security vulnerability assessment (sva). intellectual property of win noor faq what is security...
Post on 23-Dec-2015
222 Views
Preview:
TRANSCRIPT
SECURITY SECURITY VULNERABILITY VULNERABILITY ASSESSMENT ASSESSMENT
(SVA)(SVA)
Intellectual Property of Win Intellectual Property of Win NoorNoor
FAQFAQ What is Security Vulnerability Assessment What is Security Vulnerability Assessment
(SVA)?(SVA)? A process of identifying, quantifying, and A process of identifying, quantifying, and
prioritizing (or ranking) the vulnerabilities in a prioritizing (or ranking) the vulnerabilities in a security system.security system.
Is it the same with Security Audit?Is it the same with Security Audit? No, Security Audit focuses on discrepancies in No, Security Audit focuses on discrepancies in
the implementation of Security System; while the implementation of Security System; while Security Vulnerability Assessment focuses on the Security Vulnerability Assessment focuses on the review of the Security System itself.review of the Security System itself.
Is it similar with Security Risk Management?Is it similar with Security Risk Management? SVA is a part of Security Risk Management. SVA SVA is a part of Security Risk Management. SVA
is the most well-known form of Security Risk is the most well-known form of Security Risk Analysis.Analysis.
Intellectual Property of Win Intellectual Property of Win NoorNoor
Steps: Security Vulnerability Steps: Security Vulnerability AssessmentAssessment
Identify Asset Observe the Environment Identify Threats Identify Existing Countermeasures Calculate risk Generate alternatives of action
Intellectual Property of Win Intellectual Property of Win NoorNoor
Identify AssetIdentify Asset Things of value Needs to be protected:
Tangible CashDocument, Equipment, Goods, Personnel/ManpowerPremises/Building, Vehicle
Intangible Life, Health, Process Image
Intellectual Property of Win Intellectual Property of Win NoorNoor
Observe the EnvironmentObserve the Environment Macro Environment
Employment Rate, Socio-Economic Conditions, Crimes trends Crimes occurring to similar industry,
Micro Environment Demography, Culture, Local Socio-Economic issues, Life-style, Conditions of Adjacent areas Crime occurring in the area
Intellectual Property of Win Intellectual Property of Win NoorNoor
Identify ThreatsIdentify Threats
What can happen? When it can happen? Where it can happen? Who can make it
happen? Why it can happen? How it can happen?
Intellectual Property of Win Intellectual Property of Win NoorNoor
Types of Security ThreatsTypes of Security ThreatsThreat CASH DOC EQUIP GOOD PERS PREMISE VEHICLE OPS
ABDUCTION
ARSON
ASSAULT
BLACKMAIL
BOMB HOAX
BRAWL BREAKING AND ENTERING
DECEPTION
EMBEZZLEMENT
ESPIONAGE
EXTORTION
FORGERY
Intellectual Property of Win Intellectual Property of Win NoorNoor
Types of Security ThreatsTypes of Security ThreatsThreat CASH DOC EQUIP GOOD PERS PREMISE VEHICLE OPS
FRAUDFRAUD
HIJACKING
HOSTAGE SITUATION
INTIMIDATION
MISAPPROPRIATION
SABOTAGE
SHOPLIFTING
TERRORISM
THEFT
TRESPASS
VANDALISM
Intellectual Property of Win Intellectual Property of Win NoorNoor
Identify Existing Security Identify Existing Security CountermeasuresCountermeasures
Elements of Security Countermeasures
Deter
Delay
Detect
Intellectual Property of Win Intellectual Property of Win NoorNoor
Security Management SystemSecurity Management System
Security
System
Physical
Protection
Electronic
Protection
Security
Manning
Procedural
Protection
Intellectual Property of Win Intellectual Property of Win NoorNoor
Security Management SystemSecurity Management System
MANPOW
ER
PERIMETER & ACCESS CONTROL
PROCEDURES & ST
RATEGIESELECTRONIC DEVICE &
SUPPORTING EQUIPMENT
SECURITY MANAGEMENT SYSTEM(SEMS)
Intellectual Property of Win Intellectual Property of Win NoorNoor
ManpowerManpower
Requirements/Competence for Manpower Sentry Guards and Distribution Law Enforcement Intelligence Internal Audit / Business Ethics
Compliance
Intellectual Property of Win Intellectual Property of Win NoorNoor
Perimeter Security and Access Perimeter Security and Access ControlControl
Security Fencing Equipped/Capped with Barbed Wire or Razor Wire
