Security vulnerability assessment & liability dsm linkedin
-
Upload
wivenhoe-management-group -
Category
Documents
-
view
1.579 -
download
1
description
Transcript of Security vulnerability assessment & liability dsm linkedin
![Page 1: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/1.jpg)
Wivenhoe Management Group
SECURITY VULNERABILITY SECURITY VULNERABILITY ASSESSMENT (SVA) & ASSESSMENT (SVA) &
LIABILITYLIABILITY
![Page 2: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/2.jpg)
Wivenhoe Management Group
TODAY’S PRESENTATION WILL TODAY’S PRESENTATION WILL ENCOMPASS THE FOLLOWING:ENCOMPASS THE FOLLOWING:
• The Basics of an SVA
• Why an SVA is Important
• SVA History
• Federal & State Legislation
• Liability Arising from an SVA
• Solutions
![Page 3: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/3.jpg)
Wivenhoe Management Group
THE BASICS OF AN SVATHE BASICS OF AN SVA
• What is the Threat Level?
• Who and/or What Should be Protected?
• What Can or Should Be Done?
• What Will It Cost?
![Page 4: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/4.jpg)
Wivenhoe Management Group
THE BASICS OF AN SVATHE BASICS OF AN SVA
• Threat Levels
– Outsider
– Insider
– Cyber
![Page 5: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/5.jpg)
Wivenhoe Management Group
AS A NATION THE US REMAINS AT AS A NATION THE US REMAINS AT ELEVATED THREAT LEVELSELEVATED THREAT LEVELS
Current Prevailing Nationwide Threat Level:
It was Raised to HighHigh around the Anniversary of Sept. 11
![Page 6: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/6.jpg)
Wivenhoe Management Group
CURRENT STATE OF SECURITY…CURRENT STATE OF SECURITY…OUTSIDER - PHYSICAL ATTACKSOUTSIDER - PHYSICAL ATTACKS
Type of Adversary
Cri
min
al
Fore
ign
Sta
te-S
pon
sore
d
Terr
ori
st
Dom
esti
c
Terr
ori
st
En
vir
on
men
tal
Extr
em
ist
Van
dal
s
Th
reat
Level
Many users have
historically protected at
this level.
![Page 7: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/7.jpg)
Wivenhoe Management Group
VANDAL (LOWEST RISK)VANDAL (LOWEST RISK)
1. Intentions: Minor Damage/Petty Mischief
2. Motivations:Boredom, Drug Related’ gang?
3. Capabilities: Minimum Tools (1 to 4 individuals)
4. Police Response: Assessment?, Time?, Deployment?
5. Threat Level: Low (Depending on past history)
6. Impacts: Minimal (unless intent remains a mystery)
Vandal: Usually between the ages of 7 – 19
![Page 8: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/8.jpg)
Wivenhoe Management Group
FOREIGN STATE-SPONSORED FOREIGN STATE-SPONSORED TERRORIST (HIGHEST RISK)TERRORIST (HIGHEST RISK)
1. Intentions: Total Destruction/Panic/Casualties
2. Motivations: Ideological/Terrorism3. Capabilities: Major – Worst Case (3 to 6
Individuals)4. Police Response: Assessment?, Time?,
Deployment?5. Threat Level: Very High6. Impacts: Very High
International Terrorist: Adult, Male or Female, Ideology Driven
![Page 9: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/9.jpg)
Wivenhoe Management Group
LET’S EXAMINE INSIDER LET’S EXAMINE INSIDER THREAT SPECTRUMTHREAT SPECTRUM
Type of Adversary
Dis
gru
ntl
ed
(S
en
din
g a
M
essag
e)
Su
per-
Insid
er
(coerc
ion
)
Dis
gru
ntl
ed
(R
even
ge)T
hre
at
Level
Cri
min
al A
cts
(Pers
on
al
Gain
)
Dis
gru
ntl
ed
(C
ollu
sio
n)
1. Employee
2. Contractor
3. Vendor
Increased Access, Motivation, & Skill Level increases threat
![Page 10: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/10.jpg)
Wivenhoe Management Group
