you. Verify!  Keep yourself an open mind!

47 Intellectual Property of Win Noor SVA Exercise ASSET IDENTIFICATION  Cash  Document/Information  Equipment  Goods/Inventory  Personnel  Premises/Building/Plant  Vehicle  Business Process/Operations/Activities

48 Intellectual Property of Win Noor SVA Exercise (cont’)  IDENTIFING THREATS AND MEASURING LIKELIHOOD TO OCCUR: MACRO ENVIRONMENT  General Perception towards line of business  Threats toward similar business operations

49 Intellectual Property of Win Noor SVA Exercise (cont’)  IDENTIFING THREATS AND MEASURING LIKELIHOOD TO OCCUR: MICRO ENVIRONMENT  Neighboring Area  Organizations and Gatherings in the Neighboring Area  Adjacent Buildings and Land  Community Perception towards Assessment Object  Crime trends and rate  Traffic and Road condition  Closest emergency services and response time

50 Intellectual Property of Win Noor SVA Exercise (cont’)  IDENTIFING THREATS AND MEASURING LIKELIHOOD TO OCCUR: MICRO ENVIRONMENT (cont’)  Personnel  Quantity  Education Background  Life-Style  Security Awareness  Recruitment Process  Distribution (Location, Work-Shift, Crowded or Scarce)  Work-Shift  History of Identified Internal Crime  Location of Asset  Company Culture and Implementation of Business Ethics  Implementation of Internal Audits towards Departments and Contractors

51 Intellectual Property of Win Noor SVA Exercise (cont’) SECURITY COUNTERMEASURE OVERVIEW   Perimeter   Single/Multiple Perimeter Wall/Fence   Wall/Fence type   Climbable/Penetrable   Adjacent Tree/Pole   Waste/Water Disposal Access   Security Watch Towers   Illumination   Intrusion Detection Device (CCTV, Sensors, IR, Microwave)   Patrol

52 Intellectual Property of Win Noor SVA Exercise (cont’) SECURITY COUNTERMEASURE OVERVIEW (cont’)   Pedestrian Access Points (Regular and Emergency Doors)   Sentry Guards and competence   Climbable/Penetrable   Illumination   ID verification   Intrusion Detection Device (CCTV, Motion Detection)  Visitor Access Procedure  Body Search Procedure  Bag/Carried Item Procedure  Metal Detector  X-Ray  Sniffer

53 Intellectual Property of Win Noor SVA Exercise (cont’) SECURITY COUNTERMEASURE OVERVIEW (cont’)   Vehicle Access   Sentry Guards and competence   Penetrable (availability of Barrier, Speed Bumper, Road Blocker, or Bollard)   Illumination   ID verification   Intrusion Detection Device (CCTV)  Visitor Access Procedure  Vehicle Search Procedure  Bag/Carried Item Procedure  Metal Detector  Vehicle Inspection Mirror  Sniffer

54 Intellectual Property of Win Noor SVA Exercise (cont’) SECURITY COUNTERMEASURE OVERVIEW (cont’)   Internal Pedestrian Access Points   ID verification (manual or electronic)   Penetrable (locks, type of door, hinges)   Illumination   Intrusion Detection Device (CCTV)  Visitor Access Procedure   Windows   Penetrable (type of glass, hinges)   Illumination   Intrusion Detection Device (Glass Break, IR, Microwave, CCTV)

55 Intellectual Property of Win Noor SVA Exercise (cont’) SECURITY COUNTERMEASURE OVERVIEW (cont’)   Corridors and Office Areas   Patrols   Illuminations   Intrusion Detection Device during off-work times (IR, Microwave, CCTV)   Security Awareness of employees   Walls and Partitions   Employee Population (Dense/Scarce)   Key Management   Clean Desk Policy   Locks for Document Storage   Document Labeling and Records   Waste Disposal Management  Caller ID

56 Intellectual Property of Win Noor SVA Exercise (cont’) SECURITY COUNTERMEASURE OVERVIEW (cont’)   Open Areas   Patrols   Illuminations   Intrusion Detection Device (Buried Line, IR, Microwave, CCTV)   Security Watch Towers   Limited Access Office Areas   Locks and/or ID verification   Key Management   Intrusion Detection Device (IR, Microwave, CCTV)   Waste Disposal Management  Access Permit Authorization Procedures  Access Logs

