massbiz consulting crede sed proba

DDDDDDDDISCIPLINEISCIPLINEISCIPLINEISCIPLINEISCIPLINEISCIPLINEISCIPLINEISCIPLINE MMMMMMMMETHODOLOGIESETHODOLOGIESETHODOLOGIESETHODOLOGIESETHODOLOGIESETHODOLOGIESETHODOLOGIESETHODOLOGIES

>> Physical SecurityPhysical SecurityPhysical SecurityPhysical SecurityPhysical SecurityPhysical SecurityPhysical SecurityPhysical Security

>> Security Policies & ProceduresSecurity Policies & ProceduresSecurity Policies & ProceduresSecurity Policies & ProceduresSecurity Policies & ProceduresSecurity Policies & ProceduresSecurity Policies & ProceduresSecurity Policies & Procedures

>> Loss Prevention Loss Prevention Loss Prevention Loss Prevention Loss Prevention Loss Prevention Loss Prevention Loss Prevention

>> Fraud PreventionFraud PreventionFraud PreventionFraud PreventionFraud PreventionFraud PreventionFraud PreventionFraud Prevention

>> Operational Risk Management Operational Risk Management Operational Risk Management Operational Risk Management Operational Risk Management Operational Risk Management Operational Risk Management Operational Risk Management

>> Compliance Compliance Compliance Compliance Compliance Compliance Compliance Compliance

MMASSASSBBIZIZ LLCLLC CCONSULTANCYONSULTANCY SSERVICESERVICES

Protection of Assets

PHONE: (877) 214

PHONE: (877) 214-- 2900

2900

OOPERATIONS

PERATIONS, R, REVIEW

EVIEW, D, DESIGN

ESIGN, S, SYSTEMS

YSTEMS & T

& TECHNOLOGY

ECHNOLOGY

"Crede Sed Proba" "Crede Sed Proba"

To Learn More Call: (877) 214-2900

Experience Certainty At MASSBIZ, LLC—CONSULTANCY SERVICES it means achieving real business results that allow you to transform and

not just maintain your security and operations. We offer superior consulting services to assist Fortune 500

and other enterprise clients in providing safe and secure environments for their people, property and other

assets. Our expertise is in the areas of Physical Security, Risk Management, Loss Prevention and Compliance.

We actively seek and apply the best possible solutions and methodologies today, making sure to holistically

factor in people, processes and business issues.

Our services are designed to protect clients “Brand” and pinpoint fraud & loss prediction and prevention pro-

gram strengths and weaknesses, cure or reduce operational deficiencies and at the same time maximize ex-

isting resources. We do not provide any security services nor sell security products and is therefore unbiased

and objective when assessing critical requirements and recommendations on behalf of their clients. We pro-

vide impartial balanced thought and advice helping our clients make the right solution decision. With a di-

verse background our team can deliver a comprehensive range of security, fraud deterrence, loss prevention,

operational risk management consulting services

to multi-sector clients. Our aim is to exceed the

client's expectations on each and every project,

no matter how large or small the objectives.

The primary purpose of all of our assessments is

vulnerability identification or threat (exposure) determination and to make the task of analysis of the existing

risk more manageable by establishing a base from which to proceed. We believe in the premise that vulner-

ability threats that occur, whether the source is fraud based, physical security, logical security or a general

liability issue, are not random occurrences, they occur when the conditions are right for them to occur. Our

assessments attack the root causes and enablers of these vulnerabilities. Our thesis is that improving organ-

izational policies and procedures to eliminate threats, improve awareness that protect assets, minimize expo-

sure and reduce losses is the single best defense. Then we follow up with the latest technology countermea-

sures that reinforce your polices and procedures to act as an overwhelming deterrence and insure compliance

and evolve as changes require over time.

