Security Management Security Incident Management For Transit Supervisors US Department of...
-
Upload
doreen-blair -
Category
Documents
-
view
214 -
download
0
Transcript of Security Management Security Incident Management For Transit Supervisors US Department of...
Security ManagementSecurity Management
Security Incident Management For
Transit Supervisors
US Department of TransportationFederal Transit Administration
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Course GoalCourse Goal
• Define your duties in managing a security Define your duties in managing a security
incidentincident
• Identify the four phases of an incidentIdentify the four phases of an incident
• Describe the elements of IED and CBR incident Describe the elements of IED and CBR incident
management management
• Demonstrate the ability to apply the principles Demonstrate the ability to apply the principles
of managing a security incident of managing a security incident
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Course OutlineCourse Outline• Review Review System Security AwarenessSystem Security Awareness course course
• Threat assessment exerciseThreat assessment exercise
• What are your duties in managing a security What are your duties in managing a security incident?incident?
• What are the four phases of an incident?What are the four phases of an incident?
• What are the elements of IED and CBR incident What are the elements of IED and CBR incident management?management?
• Threat response and incident management Threat response and incident management exercisesexercises
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Security Awareness Course Security Awareness Course ReviewReview
• What is the real threat?What is the real threat?
• Where do you fit in?Where do you fit in?
• What do you look for?What do you look for?
• What about Anthrax and other What about Anthrax and other
suspicious substances?suspicious substances?
• What is your top priority?What is your top priority?
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
What Is The Real Threat?What Is The Real Threat?
• There is a wide variety of motivations, There is a wide variety of motivations,
backgrounds and types of terroristsbackgrounds and types of terrorists
• Improvised Explosive Devices (IED) are Improvised Explosive Devices (IED) are
the most common based upon historythe most common based upon history
• Chemical, Biological and Radiological Chemical, Biological and Radiological
(CBR) agent dispersal is possible(CBR) agent dispersal is possible
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Where Do You Fit In?Where Do You Fit In?
• Roles and responsibilitiesRoles and responsibilities
• Eyes and ears philosophyEyes and ears philosophy
• Neighborhood Watch conceptNeighborhood Watch concept
• Practice good housekeepingPractice good housekeeping
• Routinely perform security sweepsRoutinely perform security sweeps
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
What Do You Look For?What Do You Look For?
• Suspicious peopleSuspicious people
• Suspicious activitiesSuspicious activities
• Suspicious packagesSuspicious packages
• Suspicious devicesSuspicious devices
• Suspicious substancesSuspicious substances
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
What About Anthrax…?What About Anthrax…?
• Chemical attacks become visible through Chemical attacks become visible through
immediate symptoms in multiple victimsimmediate symptoms in multiple victims
• Biological agents are hard to detect - will not Biological agents are hard to detect - will not
show up through symptoms for hours or daysshow up through symptoms for hours or days
• Radiological agents are also difficult to detect Radiological agents are also difficult to detect
but monitoring can verify their presence if a but monitoring can verify their presence if a
threat or device is involvedthreat or device is involved
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Life SafetyLife Safety
Incident StabilizationIncident Stabilization
Property ConservationProperty Conservation
What is Your Top Priority?What is Your Top Priority?
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Exercise #1Exercise #1
Threat AssessmentThreat Assessment
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
What are Your Duties in What are Your Duties in Managing a Security Managing a Security
Incident?Incident?
