INTRODUCTION TO

INDUSTRIAL
SECURITY CONCEPTS

MARIBETH BAGUINGAN-ONSAT
Etymology of the word “security”

“secures”- meaning freedom from

anxiety
“secura”-se (without) cura
(care,anxiety)
 “securitas”- feeling no care or
apprehension
HISTORICAL BACKGROUND
 Physical Security Measures
Security is equally old as mankind. It has been part of life
throughout civilization. It has been in existence since the
primitive ages until the modern days. Tracing back human history,
security has set part of life when man had to protect himself
against wild animals and the harsh environment. At the beginning,
security needs were simple, but as civilization became complex,
so did man’s security requirements.
As population increased in early societies, pressure for self-
sustenance often led to exploration, domination of vulnerable
populations and exploitation.

The conflicts added to the creation of hierarchical structures in

early societies. Farming societies gradually created chiefdoms,
reinforced by kinship partially to create order. And then codes
were established to assure peaceful coexistence, to stimulate
commerce, to encouraged development of specialized work and
to provide structure for dealing with threats from external
forces.
As societies become larger, they form group
classification with kings or their equivalents, serving
as a leadership elite with subordinate categories of
social, political, and economic distinctions. Often
these positions became hereditary and self-reinforcing.
Ascendancy started to evolve by a complex existence
with competition for limited resources which
threatened the security and safety of the community.
The fear of attacks led to the evolution of defensive means
to protect the community. A fundamental strategy was to
use physical security measures. And often geographic
location could be significant for protection such as being
situated on high grounds or surrounded by or alongside
bodies of water.
Animals probably preceded defensive structures to protect people. Dogs are
particularly suitable for security purposes. Dogs were valuable also as canine alarms
to attack intruders, for hunting and for companionship.
In modern times canine patrols serve law enforcement around the world.
They are used to detect illegal contraband, the smuggling of people and
the presence of prohibited foods, plants, narcotics and explosives.
 To protect precious objects, including vital documents, hidden places within walls or
furniture or under floors were frequently created.

Safes and strong boxes have served as protected containers since ancient Egypt. Locks are among the
oldest mechanisms invented. Through the centuries the need to protect precious metals and stones created
that advanced safe and vault construction skills.
Mechanical locks were developed earlier than combination
mechanisms. Locks with keys were widely available for purchase
from artisans to the Middle ages.
Public Protection Forces
 Considering the first duty of the community is to protect itself through
government and personal initiative, hierarchical stratification in early
society occurred partially to provide leadership for defensive purposes.

 Human society evolved from bands, to tribes relying on kinship, then

to chiefdoms, consisting of a leader who would direct the activities of
those within his sphere of control. Beyond this, kingdoms arose to
advance mutual defense and economic vitality. The empire emerged
which combined multiple countries with various forms of governance.
The formation of forces of men for offense and defense was inevitable.
Military forces were convened over the century.
Private security personnel

 The security industry had its origins as a commercial enterprise in

the United States. Allan Pinkerton has contributed much to the
origin of modern profit-making security services. As the business
grows, he started employing security personnel as detectives. Kate
Warne was hired and became the first woman detective in 1856.
 Eventually, Pinkerton provided armed guards. Guarding becomes a
new source of revenue and with the start of the civil war, Pinkerton
personally provided protective services briefly for the president
Abraham Lincoln.
Today, private security personnel offer their clients flexibility, specialized skills, insurance
covering job-related liabilities, and cost effective services making the choice attractive to
clients. Private security firms sometimes operate for profit correctional facilities and
provide services in government offices, educational and research institutions and within
military compounds.
Individual efforts for protection and
order maintenance
 From the earliest evidence of human experience, individuals have taken
responsibility for their own security. This involved physical measure as well
as protective procedures taken both individually and collectively.

 While the military, civilian police, private security, and indeed numerous other
organizations provided by the state offer protection, individual efforts are the
oldest, most prevalent and most difficult activity to assess. Programs provided
by the state and not for profit organizations have been developed to mitigate
risks in modern times.
Recently, innovative ways have helped communities reduce crime and increase the perception of
safety. These include private/ public programs like community policing. In addition to private
security services are volunteer programs. Numerous non-police developed anti-crime programs
to support security of individual homes, neighbourhoods, and commercial enterprises.
SECURITY IN GENERAL
 SECURITY- in a collective sense, is the same as protection and
safety; the state of being safe and the condition of being protected
against physical, social, spiritual, financial, political, emotional,
occupational, psychological, or other types or consequences of
failure, damage, error, accidents, harm or any other event which
should be considered not desirable.
 -is also a freedom from fear, harm, danger, loss, destruction or
damages. A state of the mind by which a person see or feel absence of
danger and presence of comfort.
FIELDS OF SECURITY
The following are the fields of security classified according to
each sphere or subject:

A. INFORMATION TECHNOLOGY (IT) FIELDS

1. Computing Security- is a branch of information security

applied to both theoretical and actual computer systems.
2. Computer security- is a branch of computer science that
addresses enforcement of ‘secure’ behaviour on the operation of
computers. The definition of ‘secure’ varies by application, and
is typically defined implicitly or explicitly by a security policy
that addresses confidentiality, integrity and availability of
electronic information that is processed by or stored on
computer systems.
3. Data security- is the means of ensuring that data is kept safe
from corruption and that access to it is suitably controlled. Thus,
data security helps to ensure privacy. It also helps in protecting
personal data.
4. Application security- encompasses measure taken to prevent
exceptions in the security policy of an application or the underlying
system (vulnerabilities) through flaws in the design, development, or
deployment of the application.
5. Information security- means protecting information systems from
unauthorized access, use, disclosure, disruption, modification or
destruction.
6. Network security- consists of the provisions made in an underlying
computer network infrastructure, policies adopted by the network
administrator to protect the network and the network-accessible
resources from unauthorized access and the effectiveness (or lack) of
these measures combined together.
B. PHYSICAL SECURITY FIELD
1.Physical security- describes measures that prevent or deter attackers from
accessing a facility, resource, or information stored on physical media. It can be
as simple as a locked door or as elaborate as multiple layers of armed guard
posts.

2. Shopping center security ( mall or supermarket)- a type of security which is

concerned with the protection of the stores, warehouses, storage, its immediate
premises and properties as well as the supermarket personnel and customers.
Security personnel are trained to detect “ shoplifter” robbery and bomb
detection and customer relation.
3. Airport/seaport security- refers to the techniques and methods
used in protecting airports and seaport and by extension aircraft
or sea craft, from crime and terrorism.

4. Home security- are those methods used for protecting

residential homes or town sites which include interior protection
of houses against property loss or damages.

5. Industrial security- type of security applied to business groups

engaged in industries like manufacturing, assembling, research
and development, processing, warehousing and even agriculture.
6. Hotel security- type of security applied to hotels where its properties are
protected from pilferage, loss, damage and the function in the hotel restaurants are
not disturbed and troubled by outsiders or guest themselves. This type of security
employs house detectives, uniforms guard and supervisor and insures that hotel
guests and personal effects are safeguarded.

7. Bank security- this type of security is concerned with bank operations. Its main
objective is the protection of bank cash and assets, its personnel and clientele.
Security personnel are trained to safeguard bank assets while in storage, in transit
and during transactions.

8. School/ campus security- a type of security that is concerned with the protection
of students, faculty members, and school properties. Security personnel are trained
to protect the school property from theft, vandals, handling campus riots, and
detecting the use of intoxicated drugs and alcohols by the students.
 C. POLITICAL FIELD

1.International security- consists of measures taken by nations and international

organizations such as United Nations, to ensure mutual survival and safety. These
measures include military action and diplomatic agreements such as treaties and
conventions. International and national securities are invariably linked.

