David L. Russell,
D Russell,
Pieter C. Arlow
John Wiley & Sons
e druk, 2015
9781118194638
Industrial Security – Managing Security in the 21st Century
Managing Security in the 21st Century
Specificaties
Gebonden, 224 blz.
|
Engels
John Wiley & Sons |
e druk, 2015
ISBN13: 9781118194638
Rubricering
Verwachte levertijd ongeveer 9 werkdagen
Samenvatting
A comprehensive and practical guide to security organization and planning in industrial plants
Features Basic definitions related to plant security
Features Countermeasures and response methods
Features Facilities and equipment, and security organization
Topics covered are applicable to multiple types of industrial plants
Illustrates practical techniques for assessing and evaluating financial and corporate risks
Specificaties
ISBN13:9781118194638
Taal:Engels
Bindwijze:gebonden
Aantal pagina's:224
Uitgever:John Wiley & Sons
Hoofdrubriek:Wetenschap en techniek, Mens en maatschappij
Inhoudsopgave
<p>Chapter 1 Introduction to Security Risk Assessment and Management 1</p>
<p>Introduction 1</p>
<p>Business Definition 1</p>
<p>Security Versus Risk 2</p>
<p>Framework for Risk Management 2</p>
<p>Value at Risk 5</p>
<p>Calculation of Risk 6</p>
<p>Risk Assessment Versus Risk Management 6</p>
<p>Risk Management Plans 8</p>
<p>Threat Scenarios 9</p>
<p>Statistics and Mathematics 10</p>
<p>Pairing Vulnerability and Threat Data 11</p>
<p>Setting Priorities 13</p>
<p>Other Definitions of Risk Assessment 14</p>
<p>Business Definition for Risk Assessment 14</p>
<p>Broad Definition for Risk Assessment 15</p>
<p>Quantitative Risk Assessment 15</p>
<p>Qualitative Risk Assessment 15</p>
<p>Threats 15</p>
<p>Vulnerabilities 15</p>
<p>Countermeasures for Vulnerabilities 16</p>
<p>The D s of security systems 16</p>
<p>Sample Threat Scenario No. 1 18</p>
<p>Background 18</p>
<p>Sample Threat Scenario No. 2 23</p>
<p>Background 23</p>
<p>Chapter 2 Risk Assessment Basics 29</p>
<p>Street Calculus and Perceived Risk 29</p>
<p>Street Calculus 29</p>
<p>Security Risk Assessment Structure 32</p>
<p>Value at Risk 32</p>
<p>Sandia Laboratory s Risk Assessment Analysis 33</p>
<p>Annualized Cost Analysis of Risk 34</p>
<p>Scenario ]Driven Cost Risk Analysis 36</p>
<p>Real ]world example 37</p>
<p>Model ]Based Risk Analysis 37</p>
<p>MBRA example case 38</p>
<p>Risk Management by Fault Tree Methods and Risk ]Informed Decision Management 39</p>
<p>Fault tree analysis 39</p>
<p>RIDM 42</p>
<p>Chapter 3 Assessing Types of Attacks and Threats with Da ta Sources 62</p>
<p>Weapons 62</p>
<p>AK ]47 62</p>
<p>M16 62</p>
<p>Sniper rifles 63</p>
<p>Muzzle Energies for Various Cartridges 63</p>
<p>Rifle Grenades 63</p>
<p>Rocket ]Propelled Grenades and Mortars 64</p>
<p>Explosive Energies 65</p>
<p>Impact of explosives 66</p>
<p>Other Types of Incidents and Accidents 68</p>
<p>Chapter 4 Evaluating a Company s Protective Systems 70</p>
<p>Surveys and Assessments 70</p>
<p>Site Security Assessments 71</p>
<p>Checklists 71</p>
<p>Cyber security checklist 71</p>
<p>Lighting 72</p>
<p>Perimeter Barriers: Design Notes and Comments 74</p>
<p>CCTV 79</p>
<p>Windows and Doors 81</p>
<p>Chapter 5 Port Security 82</p>
<p>Ranking Threats 82</p>