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
ObjectivesObjectives• Define the roles and responsibilities of a Define the roles and responsibilities of a
supervisorsupervisor
• List the six steps in the communication processList the six steps in the communication process
• Name three kinds of information to be gathered Name three kinds of information to be gathered and analyzedand analyzed
• Describe the decision-making processDescribe the decision-making process
• Explain how to implement a planExplain how to implement a plan
• Explain why evaluation is importantExplain why evaluation is important
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
RolesRoles
• Support the goals and mission of the agencySupport the goals and mission of the agency
• Manage people, not things or activitiesManage people, not things or activities
• Provide a positive role modelProvide a positive role model
• Support front-line employeesSupport front-line employees
• Instruct, coach and mentorInstruct, coach and mentor
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
ResponsibilitiesResponsibilities
• Know your jobKnow your job• Know your peopleKnow your people• Communicate Communicate
• Keep people informedKeep people informed• Listen to feedback and Listen to feedback and
informationinformation
• Take action, take responsibilityTake action, take responsibility• Assign tasksAssign tasks• Enforce rules and proceduresEnforce rules and procedures
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Incident Management DutiesIncident Management Duties
• CommunicationCommunication
• Information gathering and analysisInformation gathering and analysis
• Decision-makingDecision-making
• Plan implementationPlan implementation
• EvaluationEvaluation
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
The Communications ModelThe Communications Model
FORMULATEFORMULATE SENDSEND RECEIVERECEIVEINTERPRETINTERPRET
FEEDBACK/CONFIRMFEEDBACK/CONFIRM
TRANSFERTRANSFERTHROUGHTHROUGHMEDIUMMEDIUM
A Six Step ProcessA Six Step Process
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Information gathering and Information gathering and analysisanalysis
• Pre-incident informationPre-incident information• What you have been told prior to the incidentWhat you have been told prior to the incident
• Empirical or perceptual informationEmpirical or perceptual information• What someone else observesWhat someone else observes
• What you actually observeWhat you actually observe
• Cognitive informationCognitive information• What you have learned in trainingWhat you have learned in training
• What you have learned from experienceWhat you have learned from experience
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Decision-makingDecision-making
• Problem identification and assessmentProblem identification and assessment• Hazard identificationHazard identification
• Risk determinationRisk determination
• Developing a plan Developing a plan
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Decision-makingDecision-making
• Hazard identificationHazard identification• Credible threatCredible threat
• Improvised explosive or agent Improvised explosive or agent dispersal devicedispersal device
• Agent releaseAgent release• ExplosionExplosion
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Decision-makingDecision-making
• Risk determinationRisk determination• Number of potential victimsNumber of potential victims• Asset criticalityAsset criticality• Adjoining asset criticalityAdjoining asset criticality• Extent of exposure areaExtent of exposure area
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Decision-makingDecision-making• Developing a plan Developing a plan
• Based upon the problem identification Based upon the problem identification and assessment, develop a plan using and assessment, develop a plan using “Strategy and Tactics”“Strategy and Tactics”• Strategy - The overall goal or desired Strategy - The overall goal or desired
outcome you are trying to achieveoutcome you are trying to achieve
• Tactics - The specific objectives or tasks Tactics - The specific objectives or tasks that will be used to achieve the goalthat will be used to achieve the goal
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
ImplementationImplementation
• Putting the plan or tactics into motionPutting the plan or tactics into motion• Instruct subordinatesInstruct subordinates
• CommunicateCommunicate
• DelegateDelegate
• Make notificationsMake notifications
• Request support/resourcesRequest support/resources
• Activate contingency plansActivate contingency plans
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
EvaluationEvaluation
• Continually monitor the incident and the Continually monitor the incident and the effectiveness of the tacticseffectiveness of the tactics
• Coordination of operationCoordination of operation
• Safety and expediency of activitySafety and expediency of activity
• Availability and responsiveness of resourcesAvailability and responsiveness of resources
• Activation of service contingency plansActivation of service contingency plans
• Modify activity and tactics accordinglyModify activity and tactics accordingly
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
SummarySummary
• Defined the roles and responsibilities of a Defined the roles and responsibilities of a supervisorsupervisor
• Listed the six steps in the communication processListed the six steps in the communication process
• Named three kinds of information to be gathered Named three kinds of information to be gathered and analyzedand analyzed
• Described the decision-making processDescribed the decision-making process
• Explained how to implement a planExplained how to implement a plan
• Explained why evaluation is importantExplained why evaluation is important
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
What are the four What are the four phases of an phases of an
incident?incident?
