https://www.youtube.com/watch?

v=OY_fz16lPvE (digital surv)

INTRODUCTION
TO
SECURITY MANAGEMENT
http://www.slideshare.net/swisscow/information-systems-365-lecture-threeperforming-an-it-security-risk-analysis
http://www.slideshare.net/sunjib77/gsv-ctpat-scspresentation

1.The manufacturing or
technically
productive
enterprises in a particular field, country, region, or
economy viewed collectively, or one of these
individually. A single industry is often named after its
principal product; for example, the auto industry. For
statistical purposes, industries are categorized generally
according
a uniform classification code such
as
Standard Industrial Classification (SIC).
2.Any general business
activity or commercial enterprise that can be isolated
from others, such as the tourist industry or the
entertainment industry.

OBJECTI
VES

Objectives of todays lesson is to:

introduce the meaning of Security
explain the evolution of Industrial Security
highlight the current Security Environment
explain the concept of physical security
discuss the benefits of physical security

INTRODUCTION
Present day industries are the backbone of our
economy so we need industrial security up to a
large extent .The functioning should be so
smooth that we can achieve our business
goals. The industries operate in multi states
and in multi site locations so some threats are
there and threats can be like Theft, Fire,
Pilferage ,Sabotage and Terrorist activities.
Also, Natural Harms are also there which are
unpredictable always.

PROVISION OF SECURITY
Services provided must be with highly trained,
professionals, adequately equipped security up
to a great extent. They must be proactive ,
ensure security and providing safety of
personnel and property. In case of
contingencies and additional manpower
requirement, they should have the capacity and
expertise to deploy all these in minimum
possible time.

COMPONENTS OF (BUSINESS) INDUSTRIAL SECURITY

Supplier Enterprises
Manufacturing Enterprises
Service Enterprises
warehouses
Ports
Airports
Transportation Modals
Customers

COMPONENTS OF INDUSTRIAL SECURITY

EXAMPLES OF SECURITY
THREATS
CRIMES
ACCIDENTS
NATURAL DISASTERS
TERRORISM

HUMAN CRIMES

Simply it means

Security
is
a
comfortable
environment to do what we want
to do without any interference
from human beings or natural
forces
by
having
necessary
control measures.

Technically it means
Security
implies
a
stable,
relatively
predictable
environment
in
which
an
individual or group may pursue its
ends without disruption or harm
and without fear of disturbance or
injury from man-made or natural
threats
by
having
adequate
control measures.

CONTEMPORARY EXPRESSION OF SECURITY

Security is both a process, and a product.

Processes carried out to produce
a product which is a state.
Process is composed of technology, people,
methods and tools. This is important because
processes involve time and interaction between
entities and many of the hard problems in
security stem
from this inherent interaction.

DEVELOPMENT OF SECURITY THROUGH THE AGES

CAVEMAN AGE SECURITY

MEDIEVAL AGE SECURITY

INDUSTRIAL AGE SECURITY
INFORMATION AGE SECURITY

Types of Security

Angkatan Tentera
Malaysia

Polis Di Raja Malaysia

Private Security

national security

Measures taken by a military,

for protecting nation from
disruptive activities from
internal/ external sources for
maintaining peace and
tranquility in country

internal security
(public security)
Measures taken by a law
enforcement agencies, for
protecting nation from
disruptive activities from
internal sources for
maintaining peace and order in
country

PRIVATE SECURITY INDUSTRY

Measures taken by private security

service providers, for protecting
private and public properties and
lives from disruptive activities from
man-made threats and natural forces.

CONTEMPORARY NEED FOR SECURITY

Security is something that is important for every
one today. Security is needed in the home, office,
factory, airport, port, key installations etc. Industrial
security is even more important for developing
countries. It generates more revenue and
employment opportunities with industrial growth. In
fact, industrial security is important for every
countrys economy, growth and survival.