CYBER DBT IS AMATEUR HACKER & INSIDER CYBER DBT IS AMATEUR HACKER & INSIDER WITH OPERATIONAL PRIVILEGESWITH OPERATIONAL PRIVILEGES
Novice
Amateur Hacker
Organized Crime
Government Sponsored
Type of Cyber Terrorist
Kn
ow
led
ge
![Page 11: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/11.jpg)
Wivenhoe Management Group
THE BASICS OF AN SVATHE BASICS OF AN SVA
Critical Assets– People– Infrastructure– Equipment– Data– Inventory– Processes– Other
![Page 12: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/12.jpg)
Wivenhoe Management Group
THE BASICS OF AN SVATHE BASICS OF AN SVA
• Recommendations
– Security Improvements
– Mitigation
– IST
– Other
![Page 13: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/13.jpg)
Wivenhoe Management Group
THE BASICS OF AN SVATHE BASICS OF AN SVA
• Cost– Security Versus Mitigation
– Implementation Period
– Electronic Versus Physical Security
– Threat Event CostThreat Event Cost
![Page 14: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/14.jpg)
Wivenhoe Management Group
Client XXXClient XXXSecurity Improvement Cost EstimateSecurity Improvement Cost Estimate
Sandia Methodology ApproachSandia Methodology Approach
RISK REDUCTION SOLUTION
CRITICAL ASSET
DESCRIPTIONESTIMATE
D COST
(1A) Control # X Relocate with New Housing $TBD
(1B) Control # XPerimeter Security Improvements & Upgrades
$600,000
(2A)Control # Y & I-XX/C-XX Culverts
Perimeter Security Improvements $200,000
(2B) As Above Hardening Measures $190,000
(3A)WTP Facility
Perimeter Security Improvements & Upgrade
1,240,000
(3B) As AbovePerimeter Security Improvements & Upgrade
300,000
(3C) As Above Hardening Measures 1,060,000
TOTAL$3,590,000
Summary of Risk Reduction Solutions for Client XXX
![Page 15: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/15.jpg)
Wivenhoe Management Group
Client XXXClient XXXSecurity Improvement Cost EstimateSecurity Improvement Cost Estimate
Deterrent Methodology ApproachDeterrent Methodology Approach
RISK REDUCTION SOLUTION
CRITICAL ASSET
DESCRIPTIONESTIMATE
D COST
(1A) Control # X Relocate with New Housing $TBD
(1B) Control # XPerimeter Security Improvements & Upgrades
$276,000
(2A)Control # Y & I-XX/C-XX Culverts
Perimeter Security Improvements $105,400
(2B) As Above Hardening Measures N/A
(3A)WTP Facility
Perimeter Security Improvements & Upgrade
$560,500
(3B) As AbovePerimeter Security Improvements & Upgrade
$192,000
(3C) As Above Hardening Measures $1,060,000
TOTAL REDUCTION OF 68.42%
$1,133,900
Summary of Risk Reduction Solutions for Client XXX
![Page 16: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/16.jpg)
Wivenhoe Management Group
WHY IS AN SVA SO WHY IS AN SVA SO IMPORTANT?IMPORTANT?
![Page 17: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/17.jpg)
Wivenhoe Management Group
A PROPERLY EXECUTED SVA A PROPERLY EXECUTED SVA PROVIDES:PROVIDES:
• Identification of Appropriate Threat Level
• Identification of Critical Assets• Measurement of Consequences• Sound Recommendations
― Security Improvements― Mitigation & Inherently Safer Technology
(IST)― Orderly Steps― Cost Effectiveness
![Page 18: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/18.jpg)
Wivenhoe Management Group
WITHOUT PERFORMING A VAWITHOUT PERFORMING A VA
• What is Threat Level?
• What are the Critical Assets?
• What is Likely to Happen?
• What will be the Response?
• What are the Likely Consequences?
• Who will be Who will be held held Responsible?Responsible?
