0115 966 7955 Today's Opening Times 10:00 - 20:00 (BST)
Place an Order
Instant price

Struggling with your work?

Get it right the first time & learn smarter today

Place an Order
Banner ad for Viper plagiarism checker

Security Project Planning: Upgrading Security Systems

Disclaimer: This work has been submitted by a student. This is not an example of the work written by our professional academic writers. You can view samples of our professional work here.

Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UK Essays.

Published: Wed, 13 Sep 2017

Risk Management

The main objective of a Risk Management is to allow an organisation to concentrate on protecting its assets, employees, operations, information and integrity. In sequence to present a complete safety, an organisation must assess, classify and evaluate the consequences of the threats, in terms of severity of impact and likelihood it will happen. Once risks are precisely assessed and evaluated, the current security countermeasures must be addressed whether they are sufficient to reduce those risks to acceptable level or additional procedural and physical countermeasures must be implemented. Once implemented it must maintained, revised and revalued.

Security Project Planning Process and Metholodgy

The objective of planning security is to ensure both the integrity of operations and the security of assets. In order to implement an effective Security Project Plan the process must involve, Asset Definition to initiate most important concerns for the security planning. Assets must be recognized on how negative each is to the organisation. Following by Risk Assessment that includes the recognition and analysis of likely threats against the organisation, including Vulnerability Analysis, which surveys current security countermeasures to identify any operational, physical and procedural vulnerabilities that may exist and identify possible countermeasures that could be implemented to reduce the probability of the threat. The list of chosen Security Measures that secures the most dynamic assets against the most potential threats and its implementation plan.

Organisation

Site or Building

Magna House is 5 floor commercial office building. Access to the property is afforded directly off the public footpath via a set of stairs leading to the main entrance reception area. Offices are arranged over ground and two upper floors, in addition to meeting room and kitchen facilities located on the roof level. The main plant room is on the roof level as well as other facilities located on the roof level. Male and female as well as disabled facilities are provided in the main staircase, with additional shower, toilet, lockers and changing facilities located in the car park area undercroft.

A separate access point of the main road is provided to the car park areas on site via enclosed arch area. 8x visitor car parking bays are provided at the ground floor level. 2x ramps are provided from the ground floor external areas leading to the upper deck parking and lower level parking areas for approximately 100 cars. 12x secure and 14x open bike racks are also provided in the covered car park areas. In addition to the main access point to the car park off the main road and vehicle ramp, the upper deck car park can be accessed via a patio to the rear and the lower deck car park can be accessed at the base of the main.

A pedestrian footpath around the rear perimeter of the property is provided leasing to the lower level car park.

There are 2 fire exit routes, 1 leading to the main road and 1 to the upper level car park

Risk Analysis

Unauthorized Access

Risk: There is no access control to the basement car park during working hours. Potential offenders may enter the complex by car or foot. There is no access control to the basement shower room and locker room. There are hiding areas due to low CCTV coverage. There had been previously reported that homeless people entered the premises on several occasions.

Employees and visitors may be attacked and assaulted, their vehicles and personal belongings in the locker room may be targeted for theft and vandalism due lack of security and access control.

Due uncontrolled access to shower room and locker room members of staff privacy and safety are affected.

Unauthorised people may park their vehicles in parking spaces.

Current Controls: Car park entrance and small part of the basement car park is under CCTV surveillance by security receptionist. Security officer patrols the area each hour.

Risk Analysis:

Probability = 4

Impact = 4

Risk Rating = High

Controls = Weak

Priority Level = Highest

Recommendations: Installation of the car park barrier systems will help to manage access to the car parks by vehicles. Installation of additional CCTV cameras to cover all the basement car park areas and more frequent security officer’s patrols will act as deterrent for possible criminal activities. Access swipe card or fob systems to shower and locker rooms should be in place to allow access to authorized employees only.

Key Control

Risk: Keys used to secure property and assets are in the key cabinet at the reception area. Key control log book is used; however, the cabinet is unlocked and unsecure. Potential offender can easily gain access to the keys.

Risk Analysis:

Probability = 4

Impact = 4

Risk Rating = High

Controls = Weak

Priority Level = Highest

Recommendations: To maximize the safety, the key cabinet needs to be secured and locked whenever it is not in use. Authorized person on duty should be responsible for maintaining the key log, opening, closing and locking the key cabinet.

Lack of CCTV Surveillance

Risk: Lack of CCTV cameras externally and internally. Many external areas are not covered by CCTV cameras. There are hiding areas for possible malicious or criminal activities. Patrolling security officer’s safety is affected during day or night.

CCTV monitoring station is based at the main reception desk. It is monitored by security receptionist during normal working hours and by security officer during out of hour period. CCTV cameras are static and security staff is unable to remotely use it. During normal working hours security receptionist is occupied with reception duties and it is unable to monitor CCTV covered areas. It is physically unmonitored at night when security officer is on patrols.

Possible offenders may gain access to the complex.

Risk Analysis:

Probability = 4

Impact = 4

Risk Rating = High

Controls = Adequate

Priority Level = High

Recommendations: Installation of additional CCTV cameras to cover all or most external areas to deter and reduce criminal activities and improve patrolling security officer’s safety.