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
ObjectivesObjectives
• Identify the four phases of an incidentIdentify the four phases of an incident
• Determine when each phase begins and endsDetermine when each phase begins and ends
• Specify the focus of each phaseSpecify the focus of each phase
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Incident PhasesIncident Phases
Restoration PhaseRestoration Phase
Notification Phase
Response Phase
Recovery Phase
Incident recognized
Scene control begins
Last ambulatory victim removed
Contamination survey completed
Operations Level Actions
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
The Notification PhaseThe Notification Phase• Focuses on information Focuses on information
gathering and reportinggathering and reporting
• Includes requests for help and Includes requests for help and resourcesresources
• Begins with recognition that an Begins with recognition that an incident has (or is about to) occurincident has (or is about to) occur
• Ends with the initiation of site Ends with the initiation of site control procedurescontrol procedures
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
The Response PhaseThe Response Phase
• Focuses saving lives and Focuses saving lives and minimizing injuryminimizing injury
• Begins with site control Begins with site control proceduresprocedures
• Ends with removal of Ends with removal of ambulatory victims from the ambulatory victims from the hazard areahazard area
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
The Recovery PhaseThe Recovery Phase• Focuses on re-establishing Focuses on re-establishing
essential services and operationsessential services and operations
• Begins when the scene is Begins when the scene is stabilized and the last living victim stabilized and the last living victim is transported to a medical facilityis transported to a medical facility
• Ends with completion of a Ends with completion of a complete contamination surveycomplete contamination survey
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
The Restoration PhaseThe Restoration Phase
• Focuses on preparing for a Focuses on preparing for a
return to revenue servicereturn to revenue service
• Begins with completion of Begins with completion of the surveythe survey
• Ends with complete hazard Ends with complete hazard remediationremediation
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
SummarySummary
• Identified the four phases of an incidentIdentified the four phases of an incident
• Determined when each phase begins and endsDetermined when each phase begins and ends
• Specified the focus of each phaseSpecified the focus of each phase
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
What are the What are the Elements of IED and Elements of IED and
CBR Incident CBR Incident Management?Management?
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
ObjectivesObjectives
• Describe how to respond to a sceneDescribe how to respond to a scene
• Describe what must be done once at the Describe what must be done once at the scenescene
• Explain the emergency response activities at Explain the emergency response activities at IED and CBR incidentsIED and CBR incidents
• Describe the requirements and constraints for Describe the requirements and constraints for security incident managementsecurity incident management
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Responding To The SceneResponding To The Scene• Remain calmRemain calm
• Drive defensivelyDrive defensively
• Approach from an uphill and upwind directionApproach from an uphill and upwind direction
• Note people and vehicles leaving the areaNote people and vehicles leaving the area
• Note existing potentially dangerous conditionsNote existing potentially dangerous conditions
• Do not block access and egress routesDo not block access and egress routes
• Be alert to changes in people and the weatherBe alert to changes in people and the weather
• Be aware of secondary devicesBe aware of secondary devices
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Scene ManagementScene Management• Know the condition and location of all your Know the condition and location of all your
subordinates on scenesubordinates on scene
• Maintain contact with dispatch or control centerMaintain contact with dispatch or control center
• Monitor and evaluate the effectiveness of your Monitor and evaluate the effectiveness of your tacticstactics
• Identify yourself to emergency respondersIdentify yourself to emergency responders
• Communicate with the Incident CommanderCommunicate with the Incident Commander
• Support emergency response activitiesSupport emergency response activities
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Emergency Response ActivityEmergency Response Activity
• Evacuation - removal of ALL people Evacuation - removal of ALL people and their personal possessionsand their personal possessions
