Professional Documents
Culture Documents
INTRODUCTION
TO
SECURITY MANAGEMENT
http://www.slideshare.net/swisscow/information-systems-365-lecture-threeperforming-an-it-security-risk-analysis
http://www.slideshare.net/sunjib77/gsv-ctpat-scspresentation
1.The manufacturing or
technically
productive
enterprises in a particular field, country, region, or
economy viewed collectively, or one of these
individually. A single industry is often named after its
principal product; for example, the auto industry. For
statistical purposes, industries are categorized generally
according
a uniform classification code such
as
Standard Industrial Classification (SIC).
2.Any general business
activity or commercial enterprise that can be isolated
from others, such as the tourist industry or the
entertainment industry.
OBJECTI
VES
INTRODUCTION
Present day industries are the backbone of our
economy so we need industrial security up to a
large extent .The functioning should be so
smooth that we can achieve our business
goals. The industries operate in multi states
and in multi site locations so some threats are
there and threats can be like Theft, Fire,
Pilferage ,Sabotage and Terrorist activities.
Also, Natural Harms are also there which are
unpredictable always.
PROVISION OF SECURITY
Services provided must be with highly trained,
professionals, adequately equipped security up
to a great extent. They must be proactive ,
ensure security and providing safety of
personnel and property. In case of
contingencies and additional manpower
requirement, they should have the capacity and
expertise to deploy all these in minimum
possible time.
EXAMPLES OF SECURITY
THREATS
CRIMES
ACCIDENTS
NATURAL DISASTERS
TERRORISM
HUMAN CRIMES
Simply it means
Security
is
a
comfortable
environment to do what we want
to do without any interference
from human beings or natural
forces
by
having
necessary
control measures.
Technically it means
Security
implies
a
stable,
relatively
predictable
environment
in
which
an
individual or group may pursue its
ends without disruption or harm
and without fear of disturbance or
injury from man-made or natural
threats
by
having
adequate
control measures.
Types of Security
Angkatan Tentera
Malaysia
Private Security
national security
internal security
(public security)
Measures taken by a law
enforcement agencies, for
protecting nation from
disruptive activities from
internal sources for
maintaining peace and order in
country
their
business
operations
should
any
ing
n
n
Pla
ctio
e
t
Pro
n
on
i
t
ven
e
r
P
t io
c
te
De
Investigation
Enforcement
ce
i
v
er
S
y
nc
e
erg
m
E
na
a
sM
i
s
i
Cr
nt
e
m
ge
M
r
te
s
sa
i
D
ag
n
a
t
n
e
m
e
nt
o
sC
s
e
n
i
s i ng
u
B ann
Pl
in
ty
i
u
WHYPHYSICALSECURITYGAPANALYSIS?
The purpose of a physical security gap analysis (analisa
kelemahan keselamatan fisikal) is to determine whether the
controls in place are sufficient to:
Delay an intruder (menghalang penceroboh)
Detect an intruder (mengesan penceroboh)
Result in the apprehension of an intruder (menangkap
penceroboh)
Without these controls, a criminal doesnt have to break
through a firewall or intrusion prevention system to get to
your data. He or she only has to walk up to a desktop or
server and help themselves. And none of the technical or
administrative controls you have in place will stop a skilled
attacker with physical access to your systems.
(Sistem Elektronik)
areas of lesser
Example
Large facilities and large organizations have
some areas which are highly critical and highly
vulnerable.
1. The computing centre where the academic and
financial information is kept. (pusat menyimpan
maklumat)
2. The pharmacy where drugs are stored. (Farmasi di
mana ubat-ubatan disimpan)
3. The administrative area where plans and business
information is kept. (kawasan tadbir dimana pelan dan
maklumat bisnes disimpan)
4. The tills where money is located. (peti besi dimana
wang disimpan)
Perlindungan Berlapis
Pencegahan jenayah menerusi rekabentuk persekitaran
Pendekatan penilaian risiko
Protection-in-Depth Plans
Defence-in-Depth or Onion Model
Multiple Layers of Security Surround the
Target Site
Each Additional Layer Provides Value Added
But Be Aware of Cost/Benefit Issues
Risk-based Approach
6
5
4
3
Keys:
1. Main Access Control Guard Booth
2. Vehicle Parking Area
3. Main Entrance to Building
4. Data Processing Centre
5. Loading / Unloading Bay
6. Bulk-breaking Bay
7. Data-entry Work Stations
8. Cargo Conveyor System
9. Stand-by Generator
Thanks and
Questions if
any?
RFID Badges
Most buildings these days incorporate RFID badges in
some capacity. The badges, which contain two crucial
pieces of information; the site code and the individual
badge ID -- allow employees to swipe their card in close
proximity to a scanner in order to gain access to certain
areas. "They're good for logging who's going in and what
time," says Nickerson. "RFID has its vulnerabilities, but
it's still better than actual keys, where you can get a hold
of a master key."
Indeed, RFID badges are rife with security flaws. They
are easily cloned, for example, and brute force attacks
can be used to take advantage of the fact that badge ID
numbers are typically incremental.
ASSET
MANAGEMENT
SOLUTIONS