Upgrading CCTV systems to the level that security officers can remotely use it. Ensuring security officers are CCTV trained and licensed.

Assign day security officer in assisting security receptionist to monitor CCTV, whist not on patrol.

Security/Reception Personnel:

Risk: Lack of security personnel. In cases of emergency situations, the security cannot be available for the entire complex. Security officer occasionally are asked to complete tasks that are not part of their duty and they cannot be contacted if they are needed.

Due to high turnover of security staff, there is a lack of training and knowledge of companies’ procedures, which leads to lack of cooperation, communication and raised panic in severe situations.

Minor incidents are not reported and generally are not written down. There is no follow up on investigations or situations, which generally elaborat0es the seriousness of the situations and draws the plan where improvement is needed.

Current Controls: Security trained receptionist is employed on a permanent basis, who is aware of companies’ procedures and who is responsible for other members training. Day security officer is patrolling the complex each hour and reports to building manager. Night security officer works on his own and completes external night patrols.

Risk Analysis:

Probability = 3

Impact = 4

Risk Rating = Significant

Controls = Adequate

Priority Level = Medium

Recommendations: Employ permanent security staff and ensure full and varied training is provided. This will improve security staff confidence, reliability and efficiency.

The complex should employ a security supervisor, who will concentrate on staff training and team development.

Security supervisor should ensure all incidents, despite of its nature and minority are logged, investigated, reviewed and revised.

To maximize night security officer’s safety CCTV patrols should be considered instead of physical patrols.

Fire Training:

Risk: There are no records of fire training and drills. Security staff are not very clear about fire procedures.

Risk Analysis:

Probability = 3

Impact = 4

Risk Rating = Significant

Controls = Adequate

Priority Level = Medium

Recommendations: Security staff needs full fire training. Regular fire drills should be completed and logged in fire training log book.

Information Assets:

Risk: Reception desktop containing with important building information is not encrypted with password. Potential offenders have access to the relevant information.

Risk Analysis:

Probability = 3

Impact = 3

Risk Rating = Moderate

Controls = Weak

Priority Level = Medium

Recommendations: Protect the desktop with password. Each user should have their own login details.

The Description of Project

The object of the project is an operations of security protection systems including the functions such as protecting, access control, monitoring and acting as deterrent. The Centre for the Protection of National Infrastructure describe the principle and method “Operational Requirement (OR) is a statement of need based upon a thorough and systematic assessment of the problem to be solved and the hoped for solutions. To simplify the process, the procedure is broken down into tw0 parts, Level 1 and Level 2 Operational Requirements.” Available at: www.cpni.gov.uk (Accessed: 15 January 2017) for those accountable for the security. It provides the guidance for producing operational requirements for security measures and should be used to evaluate the facility security level and implement an integrated source of physical security countermeasures.

The project involves security in depth and the installation of physical barrier, installation of additional lightning, upgrading Closed Circuit Television (CCTV) systems and access control systems. These countermeasures are designed to deter, detect, deny unauthorized access to facilities, equipment and other assets.

Best practice for the project is careful planning and management of security measures resources for the security. An importance must be established on assigning security resources using risk management, dividing of the abilities of security technology, coordinating security accomplishments and sharing information with other stakeholders. In addition to those responsible for the project should check performance and test security systems, nominate assets in accordance with the organisations mission statement and micro manage goals, budget resources and objectives.

Security Measures

There are two wide types of security measures: physical and procedural. These two combined together should deter, detect, delay, or defeat threat. Deterrence will be enhanced by applying exceptionally visible measures and randomness. This is cost- sufficient and confuses the offender. Security measures will be integrated and layered by using a combination of barriers, lights, CCTV, access control systems and security staff.   

Elements of an integrated security systems:

  • Security Lightning– it increases a high deterrence and detection aspect and demands and intruder to decide whether the chance of exposing themselves is worth the risk. It also helps and allows the security officer to have a better visual capacity of the area they are surveilling and protecting.
  • Closed Circuit Television (CCTV) – it deters offenders from committing criminal activities in the premises internally and externally; it constantly monitors activity within the premises; it collects evidence of criminal activities; helps lone worker to view all the areas and access control points, however there are laws and regulations that apply to the CCTV systems such as The Data Protection Act (1998), The Freedom of Information Act (2000), CCTV Code of Practice Available at http://www.homeoffice.go.uk and http://www.ico.gov.uk (Accessed: 15 January 2017). There are other legislations to be aware of and CCTV operators must be SIA licensed Available at http://www.the-sia.org.uk (Accessed: 15 January 2017).
  • Perimeter Intrusion Detection Systems (PIDS) – intrusion systems detect unauthorized access and alert relevant personnel of a breach in a minimal timing, however it is important to consider whether the system is reliable and durable. The maximum detection capability and ability to correctly identify the location of intrusion and minimum nuisance alarms ratings NAR (alarms that are not caused by intrusion) and FAR (false alarms caused by the equipment itself) must be considered.
  • Access Control Systems– it limits access to particular areas, ensuring that only authorized staff can have access to it. It protects premises and employees from unwanted intrusions
  • Information Security (INFOSEC) – protects valuable data by reducing the risk of data breach, however there are legal obligations, contractual and regulatory requirements ISO 27001, which must be considered. Available at http://www.iso.org (Accessed on 15 January 2017)

Stakeholders

Stakeholders are characterized as any individual or organisation whose concern may be positively or negatively influenced by the project; stakeholders may also have a positive or negative effect over the project.