Limiting number of Access Points Limiting personnel provided with access Types of checks on Access Points Illuminations Security Watch Towers Waste Disposal Windows Emergency Doors
Intellectual Property of Win Intellectual Property of Win NoorNoor
Procedures and StrategiesProcedures and Strategies
Recruitment Screening Procedures Access Control Procedures Body Search Procedures Patrol Procedures Key Management Crime Trend Analysis (as basis to determine
strategies) Deterrence Strategies Detection Strategies
Intellectual Property of Win Intellectual Property of Win NoorNoor
Electronic Device and Electronic Device and Supporting EquipmentSupporting Equipment
General ClassificationGeneral Classification
Access Control DeviceAccess Control Device
Detection DeviceDetection Device
Non-Lethal Weapon and Protective Non-Lethal Weapon and Protective EquipmentEquipment
Intellectual Property of Win Intellectual Property of Win NoorNoor
Pedestrian AccessPedestrian Access IdentificationIdentification
ElectronicElectronic Keypad/PINKeypad/PIN Swipe-CardSwipe-Card Magnetic-CardMagnetic-Card Proximity SystemProximity System
Biometric Biometric Finger-printFinger-print Voice IdentificationVoice Identification Retinal and Iris ScanRetinal and Iris Scan
Intellectual Property of Win Intellectual Property of Win NoorNoor
Vehicle AccessVehicle Access
High Security High Security Rising BarriersRising Barriers
Short And Medium Short And Medium Range Rising Range Rising Barriers Barriers
Intellectual Property of Win Intellectual Property of Win NoorNoor
Vehicle Access Cont’)Vehicle Access Cont’) Rising BollardRising Bollard
Road BlockerRoad Blocker
Intellectual Property of Win Intellectual Property of Win NoorNoor
Pedestrian AccessPedestrian Access
Tripod TurnstilesTripod Turnstiles Automatic Gates Automatic Gates
Intellectual Property of Win Intellectual Property of Win NoorNoor
Pedestrian Access (cont’)Pedestrian Access (cont’)
Speed Doors Speed Doors Full Height Full Height Turnstiles Turnstiles
Intellectual Property of Win Intellectual Property of Win NoorNoor
Pedestrian Access (cont’)Pedestrian Access (cont’) Man Trap Doors/ Lock GatesMan Trap Doors/ Lock Gates
Intellectual Property of Win Intellectual Property of Win NoorNoor
Detection DeviceDetection Device Detection on pedestrian and vehicle Detection on pedestrian and vehicle
accessaccess Door/Window Intrusion DetectionDoor/Window Intrusion Detection Perimeter Intrusion DetectionPerimeter Intrusion Detection Area Intrusion DetectionArea Intrusion Detection
Intellectual Property of Win Intellectual Property of Win NoorNoor
Detectors - AccessDetectors - Access Handheld Metal DetectorsHandheld Metal Detectors Walkthrough Metal DetectorsWalkthrough Metal Detectors Bomb Detectors (=Sniffer)Bomb Detectors (=Sniffer)
Intellectual Property of Win Intellectual Property of Win NoorNoor
Door/Window & Indoor Door/Window & Indoor Intrusion DetectionIntrusion Detection
Ultrasonic SensorUltrasonic Sensor Passive InfraredPassive Infrared
Intellectual Property of Win Intellectual Property of Win NoorNoor
Door/Window & Indoor Door/Window & Indoor Intrusion Detection (cont’)Intrusion Detection (cont’)
Photo-Electric Photo-Electric BeamBeam
Microwave SensorMicrowave Sensor
Intellectual Property of Win Intellectual Property of Win NoorNoor
Door/Window & Indoor Door/Window & Indoor Intrusion Detection (cont’)Intrusion Detection (cont’)
Magnetic ContactMagnetic Contact Glass BreakGlass Break
Intellectual Property of Win Intellectual Property of Win NoorNoor
Outdoor Intrusion DetectionOutdoor Intrusion Detection
Buried LineBuried Line Seismic PressureSeismic Pressure Magnetic FieldMagnetic Field Ported Coaxial cablePorted Coaxial cable Fiber Optic cableFiber Optic cable
Intellectual Property of Win Intellectual Property of Win NoorNoor
Outdoor Intrusion Detection Outdoor Intrusion Detection (cont’)(cont’) Video Motion Video Motion
DetectionDetection Bistatic MicrowaveBistatic Microwave
Intellectual Property of Win Intellectual Property of Win NoorNoor
Outdoor Intrusion Detection Outdoor Intrusion Detection (cont’)(cont’) Passive InfraredPassive Infrared Active InfraredActive Infrared
Intellectual Property of Win Intellectual Property of Win NoorNoor
Perimeter Intrusion Perimeter Intrusion DetectionDetection Sensor cablesSensor cables Microwave BarrierMicrowave Barrier
