RADIOACTIVE SOURCES

SECURITY MANAGEMENT

Name:FAEIZALALI(faeizal@aelb.gov.my)
Section/Division:SEKSYENPERUNDANGAN
ATOMICENERGYLICENSINGBOARD(AELB)
MINISTRY OF SCIENCE TECHNOLOGY AND INNOVATION
MINISTRYOFSCIENCETECHNOLOGYANDINNOVATION

What is Security Management ?

Maintain the most cost effective and efficient security for an

organization to protect its assets, information, intellectual property,
operations, functions (radioactive material)

Takes into consideration the business and operations with a balance

between minimum standards, compliance and risk management

Ensures security measures and systems function properly

S
Security
Culture
C
is an integral part off security management

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Typical Management of Security

Compliance to obligations, regulation and governance

Security Plan (Objectives)
Threat Assessment,
Assessment DBT,
DBT increased threat scalability
Target Identification (Categories)
Securityy Culture
Inventories and Records
Efficiency and cost effectiveness
F ilit b
Facility
business,
i
operations
ti
and
d nuclear
l
safety
f t
Contingency plan

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Typical Security Management

Organization Chart/Structure

Security Plan
Objectives
Compliance
C
li
tto obligations,
bli ti
regulation
l ti and
d governance
Policies
Consideration facility operations, business & nuclear safety
Contingencies
Efficiency and Cost Effectiveness
Review (Need & periods)
Threat
Facility Characterization
Threat Assessment, DBT, increased threat scalability
Security
y Risk Assessment/Category
g y
Target Identification (Categories)

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Typical Security Management

Personnel Security
Roles & Responsibilities
Authority
Trustworthiness
Procedures
Adequate level of qualified staff
Access
Only authorized persons unescorted
Authorization, logging and monitoring
Key and key control
Training (Induction, awareness & education) - Staff and guards
Security event and/or breach reporting system

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Typical Security Management

Documentation
Procedures
Day to day operations (Staff, security & guards)
Visitors and contractors
Emergency
Contingency (Media)
Control
Information Security
Framework for types information (Polices, procedures,
operations, etc)
Use storage, transmission, distribution, carriage and
destruction
IT Security
Need to know
Quality Assurance
Inventories and Records NM or sources
http://www.aelb.gov.my
http://ansn.aelb.gov.my

Typical Security Management

Security Systems
Detailed design Protection in depth
Hardware (security devices, physical barriers, access control/monitoring,
communications, intrusion detection, etc)
Procedures and operation
Repairs,
Repairs Routine preventative maintenance and testing
Records
False & Nuisance alarms - Performance
Scalable measures for increased threat
Guarding and Response
Procedures
Capabilities and resources
Deterrence (prevention)
Monitoring,
Monitoring detection,
detection assessment
Alarm/Incident response
Increased threat
Security Culture

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Fundamentals
P t ti in
Protection
i Depth
D th
9Deterrence

(prevention)
9Detection
9 Assessment
9 Delay
9 Response
9 Contingencies
g
http://www.aelb.gov.my
http://ansn.aelb.gov.my

Protection in Depth

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Protection in Depth

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Protection in Depth
9
9
9
9
9
9

9
9
9
9
9
9

Exterior & Interior Lighting

Strong Rooms
Information Security
Audit Trails
Trustworthiness Checks
Alarms

Recruitment Checks
Guards and Patrols
Detection Devices
Categorization
Encryption
S f
Safes

9
9
9
9
9

Policies and Procedures

Testing and Inspections
Regulation & Governance
Secure Rooms
Need To Know
ID Cards

Successful
9
9
9
9
9

Logon ID & Passwords

Perimeter Fences
Access Control & CCTV
Legislation
Locks
V lt
Vaults
http://www.aelb.gov.my
http://ansn.aelb.gov.my

What are we trying to do with

S
Security
it ?