<p>Natural threats 82</p>
<p>Man ]made/accidental threats 82</p>
<p>Intentional acts delivery vectors 83</p>
<p>Weapon threats 83</p>
<p>Levels of Port Security 83</p>
<p>Security response plans 84</p>
<p>Recommended procedures 84</p>
<p>Identification Procedures for Personnel Screening 85</p>
<p>Employees 85</p>
<p>Vendors/contractors/vessel pilots 85</p>
<p>Truck drivers/passengers 85</p>
<p>Visitors (all personnel not falling into other categories) 86</p>
<p>Government employees 86</p>
<p>Vessel personnel access through a facility 86</p>
<p>Search requirements 86</p>
<p>Acceptable identification 87</p>
<p>Access control 87</p>
<p>Vessel Arrival and Security Procedures While Moored 87</p>
<p>Internal Security 88</p>
<p>Vehicle control 88</p>
<p>Rail security 88</p>
<p>Key/ID/access card control 88</p>
<p>Computer security 89</p>
<p>Security rounds 89</p>
<p>Perimeter Security and Restricted Areas 89</p>
<p>Barriers 89</p>
<p>Fencing 89</p>
<p>Lighting 90</p>
<p>Security Alarms/Video Surveillance/Communications Systems 90</p>
<p>Alarms 90</p>
<p>Video surveillance 90</p>
<p>Communications systems 91</p>
<p>Training and Security Awareness 91</p>
<p>Floating Barriers 91</p>
<p>Chapter 6 Basics of Cyber security 93</p>
<p>Communications Life Cycle 93</p>
<p>Some Solutions to the Problem of Cyber crime 94</p>
<p>General recommendations 94</p>
<p>Communications Security 96</p>
<p>Communications as Transactions 96</p>
<p>Telephone System Security 96</p>
<p>Radio Communications 97</p>
<p>Digital Communications 97</p>
<p>Cyber security 98</p>
<p>Vulnerability assessment 98</p>
<p>Unknowns and alternatives 99</p>
<p>How to Perform the Vulnerability Assessment 99</p>
<p>Critical success factors 99</p>
<p>Optimum assessment team size 101</p>
<p>Communications Procedure Design: Hints and Helps 101</p>
<p>Benefits: Identified 102</p>
<p>Example 102</p>
<p>Cyber Threat Matrix: Categories of Loss and Frequency 103</p>
<p>Setting up Internet Security 104</p>
<p>External versus internal testing 105</p>
<p>Security focus 105</p>
<p>Browser and domain security 105</p>
<p>Data encryption 106</p>
<p>Cyber security Tools 107</p>
<p>Chapter 7 Scenario Planning and Analyses 109</p>
<p>Introduction 109</p>
<p>Fta, Markov Chains, and Monte Carlo Methods 110</p>
<p>Fuzzy fault trees 111</p>
<p>Markov chains and Bayesian analysis 111</p>
<p>Other Complimentary Techniques 112</p>
<p>Fishbone (Ishikawa) diagrams 112</p>
<p>Pareto charts 114</p>
<p>Sample of Initial Analysis 114</p>
<p>Failure Modes and Effects Analysis 119</p>
<p>Dhs Analysis and Plans 120</p>
<p>Bow ]Tie Analysis 124</p>
<p>Example 125</p>
<p>Hazops and Process Safety Management 127</p>
<p>Process safety information: General 127</p>
<p>PHA and HAZOPS 128</p>
<p>Aloha, Cameo, and Security Planning Tools 129</p>
<p>The Colored Books 133</p>
<p>Generic Guideline for the Calculation of Risk Inherent in the Carriage of Dangerous Goods by Rail 133</p>
<p>The Orange Book: Management of Risk Principles and Concepts 133</p>
<p>The Green Book: Methods for the Determination of Possible Damage to People and Objects Resulting from Release of Hazardous Materials, CPR ]16E 135</p>
