Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Understanding Security Basics: A Tutorial on Security Concepts and Technology

Understanding Security Basics: A Tutorial on Security Concepts and Technology

  • Login to see the comments

Understanding Security Basics: A Tutorial on Security Concepts and Technology

  1. 1. Author Richard Kibbey Presented by: Amna Jalil (04)
  2. 2. CDC 8th National Biosafety Symposium, Atlanta, Georgia, 2004
  3. 3. Overview of the security concepts and the systems  Need of security expert  One’s own organization  Full or part-time contractor
  4. 4. Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable asset, such as a person, community, nation, or organization (Biosafety labs)
  5. 5. Consist of equipment, policies and procedures that support each of the elements of security
  6. 6. Clear Zones Barriers Lighting Shrouds Locks Electronic Security Systems Guard forces
  7. 7. 30 feet clear zone --- from the protectable object or facility Void of  Trash receptables  Ashtrays  dumpsters
  8. 8.  Restrict, deny or channel pedestrian or vehicular traffic  Not necessarily impenetrable – increase the probability to detect people & vehicles – trying to get illegal access
  9. 9. Significant deterrent – potential intruders Enhances visibility for routine patrols & general staff Permanent lightening – adequate illumination to  Entry points  Pathways  Parking lots
  10. 10. Activated by Sensors – activate the lights when penetrated Can activated by  Timers  Manually
  11. 11. ◊ Often neglected component ◊ Support deterrence & delay by providing concealment from chance and direct surveillance ◊ Purpose – limit visibility from unauthorized sources ◊ Simple – darkened windows, curtains ◊ Complex – walls, coverings even shrubbery
  12. 12. Many shapes and forms Single hasp lock to very complex systems Include:  Standard key lock  Combination lock  Cipher lock  Card access control systems including swipe card lock and biometric Can be tied in electronic security system
  13. 13. • Come in three flavors Access Control Systems Security Surveillance Intrusion Detection Systems (IDS)
  14. 14. ACCESS CONTROL SYSTEMS Devices designed to limit access --- site, building, room or container Simple – swipe access system Complex -- biometrics
  15. 15. SECURITY SURVEILLANCE Most common – CCTV When choosing CCTV  Resolution power and image quality  Color or black & white  Zoom capability  Transmission mode
  16. 16. INTRUSION DETECTION SYSTEMS (IDS) Identify unauthorized entry Connected to monitoring system – fall into 3 categories 1. Local alarm system – when IDS breached– sounds an alarm for a local security officer 2. 24-hour central station – usually commercially operated – when get alarm, they contact local police
  17. 17. 3. Propriety alarm systems – controlled and monitored within the facility
  18. 18. Response forces Balance between use of security technology & properly trained security staff
  19. 19. Elements of security systems are the rings – around the resource need to be protected Each ring supported by security equipments and procedures – deter, detect or support defeating an adversary by being applied on one or more rings of security
  20. 20. Rings of Security Deter Detect Assess Delay Respond Deny
  21. 21. Prevention of action through a fear of unacceptable consequences Psychological state Perception of security system – from outside look If PTE feels fear – move to other place Let’s keep them away from here
  22. 22. o Determination and transmission that an event has occurred o Use of technology – increases capability
  23. 23. Analysis of an event by a person directly onsite or via technology Now-a-days – CCTV systems Necessary --- determination of the validation of alarm & appropriate response
  24. 24. Ability of physical or psychological barriers to restrict movement Purpose – allow time for an appropriate response – make impossible for intruder to continue
  25. 25. Level of reaction required to counter an intrusion Response forces  Unarmed security guards or staff  Local police High level – dedicated armed forces – nuclear storage areas
  26. 26. Ability to oppose or negate the effects of an action Final chance to defeat an adversary
  27. 27. To avoid the Probable threat element (PTE) Hypothetical Scenario Four Field members of some terrorist agency meet in the Baltimore in December 2002  2 from New york  2 from Fort Worth Their Mission: Steal biological material--- used in bioterror attack on US food supply
  28. 28. Hypothetical Scenario
  29. 29. March 2003 --- Black Angus restaurant Atlanta – target selection  Pre-selection Operations --- 3 locations • Centers for Disease Control and Prevention in AtlantaCDC • U.S. Army Medical Research Institute of Infectious Diseases in MarylandUSAMRIID • Plum Island Animal Disease Center in Long Island, New YorkPlum Island
  30. 30.  Identification of weaknesses in security – to exploit Find a location with  Poor lighting  Weak CCTV system  Inconsistent access control system
  31. 31. Began from April to June 2003 Observations were recorded and discovered  New alarm systems at CDC  High-tech TV systems– throughout complex  Barriers – movement hindrance Assessment Security components – hindered proposed operation
  32. 32. Occurred from July to August 2003 Problems were similar to CDC  Many lights & security structures  Barriers  Access control procedures Assessment Location was too difficult
  33. 33. August through September 2003 Many weaknesses were found  Numerous gaps in security  Doors left open for ventilation  Some windows left open overnight  Alarms and door sensors not operational  Poor lighting  Inadequate and broken CCTV Assessment Plum Island was selected as target
  34. 34. ◊ From September to December 2003 ◊ Found a route of entry – A window – left unlocked most evenings ◊ Daily operations were observer and target selection was made
  35. 35. Attack was conducted early in January 2004 1 person – at vehicle – half a mile away 3 persons – entered building from window Gained access – cutting hole in drywall Took several vials of hoof and mouth virus and exited Whole operation took 70 minutes

×