Massbiz Consulting Crede Sed Proba


Published on

About MassBiz Consulting - Security - Loss Prevention Fraud Prevention, Survey\'s & Assessments

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Massbiz Consulting Crede Sed Proba

  1. 1. OPERATIONS, REVIEW, DESIGN, SYSTEMS & TECHNOLOGY Protection of Assets DISCIPLINE METHODOLOGIES > Physical Security > Security Policies & Procedures MASSBIZ LLC CONSULTANCY SERVICES > Loss Prevention > Fraud Prevention > Operational Risk Management > Compliance PHONE: (877) 214-2900 "Crede Sed Proba"
  2. 2. Page 2 To Learn More Call: (877) 214-2900 Experience Certainty At MASSBIZ, LLC—CONSULTANCY SERVICES it means achieving real business results that allow you to transform and not just maintain your security and operations. We offer superior consulting services to assist Fortune 500 and other enterprise clients in providing safe and secure environments for their people, property and other assets. Our expertise is in the areas of Physical Security, Risk Management, Loss Prevention and Compliance. We actively seek and apply the best possible solutions and methodologies today, making sure to holistically factor in people, processes and business issues. Our services are designed to protect clients “Brand” and pinpoint fraud & loss prediction and prevention pro- gram strengths and weaknesses, cure or reduce operational deficiencies and at the same time maximize ex- isting resources. We do not provide any security services nor sell security products and is therefore unbiased and objective when assessing critical requirements and recommendations on behalf of their clients. We pro- vide impartial balanced thought and advice helping our clients make the right solution decision. With a di- verse background our team can deliver a comprehensive range of security, fraud deterrence, loss prevention, operational risk management consulting services to multi-sector clients. Our aim is to exceed the T V HREATS X ULNERABILITIES client's expectations on each and every project, no matter how large or small the objectives. RISK = { C OUNTERMEASURES } x Assets The primary purpose of all of our assessments is vulnerability identification or threat (exposure) determination and to make the task of analysis of the existing risk more manageable by establishing a base from which to proceed. We believe in the premise that vulner- ability threats that occur, whether the source is fraud based, physical security, logical security or a general liability issue, are not random occurrences, they occur when the conditions are right for them to occur. Our assessments attack the root causes and enablers of these vulnerabilities. Our thesis is that improving organ- izational policies and procedures to eliminate threats, improve awareness that protect assets, minimize expo- sure and reduce losses is the single best defense. Then we follow up with the latest technology countermea- sures that reinforce your polices and procedures to act as an overwhelming deterrence and insure compliance and evolve as changes require over time.
  4. 4. Page 4 To Learn More Call: (877) 214-2900 Physical Security Management Service (PSMS) With reduced budgets in today’s economy, many organizations may not be able to afford a designated security individual who has the time or expertise to manage a physical security program. Our Solution—Innovation Drives Everything We Do There are many regulatory agencies that require safe working environments for employees or anyone else on your property. You also have an obligation to protect your company assets. In addition to the initial process of a Physical Security Survey and project management, the requirement of a security management plan enters into the factor. A security management plan can be described as how you manage all projects related to security issues whether it is technology, policies and procedures or general interactions with people under normal and emergency situations or an unplanned security incident. Compliance requirements and accepted standards make it imperative that your security management plan be: • Inclusive – Provide a review of client security management plan which includes physical security assessment, mechanical security technology, security personnel and policies and procedures. • Current – Provide current security standards and accepted security practices in the industry. • Effective –Establish what is the most cost effective security program both in dollars and sufficient security coverage and programs. • Documented –Ensure proper training is documented to protect client in reducing claims that security personnel were not properly selected or trained and that all security mechanical equipment is functioning as specified and regular tests made on the equipment and properly documented. We will manage your security plan to keep you abreast of all the latest changes in technology, regulations and review your policies and procedures relevant to security. We will also work with you to maintain necessary training or equipment inspection documentation.