DYNAMIC THREAT ENVIRONMENT

The dynamic threat environment enables
the unfolding of unprecedented risks to
organizations that invariably threatens its
wellbeing and continued survival.
With the increase of terrorist activities, cyber
and white-collar crimes, and other criminal
activities is even more important that
organizations revisit their security posture of
the organizations. It is the duty of any business
to ensure proper security is afforded to all its
tangible and intangible assets.

ELEMENTS OF RESILIENT SECURITY

Asset protection, crime control, intelligence, safety
and disaster management and business continuity are
all part of industrial security resilience. They prevent
all types of losses and add to productivity, which
dispels the myth that putting money into security has
no Return Of Investment.
Hence, out of necessity, most business organizations
today are giving emphasis to the establishment of
Resilient Security Program in order to survive and
continue

their

business

eventuality befall them.

operations

should

any

ing
n
n
Pla
ctio
e
t
Pro

n
on
i
t
ven
e
r
P

t io
c
te
De

Investigation

Enforcement

ce
i
v
er
S
y
nc
e
erg
m
E

na
a
sM
i
s
i
Cr

nt
e
m
ge

M
r
te
s
sa
i
D

ag
n
a

t
n
e
m
e

nt
o
sC
s
e
n
i
s i ng
u
B ann
Pl

in

ty
i
u

In order to reduce the Risk level faced by Organizations

we need to have a well balanced Security Program and
manage it effectively and efficiently for Survival.
It is a combination of systems and elements joined together
to meet the specific needs of any business, industry,
institution or organization for:
Protection
Prevention
Detection
Enforcement
Investigation
Emergency Service
Crisis and Disaster Management
Business Continuity Planning
In essence, a security program is no more than a series of
Operational measures enacted to protect the organization.

Definition of Physical Security

Physical security refers to the physical (tangible)
measures (langakah2 keselamatan fisikal yang
ketara) put in place to safeguard personnel,
equipment, facilities (or a portion thereof), and
information in any form against espionage,
sabotage, damage, and/or theft.
Interpretation: Changes to the built environment
designed to achieve security objectives (perubahan
kepada alam terbina untuk mencapai matlamat
keselamatan)

WHYPHYSICALSECURITYGAPANALYSIS?
The purpose of a physical security gap analysis (analisa
kelemahan keselamatan fisikal) is to determine whether the
controls in place are sufficient to:
Delay an intruder (menghalang penceroboh)
Detect an intruder (mengesan penceroboh)
Result in the apprehension of an intruder (menangkap
penceroboh)
Without these controls, a criminal doesnt have to break
through a firewall or intrusion prevention system to get to
your data. He or she only has to walk up to a desktop or
server and help themselves. And none of the technical or
administrative controls you have in place will stop a skilled
attacker with physical access to your systems.

Applications of Physical Security

Some examples of applications of physical
security include:
Perimeter fences provide a physical barrier
against unauthorized access to a facility.
Perimeter lighting system to facilitate night
surveillance of potential intruders.
Laminated glass in window frames prevents
breaking for entry, or damage through vandalism.

KEYS AND LOCKS

Locking equipment on doors and windows

provides a measure of access control according
to the issue of keys.
High Security containers such as fire proof
cabinets and safes have the capacity to protect
valuable assets and information against
determined attacks.
A mantrap system preventing tailgating by
potential intruders.

HIGH SECURITY CONTAINER AND FIRE PROOF

CABINETS

(Ciri-ciri seni bina)

(Sistem Elektronik)

(Staf & Prosedur2)

Elements of Physical Security System

(reka bentuk sistem keselamatan)
(perlindungan berlapis)
(penandaan/sempadan perimeter)
(memperkasakan struktur bangunan)
(kawalan masuk dan keluar)
(Mengesan pencerobohan)
(pasukan respon)

How Much Physical Security?

