Lecture 11 Flashcards
the potential for an unwanted outcome resulting from an incident, event, or occurrence
Risk
a natural or manmade occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property
threat
three components of risk to consider are:
threat
vulnerability
consequence (impact)
physical features or operational attributes that render an entity open to exploitation or susceptible to a given hazard
Vulnerability
freedom from fear or danger, defense against crime, protection of property of all kinds from loss through theft, fraud, fires, threats, or hazards
security
security threats
access & security control threats
criminal & terrorists threats
workplace violence threats
information & cyber threats
typical access controls
identification checks such as biometrics
identification cards/key control
verification of materials, products delivered
database of employee-owned vehicles and protocols for investigating illegally-parked cars
limited access by contractors, vendors, or other employees
training for personnel in recognizing suspicious packages/mails
can be venues for criminal or terrorist activities
hotels, banks, grocery stores, manufacturing plants, nonprofit organizations
suspicious behaviors
nervous behavior, evasive attitudes, or undue concern with privacy by guests or visitors
attempts to gain access to restricted areas
individuals taking notes, pictures, or videos of the facility without permission from the management
abandoned vehicles may be used to
hide suspicious or stolen items, or worse, they could be a vehicle-borne improvised explosive device containing explosives for terrorist act
examples of changes in vehicle patterns
a second mail delivery
idle delivery truck
bus on a different route
vehicle circling or going around the building numerous times
is an unlawful or unauthorized acquisition by force or stealth
theft
in an event of a bomb threat call:
- keep calm and keep the caller on the line
- get as many information as you can about the bomb and the caller (pay attention to background noises)
- immediately after caller hangs up, report threat to security or call emergency number
- follow evacuation procedure
theft is done by
an insider (member or staff)
an outsider (someone who is not a company employee)
is an unlawful or unauthorized acquisition by fraud or deceit
diversion
internal conspiracies
employees not in appropriate work spaces at appropriate time
excessive contact with outside personnel
parking violations
“can you do me a favor?”
do not just “snap” but display behavioral indicators over longer periods of time
potentially violent employees
indicators of potentially violent behavior by an employee
depression and/or withdrawal
repeated violations of company policies
explosive outbursts of anger or rage without provocation
behavior that may include paranoia (“everybody is against me”)
escalation of domestic problems into the workplace
talk of severe financial problems
talk of previous incidents of violence
other types of information or intellectual property
copyrights
trademarks
patents
industrial design rights
trade secrets
common cyber threats and vulnerabilities include
active threats
system threats
passive threats
passive threats such as
natural hazards
power failures
software glitches
human error
active threats such as
hackers
cyber software
malicious code
information gathering
identity theft
system threats such as
peer-to-peer software
loss of removable media
basic components of security management system: may be conducted by security provider
threats and vulnerability assessment
basic components of security management system: perimeter barriers, lightings, CCTVs
physical security
basic components of security management system: IDs, records/log books, locks & keys, frisking/locker inspection
physical access controls
basic components of security management system: background check, pre-employment verification
personnel security
basic components of security management system: pre-entry/pre-exit inspection
container security
basic components of security management system: receiving/shipping procedures
procedural security
basic components of security management system: material gate pass, inspections
materials/company property security
basic components of security management system: restrictions/access controls, transaction recording
storage facility/warehouse security
basic components of security management system: secured IP, restriction of external drives, passwords, NDA
information and cyber security
basic components of security management system: background checks, barracks inspection
contractor security
basic components of security management system: monitoring, inspection, controls, recordkeeping
waste disposal/storage security
basic components of security management system: audits, spot inspections, procedure review
security management system review
basic components of security management system
- threat and vulnerability assessment
- physical security
- physical access controls
- personnel security
- container security
- procedural security
- materials/company property security
- storage facility/warehouse security
- information and cyber security
- contractor security
- waste disposal/storage security
- security & threat awareness training
- security incident reporting and investigation
- security management records/documentation
- security management system review
the effect of an event, incident, or occurrence such as public health and safety, economic, psychological, and governance impacts
Consequence