<p>The Yellow Book: Methods for the Calculation of Physical Effects due to the Releases of Hazardous Materials (Liquids and Gases), CPR ]14E 137</p>
<p>The Red Book: Methods for Determining and Processing Probabilities, CPR ]12 137</p>
<p>The Purple Book: Guidelines for Quantitative Risk Assessment, PGS 3 137</p>
<p>Sample outline for emergency response 141</p>
<p>Chapter 8 Security System Design and Implementation: Practical Notes 148</p>
<p>Security Threat ]Level Factors 148</p>
<p>Considered Factors 148</p>
<p>Vehicle bombs 149</p>
<p>Standoff weapons 151</p>
<p>Minimum standoff distances 151</p>
<p>Security System Design 153</p>
<p>Perimeter barriers 154</p>
<p>Active vehicle barriers 154</p>
<p>Entry roadways 155</p>
<p>Entry control stations 156</p>
<p>Reinforcement of buildings and infrastructure 156</p>
<p>Windows 156</p>
<p>Security system lighting 157</p>
<p>Lighting system design 157</p>
<p>Electronic Security Systems Design 157</p>
<p>Alarm configurations and design 158</p>
<p>Access control 159</p>
<p>Employee screening 160</p>
<p>Visitor identification and control 160</p>
<p>Packages, personnel, and vehicle control 161</p>
<p>Lock and key systems 161</p>
<p>Security forces 162</p>
<p>Cargo security 162</p>
<p>Port security systems 163</p>
<p>Review and Assessment of Engineering Design and Implementation 163</p>
<p>Auditing and evaluation 163</p>
<p>Risk assessment team 164</p>
<p>Blank sheet approach to auditing and evaluation 165</p>
<p>Business approach to auditing and evaluation 165</p>
<p>Benchmarking 166</p>
<p>How to evaluate a physical security system? 167</p>
<p>Security systems audits 167</p>
<p>What to review? 168</p>
<p>Implementation of risk assessment 174</p>
<p>SQUARE: Prioritizing security requirements 177</p>
<p>Security monitoring and enforcement 179</p>
<p>Security awareness program 180</p>
<p>Proposed future training requirements 180</p>
<p>Security management 180</p>
<p>The differing roles of the security department 181</p>
<p>Stress management techniques 181</p>
<p>Security management techniques 184</p>
<p>Conclusion 186</p>
<p>Appendix I 187</p>
<p>Appendix II 196</p>
<p>Index 204</p>
<p>Introduction 1</p>
<p>Business Definition 1</p>
<p>Security Versus Risk 2</p>
<p>Framework for Risk Management 2</p>
<p>Value at Risk 5</p>
<p>Calculation of Risk 6</p>
<p>Risk Assessment Versus Risk Management 6</p>
<p>Risk Management Plans 8</p>
<p>Threat Scenarios 9</p>
<p>Statistics and Mathematics 10</p>
<p>Pairing Vulnerability and Threat Data 11</p>
<p>Setting Priorities 13</p>
<p>Other Definitions of Risk Assessment 14</p>
<p>Business Definition for Risk Assessment 14</p>
<p>Broad Definition for Risk Assessment 15</p>
<p>Quantitative Risk Assessment 15</p>
<p>Qualitative Risk Assessment 15</p>
<p>Threats 15</p>
<p>Vulnerabilities 15</p>
<p>Countermeasures for Vulnerabilities 16</p>
<p>The D s of security systems 16</p>
<p>Sample Threat Scenario No. 1 18</p>
<p>Background 18</p>
<p>Sample Threat Scenario No. 2 23</p>
<p>Background 23</p>
<p>Chapter 2 Risk Assessment Basics 29</p>
<p>Street Calculus and Perceived Risk 29</p>
<p>Street Calculus 29</p>
<p>Security Risk Assessment Structure 32</p>
<p>Value at Risk 32</p>
<p>Sandia Laboratory s Risk Assessment Analysis 33</p>