RISK = { } x Assets COUNTERMEASURES

THREATS X VULNERABILITIES

PHYSICAL SECURITY MANAGEMENT SERVICE (PSMS) 4

SECURITY ARCHITECTURE STRATEGY (SAS) 5

PHYSICAL SECURITY ASSESSMENT SURVEY (PSAS) 6

LOSS PREVENTION ASSESSMENT (LPA) 7

OPERATIONAL RISK MANAGEMENT ASSESSMENT (ORMA) 8

SUPPLIER SECURITY ASSESSMENT (SSA) 9

PHYSICAL SECURITY PROJECT MANAGEMENT (PSPM) 10

TEMPORARY CHIEF SECURITY OFFICER (TCSO) 11

Consultancy Services

Maintain Your Competitive Edge Through Our Proactive Expert Services

Physical Security Management Service (PSMS) With reduced budgets in today’s economy, many organizations may not be able to afford a

designated security individual who has the time or expertise to manage a physical security

program.

Our Solution—Innovation Drives Everything We Do There are many regulatory agencies that require safe working environments for employees or

anyone else on your property. You also have an obligation to protect your company assets. In

addition to the initial process of a Physical Security Survey and project management, the

requirement of a security management plan enters into the factor. A security management plan

can be described as how you manage all projects related to security issues whether it is

technology, policies and procedures or general interactions with people under normal and

emergency situations or an unplanned security incident. Compliance requirements and

accepted standards make it imperative that your security management plan be:

• Inclusive – Provide a review of client security management plan which includes physical

security assessment, mechanical security technology, security personnel and policies and

procedures.

• Current – Provide current security standards and accepted security practices in the industry.

• Effective – Establish what is the most cost effective security program both in dollars and

sufficient security coverage and programs.

• Documented –Ensure proper training is documented to protect client in reducing claims that

security personnel were not properly selected or trained and that all security mechanical

equipment is functioning as specified and regular tests made on the equipment and

properly documented.

We will manage your security plan to keep you abreast of all the latest changes in technology,

regulations and review your policies and procedures relevant to security. We will also work with

you to maintain necessary training or equipment inspection documentation.


Security Architecture Strategy (SAS) Many organizations have ad hoc security measures in place or have implemented security pro-

cedures and technology as needed without a system wide review of what is necessary from all

departments. Unplanned security architecture can leave holes in the environment that are not

readily apparent or security spending can be on the wrong technologies without a full under-

standing of where the risk truly lies in the architecture. A robust integrated security architecture

strategy is an end-to-end analysis of potential risk based on client business requirements.

Our Solution—Business Focus Beyond the Technical Domain Your overall security and loss prevention is the focus of implementing good solutions over time.

A forward looking, detailed security architecture strategy can help you fix your current weak-

nesses, and anticipate or predict future risk and implement mitigation solutions. A solution will

be developed that is specific to the available resources and maps closely to the business goals

of the organization. Risk mitigating measures are developed with security technologies that fit

the corporate framework.


Business Driven Enabling Business Usability

A Holistic Approach Adding Value Inter-operability

Fit-for-Purpose Empowering Customers Supportability

Measurable Protecting Relationships Integration

Return on Investment Leveraging Trust Low Cost Development

Risk-based Cost / Benefit Assurance Scalability of Platforms

Managing Complexity Governance Scalability of Cost

Providing a Roadmap Compliance Scalability of Security

Simplicity & Clarity Fast Time to Market Re-usability

Lower Cost of Ownership Lower Operations Costs Lower Administration Cost

Physical security is the most fundamental aspect of protection. It is the use of physical controls to protect the premises, build-

ings, site facilities, people and other assets belonging to your company. In this day and age, you cannot afford not to have a se-

curity evaluation performed on your property to protect yourself against intrusion into your company, frivolous lawsuits interrup-

tion of normal business operations or damage to your business reputation.

