Cip 004, R1 Physical Security Awareness Webinar 10 23 09 Final Lipub

www.encari.com CIP-004, R1 Security y Awareness Webinar Series Series Physical Security Fundamentals & Best Practices Steven Hamburg Mark Simon

www.encari.com Objectives Obj ti • Learn why physical security is a key component of critical infrastructure protection. • Learn about your role in implementing physical security-related policies and controls to mitigate risks of unauthorized access to li i d l ii i k f h i d critical equipment, systems, material, and information at or pertaining to critical facilities. 2

www.encari.com Role f Physical Security R l of Ph i l S it • Violence, vandalism, theft, and terrorism are prevalent in the world today. 3

www.encari.com Role f Physical Security R l of Ph i l S it • A Bonneville Power Administration crew working near the Mountain Avenue Substation discovered a suspicious device that law enforcement officials later determined was a pipe bomb. Law enforcement officials safely dismantled the device. While the bomb was near the substation, it is not clear that the BPA facility was the target. Source: BPA News July 22, 2009 4

www.encari.com Role f Physical Security R l of Ph i l S it 5

www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Deter • Don’t be too helpful. Some places are not meant to be easy to find. 6

www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Detect • Identify and report any suspicious acts on or around the premises without putting yourself in harm’s way. 7

www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Assess • An effective assessment system provides two types of information associated with detection: (1) information regarding whether the alarm is a valid alarm or a nuisance alarm, and (2) details regarding the cause of the alarm; i.e., what, who, where, and how many. 8

www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Delay • Physical barriers are designed to delay an intruder. 9

www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Communicate • Some organizations establish code words to alert co-workers and supervisors that immediate help is needed. Employees should know what steps to perform if a threatening or violent incident occurs. 10

www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Respond • Leave it to the professionals to respond to a potential physical security breach. • The primary concern in any security incident is the protection of f human life. If force is threatened, system operators / control center / all personnel should follow the intruder's instructions to the letter. 11

www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Intelligence • Employees benefit from a comprehensive security awareness program and an understanding of the threats involved. 12

www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Audit • Checking physical security system controls: I have my badge The door is secure The alarm is set I know the policies and procedures t f ll k th li i d d to follow 13

www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #1 • Piggybacking A social engineer appears as a legitimate employee and walks into a secure building by following behind someone who has authorized access. 14

www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #2 • Observing a supervisor or co-worker being confronted by a person who appears volatile. 15

www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #3 • Finding a suspicious package or device. 16

www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #4 • You observe a visitor, who should be escorted within a physical security perimeter, wandering within the physical security perimeter without his or her escort. 17

www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #5 • It’s the end of the day and you rush to leave work to pick-up the kids, and in your haste you forget to secure confidential documents clearly visible on your desk. 18

www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #6 • You discard printed materials and a CD containing the most sensitive type of information, as defined in your information protection program. 19

www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #7 • You observe a person outside of a security perimeter drawing a diagram and taking photographs. 20

www.encari.com Conclusion C l i 21

www.encari.com Q&A • Contact Information Steven Hamburg – Co-Founder, Encari g , Mark Simon – Sr. NERC CIP Compliance Specialist • Visit our blog at Control Engineering magazine’s website: www controleng com www.controleng.com 22

Cip 004, R1 Physical Security Awareness Webinar 10 23 09 Final Lipub

by shamburg

Accessibility

Upload Details

Usage Rights

3 Embeds 3

Statistics

Cip 004, R1 Physical Security Awareness Webinar 10 23 09 Final Lipub Presentation Transcript

http://www.slideshare.net	1
http://www.lmodules.com	1
http://www.linkedin.com	1