2. National security- refers to the requirement to maintain the survival of the

nation-state through the use of economic military and political power and the
exercise of diplomacy.
3.Human security- refers to an emerging
paradigm for understanding global
vulnerabilities whose proponents challenge the
traditional notion of national security should be
individual rather than the state. Human security
holds that a people-centered view of security
is necessary for national, regional and global
stability.
D. MONETARY FIELD

1. Financial security- refers to the

methods applied for the protection of
fungible, negotiable instrument
representing financial value. It broadly
categorized into debt securities, and
equity securities, etc.
OTHER SECURITY FIELDS

1. VIP security – a type of security applied for the

protection of top-ranking officials of the government or
private entity, visiting persons of illustrious standing and
foreign dignitaries.
2. Homeland Security- similar to national security but this
is more focused on the protection of vital entities such as
critical utilities, critical facilities, and critical
infrastructures.
TYPES OF SECURITY THREATS

 The type of security of security threats in

any enterprise is dependent on the kind of
asset subject for protection and the type of
security operation of an installation. But
generally, the security design almost
considers the following security threats:
1.Threats against persons and properties- includes
possibility of physical harm or injury among people
such as shooting, knife attack or other means of
active attack. For properties, damage to properties
such as vandalism are common examples. Generally,
these threats are categorized under crimes against
persons and properties.
2.Threats to identity- specifically, are threats among
cyber users or electronic device-based impersonate a
user and fraudulently make calls and conduct data
sessions through the user’s device.

3. Threats to Confidentiality- these are threats against

confidentiality in wireless communications, records
systems and classified documents or materials.
4. Threats to integrity- integrity is closely related confidentiality, as
there maybe breaches to company’s trade secrets. As such, it has direct
impact on company business reputation. These may involve a wide
range of criminal and fraudulent activities.

5. Threats from Intrusion- the unauthorized access to the installation,

data or devices, whether by a human attacker or by malware intrusion.
6. Threats to Business Continuity- attacks can be
in many forms of natural sources or human
induced for business sabotage, subversive
activities, espionage, and pilferage.
CURRENT THREATS TO SECURITY

Crime and terrorism

Terrorism is the use of force or violence against persons
or property for purpose of intimidation, coercion or ransom. The threat of
terrorism has become of the most disturbing aspects of modern life. Acts
of terrorism include bomb threats, bombings, assassinations, kidnappings,
hijackings, cyber-attacks and the threat/ use of chemical, biological and
radiological attacks. Targets for acts of terrorism have included airports,
aircraft, military and police facilities, high- profile landmarks, large public
gatherings, and water and food supplies, and utilities.
Improvised Explosive Devices
The military bomb, as we generally recognize
it, is a ballistic shaped object filled with large quantities of
explosive and dropped from aircraft from the air. It is designed
to explode on impact when it reaches its target. But terrorists,
criminals, extortionists and anti-social elements extensively use
their own types of homemade bombs called “ Improvise
Explosive Devices” or IEDs.
Firearms
Firearm, generally refers to any lethal barrelled
weapon from which any shot, bullet or missile can
be discharged. Under the laws of many countries the
term “firearm” also includes any article having the
appearance of being a firearm, whether it is actually
capable of being discharged or not.
Bladed items
There are many blade and sharp items that could be used
as weapons in the hands of malicious individuals. These
include knives, kitchen knives, cutlery knives, automatic
knives, axes and hatchets, arrows and ice axes, cleavers,
machetes, open razors and blades, swords, billiard cues,
scalpels, scissors with blades, or tools that can be used as
stabbing or cutting weapon and other variety of bladed and
pointed items.
Postal Devices
Postal devices are now one of the most common
means of criminal attack upon organizations and
individuals worldwide. Historically, the motives for mail
bombs have included revenge, extortion and terrorism.

CBRN threats
Chemical threats, Biological threats, radiological and nuclear
threats
Improvised incendiary device (IID)

An IID is a device designed to destroy, incapacitate,

harass or distract by creating intense heat and fire,
rather than by exploding. Terrorists have often used
IIDs to attack economic targets. The usual intention is
to cause economic damage and weaken public
confidence rather than cause mass casualties.
Grenades
A hand grenade is a small hand-held anti-personnel
weapon designed to be thrown and then explode after a
short time. Hand grenades may appear in several
shapes, sizes and constructions. Some contain
explosives, while others may be incendiary and filled
with white phosphorus, or designed to emit smoke or
gas.
COMMON SECURITY CONCEPTS:

1. Asset-1.is anything tangible or

intangible that is capable of being owned
or controlled to produced value. If it has
positive economic value, it is considered
an asset. Or more simply, if its value can
be converted into cash.
2. Risk

a risk is a possible event which could cause
a loss, the exposure to the chance of injury
or loss.
3. Threat
an event, action or method that triggers a
risk which is either natural cause or human
induced.
4. Vulnerability
it is the state of being open to
injury or loss, a weakness in a
target that can be potentially
exploited by a threat.
5. Assessment
the process of evaluating the probabilities and
consequences of risk events if they are realized,
it includes the processes of identifying,
qualifying, and prioritizing security systems
and counter measures.
6. Defense in Depth

an approach to security in which a series of defensive

mechanisms are layered in order to protect the asset.
The concept is that, if one defense mechanism fails,
other steps up to immediately impede an attack or
unauthorized intrusion.
7. Target Hardening
iscomparable to defense in depth but more
focused on strengthening the security of a
building or installation in order to protect it in
the event of attack or reduce the risk.
8. Countermeasure

is a way to stop a threat triggering a

risk event.
9. Mitigation
is the means of reducing risk of loss from the occurrence
of any undesirable event. A mitigation action is a specific
action, project, activity or process taken to reduce or
eliminate long -term risk to people and property from
hazards and their impacts.
FUNDAMENTALS OF SECURITY
MANAGEMENT
SECURITY MANAGEMENT
 Itis the proper utilization of resources in a security organization
in order to meet organizational goals and objectives and to
ensure achievements.

 Securitymanagement is a systematic, repetitive set of

interconnected activities to ensure safe operation and thus
reduce the likelihood of risks. The key purposes are avoidance of
problems or negative phenomena such as threats and risks, and
avoidance of crisis or other problems which may cause delay,
harm or loss of assets.
 BASIC MANAGEMENT FUNCTIONS
 1.Planning- determination of courses of action to achieve
desired goals.

-is looking ahead, drawing up a good plan of

action. This requires active participation of the entire
organization. Planning must take the organization’s available
resources and flexibility of personnel into consideration as
this will guarantee continuity.
2. Organizing

It is the process of bringing together physical,

financial and human resources and developing
productive relationship amongst them for
achievement of organizational goals.
3. Commanding/Directing

giving of orders and clear working

instructions to employees so they would
know exactly what is required of them.
4. Coordinating

 harmonization of activities in an
organization that leads to efficient
function. It aims at stimulating motivation
and discipline within the different units in
the organization.
5. Controlling

 verifying whether the activities are carried out in

conformity with the plan. This requires establishment of
performance standards based on organizational objectives,
measuring and reporting on actual performance, comparing
results with performance and standards, and taking
corrective or preventive measures as needed.
PRINCIPLES OF SECURITY MANAGEMENT

1. Division of work- specialization of the

workforce increases their accuracy and speed.
In practice, employees are specialized in
different skills. Different level of expertise can
be distinguished within the knowledge areas.
2.Authority and responsibility

 accompanying power of authority gives the

management the right to give orders to the
subordinates. This means that, in order to get things
done in an organization, management has the
authority to give orders to employees.
3. Discipline

isabout obedience. It is often a part of the

core values of a mission and vision, in the
form of good conduct and respectful
interactions.
4. Unity of command

an individual employee should receive orders

from one manager and that employee is
answerable to that manager. If tasks are given
to the employee by more than one manager,
this may lead to confusion which may lead to
possible conflicts for employees.
5. Unity of direction
isabout focus and unity. All employees deliver
the same activities that can be linked to the
same objectives. All activities must be carried
out by one group that forms a team.
6. Subordination of individual interest

isabout ethics. Personal interests are

subordinate to the interest of the
organization. The primary focus is on
the organizational objectives and not
on those of the individual.
7. Remuneration
 thecompensation of employees must be sufficient to keep
employees motivated and effective. Motivation and
productivity are close to one another as far as the smooth
running of an organization. Remuneration could be non-
monetary, such as compliment, more responsibilities,
credits or in the form of monetary consideration such as
compensation, bonus or other financial rewards.
8. Degree of Centralization


Centralization implies the top management. Sharing of
authorities for the decision- making process with middle
and lower management is decentralization and that an
organization should strive for a good balance in this.
9. Scalar Chain