Administrative Measures
Securely and safely manage sources by policies, procedures
and practices

Physical barriers to source, device or facility

Separate it from unauthorized personnel
Deter,
Deter delay or prevent unauthorized access or removal of a
source

Balanced
a a ced Measures
easu es Efficient
c e t and
a d cost e
effective
ect e
Physical
Administrative
Personnel
Information Security
http://www.aelb.gov.my
http://ansn.aelb.gov.my

Balanced Security Measures

PHYSICAL

-Physical Barriers
-Secure areas and buildings
-Security technology - access control, alarms, CCTV
-Secure storage
-Guarding

PERSONNEL

-Photo Identification Badges

-Pre-determined trustworthiness
-Security Education and Awareness
-Authorized access and limit to need
-Visitor and contractor supervision and control

ADMINISTRATIVE

-Authorizations and Delegations

-Policies and Procedures
-Confidentiality
-Key and badge control
-Facility
Facility Security Officer

INFORMATION
TECHNOLOGY

-Communications
-Access Accounts, passwords, screen savers
IT Security Officer
-IT

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Plan

Prepared by the user and submitted to the regulatory

b d as partt off the
body
th authorization
th i ti

Outlines securityy objectives

j

Detailed description of :
Radioactive source/material inventory
Security arrangements and procedures
Security roles and responsibilities
Contingencies
C ti
i (i
(including
l di media)
di )

Greater detail for sources in higher

g
security
yg
groups
p
http://www.aelb.gov.my
http://ansn.aelb.gov.my

Threat
Collect and organize threat data
Identify
y threats and characteristics
Formalize threat assessment and gain
consensus
Define Design Basis Threat
Scalability for Increased Threat
- Administrative (procedures, access)
- Physical (walls,
(walls buildings)

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Key Points for Typical Security

C lt
Culture

Definition: Characteristics and attitudes in organizations and of individuals which

establish that security issues receive the attention warranted by their significance

OBJECTIVES
AWARENESS & EDUCATION
RESPONSIBILITIES
ACKNOWLEDGE THREAT
POLICIES & PROCEDURES
USER FRIENDLY SYSTEMS
SUPPORT & ASSISTANCE
HUMAN PERFORMANCE
ACCESS & TRUSTWORTHINESS
PERFORMANCE MONITORING

9
9
9
9
9
9
9
9
9

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture

OBJECTIVES
Usually

set out in Security Plan or Policies

Essential (necessary) to know security
Objectives
j
Clear on what are we trying
y g to do
Obligations, compliance & governance
Legislation
Responsibilities

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture

AWARENESS & EDUCATION

Staff understand why have security and what to do

Aware of security arrangements and responsibilities
Site Security Presence
Security always there - 24/7
Contact numbers for reporting events (at all times)
Events/reports/incidents
Timely reporting to Senior Management (their responsibility too)
Reporting process
Remedial security actions completed

Given security tools including

Training & information

Handouts, manuals, intranet, staff briefing/seminars
Security contact email address
http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture

RESPONSIBILITIES
Clear

responsibilities from OBTL through line

management to staff
Responsible
p
Officers for sources ((RPO/RPS))
Security is a shared responsibility

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture

IDENTIFY & ACKNOWLEDGE THREAT

Staff need to know generally what the

threats are Theft or sabotage
g
Typical adversaries and methods
Overt ((open)
p ) or covert
Insider (Passive or active)

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture

POLICIES & PROCEDURES

In

place and available to staff

Details organizations objectives, obligations
and responsibilities
p

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture

USER FRIENDLY SYSTEMS

Systems

easy to use
Allow persons with authorized access to
temporarily disable measures (such as locked
doors)
Verify persons identity and access authorization
Use badge and PIN to activate door control
reader
Key with effective key control
Reliable systems
Testing and maintenance
Periodic preventative (check, clean, service, adjust
& walk test)
http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture

ACCESS & TRUSTWORTHINESS

Authorized Persons
Unescorted access to sources
Access to sensitive information
Personnel Security - Staff and contractors
Need access and information to perform their duties
Background checks prior to granting access
In accordance with national standards or as
determined by regulatory body
Confirmation of identity, verification of references to
determine the individuals character, integrity,
reliability, willingness to comply
http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture

HUMAN PERFORMANCE
Overall

SECURITY RELIES ON PEOPLE

Behavior, Attitude, Honesty, Maturity

Ability and willingness to carry out security
arrangements
Staff properly trained

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture

SUPPORT & ASSISTANCE

Security

advice readily available

Staff must have support from line
management
g
Consistency

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture

PERFORMANCE MONITORING
Security

incidents or faults reporting system

Timely reporting
Measurement - Number and type of incidents
Analysis of statistics and reporting

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Summary

Security management to ensure cost effective,

efficient, balanced system with protection in
depth
Security Management ensures security
measures and systems function properly
Security Culture is an integral part of security
management
All persons in organization share the
responsibility for security
http://www.aelb.gov.my
http://ansn.aelb.gov.my