  5. 5. Consultancy Services Page 5 Security Architecture Strategy (SAS) Many organizations have ad hoc security measures in place or have implemented security pro- cedures and technology as needed without a system wide review of what is necessary from all departments. Unplanned security architecture can leave holes in the environment that are not readily apparent or security spending can be on the wrong technologies without a full under- standing of where the risk truly lies in the architecture. A robust integrated security architecture strategy is an end-to-end analysis of potential risk based on client business requirements. Our Solution—Business Focus Beyond the Technical Domain Your overall security and loss prevention is the focus of implementing good solutions over time. A forward looking, detailed security architecture strategy can help you fix your current weak- nesses, and anticipate or predict future risk and implement mitigation solutions. A solution will be developed that is specific to the available resources and maps closely to the business goals of the organization. Risk mitigating measures are developed with security technologies that fit the corporate framework. Business Driven Enabling Business Usability A Holistic Approach Adding Value Inter-operability Fit-for-Purpose Empowering Customers Supportability Measurable Protecting Relationships Integration Return on Investment Leveraging Trust Low Cost Development Risk-based Cost / Benefit Assurance Scalability of Platforms Managing Complexity Governance Scalability of Cost Providing a Roadmap Compliance Scalability of Security Simplicity & Clarity Fast Time to Market Re-usability Lower Cost of Ownership Lower Operations Costs Lower Administration Cost
  6. 6. Page 6 To Learn More Call: (877) 214-2900 Physical Security Assessment Survey (PSAS) Physical security is the most fundamental aspect of protection. It is the use of physical controls to protect the premises, build- ings, site facilities, people and other assets belonging to your company. In this day and age, you cannot afford not to have a se- curity evaluation performed on your property to protect yourself against intrusion into your company, frivolous lawsuits interrup- tion of normal business operations or damage to your business reputation. Our Solution Our Physical Security Assessment Survey (PSAS) will be comprised of a comprehensive overall security survey identifying risks and will target what can be considered high risk areas. You have a due diligence responsibility to have your property assessed to prevent security incidents such as physical assaults of people, thefts against your company as- sets and property damage caused by vandals. This Physical Security Survey will include physical security vulnerability assessment concepts as well as homeland security and CPTED (Crime Prevention Through Environmental Design) concepts. Access control onto property, into buildings and into sensitive area that require specific access control. Re- view of current security practices established by client to ensure security of personnel, protection of property against vandalism or unlawful entry and protection of company assets. Review surveillance/CCTV on property, any intrusion/panic alarms to determine effectiveness. Determine effective security methods to prevent unlawful entry or remain- ing of people on property by reviewing fencing, lighting, and cameras. Compliance with accepted Crime Prevention Through Environmental Design (CPTED) in reviewing Natural Surveillance, Natural Access and Territorial Reinforcement of your property. Infrastructure survey and threat assessment to determine that your normal business operations may not be interrupted by loss of services such as utilities, telecommunica- tions, parking restrictions too close to a building and redundancy of services. Review of current lighting on premises to reduce “dark” areas and ensure lighting is doing what it was designed to do. Review with management what they perceive as security concerns and possibly meet with selected employees to determine if the perceptions correlate. We will deliver a report with pictures detailing both the current situation and any recommendations necessary to correct deficiencies. The deficiencies will be noted with practical steps and recommendations to correct the situa- tion. The action plan would be the Project Management Plan that can be used to implement the solution to fix the problem. We interface with vendors, work with the client to purchase equipment and we work with the installer for installation and training.
  7. 7. Consultancy Services Page 7 Loss Prevention Awareness Assessment (LPAA) Many organizations, among their other responsibilities, are tasked with quickly identifying, inves- tigating, recovering, and preventing losses by employees, individuals, and organized retail crime (ORC). At the same time, their loss prevention professionals are drowning under the reams of data that may offer insight into ways to keep ahead of the criminals. A “trusted” employee can gain access to your assets (proprietary data, goods, services, customer lists, etc.) in a way that no other employee can. Our experience for over thirty years has taught us that the elimination of opportunity and temptation is the key to controlling negative behaviors within your enterprise. Our Solution—The Perception of Detection The most widely accepted theory for explaining why people steal was postulated in the early 1950’s by Dr. Donald R. Cressey, while working on his doctoral dissertation on the factors that lead people to steal from their employers. He called them ‘Trust Violators’, he was especially interested in the circumstances that lead otherwise honest people to become overcome by temptation. To serve as a basis of his work he conducted about 200 interviews with inmates at Midwest prisons at the time were incarcerated for embezzlement. Today this work still remains the classic model for the occupational thief. Over the years his original hypothesis has become known as the Fraud Triangle. The key is that all three of these elements must exist for the trust violation to occur. Our motivation has always been to attack the opportunity leg to create the perception that if you try you will be detected. "Crede Sed Proba" or “Trust but Verify” is the key, your people will only do what you expect, if they know that you are going to inspect.” Our service provides a detailed assessment of all processes, policies and procedures such as: purchasing, cash handling, work flow management, information technology, client intake, hu- man resources, marketing, billing, etc. Review security business goals, objectives, and require- ments; Align business and technology strategies for protecting assets by consolidating external compliance and security best practice requirements into a common control framework. Then we review the existing policies and security architecture against the controls necessary to achieve compliance requirements, review the effectiveness of policies and procedures, conduct an au- dit and track and document actual data. We prioritize gaps, vulnerabilities, and possible loss scenarios according to risk, present findings and prioritized recommendations for addressing discovered weaknesses.