Hierarchy presents itself in any given organization.
This varies from top management to the lowest levels
in the organization. This principle states that there
should be a clear line in the area of authority from
top to bottom and all managers at all levels.
10. Order

 Employees in an organization must have the right

resources at their disposal so that they can
function properly in an organization. There must
be social order where the work environment must
be safe, clean and tidy.
11. Equity

Employees must be treated kindly and

equally. Employees must be in the right
place in the organization to do things
right. Managers should supervise and
monitor this process and they should treat
employees fairly and impartially.
12. Stability of Personnel Tenure

 The deployment and managing of personnel

should be in balance with the service that is
provided form the organization. Management
strives to minimize employee turnover and to
have the right staff in the right place.
13. Initiative

 Employees should be allowed to express new

ideas. This encourages interest and involvement
and creates added value for the company.
Employee initiatives are a source of strength for
the organization.
14. Esprit de Corps

 Management should strive for the involvement and unity

of the employees. Managers are responsible for the
development of morale in the workplace; individually and
in the area of communication. Esprit de Corps contributes
to the development of the culture and creates an
atmosphere of mutual trust and understanding.
LEVELS OF MANAGEMENT
 1. Top Level Management
-is usually made up of Board of directors.
-They are called as Chief Executives and they are responsible to
carry out the broad policies formulated by the board.
-Top level management is the policy making body responsible for
the overall direction and success of all activities of the company.

(READ YOUR NOTES FOR MORE DETAILS)

2. Middle Level Management

 Thislevel of management is concerned with the

execution of the policies and plans designed by the top
management. Therefore, the middle level management
comprises the department heads and other executives.

(READ YOUR NOTES FOR MORE DETAILS)

 3. Lower Level Management

 refers to subordinate departmental heads, foremen, office superintendents,

supervisors, etc. They come in direct contact with the employees or workers.
They actually carry out the operations as per schedule. They are designated
as the “ leg work”, they provide the essential link between the worker and
the management.

(READ YOUR NOTES FOR MORE DETAILS)

ELEMENTS OF SECURITY MANAGEMENT
(READ YOUR NOTES FOR DETAILS)
 1.Establish Security Management framework
 2.Produce and Maintain Security Policy
 3.Analyze Security Threats, Vulnerabilities and Risks
 4.Classify Information Asset Security
 5.Plan and Implement Security Practices
 6.Operate Security Protection Mechanisms
 7.Monitor, Assess, Audit and Report Security
 8.Evaluate Security Management Performance
 QUALITY MANAGEMENT SYSTEM
 Quality is the totality of features and characteristics of a product or
service that bear on its ability to satisfy stated or implied needs.
Thus, security is a component of quality.

 Quality is the responsibility of the whole organization and security

is part of the totality of quality of a system, implicit in customers
expectations.
MANAGEMENT SYSTEM COMPONENTS
 1.Credibility and Integration of Personnel
 2. Policies, Objectives and Tasks
 3. Threat, Vulnerability and Security Risk Assessment
 4. Controls
 5. Security Risk Register
 6. Planning and Resourcing
 7. Execution and Control Activities
 8. Monitor and Security Reporting
 9. Review
 10. Learning
 11. Reporting to Top Management
 RESOURCES FOR SECURITY MANAGEMENT
 1.Manpower- refers to people as resources. It is the most
important of all resources. It pertains to the workforce in
all levels of management, without them, all other
resources are unusable. They are categorized as the
managers and the employees.
 2.Money- refers to financial resources. It is the driving
force of any business for the compensation or reward of
the workforce. Any business enterprise of any nature and
size needs a capital.
 3. Machinery- refers to the devices or tools needed in order to
aid the workforce do their activities with ease and
simplification. This includes modern technologies and
automation.
4. Materials- refers to raw materials as inputs to business
production.
5. Methods- refers to standards and procedures used as
techniques for production. It can be systems that are put
together for the transformation of raw materials into usable
products, goods or services. Machines do not operate by
themselves without as system or procedures.
 6. Market- refers to the interaction, social relations, and
institutions for trading of goods and services, which form
part of the economy. It refers to the “ transactions” in
motion, categorized as consumer market or industrial
market.
7. Minute- refers to the management of time, the optimum
time that a worker needs to produce the highest quality of
product or service. It is called efficiency at work.
8. Morale- refers to motivation of people, the moving power
to act or exert effort to achieve desired goals or objectives. It
is the secret weapon of management of controlling and
 9. Matter- refers to the data and information management. Data
refers to information are translated into a form that is efficient for
movement or processing. They are used for organizational program
that manages people, processes and technology that provides control
over the structure, processing and delivery. Information is also
required for management and business intelligence purposes.

10. Measurement- refers to the internal control systems, such as

preventive controls, detective and reactive controls, use to gauge
effectiveness. It encompasses the assessment of performance and
results achieved by employees and the entire organization.
SECURITY MANAGERS

 Securitymanagers are persons in the

organization who are responsible for monitoring
the security operations for any organization or
company. They implement security policies,
regulations, rules and norms and make sure that
the environment in their organization is safe for
employers and visitors.
 TYPES OF SECURITY MANAGERS
 1. Functional Manager- one who is responsible for just one
organizational activity such as accounting, human resources,
sales, finance, marketing, or production. Focus on technical
areas of expertise, use communication, planning and
administration, teamwork and self- management competencies
to get the work done.

 2.General Manager- one who is responsible for the operations of

more complex units. For example, a company or division.
Oversees work of functional managers.
ESSENTIAL SKILLS FOR SECURITY MANAGERS
 1.Communication skills
 2.Physical fitness
 3.Knowledge of security environments and hazards
 4.Excellent attitude
 5.Interpersonal skills
 6.Analytical skills
 7.Leadership skills
 8.Initiative and being proactive
 9.Good negotiation skills
 10.Being able to work with a team
 VARIOUS STYLES OF SECURITY
 MANAGERS
1. The visionary-one who listens to ideas and take notes of what
they’re trying to achieve. They jump right in and help brainstorm
ideas with a team. They provide practical advice and opinions for
how their ideas can be turned into reality.

 2.The coach- one who is like a sport coach, who brings high levels of
energy and discipline. He aims to bring high performance into the
workplace. He is highly people- focused and view the success of the
team as his own personal success. He usually set clear, realistic
goals for performance and discuss practical strategies on how the
team can achieve those goals.
3. The Sensitive Boss- bosses are genuinely concerned with the
emotional well being of their workers and are determined to
create a workplace that is as harmonious and responsive to
individual needs as possible. They aim to create close connections
between individual workers through shared team activities, while
minimizing stressful or confronting situations.
4. The Democratic Boss- one of the easiest types of managers to
work with, democratic bosses are focused on open collaboration
within their teams and are underpinned by a strong belief that the
best outcomes are achieved by all parties bringing their ideas to
the table in pursuit of a common goal. He contributes actively to
team discussions and give opinions on new ideas.
5.The Commander- one who just want the job to be done on time and
to the highest standards possible. Accordingly, one of the most difficult
management styles to work under, commander bosses know exactly
what outcomes they want from their team and ensures that everybody
knows about it. Commanders expect strong discipline and speed from
their team and may often shout commands in very clear terms.

6.The Pacesetter- one who is highly energetic and will often do their
best to bring motivation to the team in the fast-paced nature of modern
economy. He is focused in winning the race and winning it with pride.
Similar in personality to commanders, pacesetters can also be quite
direct and demanding, expecting the best from their team members and
impatient if tasks fall behind schedule.
THE NEXUS OF
CORPORATE
SECURITY, MILITARY
AND LAW
ENFORCEMENT
 MILITARY SECURITY PERSPECTIVES

Militarysecurity implies the capability

of the nation to defend itsef, and or
deter military aggression. It also implies
the capability of a nation-state to
enforce its policy by use of military
force.
 Protecting the National Interest, National
Strategy and National Power
National Security- is a state or condition where
our most cherished values and beliefs, our
democratic way of life, our institutions of
governance and our unity, welfare and well-being
as a nation and people are permanently protected
and continously enhanced.
 It has the following elements:
1. Socio- Political Stability- is the state of the achievement of peace
and harmony, regardless of creed, ethnic origin or social station. The
government and the people are both engaged in nation-building under
the rule of law, democracy and respect of human rights.