Intellectual Property of Win Intellectual Property of Win NoorNoor
TrackerTracker
GSM/GPRS TrackerGSM/GPRS Tracker Geo-FenceGeo-Fence
Intellectual Property of Win Intellectual Property of Win NoorNoor
Visual AidsVisual Aids
Thermal Imaging / Thermal Imaging / Flash Termo Sight Flash Termo Sight VisionVision
Infra Red Night Infra Red Night Vision GogglesVision Goggles
Intellectual Property of Win Intellectual Property of Win NoorNoor
ExplosiveExplosive Blast WallBlast Wall
Intellectual Property of Win Intellectual Property of Win NoorNoor
Non Lethal WeaponNon Lethal Weapon
Expandable BatonExpandable Baton Point-Blank TazerPoint-Blank Tazer
Intellectual Property of Win Intellectual Property of Win NoorNoor
Non Lethal WeaponNon Lethal Weapon
Pepper GunPepper Gun Long-Range TazerLong-Range Tazer
Intellectual Property of Win Intellectual Property of Win NoorNoor
Protective EquipmentProtective Equipment
Stab-Proof VestStab-Proof Vest
Intellectual Property of Win Intellectual Property of Win NoorNoor
Group DiscussionGroup Discussion
Discuss on specific types of security countermeasures based on categories (Manning, Access Control & Perimeter Security, Electronic Device, Procedures & Strategies) and element types of each countermeasure applicable for certain types of threats
Intellectual Property of Win Intellectual Property of Win NoorNoor
Discussion SheetDiscussion Sheet
Threat Countermeasure Dominant Element
Intellectual Property of Win Intellectual Property of Win NoorNoor
Threat versus Threat versus CountermeasureCountermeasure Is it still possible for threat to succeed with
the existing countermeasure?
Example: External Theft Perimeter Fencing Sentry Guards Intelligence CCTV Motion Sensor Device Access Control Device
Intellectual Property of Win Intellectual Property of Win NoorNoor
Threat versus Countermeasure Threat versus Countermeasure (cont’)(cont’)
Example: Embezzlement Background Check / Screening Life-Style Check Internal Auditing Business Ethics Agreement CCTV in cash vault
After all the existing countermeasures, how high is the possibility for the threat to succeed?
Use of Professional Judgment
Intellectual Property of Win Intellectual Property of Win NoorNoor
Risk CalculatorRisk Calculator
Intellectual Property of Win Intellectual Property of Win NoorNoor
Generating Alternatives for Generating Alternatives for ActionAction Root-Cause Analysis Root-Cause Analysis
Information CollectionInformation Collection AnalysisAnalysis Testing / VerificationTesting / Verification
Intellectual Property of Win Intellectual Property of Win NoorNoor
RCA: Information CollectionRCA: Information Collection
To find the facts on an event, issue, To find the facts on an event, issue, and/or condition. Not (yet) to find the and/or condition. Not (yet) to find the cause, whose fault, or what should cause, whose fault, or what should have happenhave happen
To find signs or symptoms of the To find signs or symptoms of the event, issue, and/or condition. event, issue, and/or condition.
Intellectual Property of Win Intellectual Property of Win NoorNoor
RCA: AnalysisRCA: Analysis
What factors causes the event, issue, What factors causes the event, issue, and/or condition?and/or condition?
Are there more than one factors Are there more than one factors influencing the event, issue, and/or influencing the event, issue, and/or condition? condition?
Why? Why? Why? Why? Why?Why? Why? Why? Why? Why?
Intellectual Property of Win Intellectual Property of Win NoorNoor
RCA: Testing/VerificationRCA: Testing/Verification To ensure that the result from the To ensure that the result from the
analysis is (close to) accurate.analysis is (close to) accurate.
How?How? Re-AnalyzeRe-Analyze Group AnalysisGroup Analysis Run through your colleagues, Run through your colleagues,
subordinates, or superiors.subordinates, or superiors.
Intellectual Property of Win Intellectual Property of Win NoorNoor
SVA ExerciseSVA Exercise
GROUND RULES!GROUND RULES!
Think like a criminal!!!Think like a criminal!!! Don’t just believe what your source Don’t just believe what your source
(from the Assessment Object) tells (from the Assessment Object) tells you. Verify!you. Verify!