  • The Client is at the highest level of authority within an organization. They drive the maximum level approval of security policies across the organisation, support and sponsor security and sets up profitable benchmark for security.
  • Building manager ensures the service quality and efficiency is provided up to required standards or above. They observe and decide where improvement is needed. Management involvement helps staff in division or an area to conclude security related issues within each stage of operations.
  • Security Manager is responsible for the assessment, decision and maintenance of effective security requirements within the organization, identifying the most substantial requirements in expanding a secure environment and resolving security related issues.
  • Security supervisor is responsible for deploying and monitoring security staff, responding to security incidents and evaluating potential problems that may happen and maintaining performance and delivery of the security services on daily basis.
  • Security and Reception Staff– delivering security duties.
  • Sub- contracted parties including tenants and cleaners.

Assets to be protected

  • Loss of life– staff, visitors, customers anyone within the premises.
  • Physical– the property, assets within the property such as furnishings, equipment, vehicles and personal belongings.
  • Intellectual– important information, documents, data and staff knowledge.

By the loss of any of these assets will lead to the loss of organisation’s functionality, financial losses, loss of safety, integrity and reputation and the loss of life, which is invaluable asset.

The Threat

Referring to the risk assessment above the treats are likely to be:

  • Potential offenders enter the premises, targets the vehicles, lockers room for personal belonging theft, possibly assaulting security or other member of staff and affecting safety and privacy.
  • Unauthorized people may park vehicles;
  • Homeless people may seek for shelters within the premises;
  • Potential offenders may target the key safe;
  • Potential offenders may seek for hiding areas for possible malicious activities; security officer may possibly be endangered.
  • Security staff lacking the knowledge of emergency procedures, which leads to raised panic and incompetency.
  • Potential offenders may have access to the reception desktop and important information.

Areas of Concern

The most concerning areas are car park, unsecure shower and locker room on the lower car park level, the walkway by the side of the building.

Proposed Controls

The most recommended security systems would be:    

  • Additional Lightning is to be considered number one opportunity to defeat crime because offender’s main deterrent is the likeliness that observers will witness their activities.
  • Vehicle Car Park Barrier to restrict access to the premises and create a formal no trespass obstacle.
  • Access control system to deny unauthorized access.
  • Additional Lightening to deter, improve visibility, safety and support CCTV performance.
  • Additional CCTV cameras to deter and monitor. Policy should precisely state constructed procedures for the installation of the camera equipment and the handling, viewing, retention, distribution, and demolition of video records, as well as training, and operator’s codes of conduct.
  • Improved Operational Security – a properly trained and documented security staff that is loyal to the goals and objectives of an organization is the success to daily operations, safety and competency. The training should be consisting of procedures, policies and guidance concerning the management of incidents.
  • Information security – protect it by using password encrypted electronic locks for desktops, servers, and laptops that are enabled upon login and after specified periods of inactivity. Manage access to all crucial hardware assets (e.g., routers, firewalls, servers, mail hubs).

Ongoing management

Risk management is continuing activity that will continue throughout the entire life of the project. This series of actions includes ongoing activities such as risk recognition, risk assessment, preparing for newly recognized risks, carefully watching trigger conditions, contingency plans and risk reporting on a regular basis. Project status description includes a part on risk management, where new risks are presented together with any new status updates of existing risks. Few risk characteristics, such as probability and impact, could alter during the life of a project and this should be outlined.

Summary

It is impossible to defeat all the threats from happening in an active environment with a diverse population. The recommendations above presented a strategy for identifying the threat issues, process of identifying and evaluating those threats and reducing weaknesses to those threats, however it will be in need of reviewing and re-evaluating the threats and measures assessing further risk treatments and opportunities for improvement.

Word Count: 2773 words

References and Resources

Bucksacuk. 2017. Bucksacuk. [Online]. [16 January 2017]. Available from: tps://my.bucks.ac.uk/webapps/blackboard/execute/announcement?method=search

Cpnigovuk. 2017. Cpnigovuk. [Online]. [16 January 2017]. Available from: https://www.cpni.gov.uk/

In-text citation: (Cpnigovuk, 2017)

Cpnigovuk. 2017. Cpnigovuk. [Online]. [16 January 2017]. Available from: https://www.mitre.org/publications/systems-engineering-guide/acquisition-systems-engineering/risk-management/risk-mitigation-planning-implementation-and-progress-monitoring


To export a reference to this article please select a referencing stye below:

Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.

Request Removal

If you are the original writer of this essay and no longer wish to have the essay published on the UK Essays website then please click on the link below to request removal:


More from UK Essays