2. Territorial Integrity- is the assurance of permanent invoidability of

the national territory and the effective control of it by the government.
This include the preservation of the country’sExclusive Economic Zone
(EEZ) and its protection from illegal incursions and resource
exploitation.
3. Economic Solidarity and Strength- is the continous pursuit of a free-
market economy through responsible entrepreneurship based on social
conscience, respect for the dignity of labor and concern for public
interest.

4. Ecological Balance- pertains to the effective conservation of natural

environment in the face of industrial and agricultural expansion and
population growth. It includes the promotion of a sustainable
development side by side with social justice.

5. Cultural Cohesiveness- upholds the lives of people are ruled by a

common set of values and beliefs grounded on high moral and ethical
standards, drawn from its heritage, embodying standard, religion, ethnic
and linguistic differences.
6. Moral and spiritual Consensus- promotes a national
vision inspired, and manifested in people’s words and
deeds, by patriotism, national pride and advancement
of national goals and objectives.

7. External Peace- provides the Nation’s pursuit of a

constructive and cordial relations with all nations
which promotes from external control, interference,
threat or aggression.
The aspect of national security for which
the military forces need to protect are:
 1. National interest- is used to refer to the general concept of national
security and well-being.

 2. National Strategy- It is a long range plan through which a nation applies

its strength toward th attainment of its objectives. It is the art and
science of developing and using the political, economic, and psycholigal
powers of a nation, together with its armed forces during peace and war,
to secure national objectives.
3. National Power- the elements of national power are numerical
strengths and character of government, geographical location,
resources, economic development and miltary potential. The
degree to which a nation is strong or deficient in these elements is
normally a measure of its national power. It comes from:

 a. Political strength
 b. Economic Strength
 c. Cultural Strength
 d. Military Strength
 POLICE SECURITY PERSPECTIVES
 When it comes to countering crime, it is the police that are on the front
lines in most societies but it has become apparent in recent years that
police have the difficulty in dealing with the involving internal threats of
internal threats of insurgency, terrorism and organized crimes.

 When the threat looms that large, it becomes a national security issue,
that may justify a military or military-like rsponse. Thus, when human and
national security are under seige, governments may conclude that some
form of military intervention may be essential.
 Law Enforcement Security Focus
 1.Protection- protection of the community from violent and or
dangerous crimes.
 2. Service- Serve a population by eliminating high- profile
offenders and ensuring the safety of said population.
 3.Deterrence- deter criminals and crimes from occuring by
showing a highly visible police presence.
 4.Customer service oriented- with emphasis on preservation of
peace and security within their community jurisdiction.
Corporate Security Perspectives
 Corporate Security- refers to the resilience of
corporations against espionage, theft, damage and other
threats. System of law and sound approaches by which
corporations are directed and controlled focusing on the
internal and external corporate structures with the
intention of monitoring the actions of management and
directors and thereby, mitigating agency risks which may
stem from the misdeeds of corporate officers.
 Corporate Security Environment
 It is important to understand how security applies within the field of a corporate business. The following
activities are the main pillars of a corporate security function:
 a. physical protection of assets
 b. Physical protection of people
 c. business continuity
 d. Crisis response/management
 e. Cyber security
 f.Information and data protection
 g. Internal investigations
 h. Countering fraud and money laundering
 i. counterespionage
 j. brand protection
 k. anticounterfeiting/piracy
Corporate Security Activities
 1. Detection- detect any threat for prevention.
 2. Deterrence- use all necessary procedures to deter sabotage,
intrusion, etc.
 3. Engagement- respond to all and or any threat within their
jurisdiction.
 4.Task driven- with the purpose of satisfying the requirements of
the client.
 Corporate Security Key Objectives
 1.Risk Management- manages at an early stage any developments
that may threaten the resilience and continued survival of a
corporation.
 2.Business Continuity- it is a corporate function that overseas and
manages the close coordination of all functions within the company
that are concerned with security, continuity and safety.
 3.Business Security- security risks have become more complex.
Many of the threats, such as security are asymmetric and
networked, making them more difficult to manage.
MAJOR DIVISION OF INDUSTRIAL SECURITY
 1.PHYSICAL SECURITY- are those measures taken to
prevent physical access or entry to an installation or area
by unauthorized personnel.
 2.PERSONNEL SECURITY- is applied to check the
background of persons as well as the protection of company
personnel against potenial harmful acts or conditions.
 3. DOCUMENT SECURITY- this includes every measures
designed to safeguard company documents from
unintentional harmful acts or against unathorized disclosure
of the information contained therein.
 PHYSICAL SECURITY SYSTEM
 LAYERS OF PHYSICAL SECURITY:

1. environmental design- the initial layer of security for a campus,

building, office, or physical space uses environmental design to deter
threats. Some of the most common examples are also the most basic-
barbed wire, warning signs, and fencing, concrete bollards, metal
barriers etc.
2. mechanical and electronic access control- includes gates, doors and
locks
3. Intrusion detection- monitors for attacks. eg alarms
4. Video monitoring- are more useful for incident verification and
historical analysis. eg cctv
PHYSICAL BARRIERS- any structure or physical device
capable of restricting, deterring, delaying, illegal
acces to an installation.
 types of physical barriers:
1. Natural Barriers- includes bodies of waters, mountains,marshes, ravines, deserts or other terrain
that are difficult to traverse.
2. Structural Barriers- these are features constructed by man that tends to delay intruders. eg walls,
doors, windows, locks, fences, safe etc.
3. Human Barriers- persons being used in providing a guarding system or by the nature of their
employment employment and location, fullfill security funtions. eg guards, office personnel, shop
workers, etc.
4. Animal Barriers- animals are used in partially providing a guarding system.
5. Energy Barriers- it is the employment of mechanical, electrical, electronic energy imposes a
deterrent to entry by the potential intruder or to provide warning to guard personnel. eg protective
lighting, alarm system and any electronic devices used as barriers
Perimeter Barriers
Perimeter barrier is a medium of structure which
defined the physical limits to an installations or
area to restrict impede access thereto. It is any
physical barrier ued to supplement the protection
of an inside or outside perimeter. Perimeter
Barrier also includes the utilization of security
personnel.
 Lines of Physical Defense

 1. First Line- includes perimeter fence or barrier.

 2.
Second Line- include doors, floors, windows, walls,
roofs, and grils and other entries to the buildings

 3.ThirdLine- Include storage systems like steel, cabinets,

safes, vaults and interior files.
Perimeter Fences
a fence is a freestanding structure
designed to restrict or pervent
movement across a boundary. It is
generally distinguished from a wall by
the lightness of its construction.
 Types of Fences
 1. Solid Fence- constructed in a way that visual access through the fence is
denied. Its advantage is that it denies the opportunity for the intruder to
become familiar with the personnel, activities and the time schedule of the
movements of the guards in the installation. On the other hand it prevents
the guards from obseving the area around the installation and it creates
shadow that may be used by the intruder for cover and concealment.
 2. Full-view fence- it is constructed in such a way that visual access is
permitted through the fence. Its advantages are that it allows the roving
patrols and stationary guard to keep the surrounding area of the
installation under observation. On the other hand, it allows the intruder to
become familiar to the movements and time schedule of the guard patrols
thereby allowing him to pick the time that it is advantageous on his part.
 Additional Protective Measures
 Top Guard- additional overhang of barbed wire placed on vertical erimeter
fences upward and outward with 45-degree angle with 3-4 strands of barbed
wires spaced 6 inches apart. This increases the protective height and
prevent easy access.
 Guard Control Stations- This is normally provided at main perimeter
entrances to secure areas located out-of doors and manned by guards on full
time basis. Sentry station should be near a perimeter for surveillance at the
entrance.
 Tower Guard- this is a house -like strucure above the perimeter barriers.
The higher the tower, the more visibility it provides. It gives a psychological
answerving effect to violators.
 Signs and Notices- “Control Signs” should be erected where necessary in the
management of unauthorized ingress to preclude accidental entry. Signs
should be plainly visible and legible from any approach .
Perimeter Guards- also employed in augmenting the
existing perimeter security/ barrier

 1.
Fixed Post- security guards are assigned in a
particular place of the compuond to guard and watch
the surroundings

 2.
Patrol (Roving)- in this system, the securiy guard is
required to walk and go around regularly around the
company premises.
Protective Lightings-it provides sufficient illumination to the area during hours
of darkness, improve visibility, and sevrves as deterrent to would-be thieves.