<p>Annualized Cost Analysis of Risk 34</p>
<p>Scenario ]Driven Cost Risk Analysis 36</p>
<p>Real ]world example 37</p>
<p>Model ]Based Risk Analysis 37</p>
<p>MBRA example case 38</p>
<p>Risk Management by Fault Tree Methods and Risk ]Informed Decision Management 39</p>
<p>Fault tree analysis 39</p>
<p>RIDM 42</p>
<p>Chapter 3 Assessing Types of Attacks and Threats with Da ta Sources 62</p>
<p>Weapons 62</p>
<p>AK ]47 62</p>
<p>M16 62</p>
<p>Sniper rifles 63</p>
<p>Muzzle Energies for Various Cartridges 63</p>
<p>Rifle Grenades 63</p>
<p>Rocket ]Propelled Grenades and Mortars 64</p>
<p>Explosive Energies 65</p>
<p>Impact of explosives 66</p>
<p>Other Types of Incidents and Accidents 68</p>
<p>Chapter 4 Evaluating a Company s Protective Systems 70</p>
<p>Surveys and Assessments 70</p>
<p>Site Security Assessments 71</p>
<p>Checklists 71</p>
<p>Cyber security checklist 71</p>
<p>Lighting 72</p>
<p>Perimeter Barriers: Design Notes and Comments 74</p>
<p>CCTV 79</p>
<p>Windows and Doors 81</p>
<p>Chapter 5 Port Security 82</p>
<p>Ranking Threats 82</p>
<p>Natural threats 82</p>
<p>Man ]made/accidental threats 82</p>
<p>Intentional acts delivery vectors 83</p>
<p>Weapon threats 83</p>
<p>Levels of Port Security 83</p>
<p>Security response plans 84</p>
<p>Recommended procedures 84</p>
<p>Identification Procedures for Personnel Screening 85</p>
<p>Employees 85</p>
<p>Vendors/contractors/vessel pilots 85</p>
<p>Truck drivers/passengers 85</p>
<p>Visitors (all personnel not falling into other categories) 86</p>
<p>Government employees 86</p>
<p>Vessel personnel access through a facility 86</p>
<p>Search requirements 86</p>
<p>Acceptable identification 87</p>
<p>Access control 87</p>
<p>Vessel Arrival and Security Procedures While Moored 87</p>
<p>Internal Security 88</p>
<p>Vehicle control 88</p>
<p>Rail security 88</p>
<p>Key/ID/access card control 88</p>
<p>Computer security 89</p>
<p>Security rounds 89</p>
<p>Perimeter Security and Restricted Areas 89</p>
<p>Barriers 89</p>
<p>Fencing 89</p>
<p>Lighting 90</p>
<p>Security Alarms/Video Surveillance/Communications Systems 90</p>
<p>Alarms 90</p>
<p>Video surveillance 90</p>
<p>Communications systems 91</p>
<p>Training and Security Awareness 91</p>
<p>Floating Barriers 91</p>
<p>Chapter 6 Basics of Cyber security 93</p>
<p>Communications Life Cycle 93</p>
<p>Some Solutions to the Problem of Cyber crime 94</p>
<p>General recommendations 94</p>
<p>Communications Security 96</p>
<p>Communications as Transactions 96</p>
<p>Telephone System Security 96</p>
<p>Radio Communications 97</p>
<p>Digital Communications 97</p>
<p>Cyber security 98</p>
<p>Vulnerability assessment 98</p>
<p>Unknowns and alternatives 99</p>
<p>How to Perform the Vulnerability Assessment 99</p>
<p>Critical success factors 99</p>
<p>Optimum assessment team size 101</p>
<p>Communications Procedure Design: Hints and Helps 101</p>
<p>Benefits: Identified 102</p>
<p>Example 102</p>
<p>Cyber Threat Matrix: Categories of Loss and Frequency 103</p>
<p>Setting up Internet Security 104</p>
<p>External versus internal testing 105</p>
<p>Security focus 105</p>
<p>Browser and domain security 105</p>
<p>Data encryption 106</p>