Berapa Banyak Keselamatan Fizikal diperlukan?
Different organizations and companies conduct different
activities and have assets of greatly different values. As a
result it is not necessary that all installations have the
same amount of physical security to protect the assets of
the organization. The degree of protection warranted in
any particular facility can be predicted by the analysis of
the following TWO factors:
Tahap perlindungan yang diperlukan bagi mana-mana
fasiliti / organisasi tertentu boleh diramalkan menerusi
analisis DUA faktor yang berikut:

Criticality and Vulnerability (tahap kritikal dan kelemahan aset)

Criticality: an asset is critical if the organization has a reduced
function when it is stolen or destroyed. (kehilangan/kemusnahan
aset boleh menyebabkan lumpuhan lama operasi harian)
Vulnerability : an asset is vulnerable if it is at risk of being stolen
or vandalized. (Keadaan sekitar yang lemah yang boleh
menyebabkan kecurian ataupun dimusnakan )
Facilities can have the following ratings on the factors affecting the
level of physical security to be installed:
High criticality only;
High vulnerability only;
(tahap kritikal dan kelemahan yang tinggi akan menentukan
sejauhmana keselamatan fisikal diperlukan)

High criticality and high vulnerability.

If the installation is both highly critical and highly
vulnerable, then an extensive physical security
program is necessary to protect the facility assets .
However, it is not economically possible nor
necessary to provide a high level of physical
security for all facets of the facility.
( Mustahil untuk menyediakan keselamatan fisikal yang
boleh memberi perlindungan maksima kerana ia melibatkan
kos yang tinggi.)
.

Because of the costs involved in physical security

measures, many security managers will choose
not to achieve maximum protection for the entire
installation or activity within the organization.
(Maka, ketua jabatan keselamatan harus
menyediakan satu penyelesaian berpatutan yang
boleh digunakan untuk menjaminkan keselamatan.)

 In order to best use resources available for asset

protection, the specific criticality and vulnerability of the
various areas within the facility must be determined.
(Criticality dan Vulnerability akan menentukan sejauh mana fasiliti
terdedah pada risiko dan aset yang mana memerlukan perlindungan)

Then prioritization will determine which areas of the

facility will be designated for enhanced physical security.
(Pengutamaan risiko akan menentukan kawasan yang mana
memerlukan peningkatan khusus keselamatan fisikal)

Special protection will be provided for the most critical and

vulnerable areas (Perlindungan khas akan disediakan untuk asetaset yang paling kritikal dan terdedah), while

areas of lesser

susceptibility are subjected to smaller amounts of physical

protection.

PHYSICAL PROTECTION SYSTEM

Hence an appropriate physical security protection system underpinning
the function and components will have to be designed for the facility.
(sistem perlindungan keselamatan fizikal yang sesuai berdasarkan
fungsi dan komponen perlu direka untuk fasiliti/kemudahan tersebut.)

Example
Large facilities and large organizations have
some areas which are highly critical and highly
vulnerable.
1. The computing centre where the academic and
financial information is kept. (pusat menyimpan
maklumat)
2. The pharmacy where drugs are stored. (Farmasi di
mana ubat-ubatan disimpan)
3. The administrative area where plans and business
information is kept. (kawasan tadbir dimana pelan dan
maklumat bisnes disimpan)
4. The tills where money is located. (peti besi dimana
wang disimpan)

Factors influencing (Faktor-faktoryang

mempengaruhikeperluankeselamatanfisikal)
Factors influencing physical security
requirements. A variety of factors can affect
the amount of physical security and type of
materials and technology required for a facility
or activity area in an organization. These
factors will include:

 The size of the installation or area to protect.

An extremely long perimeter fence will be difficult
to maintain. It will be easier to protect the
valuable assets within the facility.
(Saiz dan aktiviti bisnes dalam fasiliti yang perlu dilindungi)
The nature of the activity in the area, and the
sensitivity of the activity to the organization
The establishment of a consulate in a high rise
building will need appropriate physical security.

The geographical location of the facility will

determine the extent of some threats to the
organization (Lokasi geografi kemudahan )
Locating a facility on a flood plain near a river will
increase the risk to an organization.

The political and economic situation of the

location of the facility will have a bearing on
the extent of physical security necessary.
(keadaan politik dan ekonomi dalam negara)
Some districts in large cities will have a higher
risk of vandalism and theft than others.