![Page 19: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/19.jpg)
Wivenhoe Management Group
HISTORY OF SVA LEGISLATIONHISTORY OF SVA LEGISLATION
• Nuclear Power Plants
• Sandia National Laboratory
• 1998 Directive
![Page 20: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/20.jpg)
Wivenhoe Management Group
CRITICAL INFRASTRUCTURES CRITICAL INFRASTRUCTURES SUPPORT COMMAND AND SUPPORT COMMAND AND
CONTROLCONTROL
![Page 21: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/21.jpg)
Wivenhoe Management Group
HISTORY OF SVAHISTORY OF SVAWater and Waste WaterWater and Waste Water
US EPA required SVA of public water systems:
• Serving more than 100,000 by March, 2003• Serving 50,000 to 100,00 by December, 2003• Serving 3,300 to 50,000 by June, 2004
Funding was available for the largest water systems to cover cost of SVA, but no funding yet for smaller water systems.
![Page 22: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/22.jpg)
Wivenhoe Management Group
HISTORY OF SVAHISTORY OF SVAOil and GasOil and GasSince1998 the National Petroleum Council has been
reviewing the vulnerabilities of oil & gas industry to attack (both physical and cyber).
Post 9/11, oil and gas has been monitoring the security of its oil and gas transportation network, its refineries and its distribution facilities
The American Petroleum Institute is coordinating information sharing among members.
ISAC (Information Sharing and Analysis Center) has been promoting collection, assessment, and sharing of oil & gas member information on physical and electronic threats, vulnerabilities, incidents, and solutions/best practices.
![Page 23: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/23.jpg)
Wivenhoe Management Group
HISTORY OF SVAHISTORY OF SVAChemicalChemical
Early in 2002, the American Chemical Council asked its members to complete a SVA of their facilities.
• Highest risk by 12/31/02
• Lesser risk by 6/30/03
• Low risk by 12/31/03
• No off-site risk by 12/31/03
Enhancements to be completed one year later. Third party verification three months later.
![Page 24: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/24.jpg)
Wivenhoe Management Group
NEW INITIATIVES BY STATENEW INITIATIVES BY STATE
• New Jersey• Maryland• Illinois• Florida• New York• California
![Page 25: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/25.jpg)
Wivenhoe Management Group
NEW JERSEYNEW JERSEY
• New Legislation Enacted November 2005
• Requires SVA Plus Response Plan Plus Schedule
• Emphasis on Security and IST• Monitored by NJDEP• Possible Further Legislation
Stressing IST
![Page 26: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/26.jpg)
Wivenhoe Management Group
MARYLANDMARYLAND
• New Legislation
• Similar Requirements to New Jersey
• SVA
• Monitoring?
![Page 27: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/27.jpg)
Wivenhoe Management Group
ILLINOISILLINOIS
• Bill Introduced May 2006 by State Senator
• Will Require All Chemical Companies to Declare all Hazardous Chemicals Manufactured or Stored On Site
• Will Require SVA Based on Terrorist Attack
![Page 28: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/28.jpg)
Wivenhoe Management Group
HISTORY OF SVAHISTORY OF SVAPharmaceuticalPharmaceutical
• Although no current regulatory or statutory regulations, some FDA requirements in place for quality control.
• HIPPA regulations creating great changes in information and IT security.
• Comprehensive SVA may identify vulnerabilities to counterfeit drugs and drug reimportation, and opportunities for competitive intelligence.
• SVA may identify weaknesses in supply chain security
![Page 29: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/29.jpg)
Wivenhoe Management Group
HISTORY OF SVAHISTORY OF SVAManufacturingManufacturing
EPA has not yet required a SVA of non-chemical manufacturing facilities. However, performing an SVA at a manufacturing facility will reduce the risk of:• Attacks on Employees• Theft of Company and Personal Property• Loss of Confidential Information• Accidents involving Non-Employees• Accidents involving Workers
![Page 30: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/30.jpg)
Wivenhoe Management Group
NEW LEGISLATIONNEW LEGISLATION
• Gas Storage New Jersey
• Food Manufacturing Federal & State
• Chemical Additions Federal & NJ
• Transportation Federal & States
• Healthcare Federal & States
• Education New Jersey
![Page 31: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/31.jpg)
Wivenhoe Management Group
CLEAR PATTERNCLEAR PATTERN
• Legislation Not Going Away
• Legislation Activity is on the Increase
• SVA is the Common Denominator
![Page 32: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/32.jpg)
Wivenhoe Management Group
LIABILITYLIABILITY
![Page 33: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/33.jpg)
Wivenhoe Management Group
LIABILITY ISSUESLIABILITY ISSUES
• In simple terms, a properly executed security vulnerability assessment will identify the vulnerabilities or weaknesses of a facility or organization to specific threats
• In identifying those vulnerabilities or weaknesses, the facility or organization has been placed on notice that something has to be done with respect to such issues
![Page 34: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/34.jpg)
Wivenhoe Management Group
LIABILITY ISSUESLIABILITY ISSUES
• In the event that there is an incident, and it turns out that it was related to one of those vulnerabilities, and nothing had been done to address that particular vulnerability the facility or organization is not only facing a clear liability but possible negligence as well.