Keep yourself an open mind!Keep yourself an open mind!
Intellectual Property of Win Intellectual Property of Win NoorNoor
SVA ExerciseSVA ExerciseASSET IDENTIFICATIONASSET IDENTIFICATION CashCash Document/InformationDocument/Information EquipmentEquipment Goods/InventoryGoods/Inventory PersonnelPersonnel Premises/Building/PlantPremises/Building/Plant VehicleVehicle Business Process/Operations/ActivitiesBusiness Process/Operations/Activities
Intellectual Property of Win Intellectual Property of Win NoorNoor
SVA Exercise (cont’)SVA Exercise (cont’) IDENTIFING THREATS AND MEASURING IDENTIFING THREATS AND MEASURING
LIKELIHOOD TO OCCUR: MACRO ENVIRONMENTLIKELIHOOD TO OCCUR: MACRO ENVIRONMENT
General Perception towards line of businessGeneral Perception towards line of business Threats toward similar business operationsThreats toward similar business operations
Intellectual Property of Win Intellectual Property of Win NoorNoor
SVA Exercise (cont’)SVA Exercise (cont’) IDENTIFING THREATS AND MEASURING IDENTIFING THREATS AND MEASURING
LIKELIHOOD TO OCCUR: MICRO ENVIRONMENTLIKELIHOOD TO OCCUR: MICRO ENVIRONMENT Neighboring AreaNeighboring Area Organizations and Gatherings in the Organizations and Gatherings in the
Neighboring AreaNeighboring Area Adjacent Buildings and LandAdjacent Buildings and Land Community Perception towards Assessment Community Perception towards Assessment
ObjectObject Crime trends and rateCrime trends and rate Traffic and Road condition Traffic and Road condition Closest emergency services and response timeClosest emergency services and response time
Intellectual Property of Win Intellectual Property of Win NoorNoor
SVA Exercise (cont’)SVA Exercise (cont’) IDENTIFING THREATS AND MEASURING LIKELIHOOD TO IDENTIFING THREATS AND MEASURING LIKELIHOOD TO
OCCUR: MICRO ENVIRONMENT (cont’)OCCUR: MICRO ENVIRONMENT (cont’)
PersonnelPersonnel QuantityQuantity Education BackgroundEducation Background Life-StyleLife-Style Security AwarenessSecurity Awareness Recruitment ProcessRecruitment Process Distribution (Location, Work-Shift, Crowded or Distribution (Location, Work-Shift, Crowded or
Scarce)Scarce) Work-ShiftWork-Shift
History of Identified Internal CrimeHistory of Identified Internal Crime Location of AssetLocation of Asset Company Culture and Implementation of Business Company Culture and Implementation of Business
EthicsEthics Implementation of Internal Audits towards Departments Implementation of Internal Audits towards Departments
and Contractorsand Contractors
Intellectual Property of Win Intellectual Property of Win NoorNoor
SVA Exercise (cont’)SVA Exercise (cont’)SECURITY COUNTERMEASURE OVERVIEWSECURITY COUNTERMEASURE OVERVIEW
Perimeter Single/Multiple Perimeter Wall/Fence Wall/Fence type Climbable/Penetrable Adjacent Tree/Pole Waste/Water Disposal Access Security Watch Towers Illumination Intrusion Detection Device (CCTV, Sensors,
IR, Microwave) Patrol
Intellectual Property of Win Intellectual Property of Win NoorNoor
SVA Exercise (cont’)SVA Exercise (cont’)SECURITY COUNTERMEASURE OVERVIEW (cont’)SECURITY COUNTERMEASURE OVERVIEW (cont’)
Pedestrian Access Points (Regular and Emergency Doors) Sentry Guards and competence Climbable/Penetrable Illumination ID verification Intrusion Detection Device (CCTV, Motion
Detection) Visitor Access ProcedureVisitor Access Procedure Body Search ProcedureBody Search Procedure Bag/Carried Item ProcedureBag/Carried Item Procedure Metal DetectorMetal Detector X-RayX-Ray SnifferSniffer
Intellectual Property of Win Intellectual Property of Win NoorNoor
SVA Exercise (cont’)SVA Exercise (cont’)SECURITY COUNTERMEASURE OVERVIEW (cont’)SECURITY COUNTERMEASURE OVERVIEW (cont’)
Vehicle Access Sentry Guards and competence Penetrable (availability of Barrier, Speed Bumper,
