Security Risk Assessment This page intentionally left blank Security Risk Assessment Managing Physical and Operational Security John M. White Protection Management, LLC AMSTERDAM • BOSTON • HEIDELBERG • LONDON NEW YORK • OXFORD • PARIS • SAN DIEGO SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO Butterworth-Heinemann is an imprint of Elsevier Acquiring Editor: Brian Romer Editorial Project Manager: Keira Bunn Project Manager: Poulouse Joseph Designer: Alan Studholme Butterworth-Heinemann is an imprint of Elsevier The Boulevard, Langford Lane, Kidlington, Oxford, OX5 1GB, UK 225 Wyman Street, Waltham, MA 02451, USA Copyright © 2014 Elsevier Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means electronic, mechanical, photocopying, recording or otherwise without the prior written permission of the publisher. Permissions may be sought directly from Elsevier’s Science & Technology Rights Department in Oxford, UK: phone (+44) (0) 1865 843830; fax (+44) (0) 1865 853333; email: [email protected]. Alternatively you can submit your request online by visiting the Elsevier web site at http://elsevier.com/locate/permissions, and selecting Obtaining permission to use Elsevier material. Notice No responsibility is assumed by the publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Library of Congress Cataloging-in-Publication Data White, John M. (Security professional) Security risk assessment: managing physical and operational security/John M. White. pages cm Includes index. ISBN 978-0-12-800221-6 1. Crime prevention. 2. Security systems. I. Title. HV7431.W465 2014 658.4’73–dc23 2014021032 British Library Cataloguing in Publication Data A catalogue record for this book is available from the British Library ISBN: 978-0-12-800221-6 For information on all Butterworth-Heinemann publications visit our web site at http://store.elsevier.com/ This book has been manufactured using Print on Demand technology. Each copy is produced to order and is limited to black ink. The online version of this book will show color figures where appropriate. Contents ACKNOWLEDGMENTS ................................................................................ix ABOUT THE AUTHOR ..................................................................................xi PREFACE .................................................................................................xiii CHAPTER 1 I ntroduction to Security Risk Assessments ..........................1 What Is a Security Risk Assessment? ..............................................1 Security Risk Assessment Intent .....................................................5 Who Will Conduct the Assessment? ................................................6 How Often Do I Need to Complete an Assessment? ......................11 How Long Will This Process Take? .................................................12 CHAPTER 2 P reassessment Planning ....................................................15 Services Agreement .......................................................................15 Project Management ......................................................................17 Identify the Participants .................................................................19 Project Schedule .............................................................................22 Budgeting Considerations ..............................................................25 Project Assumptions ......................................................................27 Deliverables ....................................................................................28 CHAPTER 3 P roject Management ...........................................................31 Security Management versus Security Consultant .......................31 Internal Personnel ..........................................................................32 Security Consultants ......................................................................34 CHAPTER 4 D efining the Project Scope ..................................................39 The Project Scope ...........................................................................39 Measurement Standards ................................................................43 Locations Included .........................................................................46 v vi Contents CHAPTER 5 I nformation Gathering .........................................................49 Internal Sources .............................................................................49 External Sources ............................................................................53 Staff Survey .....................................................................................58 Project Interviews ...........................................................................60 CHAPTER 6 P hysical Security Assessment ............................................63 Kickoff Meeting ...............................................................................64 Interviews .......................................................................................65 Conducting the Assessment ...........................................................67 Building Exterior ............................................................................69 Building Interior .............................................................................76 CHAPTER 7 S ecurity Department Operations ........................................85 Management Review ......................................................................85 Security Culture ..............................................................................86 Management Span of Control ........................................................87 Security Management Plan ............................................................90 Statutory and Regulatory Requirements .......................................90 Security Staff Scheduling ...............................................................92 Security Patrol Operations .............................................................95 Security Policies .............................................................................97 Security Recordkeeping .................................................................98 Security Incident Report Follow-Up ...............................................99 CHAPTER 8 S ecurity Training ...............................................................103 Staff Security Awareness Training ...............................................104 Security Officer Training ...............................................................106 Training Documentation ...............................................................110 Frequency of Training ...................................................................110 Professional Certifications ...........................................................111 Training Resources .......................................................................111 Summary ......................................................................................112 CHAPTER 9 W orkplace Violence Risks and Vulnerabilities ..................113 Violence Indicators .......................................................................115 Suspect Profiling ..........................................................................116 Contents vii Workplace Violence Risk Assessment .........................................117 Documentation Review .................................................................119 Threat Assessment Team .............................................................120 Prevention Strategies ...................................................................120 Risk Foreseeability .......................................................................122 Summary ......................................................................................123 CHAPTER 10 Financial Risk Assessment ...............................................125 Financial Asset Management .......................................................125 Cash Handling ..............................................................................126 Paid Parking .................................................................................128 Lost and Found .............................................................................129 Transportation of Money ..............................................................131 Fiduciary Responsibility ...............................................................132 CHAPTER 11 Security Technology Assessment ......................................135 Locks and Keys .............................................................................137 Security Cameras .........................................................................137 Security Alarms ............................................................................141 Mass Notification Systems ...........................................................143 Security Officer Equipment ..........................................................144 Specialized Security Equipment ...................................................145 Summary ......................................................................................147 CHAPTER 12 Access Control ...................................................................149 Lock and Key Control ...................................................................149 Cipher Locks .................................................................................151 Electronic Card Access Control ....................................................153 Door Hardware .............................................................................155 Visitor Management .....................................................................156 Crime Prevention through Environmental Design (CPTED) ........157 Geographic Considerations ..........................................................159 Biometrics ....................................................................................159 CHAPTER 13 Legal Considerations and Prevention Strategies .............161 Litigation Avoidance .....................................................................161 Crime Prevention ..........................................................................163 viii Contents Loss Prevention Strategies ..........................................................165 Security Vulnerability Analysis .....................................................167 Threat Identification .....................................................................169 Summary ......................................................................................170 CHAPTER 14 Contracted Services ..........................................................171 Police Services and Contracted Staffing ......................................171 Electronic Security Contractors: Installs and Maintenance ........173 Background Investigation Firms ..................................................175 Parking Management Firms ........................................................176 Document Shredding Services .....................................................178 Contract Security Services ...........................................................179 Summary ......................................................................................181 CHAPTER 15 The Security Risk Assessment Report ..............................183 Report Writing ..............................................................................183 Components of the Assessment Report ......................................184 CHAPTER 16 Conclusion .........................................................................197 Implementation Project Management .........................................197 Project Team .................................................................................198 Challenges ....................................................................................199 Implementation Phase .................................................................201 Tracking Change ...........................................................................203 Measuring Outcomes ...................................................................204 Let’s Do It Again ...........................................................................206 INDEX .....................................................................................................209 Acknowledgments I cannot express enough my appreciation and gratitude to my caring, loving, and supportive wife, Teresa. Your continual encouragement throughout my career has been helpful and sincerely appreciated. It was an enormous comfort and relief to know that you were willing to provide guidance of our household activities while I worked many long days, which often stretched into the nights and weekends. To my sons Jeromy and Joshua, my heartfelt thanks; thank you both for having patience with me over the years as I grew in my profession. I would also like to acknowledge my peers and subordinates over years that helped form me into the person I am. From my time in the United States Navy, a law enforcement career, corporate security positions, and as an independent consultant, I have been able to professionally grow and pass on my knowledge to others and watch them evolve as well. I truly believe that everyone should share their knowledge and experiences with others as it can only help us all to achieve a more proficient profession. I want to thank my consulting peers for their assistance over the years and with this book, as well as the many security technology and security services companies that I have worked with in the past, you have all been an asset to my professional development. In closing, I have met many honorable security professionals over the years that had a part in my professional growth, and I have sincerely appreciated your friendships and support. I have also found that each time that I step foot on a client’s property I am not only bringing my knowledge and expertise to share with my clients, but I also take-away from them new ideas, solutions to past issues, and potential best practices; all of which I will continue to use to expand my knowledge base and assist my fellow security professionals to make our world a safer and more secure environment. John M. White ix