Our Solution

Our Physical Security Assessment Survey (PSAS) will be comprised of a comprehensive

overall security survey identifying risks and will target what can be considered high risk

areas. You have a due diligence responsibility to have your property assessed to prevent

security incidents such as physical assaults of people, thefts against your company as-

sets and property damage caused by vandals. This Physical Security Survey will include

physical security vulnerability assessment concepts as well as homeland security and

CPTED (Crime Prevention Through Environmental Design) concepts. Access control onto

property, into buildings and into sensitive area that require specific access control. Re-

view of current security practices established by client to ensure security of personnel,

protection of property against vandalism or unlawful entry and protection of company

assets. Review surveillance/CCTV on property, any intrusion/panic alarms to determine

effectiveness. Determine effective security methods to prevent unlawful entry or remain-

ing of people on property by reviewing fencing, lighting, and cameras. Compliance with

accepted Crime Prevention Through Environmental Design (CPTED) in reviewing Natural

Surveillance, Natural Access and Territorial Reinforcement of your property. Infrastructure survey and threat assessment to

determine that your normal business operations may not be interrupted by loss of services such as utilities, telecommunica-

tions, parking restrictions too close to a building and redundancy of services. Review of current lighting on premises to reduce

“dark” areas and ensure lighting is doing what it was designed to do.

Review with management what they perceive as security concerns and possibly meet with selected employees to determine if

the perceptions correlate. We will deliver a report with pictures detailing both the current situation and any recommendations

necessary to correct deficiencies. The deficiencies will be noted with practical steps and recommendations to correct the situa-

tion. The action plan would be the Project Management Plan that can be used to implement the solution to fix the problem. We

interface with vendors, work with the client to purchase equipment and we work with the installer for installation and training.


Physical Security Assessment Survey (PSAS)

Loss Prevention Awareness Assessment (LPAA) Many organizations, among their other responsibilities, are tasked with quickly identifying, inves-

tigating, recovering, and preventing losses by employees, individuals, and organized retail crime

(ORC). At the same time, their loss prevention professionals are drowning under the reams of

data that may offer insight into ways to keep ahead of the criminals. A “trusted” employee can

gain access to your assets (proprietary data, goods, services, customer lists, etc.) in a way that

no other employee can. Our experience for over thirty years has taught us that the elimination

of opportunity and temptation is the key to controlling negative behaviors within your enterprise.

Our Solution—The Perception of Detection The most widely accepted theory for explaining why people steal was postulated in the early

1950’s by Dr. Donald R. Cressey, while working on his doctoral dissertation on the factors that

lead people to steal from their employers. He called them ‘Trust Violators’, he was especially

interested in the circumstances that lead otherwise honest people to become overcome by

temptation. To serve as a basis of his work he conducted about 200 interviews with inmates at

Midwest prisons at the time were incarcerated for embezzlement. Today this work still remains

the classic model for the occupational thief. Over the years his original hypothesis has become

known as the Fraud Triangle. The key is that all three of these elements must exist for the trust

violation to occur. Our motivation has always been to attack the opportunity leg to create the

perception that if you try you will be detected. "Crede Sed Proba" or “Trust but Verify” is the key,

your people will only do what you expect, if they know that you are going to inspect.”

Our service provides a detailed assessment of all processes, policies and procedures such as:

purchasing, cash handling, work flow management, information technology, client intake, hu-

man resources, marketing, billing, etc. Review security business goals, objectives, and require-

ments; Align business and technology strategies for protecting assets by consolidating external

compliance and security best practice requirements into a common control framework. Then we

review the existing policies and security architecture against the controls necessary to achieve

compliance requirements, review the effectiveness of policies and procedures, conduct an au-

dit and track and document actual data. We prioritize gaps, vulnerabilities, and possible loss

scenarios according to risk, present findings and prioritized recommendations for addressing

discovered weaknesses.