  8. 8. Page 8 To Learn More Call: (877) 214-2900 Operational Risk Management Assessment (ORMA) Minimizing losses, maximizing organizational efficiencies and reducing earnings volatility have always been high priorities for executive management and boards of directors. Increasing trans- action volumes, growth-driven acquisitions and the globalization of business, coupled with a lar- ger reliance on technology, have introduced higher degrees of complexity and uncertainty to or- ganizations. In order to maintain a competitive advantage and to improve overall performance, organizations are seeking a way to understand and proactively manage the risks that can impact the business. Our Solution Today’s technologies, used properly, can offer powerful benefits to any organization to minimize potential risks. With increasing concern for employee safety, and data and asset theft, enter- prises recognize the need to develop a more comprehensive approach to protecting and manag- ing their resources - equipment, inventory, data, and people. Although a simple concept, the real- ity of securing an enterprise is quite complex. With hundreds if not thousands of video devices, motion detectors, fire alarms, access control systems, and other data feeds, obtaining a com- plete view of a potential physical security incident, coordinating personnel and reacting in real time is extremely difficult. Let us help you protect your brand with proven tools that get results. Our Process We will first do an analysis of your organization and provide baseline security guidance and re- quirements. We will review all projects and business functions and provide steps toward a more secure posture. We will go onsite and interview your staff both operational, security and IT, at- tend key business strategy sessions and review key technologies, policies and procedures to un- derstand the current environment. We will review all policies and documented procedures and compare them against industry best practices. We will gain insight into future development and business goals. Strategic and technical recommendations will be made to ensure that your secu- rity environment is compliant with best practices and anticipated future threats and can be miti- gated and controlled. Weekly or monthly status reports can be generated and key performance indicators can be used to track the progress of the overall security environment.
  9. 9. Consultancy Services Page 9 Supplier Security Assessment (SSA) Most if not all companies do not have a complete understanding of the weaknesses posed by sup- pliers or the threats their suppliers pose to their organizations. Many suppliers have very unhin- dered access into the company environment and can pose a great danger if they are not moni- tored, tracked and reported. Our Solution Our end-to-end Supplier Security Assessment process can be developed in conjunction with the company’s operational, loss prevention and security staff and vendor management teams to en- sure all vendor access is appropriate and tracked. This involves but is not limited to ensuring that any technical system and connectivity security issues associated with the supplier is controlled but we also look at the business functions of your partners such as having proper Service Level Agree- ments (SLA’s) in place. We develop measures to improve supplier security management. • Develop Supplier assessment process for all suppliers, with specific tailored mechanisms for categories of suppliers, conduct testing of Supplier networks where allowed • Assess the strengths and weaknesses of the current countermeasures, examining the threats to the availability and integrity of the assets managed by supplier Review SLAs • Work with necessary vendors, write detailed steps and conduct key supplier assessments in critical areas once new process is in place, develop controls matrix for Supplier Assessment • Develop Policy for Supplier Assessments, conduct follow-up 1 day review of Supplier process 4 months after completion of Supplier Assessment project We will go onsite and interview your staff and review key policies and procedures regarding how suppliers are managed and how access and data are handled. We will develop new procedures around different risk levels posed by categories of suppliers. You will have a detailed plan to con- duct tests of suppliers, deliver security questionnaires and procedures to fix weak supplier secu- rity technology. A detailed process along will all appropriate procedures and policies will be in place at the conclusion of this project. This Supplier Assessment framework can then be used to ensure the security of all vendor activity.