Road Blocker, or Bollard) Illumination ID verification Intrusion Detection Device (CCTV) Visitor Access ProcedureVisitor Access Procedure Vehicle Search ProcedureVehicle Search Procedure Bag/Carried Item ProcedureBag/Carried Item Procedure Metal DetectorMetal Detector Vehicle Inspection MirrorVehicle Inspection Mirror SnifferSniffer
Intellectual Property of Win Intellectual Property of Win NoorNoor
SVA Exercise (cont’)SVA Exercise (cont’)SECURITY COUNTERMEASURE OVERVIEW (cont’)SECURITY COUNTERMEASURE OVERVIEW (cont’)
Internal Pedestrian Access Points ID verification (manual or electronic) Penetrable (locks, type of door, hinges) Illumination Intrusion Detection Device (CCTV) Visitor Access ProcedureVisitor Access Procedure
Windows Penetrable (type of glass, hinges) Illumination Intrusion Detection Device (Glass Break, IR,
Microwave, CCTV)
Intellectual Property of Win Intellectual Property of Win NoorNoor
SVA Exercise (cont’)SVA Exercise (cont’)SECURITY COUNTERMEASURE OVERVIEW (cont’)SECURITY COUNTERMEASURE OVERVIEW (cont’)
Corridors and Office Areas Patrols Illuminations Intrusion Detection Device during off-work times (IR,
Microwave, CCTV) Security Awareness of employees Walls and Partitions Employee Population (Dense/Scarce) Key Management Clean Desk Policy Locks for Document Storage Document Labeling and Records Waste Disposal Management Caller IDCaller ID
Intellectual Property of Win Intellectual Property of Win NoorNoor
SVA Exercise (cont’)SVA Exercise (cont’)SECURITY COUNTERMEASURE OVERVIEW (cont’)SECURITY COUNTERMEASURE OVERVIEW (cont’)
Open Areas Patrols Illuminations Intrusion Detection Device (Buried Line, IR,
Microwave, CCTV) Security Watch Towers
Limited Access Office Areas Locks and/or ID verification Key Management Intrusion Detection Device (IR, Microwave, CCTV) Waste Disposal Management Access Permit Authorization ProceduresAccess Permit Authorization Procedures Access LogsAccess Logs
Intellectual Property of Win Intellectual Property of Win NoorNoor
SVA Exercise (cont’)SVA Exercise (cont’)SECURITY COUNTERMEASURE OVERVIEW (cont’)SECURITY COUNTERMEASURE OVERVIEW (cont’)
Employee Screening Life-Style Company Culture and Implementation of Business
Ethics Security Awareness Program Work Environment Office Politics
Vehicle Driver Requirements and Recruitment Process Trackers Locks Intrusion Sensors and Alarms Glass and Exterior Protection
Intellectual Property of Win Intellectual Property of Win NoorNoor
SVA Exercise (cont’)SVA Exercise (cont’)SECURITY COUNTERMEASURE OVERVIEW (cont’)SECURITY COUNTERMEASURE OVERVIEW (cont’)
Storage Areas Sentry Guards and competence Locks and/or ID verification for Limited Access Areas Incoming-Outgoing Procedures Incoming-Outgoing Records/Logs Illuminations Inspections and Monitoring Procedures Internal Audits Intrusion Detection Device during off-work times (IR,
Microwave, CCTV)
Cash-In-Transit Escort Randomized Schedule Insurance Armored Vehicle, or contracted service
Intellectual Property of Win Intellectual Property of Win NoorNoor
SVA Exercise (cont’)SVA Exercise (cont’)SECURITY COUNTERMEASURE OVERVIEW (cont’)SECURITY COUNTERMEASURE OVERVIEW (cont’)
Community Community Development ProgramsCommunity Development Programs Intelligence/Information Gathering ProgramsIntelligence/Information Gathering Programs Deterrence StrategyDeterrence Strategy Community Security InvolvementCommunity Security Involvement
Intellectual Property of Win Intellectual Property of Win NoorNoor
SVA Exercise: Threat Identification and SVA Exercise: Threat Identification and Related CountermeasureRelated Countermeasure
Asset Threat Countermeasure
Intellectual Property of Win Intellectual Property of Win NoorNoor
SVA Exercise: Threat Identification and SVA Exercise: Threat Identification and Related Countermeasure (cont’)Related Countermeasure (cont’)
Asset Threat Countermeasure
Intellectual Property of Win Intellectual Property of Win NoorNoor
Risk Calculation: Risk Calculation:
Threat TargetLikelihood To Occur
Likelihood To Succeed
Consequence
Risk
top related