 Types:
 Stationary Luminary (Continous lighting)- the most familiar type of outdoor
security lighting, this is designed to provide two specific results: Glare
projection or controlled lighting. It consists of a series of fixed luminaries at
range to flood a given area continously during the hours of darkness.
a. Glare projection type- being used in prisons and correctional institutions
to illuminate walls and outside barriers.
b. Controlled lighting- it is generally employed where, due to surrounding
property owners, nearby highways or other limitations, it is necessary for the
light to be more percisely focused.
standby lighting- it is designed to reserve or stanby use or to
supplement continous systems. A standby system can be
most useful to selectively light a particular area in an
occassional basis.

Movable or Portable lighting- this system is manually

operated and is usually made up of movable search or
floodlights that can be located in selected or special
locations which will require lighting for short period of
time.

Emergency lighting- this system is used in times of power

failure or other emergencies when other systems are
 General types of Lighting Sources
 Incandescent lamp- it is the least expensive in term of energy consumed and has the
advantage of providing instant illumination when the switch is on.
 Mercury Vapor lamp- it is considered more efficient than the incandescent and used
widespread in exterior lighting. This emits a purplish-white color, caused by an electric
current passing through a tube of conducting and luminous gas.
 Metal Halide- it has similar physical appearance to mercury vapor but provides a light source
of higher luminous efficiency and better color rendition.
 Flourescent- this provides good color rendition, high lamp efficiency as well as long life.
However, it cannot project light over long distance and thus are not esirable as flood type
lights.
 High-pressure sodium vapor- this has gained acceptance for exterior lighting of parking areas,
roadways, buildings and commercial interior installations. Constructed on the same principle
as mercury vapor lamps, they emit a golden white to light pink color and this provide high
lumen efficiency and relatively good color rendition.
 Types of Lighting Equipment
 Floodlights- these can be used to accomodate most outdoor security lighting
needs, including the illumination of boundaries, fences and buildings and for the
emphasis of vital areas or building.

 Streetlights- these are lighting equipment received the most widespread

notoriety for its value in reducing crime.

 Searchlights- these are highlyfocused incandescent lamp and are designed to

pinpoint potential trouble spots.

 Fresnel lights-these are wide beam units primary used to extend the illumination
in long horizontal strips to protect the approaches to perimeter barrier.
Protective Alarms

 Alarm
(signal)- is synonymous to warning of
emminent danger .
 Protective
alarm- It is an aural or visual signal given
by the enunciator to security guard when intruder
actuates device in a protected area.
 Enunciator- is a visual or audible-signaling device,
which initiates condition of associated circuits.
Basic parts of Alarm System:

 1.Sensor or trigger device- it emits the aural or

visual signals or both.
 2.
Transmission line- a circuit, which transmit the
message to the signaling apparatus.
 3.enunciator- the signaling system activates the
alarm.
 Protective Alarm System
 1. Central Station System- a type of alarm where the control station is located outside the
plant or installation. When the alarm is sounded or actuated by subscriber, the central
station notifies the police and other public safety agencies.

 2. Proprietary System- centralized monitor of the proprietary alarm is located in the

industrial firm itself with a duty operator. In case of alarm, the duty operator calls whatever
is the primary need: firefighters, police, an ambulance or a bomb disposal unit.

 3. Local Alarm- This system consist of ringing up a visual or audible alarm near the object to
be protected. When an intruder tries to pry a window, the alarm thereat goesoff.

 4. Auxiliary Alarm- company-owned alarm systems with a unit in the nearest police station
so that in case of need, direct call is possible. The company maintains the equipment and
lines both for the company and those in the police, fire and other emergency agencies by
special arrangement. Radio,landlines, or cellphone can avail of the auxiliary system.
Kinds of Alarms
 1. Audio Detection Device- it will detect any sound caused by attemted force
entry. A supersonic microphone speaker sensor is installed in walls, ceilings and
floors of the protected area.
 2. Vibration Detection Device- it will detect any vibration caused by attempted
force entry. A vibration sensitive sensor is attached to walls, ceilings or floors
of the protected area.
 3. Mettalic foil or wire- it will detect any action that moves the foil or wire. An
electrically charge strips of tinfoil or wire is used in the door, windows or glass
surfaces of the protected area.
 4. Laser Beam Alarm- a laser emitter floods a wall or fencing with a beam so
that when a physical object disturbs this beam, an alarm is activated.
 5. Photoelectric or Electric Eye Device- an invisible/ visible is emitted and when
an itruder breaks contact with the beam, it will activate the alarm.
 Locks and key control

 lock-mechanical, electrical, hydraulic or electronic device

designed to prevent entry into a building, room, container or hiding
place to prevent the removal of items without the consent of the
owner.
 Key- instrument for locking or unlocking.
 padlock- a portable and detachable lock having a sliding hasp which
passes through a staple ring or the like and is then made fast or
secured.
 peterman- an english term used to describe a lock picker.
 Types of Locks

 1. Key-operated locks
 2. Combination locks- uses numbers, letters or symbols
 3.
Code operated lock- a type of lock that can be opened
by pressing a series of numbered button in the proper
sequence.
 4.Electrical lock- a lock that can be controlled and
closed remotely by electrical means.
 5.
Card operated lock- a type of lock operated by a coded
card.
KEYING SYSTEMA

 types of keys:

1. Change Key- a specific key, which operates the lock and has a particular
combination of cuts which match the arrangement of the tumblers in the
lock.
2. Sub- master key- a key that will open all the lock within a particular area
or grouping in a given facility.
3. Master Key- a special key capable of opening a series of lock.
4. Grand Master Key- a key that will open everything in a system involving
two or more master key groups.
Security Cabinets
the final line of defense at any facility
is in the high security storage where
papers, records,plans or cashable
instrument, precious metals or other
especially valuable assets are
protected.
 Key Control
 1. Key Cabinet- a well constructed cabinet will have to be procured. The cabinet
will have to be of sufficient size to hold the original key to every lock in the system.
It should be secured at all times.
 2. Key record- some administrative means must be set up to record code numbers
and indicates to whom keys to specific locks have been issued.
 3. inventories- periodic inventories will have to be made of all dupicate and original
keys in the hands of the employees whom they have been issued.
 4. Audit- in addition to periodic inventory, an unannounced audit should be made of
all key control records and procedures by a member of management.
 5. Daily report- a daily report should be made to the person responsible for key
control from the personnel department indicating all persons who have left or will
be leaving the company. In the event that a key have been issued, steps should be
initiated to ensure that key is recovered.
 Types of Security Cabinets
1. Safe- a mettallic container used for the safekeeping of documents or small items in
an office or installation. Safe can be classified as either robbery or burglry resistant
depending upon the use and need. Its weight must be at least 750 lbs. and should be
anchored to a building structure. Its body should at least 1 inch thick steel.
2. Vault- heavily constructed fire and burglar resistance container usually a part of
the building structure used to keep protect cash, documents and negotiable
instruments. Vaults are bigger than safe but smaller than a file room. The vault door
should be made of steel at least 6 inches in thickness. The vault walls, ceiling,floor
reinforce concrete at least 12 inches in thickness. The vault must be resistive up to 6
hours.
3. File Room- a cubicle in a building constructed a little lighter than a vault but of
bigger size to accomodate limited people to work on the records inside. The file room
should at most be 12 feet high. It must have a watertight door and at least fire proof
for one hour.
Identification and Movement Control

Personnel Identification- the use of practical personal recognition,

artificial recognition such as use of identification cards, passes,
password, etc.

Badge and Pass Control- the system should have a complete record
of all badges and identification cards issued, return, mutilated or
lost by serial number and cross-indexed alphabetically.
Types of Pass System

1. Single Pass System- the badge or pass coded for authorization to enter
specific areas is issued tonan employee who keeps in his possession until his
authorization is terminated.

