ebook img

Intelligence-Based Security in Private Industry PDF

188 Pages·2015·4.607 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Intelligence-Based Security in Private Industry

INTELLIGENCE-BASED SECURITY IN PRIVATE INDUSTRY INTELLIGENCE-BASED SECURITY IN PRIVATE INDUSTRY Thomas A. Trier Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an informa business CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2015 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Version Date: 20150506 International Standard Book Number-13: 978-1-4987-2204-9 (eBook - PDF) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmit- ted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright. com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com CONTENTS Preface ix About the Author xiii Section i—introduction 1 Intelligence Descriptions 3 2 Intelligence Background 7 3 Advantages of an Intelligence- Based Program 11 4 Corporate Security Capabilities Assessment 15 Section ii—Assessing the Security Program 5 Evaluate Capabilities 23 6 Recommend Security Standards 31 Section iii—Building consensus 7 Initiate Collaboration of Cyber Security and Others 41 8 Liaise with Industry Partners and Law Enforcement 45 v Contents 9 Show Success 51 10 Engage Executive Management 57 Section iV—Planning an enterprise-Wide Assessment 11 External Threats 65 12 Industry Threats 73 13 Internal Threats 83 14 Vulnerabilities 89 Section V—compiling the Assessment 15 Planning and Resources 95 16 Conduct an Intelligence Program Assessment 99 Section Vi—enterprise Mitigation and Risk 17 Minimize Risk 113 18 Develop a Strategic Plan 117 vi Contents 19 Develop a Tactical Plan 125 20 Communication 133 Section Vii—implementation: case Studies 21 Utility Company Execution 143 22 Other Examples of Execution 149 23 Follow-Up 163 Index 165 vii PREFACE As I transitioned to private security from the Federal Bureau of Investigation (FBI), retiring after 25 years as a special agent, I found that many of the intelligence, analytical, and critical thinking skills that I had learned and utilized to dismantle criminal and terrorist organizations could be applied to the private sector. At my first civilian job as the secu- rity lead at an electrical transmission- only utility company, there was a problem with criminals who were cutting holes in the perimeter fenc- ing and stealing copper grounding clamps and wire to sell as scrap. As I discussed this problem with security personnel, I discovered an attitude. The person responsible for asset protection in the Security Department told me, “Copper theft is like a lightning strike; you never know when and where it will happen.” But, when I asked for security incident reports and police reports for the last 5 years to analyze for patterns, I was told the Security Department did not do security incident reports, and “it was too hard” to obtain police reports. This was unacceptable; when I ordered another person to obtain the police reports, we found the police had made some arrests regarding the thefts. We started tracking these thieves and compiled an organizational chart of their contacts. Needless to say, utilizing the techniques I learned in the FBI, we reduced copper theft incidents from 29 in 2011 to 6 in 2013. The details of this initiative and others that led to the intelligence- based security posture program developed from these and similar efforts are presented in this book. I was amazed at the disorganization in the security departments of other utility companies that I attempted to collaborate with and was actu- ally surprised with the conflict that arose with them in developing some of these measures related to an intelligence- based security posture. Many of the security managers concentrated on having enough contract secu- rity guards on the property each day instead of what the security guards were doing and how they were doing it. Even after we developed a list of “usual suspects” in the copper theft initiative, the other electrical utility companies we worked with were reluctant to participate and share information. One was “afraid to keep watch lists on citizens” even though I explained the offenders’ list consisted of convicted felons, who might be citizens but had shown the ix PrefaCe capability to commit thefts from the substations under our care. This was a case of misunderstanding the principles of tracking known offenders and lack of experience in protecting a company from those who would do it harm. Also, adding to the reluctance to participate in the intelligence- based initiatives was the amount of work involved to set up an intelli- gence program. This is not easy. It can be beneficial once implemented, but the “climb” to the top of the mountain is definitely a difficult one. This book is designed to be informational, allowing readers to under- stand the use of the intelligence- based security posture. It is meant to answer the following questions: What are the differences between a threat assessment, a vulnerability assessment, and a risk assessment? Do you know the difference between the intelligence- based security posture, designed to reduce risk to security, and business intelligence, which is designed to gain a competitive edge on the company’s competition? It also is meant to be instructional, answering the question, How do I set up an intelligence program in my company? What is the difference between external threats and internal threats? How do strategies to address exter- nal and internal threats differ? I list many specific examples relating to programs that I have experienced and utilized to develop a practical intelligence- based plan to implement change for the better; these exam- ples are meant to assist and guide you to establish a similar intelligence program in your company. Of course you must bear in mind that an intelligence program may vary from company to company, industry to industry; a car manufactur- ing company will assess and address some significantly different issues compared to an electrical transmission utility company. The car manufac- turer’s assets are generally confined to buildings, but the electrical utility company may have in excess of 10,000 miles of transmission lines and substations in remote open locations. For example, the car manufacturer may identify through an intelligence- based assessment that expensive computer parts for cars are being stolen by workers. The car manufac- turer can address this problem: Employees can be monitored through closed- circuit TV cameras, and strict controls can be placed on the tar- geted parts to control the problem. The key is simple in concept: Evaluate your Security Department and see if your people are capable of implementing an intelligence- based security posture. Also, determine if your management is supportive: Are they educated regarding the benefits of properly gathered, analyzed, and implemented intelligence information? After you garner executive x

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.