<p>Cyber security Tools 107</p>
<p>Chapter 7 Scenario Planning and Analyses 109</p>
<p>Introduction 109</p>
<p>Fta, Markov Chains, and Monte Carlo Methods 110</p>
<p>Fuzzy fault trees 111</p>
<p>Markov chains and Bayesian analysis 111</p>
<p>Other Complimentary Techniques 112</p>
<p>Fishbone (Ishikawa) diagrams 112</p>
<p>Pareto charts 114</p>
<p>Sample of Initial Analysis 114</p>
<p>Failure Modes and Effects Analysis 119</p>
<p>Dhs Analysis and Plans 120</p>
<p>Bow ]Tie Analysis 124</p>
<p>Example 125</p>
<p>Hazops and Process Safety Management 127</p>
<p>Process safety information: General 127</p>
<p>PHA and HAZOPS 128</p>
<p>Aloha, Cameo, and Security Planning Tools 129</p>
<p>The Colored Books 133</p>
<p>Generic Guideline for the Calculation of Risk Inherent in the Carriage of Dangerous Goods by Rail 133</p>
<p>The Orange Book: Management of Risk Principles and Concepts 133</p>
<p>The Green Book: Methods for the Determination of Possible Damage to People and Objects Resulting from Release of Hazardous Materials, CPR ]16E 135</p>
<p>The Yellow Book: Methods for the Calculation of Physical Effects due to the Releases of Hazardous Materials (Liquids and Gases), CPR ]14E 137</p>
<p>The Red Book: Methods for Determining and Processing Probabilities, CPR ]12 137</p>
<p>The Purple Book: Guidelines for Quantitative Risk Assessment, PGS 3 137</p>
<p>Sample outline for emergency response 141</p>
<p>Chapter 8 Security System Design and Implementation: Practical Notes 148</p>
<p>Security Threat ]Level Factors 148</p>
<p>Considered Factors 148</p>
<p>Vehicle bombs 149</p>
<p>Standoff weapons 151</p>
<p>Minimum standoff distances 151</p>
<p>Security System Design 153</p>
<p>Perimeter barriers 154</p>
<p>Active vehicle barriers 154</p>
<p>Entry roadways 155</p>
<p>Entry control stations 156</p>
<p>Reinforcement of buildings and infrastructure 156</p>
<p>Windows 156</p>
<p>Security system lighting 157</p>
<p>Lighting system design 157</p>
<p>Electronic Security Systems Design 157</p>
<p>Alarm configurations and design 158</p>
<p>Access control 159</p>
<p>Employee screening 160</p>
<p>Visitor identification and control 160</p>
<p>Packages, personnel, and vehicle control 161</p>
<p>Lock and key systems 161</p>
<p>Security forces 162</p>
<p>Cargo security 162</p>
<p>Port security systems 163</p>
<p>Review and Assessment of Engineering Design and Implementation 163</p>
<p>Auditing and evaluation 163</p>
<p>Risk assessment team 164</p>
<p>Blank sheet approach to auditing and evaluation 165</p>
<p>Business approach to auditing and evaluation 165</p>
<p>Benchmarking 166</p>
<p>How to evaluate a physical security system? 167</p>
<p>Security systems audits 167</p>
<p>What to review? 168</p>
<p>Implementation of risk assessment 174</p>
<p>SQUARE: Prioritizing security requirements 177</p>
<p>Security monitoring and enforcement 179</p>
<p>Security awareness program 180</p>
<p>Proposed future training requirements 180</p>
<p>Security management 180</p>
<p>The differing roles of the security department 181</p>
<p>Stress management techniques 181</p>
<p>Security management techniques 184</p>
<p>Conclusion 186</p>
<p>Appendix I 187</p>
<p>Appendix II 196</p>
<p>Index 204</p>