2. Pass Exchange system- an exchange takes place at the entrance of each

controlled area. Upon leaving, the personnel surrenders his badge or passes
and retrieve back his basic identification.

3. Multiple Pass system- this provides an extra measure of security by requiring

that an exchange take place at the entrance of each restricted area.
 Visitor’s Movement Control
1. Visitor’s logbook- all visitors to any facility should be required to identify themselves and
should be given a visitor’s ID by the security. The visitor’s logbook should be given a visitor’s
logbook should be filled up with the name of visitors, nature and duration of visit.
2. Photograph- taking photographs should be considered. Extreme caution must be exercised in
areas where classified information is displayed to preclude unauthorized taking of pictures of
installation.

3. Escort- if possible visitors should be escorted by the security to monitor their activity within
the establishment and guide them where to go.

4. Visitor Entrances- separate access for visitors and employees ofthe establishment should be
provided.

5. Time traveled- if there is a long delay or time lapse between the departure and arrival, the
visitor should show cause of the delay.
Package Control- no packages shall be authrized to be brought inside the industrial
installation, offices and work area without proper authority.

Vehicle Control- vehicles should be subjected for search at the entrance or exit of
the installation. All visitors with vehicles should provide the security as to the
complete details of their duration of stay, person to be visited and other
information.

Building Access Control- at any physical barrier, a security system must possess he
ability to distinguish among authorized persons, unauthorized visitors and other
unauthorized persons. This is to assist the security personnel protects sensitive
area and information within the installation.
Document and Information Security

Document Security- is the protection of records from its entire document life cycle. It also
connotes in this context the safeguarding of classified matters.

Standar rules- the authority and responsibility for the preparation and classification of classified
matter rest exclusively wih the originating office. Classifie matter should be classified according
to their contents. Classification should be made as soon as possible by placing the appropriate
marks of the matter to be classified.

Security Clearance- is the certification by a responsible authority that the person described is
cleared for access to classified matter tthe appropriate level.

Information Security- means protecting information system from unauthorized access, use,
disclosure, disruption, modification or destruction
 Protection of sensitive information
Propriety Information- is the information that in some special way
relates to the status or activities of the possessor and over which
the possessors asserts ownership.
eg. trade secrets- which consist of any formula, pattern, device or
compilation of information which is used in one’s business and
which give them an oppurtunity to gain an advantage per
competitors who do not know or use it.
patents- which is grant made by the government to an inventor,
conveying or securing to him the exclusive right to make, use or
sell his invention for term of years.
Personnel Security

 among the major aspects of security, personnel security is

considered as the most important. The resson is that
security involves people, both an asset to be protected at
the same time a source of security threats. It is an
acknowledged fact that losses are attributed mainly to
negligence or active participation of employees, either
through theft or sabotage. This emphasizes the need to
set up a system of hiring the people for the company.
Personnel Security- includes all the security measure designed to prevent
unsuitable individuals or persons of doubtful loyalty to the government from
gaining access to classified matters or to any facility and to prevent
appointment or retention as employees of such individuals.

Key functions of Personnel Security:

1. it serves as screening device in hiring suitable employees.

2. it provides background investigtion services of both potentialand present
employees for possible assignment to sensitive position.
3. it handles investigationof employees suspected of wrongdoing.
4. It develops security awareness among employees.
5. it attempts to ensure the protection of empoyees from discriminator hiring
or terminating procedures as well as unfounded allegations of illegal or
unethical activities and conduct.
Personnel Security Investigation

 Personnel security investigation (PSI)- is a process of

inquiry into the character, reputation, discretion,
integrity, morals and loyalty of an individual to
determine the suitablity of appointment or access to
classified matter.
 Background investigation- serves to verify information on
the application form and to obtain other information
pertinent to the decision to employ. It could be in the
form of partial investigation or complete background
investigation
Background checks, Vetting and profiling
Local Agency Check (LAC)- is background investigation activity where the
sources of information involve only the local agencies such as the LGU units
such as clearances from the barangay, local plice, and the courts.

National Agency Check (NAC)- is also investigation activity but the source of
information involves clearances from national government units.

Positive Vetting- is the process of inspecting or examining with careful

throughness. The essence of vetting is that it is based on information previously
given by the applicant. Other information issued during the interview, such as
those discovered in the BI, which confirms or denies this given by the applicant.
Security Profiling- is a process whereby a subject’s reaction in a future critical situation is predicted
by observing his behaviour or by interviewing him, or analyzing his responses to a questionnaire, such
as honesty test.

Deception Detection Techniques- This is a process of using devices in detecting deception during the
interview stage. This includes the use of a Polygraph, Psychological Stress Evaluator and Voice
Analyzer.

Financial and Lifestyle Inquiry- this type of investigation seeks to gather information on income and
mode of living, sometimes reffered to as earning-to-debt ratio.

Undercover Investigation- this is the placemant of an agent in a role in which the agent’s identity and
role remains unknown, in order to obtain information for criminal prosecution or for recovery or
limitation of asset losses.

Exit Interview- this is a valuable tool because it gives departing employees an opportunity to list
grievances. It offers security managers an opprtunity to learn the problems not previously known.
Debriefing an employee is also incorporated into the exit interview to remind them of their continuing
legal obligation to safeguard confiential company information.
END OF MIDTERM COVERAGE>>

GOOD LUCK! SEE

YOU ON FINALS..
 SECURITY RISK MANAGEMENT
 Risk Management is a field of management focusing on risk reduction
and analysis, using different methods and techniques of risk
prevention that eliminate existing or future factors which may
increase risks.
 Itis a systematic, repetitive set of interconnected activities aimed at
managing potential risks, and reduce the likelihood of their
occurence or reduce their impact.
 the purpose of risk management is to avoid problems and negative
phenomena, avoid the need for crisis management and to avoid
problems.
 The basic principles of risk management can
be summarized in the following statements:
 1.evey human activity brings some risk. Thus, there is no such thing as zero risk.
 2. The responsibility for risk management in organization is distributed throughout the
management. The highest responsibility is naturally with owner, the executives and top
management.
 3. In small organizations the responsibility for risk management is concentrated at the level of
the executives, because it is inefficient to employ a dedicated full-tiime risk manager.
 4. In medium and large organizations, the responsibility is spread among individual managers.
Large organizations and orgaizations operating in high-risk environments (such as banks,
insurance, energy industries, aerospace industry, transportation) have a designated special (risk
manager).
 5. Almost always, risk management is associated with the role of chief financial officer, as the
impact of risks(damage) as well as countermeasures, can be financially expressed and have an
impact on financial planning.
 Operational Terminologies:
 Assets- any real or personal property, tangible or intangible, that a company or individual owns
that can be given or assigned a monetary value. Intangible property includes things such as
goodwill, propriety information, and related property. For purposes of this guideline, people are
included as assets.
 Consequential- a secondary result ensuing from an action or decision. From an insurance or
security standpoint, costs, loss, or damage beyond the market value of the asset lost or damaged,
including other indirect costs.
 Cost/Benefit Analysis- a process in planning,related to the decision to commit funds or assets. This
is a systematic attempt to measure or analyze the value of all the benefits that accrue from a
particular expenditure.
 Criticality- the impact of a loss event, typically calculated as the net cost of that event. Impact
can range from fatal, resulting in a total recapitalization, abandonment, or long-term
discontinuance of the enterprise, to relatively unimportant.
 Events- something that happens; a noteworthy happening. In the security context; this usually
represents an occurrence such as a security incident, alarm, medical emergency, or related
episode or experience.
Risk Assessment- the process of assessing security-related risks from internal and external threats to
an entity, its assets, or personnel.

Security Incident- a security-related occurrence or action likely to lead to death, injury,or monetary
loss. An assault against an employee, customer, or supplier on company property would be one
example of a security incident.

Security Vulnerability- an exploitable capability; an exploitable security weakness or deficiency at a

facility, entity, venue, or of a person.

Site- A spatial location that can be designated by longitude and latitude.

State-of-the-art- the most advanced level of knowledge and technology currently achieved in any
field at any given time.

Statistics- a branch of mathematics dealing with the collection, analysis, interpretation, and
presentation of massess of numerical data. In security, this could represent a collection of
quantitative data such as security incidents, crime reports, and related information that, together
with other like information, serves as security-related statistics used for a number of applications
including risk and vulnerability evaluations.