The vulnerability of the equipment in the

facility, and the dependence of the operation
of the organization on the continuous
functioning of the equipment
(tahap pendedahan pada risiko)
For example: The computing equipment needs to
be protected by physical security to maintain the
integrity of the organization's information.

The proximity of external support to

respond to the detection of intruders
will determine the amount of physical
security needed in an installation
(Kehampiran bantuan luar)
The distance to the nearest Police Station
and the time taken to respond will
determine the extent of security necessary.

The capabilities of potential intruders will need

to be assessed to determine the level of target
hardening for the facility.
(keupayaan penjenayah di persekitaran perlu
dinilai)
With the knowledge that a determined intruder can
penetrate any physical barrier, an assessment is
needed for the level of target hardening.

Strategies to Negate the Threats

(Strategi2 untuk Mengatasi Ancaman)

Perlindungan Berlapis
Pencegahan jenayah menerusi rekabentuk persekitaran
Pendekatan penilaian risiko

How do We Secure a Facility ?

Protection-in-Depth Plans
Defence-in-Depth or Onion Model
Multiple Layers of Security Surround the
Target Site
Each Additional Layer Provides Value Added
But Be Aware of Cost/Benefit Issues

Risk-based Approach

Four Layer - Protection - in - Depth

Examples of Layered Defence Measures

Security Breach Alarms
On-Premises Security Officers
Server Ops Monitoring
Early Warning Smoke Detectors
Redundant HVAC Equipment
UPS and Backup Generators
Seismically Braced Server Racks
Biometric Access & Exit Sensors
Continuous Video Surveillance
Electronic Motion Sensors

An Example fo Protection-in-Depth Factory Site

Prepare a Physical Security System

9
8
7

6
5
4
3

Keys:
1. Main Access Control Guard Booth
2. Vehicle Parking Area
3. Main Entrance to Building
4. Data Processing Centre
5. Loading / Unloading Bay
6. Bulk-breaking Bay
7. Data-entry Work Stations
8. Cargo Conveyor System
9. Stand-by Generator

Thanks and
Questions if
any?

8 ways physical security has evolved

Physical security has come a long way since the advent
of the lock and key. But for all of its changes, the greatest
aspect of the evolution of physical security is how it has
begun to mesh with our digital world.
Here are eight of the most significant developments that
have occurred over time in the field of physical security.

RFID Badges
Most buildings these days incorporate RFID badges in
some capacity. The badges, which contain two crucial
pieces of information; the site code and the individual
badge ID -- allow employees to swipe their card in close
proximity to a scanner in order to gain access to certain
areas. "They're good for logging who's going in and what
time," says Nickerson. "RFID has its vulnerabilities, but
it's still better than actual keys, where you can get a hold
of a master key."
Indeed, RFID badges are rife with security flaws. They
are easily cloned, for example, and brute force attacks
can be used to take advantage of the fact that badge ID
numbers are typically incremental.

Security linked to mobile devices

It's not uncommon these days to have security systems;
especially home security systems; linked to a mobile
device. Smart sensors, wireless deadbolts, and remote
control security/utility systems can all be controlled be a
user's mobile device. But some say with such
convenience comes compromised security.
Though attackers can physically get their hands on your
phone to get the keys to the castle; people cannot seem
to help themselves but lose their phones or have them
stolen. A problem in the future with spoofing someone's
phone and unlocking their house and shutting off their
alarm," would be a reality.

Figure above is a model to deploy physical security

for a highly sensitive target. Although most of us do
not need this level of physical protection, the
following discussion about the graphic helps
demonstrate the possible steps you can take.

PHYSICAL SECURITY CONTROLS

The objective of physical security is to delay and detect
an intruder so that intervention by security guards or
law enforcement is possible. What controls you use
depend on:
Sensitivity of the target
Whether you have security guards on site
Proximity to law enforcement and related response
time

ASSET
MANAGEMENT
SOLUTIONS

KEEP SECURITY PERSONNEL

ACCOUNTABLE
TRACK SECURITY PERSONNEL AND
MONITOR
THEIR LOCATIONS IN REAL-TIME