• Scene isolation and securityScene isolation and security
• Establish “Safe” zonesEstablish “Safe” zones
• Area searchArea search
• Device removal/neutralization*Device removal/neutralization*
*WILL ONLY BE DONE BY HIGHLY TRAINED AND *WILL ONLY BE DONE BY HIGHLY TRAINED AND EQUIPPED PROFESSIONALSEQUIPPED PROFESSIONALS
IED scene management and mitigationIED scene management and mitigation
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Emergency Response ActivityEmergency Response Activity
• Identify agent through monitoringIdentify agent through monitoring
• Establish hot, warm and cold zonesEstablish hot, warm and cold zones
• Confine, contain and control the Confine, contain and control the releaserelease
• Isolate, decontaminate, triage, treat Isolate, decontaminate, triage, treat and transport victimsand transport victims
• Decontaminate the sceneDecontaminate the scene
• Preserve evidencePreserve evidence
Chemical release scene managementChemical release scene management
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Emergency Response ActivityEmergency Response Activity
• There is NO scene unless a threat and There is NO scene unless a threat and dispersal are identifieddispersal are identified
• NO immediate symptomsNO immediate symptoms
• Limited field detectionLimited field detection
• Record, monitor and treat those who Record, monitor and treat those who were potentially exposedwere potentially exposed
• Minimize spread of contaminationMinimize spread of contamination
Biological release scene managementBiological release scene management
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Emergency Response ActivityEmergency Response Activity
• Cannot be detected through sensesCannot be detected through senses
• Suspected release can be verified Suspected release can be verified through monitoring and detectionthrough monitoring and detection
• Determine exposure and Determine exposure and contaminationcontamination
• Contain the radioactive materialContain the radioactive material
• Decontaminate victims and the sceneDecontaminate victims and the scene
Radiological release scene managementRadiological release scene management
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
CBR Agent Exposure ProtectionCBR Agent Exposure Protection
Source
Shelter in Place
Clothing
Vehicle
12
3
6
9
TimeTime
ShieldingShielding
DistanceDistance
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Incident Management Incident Management RequirementsRequirements
• Safety orientedSafety oriented
• DecisiveDecisive
• ProactiveProactive
• Adaptable and flexibleAdaptable and flexible
• Realistic about personal and agency limitationsRealistic about personal and agency limitations
• Apply what you know from training and Apply what you know from training and experienceexperience
• CalmCalm
• ObjectiveObjective
• Quick thinkingQuick thinking
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Incident Management Incident Management ConstraintsConstraints
• Decisions and actions need to Decisions and actions need to be made in a timely manner be made in a timely manner
• Limited resources upon arrival Limited resources upon arrival
• Minimal informationMinimal information
• A demanding and highly A demanding and highly stressful environmentstressful environment
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
SummarySummary
• Described how to respond to a sceneDescribed how to respond to a scene
• Described what must be done once at Described what must be done once at the scenethe scene
• Explained the emergency response Explained the emergency response activities at IED and CBR incidentsactivities at IED and CBR incidents
• Described the requirements and Described the requirements and constraints for security incident constraints for security incident managementmanagement
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
What Does This Mean To You?What Does This Mean To You?
Every incident needs to Every incident needs to be managed:be managed:
• If not you - then who?If not you - then who?
• If no one - then what? If no one - then what?
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Course SummaryCourse Summary
• Defined your roles and responsibilities as a supervisorDefined your roles and responsibilities as a supervisor
• Defined and describe your duties in managing a Defined and describe your duties in managing a
security incidentsecurity incident
• Identified the four phases of an incidentIdentified the four phases of an incident
• Described the elements of IED and CBR incident Described the elements of IED and CBR incident
management management
• NOW - Demonstrate the ability to apply the principles of NOW - Demonstrate the ability to apply the principles of
managing a security incident managing a security incident
Security ManagementSecurity Management
US Department of TransportationFederal Transit Administration
Exercise #2 - Responding to a Threat
Exercise #3 - Incident Management