Conducting a Security Vulnerability Assessment, 2010 Valencia CC Presentation, Margolis Healy & Associates, LLC

1,985 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,985
On SlideShare
0
From Embeds
0
Number of Embeds
416
Actions
Shares
0
Downloads
56
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Conducting a Security Vulnerability Assessment, 2010 Valencia CC Presentation, Margolis Healy & Associates, LLC

  1. 1. Conducting a SecurityVulnerability Assessment
  2. 2. Agenda •  Introductions •  Definitions •  Why an Assessment •  Methodology
  3. 3. Definitions •  Vulnerability: the state of being exposed or susceptible to harm or injury •  Vulnerability Assessment: ongoing, critical evaluation to identify potential risks and areas of weakness that could have adverse consequences for institutions and their systems S
  4. 4. Definitions •  Hazards Assessment: focuses on general hazards to determine what hazards you might be prone to. •  Risk Analysis: focuses on risk levels and consequences S
  5. 5. Why An Assessment •  The Campus Landscape •  Legal Obligations ü  Case Law •  Post Incident Reports ü  Most notably those from institutions, state and Federal gov’t, & professional associations S
  6. 6. Campus Safety Landscape •  High-risk drinking •  Fire and life safety •  Illegal and prescription •  Mental illness and drug use and abuse suicide •  Violence •  Food poisoning, food- borne illness, pandemic -  VAW •  Terrorist threats -  Criminal intrusions, including rampage shooters •  Natural disastersS
  7. 7. Campus Safety Landscape
  8. 8. Legal Obligations •  You own/control premises •  You operate programs, on and off campus •  You have “special relationships” with students •  Laws and regulations G
  9. 9. Mullins v. Pine Manor College •  1983 case involving an assault on a female student on campus by a non-student assailant ü Massachusetts Supreme Court found the college liable for negligent security. "Parents, students and the general community still have a reasonable expectation, fostered in part by the colleges themselves, that reasonable care will be exercised to protect resident students from foreseeable harm." G
  10. 10. After-Action Reports •  More than 20 state reports following Virginia Tech tragedy ü VT Report, State of Florida, California •  Report to the President •  Several professional association reports ü Notably National Association of Attorneys General; IACLEA Blueprint G
  11. 11. After-Action Reports •  These reports all recommended institutions conduct a risk or vulnerability, assessment: “…each college and university (should) conduct a critical infrastructure assessment using trained security specialists.” (Florida Gubernatorial Task Force for University Campus Safety) G
  12. 12. Organizational Framework FEMA’s 4 Phases of Emergency Management G
  13. 13. Methodology G
  14. 14. Environment Scan •  Internal assessment ü  ID critical infrastructure and other facilities ü  ID perceived threats and vulnerabilities from key constituents (remember Law of Diminishing Returns) ü  Catalog findings (threats to people, property, natural acts, terrorism) S
  15. 15. Environment Scan •  External assessment ü  Crime on/around campus – reported and unreported ² Perception of safety/fear of crime ² Crime in local area ü  AOD issues ü  VAW S
  16. 16. Physical Security Systems •  Review campus physical security systems ü  Perimeter – fence or other boundary, cameras ü  Building Perimeter - access control, cameras ü  Interior – intrusion alarms, panic/duress alarms, cameras S
  17. 17. Policies, Procedures & Education •  Human Resources •  Residential Living •  Workplace Violence •  Training and Awareness •  Violence Against Women Prevention Policies •  Drugs, Alcohol and Weapons •  Access Control •  EAP G
  18. 18. Response Capacity •  Campus public safety entity •  All Hazards Emergency Management – Concept of Operations ü  Evacuation •  Mass, Emergency Notification & Timely Warning •  MOU/MOA G
  19. 19. Risk=VCT •  Vulnerability •  Consequence •  Threat 1 125 G
  20. 20. Justifying the Assessment •  ROI •  Avoiding Hyperbole •  Advocating for All Hazards
  21. 21. 4 C’s •  Collaborate •  Communicate •  Coordinate •  Capitalize
  22. 22. Contact www.Margolis-Healy.com shealy@margolis-healy.com gmargolis@margolis-healy.com 1-866-817-5817

×