Professional Documents
Culture Documents
Risk Rating Score: Critical Functions Impact Value (X 2) Moderated Value Likelihood (%) Value (2X10) Moderate D Value
Risk Rating Score: Critical Functions Impact Value (X 2) Moderated Value Likelihood (%) Value (2X10) Moderate D Value
10
X X
VERY
HIGH (PS) (IHR)
9
HIGH
8
X
(FF)
7
6
L I KE L I H O X X
O D (%)
(IC) (AS)
5
10 20 30 40 50 60 70 80 90 100
3
I
2 MODERA
LOW
TE
1
Attack Detection
Once an attack of any kind is under way, whether it is terrorism, economic crime, violent
crime, subversive action, or a petty crime, it is important, where possible, to be able to
detect the crime under way.
Detection countermeasures may include:
Intrusion detection system on property and building perimeters
Intrusion detection system applied to critical passageways and internal spaces
Duress alarms at critical counters and desks
Hold-up alarms
Assessment
When an attack is detected, it is then necessary to assess the threat for the following reasons:
Is the detection real, false, o r a nuisance detection?
If the detection is real, what are the level and nature of the threat actors?
What is their goal?
What weapons are they carrying?
What are their tactics?
Does this appear to be unfolding as a property or violent crime or a property
crime with potential for violence?
Are they employing countersurveillance methods?
How are they dressed? How can law enforcement recognize the threat actors
from ordinary employees or customers?
What is their apparent exit strategy?
Is the detection real, false, or a nuisance detection?
Economic crimes
Robbery
Burglary
Insider theft
Proprietary information theft
Crimes against the organizations business reputation
Computer crimes
Violent crime attack scenarios
Violence against employees
Violence against the public on the organizations property
Bladed weapons
Handguns
Available weapons
Petty crimes
Purse snatching/pickpocketing
Vandalism
Prostitution, pimping, and pandering
Other petty crimes
Disturbance causers
Goals
Once a threat action is detected, a response is possible. Responses to threat actions
could include:
Take no direct action to counter the threat actors, instead try to minimize any
potential harm to innocent people.
Gather evidence for an investigation and for a postevent analysis resulting in
scenario planning and training later.
Call others (such as the police) for help.
Intervene directly against the attack to stop it and capture the threat actors.
The security program should include elements to deal with unwanted exceptions,
such as:
Intruders and Offenders
Disruptive People
Medical Emergencies
Natural Disasters
Civil Disorder and Riot
Loss of Business Continuity
Chemical, Biological, Radiological Emergency
Challenges to the Security Program from Outside and Inside Sources
Implementation strategies include:
Control access to the target, denying access t o possible threat actors.
Deter any threat action from occurring.
Detect any threat action.
Assess what has been detected.
Respond to any active threat action.
Gather evidence for prosecution, investigation, and training.
Comply with the business culture of the organization.
Minimize any impediment to normal business operations.
Help to create an environment where people feel safe and secure and can focus
on the purpose of the organization.
Design programs to mitigate possible harm from hazards and threat actors.
Types of Countermeasures
Security i nvestigations program
Law enforcement liaison program
Baseline Security Program Implementation
Planning
Security supervisor hiring
Supervisor training
Security officer hiring
Security officer training
Scenario rehearsals
Daily operations training
Security program documentation
Baseline Security Program Phasing
Planning
Implementation
Training
Review
Designing Baseline Countermeasures
Follow these steps to design countermeasures for a baseline security program:
Access Control Program
Define access zones, such as:
Public zones
Semipublic zones
Controlled zones
Restricted zones
Define which assets require what level of zoning, then zone to those
requirements.
Define control points between zones. These will be the access control locations.
Determine what kind of access control is required at each control point (card
reader, biometric reader, vehicle lift gate, vehicle sliding gate, etc.).
Determine which access control locations need guard assistance (visitor badge
issuance, etc.).
Determine which access control points need intercom assistance (vehicle
parking gates, etc.).
Define the access credential program (photo ID badges, etc.).
Way-finding signage
Define the Detection Program
Perimeter detection
Facility perimeter
Building perimeter
Interior detection
Space detection
Duress alarms
Define the Assessment Program
Video assessment
Audio assessment
Two-factor alarm assessment