Minimizing losses, maximizing organizational efficiencies and reducing earnings volatility have

always been high priorities for executive management and boards of directors. Increasing trans-

action volumes, growth-driven acquisitions and the globalization of business, coupled with a lar-

ger reliance on technology, have introduced higher degrees of complexity and uncertainty to or-

ganizations. In order to maintain a competitive advantage and to improve overall performance,

organizations are seeking a way to understand and proactively manage the risks that can impact

the business.

Our Solution Today’s technologies, used properly, can offer powerful benefits to any organization to minimize

potential risks. With increasing concern for employee safety, and data and asset theft, enter-

prises recognize the need to develop a more comprehensive approach to protecting and manag-

ing their resources - equipment, inventory, data, and people. Although a simple concept, the real-

ity of securing an enterprise is quite complex. With hundreds if not thousands of video devices,

motion detectors, fire alarms, access control systems, and other data feeds, obtaining a com-

plete view of a potential physical security incident, coordinating personnel and reacting in real

time is extremely difficult. Let us help you protect your brand with proven tools that get results.

Our Process We will first do an analysis of your organization and provide baseline security guidance and re-

quirements. We will review all projects and business functions and provide steps toward a more

secure posture. We will go onsite and interview your staff both operational, security and IT, at-

tend key business strategy sessions and review key technologies, policies and procedures to un-

derstand the current environment. We will review all policies and documented procedures and

compare them against industry best practices. We will gain insight into future development and

business goals. Strategic and technical recommendations will be made to ensure that your secu-

rity environment is compliant with best practices and anticipated future threats and can be miti-

gated and controlled. Weekly or monthly status reports can be generated and key performance

indicators can be used to track the progress of the overall security environment.


Operational Risk Management Assessment (ORMA)

Supplier Security Assessment (SSA) Most if not all companies do not have a complete understanding of the weaknesses posed by sup-

pliers or the threats their suppliers pose to their organizations. Many suppliers have very unhin-

dered access into the company environment and can pose a great danger if they are not moni-

tored, tracked and reported.

Our Solution Our end-to-end Supplier Security Assessment process can be developed in conjunction with the

company’s operational, loss prevention and security staff and vendor management teams to en-

sure all vendor access is appropriate and tracked. This involves but is not limited to ensuring that

any technical system and connectivity security issues associated with the supplier is controlled but

we also look at the business functions of your partners such as having proper Service Level Agree-

ments (SLA’s) in place. We develop measures to improve supplier security management.

• Develop Supplier assessment process for all suppliers, with specific tailored mechanisms for

categories of suppliers, conduct testing of Supplier networks where allowed

• Assess the strengths and weaknesses of the current countermeasures, examining the threats

to the availability and integrity of the assets managed by supplier Review SLAs

• Work with necessary vendors, write detailed steps and conduct key supplier assessments in

critical areas once new process is in place, develop controls matrix for Supplier Assessment

• Develop Policy for Supplier Assessments, conduct follow-up 1 day review of Supplier process 4

months after completion of Supplier Assessment project

We will go onsite and interview your staff and review key policies and procedures regarding how

suppliers are managed and how access and data are handled. We will develop new procedures

around different risk levels posed by categories of suppliers. You will have a detailed plan to con-

duct tests of suppliers, deliver security questionnaires and procedures to fix weak supplier secu-

rity technology. A detailed process along will all appropriate procedures and policies will be in

place at the conclusion of this project. This Supplier Assessment framework can then be used to

ensure the security of all vendor activity.


To assist the client in selection, review, purchase of security, loss prevention, risk management

or business intelligence equipment and/or security programs in bringing their security program

into acceptable security standards and practices. Many companies do not have the time or exper-

tise to review the inclusive security management plan and are lax in maintaining security stan-

dards which could result in theft, vandalism, fraud, loss of brand recognition, loss of service, busi-

ness continuity or general liability.