![Page 35: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/35.jpg)
Wivenhoe Management Group
LIABILITY ISSUESLIABILITY ISSUES
• Definition of LiabilityDefinition of Liability
• Liability as it pertains to security: relates to an obligation one is bound or have a responsibility to do; it is the condition of being actually or potentially subject to an obligation; the obligation required is based on the comparison of what others in an industry would do in the same circumstances – that is, they are held to an industry standard. if that obligation or standard is not met then there is a liability exposure
![Page 36: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/36.jpg)
Wivenhoe Management Group
LIABILITY ISSUESLIABILITY ISSUES
• Definition of LiabilityDefinition of Liability
• As an example, if tenants in a building are exposed to unauthorized intrusion it becomes the responsibility for the landlord to provide a reasonable level of security to prevent the intrusions. There is sufficient case law supporting the obligation of the landlord to provide for the protection of the tenant when it is clearly recognized that the tenant is vulnerable due to unauthorized intrusions and insufficient security in the building.
![Page 37: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/37.jpg)
Wivenhoe Management Group
NEGLIGENCE ISSUESNEGLIGENCE ISSUES
• Definition of NegligenceDefinition of Negligence
• The legal definition of negligence is: the omission to do something which a reasonable person, guided by those ordinary considerations which ordinarily regulate human affairs, would do, or the doing of something which A reasonable and prudent person would not do.
![Page 38: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/38.jpg)
Wivenhoe Management Group
NEGLIGENCE ISSUESNEGLIGENCE ISSUES
• Definition of Gross NegligenceDefinition of Gross Negligence
• The legal definition of gross negligence is: the intentional failure to perform a manifest duty in reckless disregard of the consequences as affecting the life or property of another; such a gross want of care and regard for the rights of others as to Justify The Presumption Of
Willingness And Wantoness.
![Page 39: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/39.jpg)
Wivenhoe Management Group
NEGLIGENCE ISSUESNEGLIGENCE ISSUES
• Definition of Punitive DamagesDefinition of Punitive Damages (also known as exemplary or vindictive damages)
• Damages awarded by a court against a defendant as a deterrent or punishment to redress An Egregious Wrong Perpetrated By The Defendant; damages on an increased scale, awarded to the plaintiff over and above what will barely compensate him for his property loss, Where the Wrong Done to Him Was Aggravated by Circumstances of Violence, Oppression, Malice, Fraud, or Wanton and Wicked Conduct on the part of the defendant.
![Page 40: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/40.jpg)
Wivenhoe Management Group
FURTHER LIABILITY ISSUESFURTHER LIABILITY ISSUES
• Implementation of Security Recommendation including new systems
• Are the new security systems based on good Design Criteria that is consistent with Security Industry standards?
![Page 41: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/41.jpg)
Wivenhoe Management Group
STATEMENTSTATEMENT
Many Security Systems Are Installed Many Security Systems Are Installed Without Being Designed, And More Without Being Designed, And More Importantly, Without Proper Design Importantly, Without Proper Design CriteriaCriteria
![Page 42: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/42.jpg)
Wivenhoe Management Group
FURTHER LIABILITY ISSUESFURTHER LIABILITY ISSUES
• Without good design criteria consistent with Security Industry, and even having installed new security systems, it is possible that a facility or organization could be liable, and possibly negligent
![Page 43: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/43.jpg)
Wivenhoe Management Group
![Page 44: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/44.jpg)
Wivenhoe Management Group
LACK OF DESIGN CRITERIALACK OF DESIGN CRITERIA
Leads to Four Major Problems:
1) Inadequate Counter Measures to Meet Threat Level
2) Faulty Security System Design
3) Inability to Support Installed Security System
4) Possible Legal Consequences
![Page 45: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/45.jpg)
Wivenhoe Management Group
INADEQUATE SECURITYINADEQUATE SECURITY
• Failure To Detect
• Failure To Surveil
• Inadequate Perimeter Security
• Inadequate Security At All Critical Assets
• Inappropriate Equipment
• Does Not Provide Adequate Protection To Meet Threat Level
![Page 46: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/46.jpg)
Wivenhoe Management Group
QUESTIONS THAT CAN BE QUESTIONS THAT CAN BE ANSWERED BY PROPER ANSWERED BY PROPER
SECURITY DESIGN CRITERIASECURITY DESIGN CRITERIA
![Page 47: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/47.jpg)
Wivenhoe Management Group
LIKELY QUESTIONS….LIKELY QUESTIONS….