Threat- an intent of damage or injury; an indication of something impending.

Goodwill- the value of a business that has been built up through the reputation of the business
concern and its owners.

Natural Disaster- a naturally occurring calamitous event bringing great damage, loss, or destruction
such as tornadoes, hurricanes, earthquakes, and related occurences.

Probability- The chance or in some cases the mathematical certainty that a given event will occur;
the ratio of the number of outcomes in an exhaustive set of equally likely outcomes that produce a
given event to the total number of possible outcomes.

Qualitative- relating to that which characteristic of something and what makes it what it is.

Quantitative- relating to,concerning, or based on the amount or number of something, capable of

being measured or expressed in numerical terms.

Risk- the possibility of loss resulting from a threat, security incident or event.

Risk Analysis- a detailed examination including risk

assessment,evaluation,management,alternatives,performed to understand the nature of unwanted,
negative consequences to human life, health,property,or the environment;an analytical process to
provide information regarding undesirable events; the process of quantificarion of the probabilities
and expected consequences for identified risks.
PHASES OF RISK MANAGEMENT

1. RISK IDENTIFICATION

2. RISK ASSESSMENT

3. RISK REDUCTION AND MITIGATION

4. RISK MONITORING AND CONTROL

 1. RISK IDENTIFICATION
 the process of listing potential risks and their characteristics.
 the results of risk identification are normally documented in a risk
register, which includes a list of identified risks along with their
sources, potential risk, responses, and risk categories. This
information is used for risk analysis, which in turn will support
creating risk responses. Identified risks can also be represented in
a risk breakdown structure, a hierarchical structure used to
categorize potential project risks by source. Though the major
work on risk identification is an iterative process; new risks can
be identified throughout the project life cycle as the result of
internal or external changes to a project.
 RISK IDENTIFICATION ESSENTIALS
Being vital to the management process, there are some essentials to risk identification that
guarantee maximum results, as follows;
1. Team Participation- a face-to-face interaction between project managers and the team as they
promise better and more comprehensive communication. The team must feel comfortable to
share and find hidden or elusive risks.

2. Repetition- information changes and apperas as the risk management process proceeds.
Keeping identified risks current and updated means the system is focused on mitigating the most
prevalent issues.

3. Approach- certain objectives require distinct approaches to best combat identification failure.
One method is to identify all root causes, undesirable events, and map their potential impacts.
Another is to identify essential performance fuctions the project must enact or goals it must
reach to be succesful, then find possible issues with each function or goal.
4. Documentation- consistent and exhaustive documentation leads to comprehensive and reliable
solutions for a specific project or future risk management team’s analysis. Most communication is
recorded by a project manager and data is copied, stored, and updated for continued risk
prevention.

5. Roots and Symptoms- It is essential in the risk identification phase to find the root causes of a
risk instead of mistaking them with the symptoms.

6. Project Definition Rating Index (PDRI)- is a risk assessment tool that helps develop mitigation
programs for high-risk areas. It facilitates the team’s risk assessment within the defined project
scope, budget, and deadlines. It also provides further detail of individual risks and their magnitude,
represented by a score. The summation of scores is statistically compared to the project
performance as a certainty level for the entire project.

7. Event Trees- commonly used in reliability studies and probabilistic risk assessments, event trees
reperent an event followed by all factors and faults related to it. The top of the tree is the event
and it is supported by any condition that may lead to that event, helping with likelihood visibility.
 Types of Security Risks
 Securityrisks is a term that indicates the risks associated
with the security of people, assets and information. These
includes the following risk groups:
1. Personal Security-property damage, health and life,
protection of personal data.
2. Physical security- equipment damage, disruption of objects
and systems.
3. Information security risks- breach of data security, network
or nformation system, data abuse or corruption.
 Types of risk sources
 types of risks are defined in terms of their severity in the field of
risk management, there are distinguished sources of risks:
1. Exposure
2. Failure
3. Crisis
4. Disaster
5. Opportunity
6. Attack
7. Human Stupidity
Risk Identification Tools and Techniques
1. Documentation Reviews- The standard practice is to identify risks is reviewing project related
documents such as lessons learned, articles, organizational process asses, etc.
2. Information Gathering Techniques- The given tecniques are similar to the techniques used to
collect requirements. This includes:
a. Brainstorming- is done with a group of people who focus on identification or risk for the
project.
b. Delphi technique- a team of experts is consulted anonymously. A list of required information is
sent to experts, responses are compiled, and results are sent back to them for further review until
a consensus is reached.
c. Interviewing- an interview is conducted with project participants, stakeholders, experts, etc. to
identify risks.
d. root cause analysis- root causes are determined for the identified risks. These root causes are
further used to identify additional risks.
e. SWOT Analysis- understanding and analysis of the internal( strength and-weaknesses) and the
external (opportunities-threats) factors.
f. Checklist analysis- checklist of risk categories used to come up with additional
risks for the project.

g. Assumption Analysis- Identification of different assumptions of the project and

determining their validity, further helps in identifying risks for the project.

h. risk register- a risk register is a living document that is updated regularly

throughout the life cycle of the project. It becomes a part of project documents
and is included in the historical records that are used for future projects. The
risk register includes; list of risks, list of potential responses, root causes of
risks, updated risk categories.
2. RISK ASSESSMENT/analysis
A security risk assessment is a process that
helps organizations identify, analyze, and
implement security controls in the workplace.
It prevents vulnerabilities and threats from
infiltrating the organization and protects
physical and informational assets from
unauthorized users.
Security Risk Assessment Procedure

1. Understand the Organization and Identify Asset

2. Specify Loss Events/ Vulnerabilities
3. Establish Probability of Loss Risk and Frequency of
Events
4. Determine the impact of the Events
5. Develop options to Mitigate Risk
6. Study Feasibility of Implementing Options
7. Perform Cost/Benefit Analysis
Security Risk Assessment Tools
1. Probability and Impact Matrix
2. Risk Data Quality Assessment
3. Probability and Impact Analysis
4. Monte Carlo Analysis ( Simulation
Technique)
5. Decision Tree
6. Risk Register Updates
Risk Probability Factors- conditions and sets of conditions that
will worsen or increase asset exposure to risk of loss can be
divided into the following major categories:

1. Physical Environment- such as construction, location, composition and

configuration.
2. Social Environment- such as demographics and population dynamics
3. Political Environment-such as the type and stability of government , and local
law enforcement rsources.
4. Historical Experience- such as the type and frequency of prior loss events
5. Procedures and processess- such as how the asset be used, stored and secured
6. Criminal state-of-art- such as the type and effectiveness of tools of
aggression.
3. RISK REDUCTION AND MITIGATION
Risk reduction is identifying ways to eliminate risk, while risk
mitigation is identifying ways to execute a strategy with less risk.
Risk mitigation implies that you are proceeding with an activity
but want to find ways to make it less risky. Risk reduction includes
the possibility that you avoid an activity altogether because it’s
too risky. Risk reduction encompasses both risk mitigation and
avoidance.
The goal of most security programs is to reduce risk. Risk
mitigation is accomplished by decresing the threat level by
eliminating or intercepting the adversary before they attack,
blocking opportunities through enhanced security, or reducing the
consequences in an attack should occur.
Risk Reduction and Mitigation components
1. Threat Assessments- a logical process used to determine likelihood of adverse events impacting
your assets and to validate security levels. It utilizes a number of different data sources to assess
real, perceived, and conceptual threats.

2. Vulnerability Assessments- smetimes referred to as a security vulnerability assessment, is the

analysis of security weaknesses and opportunities. The fundamental method for assessing
vulnerabilities is the security survey, which is a tool for collecting information about the facility.
The goal of a vulnerability assessment is to identify and block opportunities for attacks against
assets.