Our Solution We are able to provide project management on your security, loss or risk vulnerabilities and li-

abilities that have been identified by our assessment (s). We work with your company to deter-

mine the most cost effective way to mitigate the concerns. We will team with vendors to deter-

mine which product is the most effective and efficient and obtain price quotes. Working with you,

equipment or solutions can be purchased, installed and proper training provided. Follow-up and

on-site inspections will be provided by MassBiz LLC; afterward the solution will be documented

and verified by us.

Our Project Management Areas of responsibility include: • Product search for the right equipment to resolve your problem

• Determine with client which vendor is most cost effective and efficient • Ensure equipment is installed to specifications of purchaser

• Ensure proper training is provided to end user of equipment • Follow-up to ensure equipment is working properly and adjust accordingly if necessary

How the Process Works Our Physical Security Consultant will work with the client to establish what particular project man-agement services will be provided. The consultant will explore the most efficient and cost effec-tive measure to mitigate the security concern. We will work with the client purchasing department to determine which vendor should be selected varying on many factors. Follow-up will be pro-vided by on-site inspections by us to ensure the correct product was purchased and installed. Training by the vendor will be documented and verified by the MassBiz LLC consultant.


Physical Security Project Management (PSPM)

Temporary Chief Security Officer (TCSO)


Many organizations have IT handling the security function without dedicated security guidance. Or your company may not need a full time Chief Security Officer or may not have the budget for it currently. A Chief Security Officer can be very expensive to have in-house. Even a dedicated CSO often has other responsibilities thrust upon them, diluting their security role. With an external CSO, you can have dedicated guidance at a fraction of the cost.

Our Solution We can provide that gap coverage in our Temporary CSO offering. Key responsibilities we can provide with a Temporary CSO include overseeing and coordinating security efforts across the company, including information technology, hu-man resources, communications, legal, facilities management and other groups, and identifying security initiatives and standards. We will be your trusted resource to manage your security organization, bringing real world experience on a temporary basis until you are ready to hire a full time CSO. The CSO will define and communicate policies, procedures, and standards throughout the organization, as well as determine the corporate vision for IT Security and Data Privacy and provide leadership to accomplish the business goals. This is a critical role with responsibilities and accountabilities that include: • Protecting information assets against any potential threats and vulnerabilities that could impact the confidentiality • Establish Information Security strategy, policies and architecture to facilitate business requirements and recom-

mendation of controls • Develop and delivery of Information Security Awareness Program to Senior Management and gain commitment to

initiatives • Program and Workforce management including employees, contractors and vendors

• Knowledge of technological trends and developments in the area of information security and risk management, Strong knowledge and experience of risk management methodologies and tools

• Knowledge of information security audit guidelines • Experience with establishing and managing large project RFPs, contracts and vendors

• High level of personal integrity and professionalism to handle confidential matters and execute the appropriate level of judgment and maturity

• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals We will first do an analysis of your organization and provide baseline security guidance and requirements. Then we will review all projects and business functions and provide steps to move towards a secure posture. We will attend all key business strategy sessions and contribute to the overall business goals. Weekly or monthly status reports can be gen-erated and key performance indicators can be used to track the progress of the security environment.

109 Bay Path Road, East Brookfield, MA 01515 Phone/Fax: (877) 214-2900 ● Blog: http://www.SecurityTalkingPoints.com/ ● Twitter: http://twitter.com/PHYSECTECH

MASSBIZ LLC—CONSULTANCY SERVICES

“Organizations know that a proactive approach “Organizations know that a proactive approach “Organizations know that a proactive approach “Organizations know that a proactive approach to security is key to protecting critical assets and to security is key to protecting critical assets and to security is key to protecting critical assets and to security is key to protecting critical assets and reducing business liability risks, but too often reducing business liability risks, but too often reducing business liability risks, but too often reducing business liability risks, but too often they overlook physical security factors.”they overlook physical security factors.”they overlook physical security factors.”they overlook physical security factors.”

—James Edward McDonald, Consultant, MassBiz, LLC

massbiz consulting crede sed proba

Technology