1 / 30

De-layering Facility Security

De-layering Facility Security. Norman Mortell. Introduction . Background. Why is Security Important? Security Survey. Seven Key Security Factors. Summary Example. Resources. . Background . Academia/Pharma/Contract/Dark Side. Targeted by Extremists (home/work).

zion
Download Presentation

De-layering Facility Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. De-layering Facility Security Norman Mortell

  2. Introduction • Background. • Why is Security Important? • Security Survey. • Seven Key Security Factors. • Summary Example. • Resources.

  3. Background • Academia/Pharma/Contract/Dark Side. • Targeted by Extremists (home/work). • Designed Facilities/Security Advice. • Obtained Secured by Design status. • Directed Security Division for 5 Years. • Trained Security Awareness to 3500. • Drinking is a hobby, this is my day job!

  4. Why is Security Important? • All Potential ARE Targets/Europe/USA. • Business Continuity – Assessing Risk. • Contingency Planning – Proactive. • It’s Just Good Business Sense! • Govt. Pressure – Baseline Screening. • Security Aware = Harder Target. • Complacency is Dangerous. • Security is Everybody's Responsibility.

  5. Security Survey Public access to facilities

  6. Seven Key Factors All Factors Interact All Equally Important

  7. External Security Issues

  8. External Security Issues • Extremists. • Theft and Other Social Issues. • Public Opinion/Politics. • Disease Outbreaks. • Wide Area Disruptions. • Neighbouring Properties. • Natural Disasters. • Monitor the “Noise”.

  9. External Security Issues

  10. Location Issues

  11. Location Issues • Response Times. • Site Access Points. • Public Access. • Demonstration Control? • Critical Suppliers. • Separate Facilities/Sites. • Different Country/Culture Issues. • In all cases liaise with Police!

  12. Policies

  13. Policies • Lack of business continuity plans and/or testing of plans. • Link Security to H & S/H. O. Needs. • Confidential Reporting of concerns. • Response Team/Media Training? • Consideration of Employees. • Practical Policies e.g. Post Handling. • Communicate/Train People in Policies..

  14. Knowing What To Do – In Time!

  15. Physical

  16. Physical Security • Consider “Secured by Design”. • Evaluate Security at Design Stage. • Access Controls/Pass Zones. • CCTV (in & out)/Alarms/Lone Workers. • Emergency Power/Phones etc. • Windows/Doors/Air-Locks/Barriers....

  17. Physical Security

  18. Data Security

  19. Data Security • Data Management: • System needs to safeguard the: • Confidentiality, Integrity, Availability • of written, spoken and computer info. • Info. Taken From Site – Laptops/Talks. • Live Data, Reporting, Archiving. • Social Engineering, Storage Devices.

  20. Data Security • Consider ISO27001. • Clean Desk Policy, Access, Storage • E-Mail Policy, Use, Out of Office. • Network/Web Security/Encryption. • Database Access/Disaster Recovery. • BS8470 Destruction of Materials.

  21. People Issues

  22. People • Security in Recruitment Processes. • Security Screen Staff/Agency Staff. • Have Signed Confidentiality Forms. • Train Staff in Security Awareness. • Include Security Aspects in Reviews. • Use “Company” Pens. • Escort Visitors/Strangers. • Don’t Give Away Your Password (phrase).

  23. “Sorry about the smell, I have had all my passwords tattooed between my toes!” Action Plan – What can you do?

  24. Lab Areas

  25. Lab Areas • Zone restricted areas for: • Bio-Security. • Access Control. • Staff Screening – current staff? • Mobile Phone Use. • Data Systems Access. • Radio Isotopes/Carcinogens. • Waste Disposal.

  26. Don’t go too far!

  27. Summary All Factors Interact All Equally Important

  28. Risk Assessment Traffic Light High: Animal Area Medium: Admin. Low: Grounds

  29. Resources • www.securedbydesign.com • www.mi5.gov.uk • www.cpni.gov.uk • www.berr.gov.uk • www.ico.gov.uk/ • www.bsi-uk.com/InformationSecurity • www.nationalarchives.gov.uk • www.londonprepared.gov.uk/businesscontinuity/assessingyourrisk/ • www.agenda-security.co.uk

  30. Thank You for Listening

More Related