3. Crime Prevention Through Environmental Design (CPTED)- is a security concept that attempts to
influence offender decisions that precede criminal acts, through elements of the built environment.
It is based upon the theory that the proper design and effective use of the built environment can
reduce crime, reduce the fear of crime, and improve the quality of life. CPTED considers variables
that can be risk predictors such as: past crimes and threats,facility characteristics, current security
measures, existing vulnerabilities, and liability analysis.
 4. RISK MONITORING AND CONTROL
 Risk monitoring and control is required in order to ensure the execution ofthe risk plans and
evaluate their effectiveness in reducing risk. It keep track of the identified risks, including
the watch list. It monitors trigger conditions for contingencies and monitor residual risks and
identify new risks arising during project execution. It also updates the organizational process
assets.
Purposes: (To determine if:)
a. risk responses have been implemented as planned
b. risk response actions are as effective as expected or if new responses should be developed
c. project assumptions are still valid. Risk exposure has changed from its prior state with
analysis of trends.
d. risk trigger has occured
e. proper policies and procedures are followed.
f. New risks have occured that were not previously identified.
Inputs to Risk Monitoring and Control

1. Risk management plan

2. Risk Register Contains outputs of the other processes:
identified risks and owners, risk responses, triggers and warning
signs.
3. Approved Change Requests- approved changes include
modifications such as to scope, schedule, method of work, or
contract terms. This may often require new risk analysis to
consider impact on existing plan and identifying new risks and
corresponding responses.
4. Work Performance Information- project status and performance
reports are necessary for risk monitoring and control of risks.
 Output Of Risk Monitor and Control
1. Risk Register Updates- risk register is updated to include: a) outcomes of risk reassessments,
audits, and risk review. Update may affect risk probability, impact, rank, response, etc. b)
actual outcome of risks, and risk responses that becomes part of the project file to be utilized
on future projects.
2. Corrective Action- corrective ation consists of performing the contingency plan or
workaround. Workarounds are previously unplanned responses to emerging risks. Workarounds
must be properly documented and incorporated into the project plan and risk response plan.
3. Recommended preventive actions- used to direct project towards compliance with the
project management plan.
4. Project Change Requests- implementing contingency plans or workarounds frequently results
in a requirement to change the project plan to respond to risks. The result is issuance of a
change request that is managed by overall change control.
5. Organizational Process Assets Updates- information gained through the risk management
processes are collected and kept for use by future projects. This includes templates for risk
management plan, probability-impact matrix, risk register and lessons learned.
6. Project Management Plan Updates- updates to the project management plan as a result of
approval of requested changes.
 Risk Monitoring Tools and techniques
1. Risk Reassessment- project risk reviews at all team meetings and major reviews
at major milestones. Risk ratings and prioritization may change during the life of
the project. Changes may require additional qualitative or quantitative risk
analysis.
2. Risk Audits- examine and document the effectiveness of the risk response
planning in controlling risk and the effectiveness of the risk owner.
3. Variance and trend Analysis- used for monitoring overall project cost and
schedule performance against a baseline plan. Significant deviations indicate
indicate that updated risk identification and analysis should be performed.
4. Reserve Analysis- as execution progresses, some risk events may happen with
positive or negative impact on cost or schedule contingency reserves. Reserve
analysis compares available reserves with amount of risk remaining at the time and
determines whether reserves are sufficient.
5. Status meetings- risk management can be addressed regularly by including the
subject in project meetings.
SECURITY RISK EDUCATION
Security Risk Education is conducted to develop security awareness among employees of the
company. It should cover all empyees, regardless of rank or position.

Objectives of Security Risk Education

1. Guidance for all supervisory and executive levels of the organization
2. A mandatory indoctrination on security for new personnel before their assignment to their
respective jobs
3. Development of a high degree of security consciuosness among the selected supervisors and other
key personnel in a program that should be continuing and supported by top management
4. A down-the-line security program aimed at instilling consciousness and dedication through various
methods of instructions such as through demonstration, lectures, motivations and suggestions.
5. To let all employees, force informed that they all belong to the organization and that non-
awareness to the security program is tantamount to disloyalty.
6. That the program is also to develop discipline, loyalty and belongingness.
Phases of Security Risk
Education
1. Initial Interview
2. Orientation and training
3. Refresher Conference
4. Security Reminders
5. Security Promotion
 SECURITY SURVEY AND INSPECTION
Security Survey- is an estimate of the security standards of a unit and is
conducted to enable the responsible officer to recognize and evaluate security
hazards and determine protective measures necessary to the prevention of
sabotage, espionage, subversive activities and other criminal acts inimical
towards the interest and/or mission of the unit and/or command.

Purpose of Security Survey:

The security survey will be used by the senior facility manager or industrial
planners in determining the type and extent of security controls for the facility
or the determination of the security level of the facility and security evaluation
(threat assessment), which addressess the criticality of operations, the
vulnerability of the facility or area, and the probability of compromise of the
personnel or property contained therein.
Requirements in a Security Survey
1. Criticality- is the effect that partial or total loss of the facility or
area would have on the facility’s mission. The adversity of the
effect is directly related to the criticality factor.

2. Vulnerability- is the susceptibility of a facility or area to damage

or destruction or the possible theft or loss of property.

3. Probability- deals with an assessment of the chances or risk that

certain events or might occur, such as penetration of the
perimeter, compromise of a system, or the occurrence of a variety
of unauthorized activities.
Stages of Security Survey
1. Initial Survey- the initial physical security survey is conducted before constructing,
leasing, acquiring, modifying, or occupying a facility or area. It describes any modification
required to raise the level of security commensurate with the levels of criticality and
vulnerability.

2. Follow-up Survey- when recommendations are made in the initial physical security survey,
a follow up survey is conducted to ensure the completion of modifications. This survey
should be conducted before acceptance of the property or occupancy.

3. Supplemental Survey- is conducted when changes in the organization, mission, faciity, the
threat level of the facility alter or affect the security posture of the facility or area. This
survey is conducted at the discretion of either the facility manager or senior security officer.

4. Special Survey- the special survey is conducted to examine or resolve specific issue, such
as when there is a request for a Sensitive Compartmented Information (SCI) accredited
facility or there is a need to investigate or assess damage resulting from an incident.
 SECURITY INSPECTION
Security Inspection is a check of how well existing security measures and
regulations are being carried out within a command. A secuity inspection may
also include an investigation of alleged or suspected
security violations.

Purpose of Security Inspection

Security Inspections, which may be announced or unannounced, are usually
conducted to determine the extent of compliance with security regulation or
procedures, including those recommended during surveys. The security officer
shall inspect facilities and programs under the security officer’s cognizance as
often as necessary to ensure compliance with the provisions of the applicable
standards, The inspections should result in written inspection reports.
Security Survey Vs. Security Inspection

Security Survey is defined as a counterintelligence service

to assist heads of office in determining the security
measures required to protect key installations from
possible sabotage, espionage, subversion, and unathorized
disclosures of, or access to, classified information or
material contained therein.

Security Inspection is counterintelligence service

performed to determine compliance with established
security policies and procedures.
Stages of Security Inspections
1. Evaluation- the evaluative or fact-finding inspection is generally positive in tone
and promotes liaison and security awareness while taking a broad, general outlook
of a facility or program. Deficiencies which may be resolved either on the spot or
within a non-specified time frame, may be noted and recommendations for further
corrective actions may be made. The evaluative inspection can help management
officials in planning or upgrading their security programs.

2. Compliance- the full compliance inspection generally is conducted for

enforcement purposes. It focuses on compliance with established standards or
regulations.

3. Follow-up- another form of compliance inspection is the follow-up inspection,

conducted to ensure the facility officials have complied with recommendations from
earlier inspections.
4. After-hours Room Check- is a form of compliance
inspection. It monitors compliance with security
regulations, especially involving areas where national
security information is processed or stored.

5. Self- Inspection- the self-inspection is initiated by

the security officer or facility manager to evaluate
his/her security program.

6. Closeout- during closeout inspections, all areas and

containers authorized for the storage of classfied
material are checked to ensure all classified material
has been removed.
Considerations for Security Inspection
1. Preliminary Planning
2. Initial Briefing
3. Escort Personnel
4. Exterior and Interior Check
5. History of the unit to be inspected
6. Analyzing Existing Security Measures
7. Final Briefing
8. Security Inspection Report
SECURITY BRIEFING

1. Orientation Briefings-
2. Special Briefing
3. National Security Briefing- these are
information security briefings that apply o
individuals who handle classified information.
4. Special Access Briefings- briefings related
to the various special access programs such as
those administered by the higher
management or national offices.