1) Why did you use this equipment– Cameras– Motion Detectors– Type of DVR– Intrusion Detection Equipment– Type of Fence
![Page 48: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/48.jpg)
Wivenhoe Management Group
LIKELY QUESTIONS…LIKELY QUESTIONS…
2) Explain the reasons for installing this type of security system?
3) Why did the security only attempt to cover the outer perimeter?
4) Why were Insider threats ignored?
5) The following people had clearance for all access points……. Why?
6) What was the Design Criteria for the security system?
![Page 49: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/49.jpg)
Wivenhoe Management Group
FURTHER LIABILITY ISSUESFURTHER LIABILITY ISSUES
• Monitoring and Operation of Security Systems
―Expectation of Public
―Third Form of Possible Liability
![Page 50: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/50.jpg)
Wivenhoe Management Group
FURTHER LIABILITY ISSUESFURTHER LIABILITY ISSUES
• TRAININGTRAINING – Has Adequate Training Been Given to All Staff– Security Awareness– Specialty System Training– Crisis Response– Procedures
![Page 51: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/51.jpg)
Wivenhoe Management Group
SOLUTIONSSOLUTIONS
![Page 52: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/52.jpg)
Wivenhoe Management Group
SECURITY VULNERABILITY SECURITY VULNERABILITY ASSESSMENT (SVA)ASSESSMENT (SVA)
• If you have not performed an SVA, do it soon
• Use experienced, certified professionals who understand existing and future Legislation
![Page 53: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/53.jpg)
Wivenhoe Management Group
SECURITY VULNERABILITY SECURITY VULNERABILITY ASSESSMENT (SVA)ASSESSMENT (SVA)
• If an SVA has already been done, have experienced professionals review the results
• Prepare Sound Design Criteria
• Implement, Modify, Add as Appropriate
![Page 54: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/54.jpg)
Wivenhoe Management Group
SECURITY VULNERABILITY SECURITY VULNERABILITY ASSESSMENT (SVA)ASSESSMENT (SVA)
• If you are not sure where you currently stand, initiate an SVA Screening Evaluation
• Provides an Outline of where you currently stand with respect to SVA Requirements, Legislation, and more importantly, options on what to do next
![Page 55: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/55.jpg)
Wivenhoe Management Group
SOLUTIONSSOLUTIONS• Consider new security measures
properly designed with design criteria that meets or exceeds current legislation
• Implement over phased period that reduces initial costs
• Incorporate as part of Business Plan
![Page 56: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/56.jpg)
Wivenhoe Management Group
SOLUTIONSSOLUTIONS
• Consider Deterrent Approach together with Detect, Delay, and Respond
• Consider Security Audit
• Invest in Professional Training
![Page 57: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/57.jpg)
Wivenhoe Management Group
SOLUTIONSSOLUTIONS
• Work with Local and Federal Law Enforcement
• Work with Emergency Management
• Stay Up To Date
![Page 58: Security vulnerability assessment & liability dsm linkedin](https://reader031.fdocuments.in/reader031/viewer/2022020110/546e8e95b4af9faf268b46e3/html5/thumbnails/58.jpg)
Wivenhoe Management Group
QUESTIONSQUESTIONS
www.wivenhoegroup.comwww.wivenhoegroup.comPhone: 609-208-0112Phone: 609-208-0112
E-mail: [email protected]: [email protected]