SECURITY RISK MANAGEMENT
EXPERTISE IN CRITICAL INFRASTRUCTURES
DRAGON-OPSEC can conduct for you a full risk management program. It is the formal process utilized to quantify, qualify, and mitigate specific concerns an organization may discover or define. Many companies have some form of risk management program. These programs may be very mature and well defined or may appear to have developed without planning or foresight. It is important for the security professional to identify the program in place and understand the approach accepted in a particular company.
The specific model utilized by the company will give the security professional an understanding of the role he or she has in the program. This is critical whether the security professional is an employee or a consultant for a company. These programs tend to address well-defined and known risks with singularly focused mitigation strategies.
OUR RISK MANAGEMENT SERVICES
DRAGON-OPSEC is well placed to provide a global solution for corporations who require occasional support or longer term solutions in several areas. We offer a broad range of services to support clients’ requirements.
Security Consulting
DRAGON-OPSEC Security Risk consultants work with all types of clients, from High Net Worth (HNW) and multinationals, to medium to small business and private individuals.
Strategic security consulting identifies and examines threats and risks to clients and ensures their mitigation strategy is appropriately focused and resourced. We work with senior managers, security directors, CEOs, and other high ranking officers, so as to ensure that security resources are aligned to meet core businesses aims. This often starts with a strategic security risk assessment before developing the executive security directive. We can assist with the production of corporate policies and standards, as well as security plans for the businesses involved.
Our Consulting Services include:
- Security Vulnerability Assessment (SVA),
- Facilities Security Planning
- Security Plans for Physical Persons (VIP Protection)
- Emergency Security Plans
- Operational Security Plans
- Organize of Operational Security Centers
- Organize of Security Teams (Selection & Training)
- Drafting Regulations, Procedures and Tasks
- Security Review and Audit, Threat Assessment,
- Threat and risk mitigation
- Specialist training
Security Vulnerability Assessments/Analysis
A Security Vulnerability Analysis (SVA) is a tool used to look at an operation from the outside in. At a minimum, an SVA looks for ways that an intrusion can be detected, deterred, or delayed.
The use of physical barriers, detection systems, personnel identification systems, and means of detecting the presence of unauthorized personnel are ways to secure vulnerable areas. For an industry that uses hazardous materials, the areas of vulnerability are more complex. Hazardous materials by definition, if mishandled, can create a disruption to business, the community, or to the environment with catastrophic results. An SVA for operations using hazardous materials must go beyond traditional security measures.
The key concepts while condacting an SVA are::
- Defining the threat
- Identifying assets and prioritizing them by consequence of loss
- Creating a matrix relating threats and assets
- Characterizing a facility to perform a VA
At sites where the threat and assets have not already been defined, this task must be included as part of the VA project. This will likely add cost and time to the proj- ect; therefore, it is critical to know if this information exists before finalizing these details in the project plan.
Operational Security Centers
When security and surveillance are combined to create a security surveillance center, it creates a more efficient and effective operation that functions as a cohesive team. This acts as a force multiplier for any operation by creating an instantaneous flow of information, the immediate response to situations, and the calibration of thinking on how security and surveillance concerns are addressed.
Building Stages and the Critical Role of Security Surveillance Centers:
In order to justify the installation or improvements of a security surveillance center to the leaders of an organization, the following items must be reviewed and taken into consideration so that a realistic budget can be developed.
- Design: The drawings, blueprints, type of system, and components are
determined in this phase. This would include monitors, servers, computers, intrusion detection devices, sensors, detectors, card readers, cameras, conduits, wiring, and consultants. - Installation: This is one of the most expensive items of the project. This includes permits and the costs and installation of various sensors, contacts, and access control devices to the security surveillance center system. Once the system is installed, there will be ongoing operational costs associated with the operation of the system.
- Operation: The operation of the system includes staffing, training, policy, and procedures.
- Information technology–related expenses: These costs include anti- virus technology, system patches, backup and archiving, and database management.
- Maintenance: These expenses include upgrades to the software, emergency repairs, keeping the domes on the cameras clean, and keeping the system in good working order.
- Replacement: Prior to the purchase of the system for the security surveillance center, the life cycle of the system should be determined and the approximate replacement cost should be calculated. Usually, the best way to present this information is to assign a cost and anticipate the life range for each item.
Organizing Security Teams (Selection & Training)
Over the years, employees have been trained so that they will be able to do a better job and also understand what they are expected to do and how they are expected to do it. Our lesson plans are always taught by the same way—clear and updated, with the very latest information available.
How do we expect a security/protection officer to respond to an alarm system if we do not teach him or her how the system works? Today, we live in a world of passwords for virtually every device and every system. This is critical information. When an alarm goes off at 3:00 a.m. and the siren is blasting, and no one knows the password to reset the system, it is a problem. The next morning, you may have to explain to management why the alarm system is damaged because no one knew the password to reset the system. We must adequately train security/protection officers to effectively do their jobs. If we want to reap the rewards of being efficient and professional, we properly train and then document the training. Training should not be taken lightly. It is too important to leave job performance to chance.
At a minimum, security/protection officers should be trained and tested on the following topics:
- Post orders
- Basic security officer responsibilities
- Ethics and professionalism
- Personal appearance
- Human relations, customer service, public relations
- Personal safety
- Situational awareness
- Communication policies and procedures
- Security policies and procedures
- Access control (personnel and vehicles)
- Patrol procedures
- Observation techniques
- Challenging techniques
- Crowd control
- Blood-borne pathogens, first aid, and CPR/AED Training
- Ingress and egress control
- Operation of security systems (IDS and video surveillance)
- Safe driving (if mobile patrol)
- Criminal and civil law
- Investigations
- Legal authority and scope of responsibility
- Use of force
- Relations with law enforcement
- Conducting investigations
- Evidence preservation
- Report writing
- Responding to emergencies
- Terrorism threat awareness and weapons of mass destruction
- Workplace violence
- Active shooter/active assailant
- General fire prevention and safety and fire drills protocols
- Hands-on fire extinguisher usage
- Bomb threat procedures and Emergency Management Procedures