57 Intellectual Property of Win Noor SVA Exercise (cont’) SECURITY COUNTERMEASURE OVERVIEW (cont’)   Employee   Screening   Life-Style   Company Culture and Implementation of Business Ethics   Security Awareness Program   Work Environment   Office Politics   Vehicle   Driver Requirements and Recruitment Process   Trackers   Locks   Intrusion Sensors and Alarms   Glass and Exterior Protection

58 Intellectual Property of Win Noor SVA Exercise (cont’) SECURITY COUNTERMEASURE OVERVIEW (cont’)   Storage Areas   Sentry Guards and competence   Locks and/or ID verification for Limited Access Areas   Incoming-Outgoing Procedures   Incoming-Outgoing Records/Logs   Illuminations   Inspections and Monitoring Procedures   Internal Audits   Intrusion Detection Device during off-work times (IR, Microwave, CCTV)   Cash-In-Transit   Escort   Randomized Schedule   Insurance   Armored Vehicle, or contracted service

59 Intellectual Property of Win Noor SVA Exercise (cont’) SECURITY COUNTERMEASURE OVERVIEW (cont’)   Community  Community Development Programs  Intelligence/Information Gathering Programs  Deterrence Strategy  Community Security Involvement

60 Intellectual Property of Win Noor SVA Exercise: Threat Identification and Related Countermeasure AssetThreatCountermeasure

61 Intellectual Property of Win Noor SVA Exercise: Threat Identification and Related Countermeasure (cont’) AssetThreatCountermeasure

62 Intellectual Property of Win Noor Risk Calculation: ThreatTarget Likelihood To Occur Likelihood To Succeed ConsequenceRisk

Download ppt "SECURITY VULNERABILITY ASSESSMENT (SVA). Intellectual Property of Win Noor FAQ  What is Security Vulnerability Assessment (SVA)?  A process of identifying,"

Similar presentations

Security and Stockpile

Security and Stockpile
11006130/0403 Copyright ©2004 Business and Legal Reports, Inc. BLRs Safety Training Presentations Transportation Security TrainingPart II 49 CFR 172.704.

/0403 Copyright ©2004 Business and Legal Reports, Inc. BLRs Safety Training Presentations Transportation Security TrainingPart II 49 CFR
Chapter 7: Physical & Environmental Security

Chapter 7: Physical & Environmental Security
David Cronkright Chuck Dudinetz Paul Jones Corporate Auditing The Dow Chemical Company February 16, 2012 Auditing Protection of Intellectual Property.

David Cronkright Chuck Dudinetz Paul Jones Corporate Auditing The Dow Chemical Company February 16, 2012 Auditing Protection of Intellectual Property.
Secure Your Store Understand the measures used in securing a retail store.

Secure Your Store Understand the measures used in securing a retail store.
Airport Security – Post 9/11

Airport Security – Post 9/11
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
UNIT PHYSICAL SECURITY PLAN

UNIT PHYSICAL SECURITY PLAN
FACILITY SAFETY: Creating a Safe and Secure Environment in the Community Health Center Presented by Steve Wilder, BA, CHSP, STS Sorensen, Wilder & Associates.

FACILITY SAFETY: Creating a Safe and Secure Environment in the Community Health Center Presented by Steve Wilder, BA, CHSP, STS Sorensen, Wilder & Associates.
Presentation Retail Security Key Holding Mobile Patrols Access Control Systems Manned Security www.expresssecurities.co.uk Receptionist CCTV Monitoring.

Presentation Retail Security Key Holding Mobile Patrols Access Control Systems Manned Security Receptionist CCTV Monitoring.
In-depth look at ISACS 05.20 Stockpile Management: Weapons Photo: MAG.

In-depth look at ISACS Stockpile Management: Weapons Photo: MAG.
“Why do we need Security”  Each business has unique security and safety needs, e.g. Inventory Shrinkage and Theft Personal Safety Break Ins Moving Your.

“Why do we need Security”  Each business has unique security and safety needs, e.g. Inventory Shrinkage and Theft Personal Safety Break Ins Moving Your.
Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.

Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.
Presented at the 2007 CUPA Conference by SRM Associates, Inc. PO Box 891993 Temecula, CA 92589-1993 (951) 764-3626 Chemical Site Security and Chemical.

Presented at the 2007 CUPA Conference by SRM Associates, Inc. PO Box Temecula, CA (951) Chemical Site Security and Chemical.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.

Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Stephen S. Yau CSE 465 & CSE591, Fall 2006 1 Physical Security for Information Systems.

Stephen S. Yau CSE 465 & CSE591, Fall Physical Security for Information Systems.
Microsoft Technology Associate

Microsoft Technology Associate

Similar presentations

Ads by Google