  10. 10. Page 10 To Learn More Call: (877) 214-2900 Physical Security Project Management (PSPM) To assist the client in selection, review, purchase of security, loss prevention, risk management or business intelligence equipment and/or security programs in bringing their security program into acceptable security standards and practices. Many companies do not have the time or exper- tise to review the inclusive security management plan and are lax in maintaining security stan- dards which could result in theft, vandalism, fraud, loss of brand recognition, loss of service, busi- ness continuity or general liability. Our Solution We are able to provide project management on your security, loss or risk vulnerabilities and li- abilities that have been identified by our assessment (s). We work with your company to deter- mine the most cost effective way to mitigate the concerns. We will team with vendors to deter- mine which product is the most effective and efficient and obtain price quotes. Working with you, equipment or solutions can be purchased, installed and proper training provided. Follow-up and on-site inspections will be provided by MassBiz LLC; afterward the solution will be documented and verified by us. Our Project Management Areas of responsibility include: • Product search for the right equipment to resolve your problem • Determine with client which vendor is most cost effective and efficient • Ensure equipment is installed to specifications of purchaser • Ensure proper training is provided to end user of equipment • Follow-up to ensure equipment is working properly and adjust accordingly if necessary How the Process Works Our Physical Security Consultant will work with the client to establish what particular project man- agement services will be provided. The consultant will explore the most efficient and cost effec- tive measure to mitigate the security concern. We will work with the client purchasing department to determine which vendor should be selected varying on many factors. Follow-up will be pro- vided by on-site inspections by us to ensure the correct product was purchased and installed. Training by the vendor will be documented and verified by the MassBiz LLC consultant.
  11. 11. Consultancy Services Page 11 Temporary Chief Security Officer (TCSO) Many organizations have IT handling the security function without dedicated security guidance. Or your company may not need a full time Chief Security Officer or may not have the budget for it currently. A Chief Security Officer can be very expensive to have in-house. Even a dedicated CSO often has other responsibilities thrust upon them, diluting their security role. With an external CSO, you can have dedicated guidance at a fraction of the cost. Our Solution We can provide that gap coverage in our Temporary CSO offering. Key responsibilities we can provide with a Temporary CSO include overseeing and coordinating security efforts across the company, including information technology, hu- man resources, communications, legal, facilities management and other groups, and identifying security initiatives and standards. We will be your trusted resource to manage your security organization, bringing real world experience on a temporary basis until you are ready to hire a full time CSO. The CSO will define and communicate policies, procedures, and standards throughout the organization, as well as determine the corporate vision for IT Security and Data Privacy and provide leadership to accomplish the business goals. This is a critical role with responsibilities and accountabilities that include: • Protecting information assets against any potential threats and vulnerabilities that could impact the confidentiality • Establish Information Security strategy, policies and architecture to facilitate business requirements and recom- mendation of controls • Develop and delivery of Information Security Awareness Program to Senior Management and gain commitment to initiatives • Program and Workforce management including employees, contractors and vendors • Knowledge of technological trends and developments in the area of information security and risk management, Strong knowledge and experience of risk management methodologies and tools • Knowledge of information security audit guidelines • Experience with establishing and managing large project RFPs, contracts and vendors • High level of personal integrity and professionalism to handle confidential matters and execute the appropriate level of judgment and maturity • Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals We will first do an analysis of your organization and provide baseline security guidance and requirements. Then we will review all projects and business functions and provide steps to move towards a secure posture. We will attend all key business strategy sessions and contribute to the overall business goals. Weekly or monthly status reports can be gen- erated and key performance indicators can be used to track the progress of the security environment.
  12. 12. “Organizations know that a proactive approach to security is key to protecting critical assets and reducing business liability risks, but too often they overlook physical security factors.” —James Edward McDonald, Consultant, MassBiz, LLC MASSBIZ LLC—CONSULTANCY SERVICES 109 Bay Path Road, East Brookfield, MA 01515 Phone/Fax: (877) 214-2900 ● Blog: ● Twitter: