The document discusses security master planning issues for built environments. It addresses determining an organization's risk appetite by identifying what risks can be treated, transferred, terminated, or tolerated. When planning security, it is important to consider threats, likelihoods, impacts, and how to mitigate risks cost-effectively. The document also covers crime prevention through environmental design principles like territoriality, surveillance, access control and target hardening. For security master planning, it is important to account for factors like more open environments, greater permeability, concentrations of people, and space complexity that can challenge security.
Cyber defense: Understanding and Combating the ThreatIBM Government
The broad subject of cyber defense makes it just as difficult to achieve. Learn about IBM solutions and SPADE conference insights on the subject of cyber defense which includes both cyber terrorism and the larger umbrella "cyber threat," and the best ways to combat them.
Crime Prevention Through Environmental Design (CPTED) for Sports VenuesJay King
Crime Prevention Through Environmental Design (CPTED) for Sports Venues
• The Limits of Deterrence
• CPTED enabling Physical Security and Force Protection
• Non-Traditional Natural Surveillance and Activity Support
• Nudging CPTED from Deterrence to Detection
• Including CPTED Goals Early in the Planning and Design Process
These PowerPoint presentations are intended for use by crime prevention practitioners who bring their experience and expertise to each topic. The presentations are not intended for public use or by individuals with no training or expertise in crime prevention. Each presentation is intended to educate, increase awareness, and teach prevention strategies. Presenters must discern whether their audiences require a more basic or advanced level of information.
NCPC welcomes your input and would like your assistance in tracking the use of these topical presentations. Please email NCPC at trainings@ncpc.org with information about when and how the presentations were used. If you like, we will also place you in a database to receive updates of the PowerPoint presentations and additional training information. We encourage you to visit www.ncpc.org to find additional information on these topics. We also invite you to send in your own trainer notes, handouts, pictures, and anecdotes to share with others on www.ncpc.org.
Cyber defense: Understanding and Combating the ThreatIBM Government
The broad subject of cyber defense makes it just as difficult to achieve. Learn about IBM solutions and SPADE conference insights on the subject of cyber defense which includes both cyber terrorism and the larger umbrella "cyber threat," and the best ways to combat them.
Crime Prevention Through Environmental Design (CPTED) for Sports VenuesJay King
Crime Prevention Through Environmental Design (CPTED) for Sports Venues
• The Limits of Deterrence
• CPTED enabling Physical Security and Force Protection
• Non-Traditional Natural Surveillance and Activity Support
• Nudging CPTED from Deterrence to Detection
• Including CPTED Goals Early in the Planning and Design Process
These PowerPoint presentations are intended for use by crime prevention practitioners who bring their experience and expertise to each topic. The presentations are not intended for public use or by individuals with no training or expertise in crime prevention. Each presentation is intended to educate, increase awareness, and teach prevention strategies. Presenters must discern whether their audiences require a more basic or advanced level of information.
NCPC welcomes your input and would like your assistance in tracking the use of these topical presentations. Please email NCPC at trainings@ncpc.org with information about when and how the presentations were used. If you like, we will also place you in a database to receive updates of the PowerPoint presentations and additional training information. We encourage you to visit www.ncpc.org to find additional information on these topics. We also invite you to send in your own trainer notes, handouts, pictures, and anecdotes to share with others on www.ncpc.org.
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
2014 NSF Cybersecurity Summit keynote presentation from Matthew Rosenquist, Cybersecurity Strategist for Intel Corp.
Cybersecurity is difficult. It is a serious endeavor which strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk have matured and expanded on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the challenges, organizational opportunities, and explore best practices to align investments in security to the risk appetite of an organization.
Accelerator Enduring Competition Challenge - Session 2
Security and defence perspectives of what the Enduring Challenge will bring to the front line.
Includes views from -
* UK security engagement expert
* Navy military adviser
* Maritime technology expert
* Army military adviser
* Land technology expert
* RAF military adviser
* air technology expert
16
Chapter 1. Encompassing Effective CPTED
Solution
s in 2017 and
Beyond: Concepts and Strategies.
CPTED is long established and used across the globe but not problem free operations.
CPTED is a preferred model to provide background information relative to the integration of
CPTED as conduit to enhance the creation of viable community growth, collaborative
partnerships, and reduction of risk management, complication, and diversity and irrelevance
concepts. CPTED often contribute to the development of wider planning goals considering the
development and maintenance of sustainable communities. Understanding and managing this
potentially new direction enables clear links with development and maintenance of sustainable
communities through urban planning to be profitable and impactful. Effective CPTED policies
aimed at reducing private violence against vulnerable innocent citizens and the community,
attempt must be executed to outline the obvious limitations, creating interconnected community is
an important component,
Consider, too, that many of the social interactions between men in these impoverished
communities do not include designing plans to lower crime rates. they are unemployed, these men
spend much of their time together drinking and taking illicit drugs, and lamenting about patriarchal
authority threatened by the disappearance of manufacturing jobs, The most reliable and proven
approach to accomplish the goal of combining security with design decisions is commonly known
as the environmental design model called CPTED. The environmental design approach to security
recognizes the designated space, which defines CPTED solution compatible for associated
activities often help to prevents crime. The embedded goals and objective of CPTED rest on design
and use of space, culture deviating from the traditional targeting pathway to prevent crime.
Traditionally. The focus rest predominantly on denying access to a crime target through physical
facility such as locks, alarms, fences, and gates. Apparently, modern approach tends to overlook
opportunities for natural access control and surveillance, which It can also make environments
sterile, unsightly, and unfriendly. The most reliable and proven approach to accomplish the goal
of combining security with design decisions is commonly known as the environmental design
model called CPTED. The environmental design approach to security recognizes the designated
space that defines CPTED solution compatible for associated activities often help to prevents
crime. The embedded goals and objective of CPTED rest on design and use of space, culture
17
deviating from the traditional targeting pathway to prevent crime. Traditionally. The focus rest
predominantly on denying access to a crime target through physical facility such as locks, alarms,
fences, and gates. Apparently, modern approach tends to overlook opportunities for.
Czwarte wydanie magazynu GLOBAL poświęcone zostało właściwemu zabezpieczeniu obiektów przemysłowych oraz obiektów wysokiego ryzyka, które w szczególny sposób narażone są na ataki terrorystyczne. W numerze znalazły się również informacje dotyczące drzwi bezpieczeństwa produkowanych przez Gunnebo.
In this edition, Global talks to experts about the evolving threat faced by public areas and critical infrastructure sites. “Many more types of site are seen as potential terrorist targets and are therefore vulnerable,” says French security specialist, Jean-Charles Proskuryn. Global asks what approach should be taken.
Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...juliekannai
Scott Tucker and Verrick Walker, Page
A Black Swan is an event that appears random, is extremely difficult to predict, and usually occurs unexpectedly—with a huge impact. The flooding from Hurricane Harvey in 2017 was Houston’s Black Swan. Unfortunately, we seldom think of disastrous flooding in our commercial buildings, bioterrorism in our health care facilities, blasts in our mission critical facilities, or wildfires overcoming our civic infrastructure, until another black swan dominates the news.
Over the past two decades, Page has formally helped owners and operators of critical facilities and infrastructure to plan and organize programs to harden and protect assets from a wide range of common and not-so-common threats, both natural and artificial. Beginning in 2001, we implemented a flood mitigation solution for Baylor College of Medicine’s campus in the Texas Medical Center after Tropical Storm Allison. Since that first project, we have helped academic, corporate, and government clients safeguard their facilities against fires, hurricanes, earthquakes, explosions, terrorist attacks, and even nuclear detonations. Through our work, we have developed a useful analytical framework for exploring resilient design options that applies to all types of threats, responses, and recovery efforts. This approach focuses on planning and programming for system-wide robustness, based on generalizing threats to buildings, rather than using actuarial data or calculated risk analysis.
This presentation outlines a practical methodology for architects to evaluate facility vulnerabilities throughout the programming and design phases. We will share our threat matrix, a tool developed to summarize and prioritize risks, case studies of how we have implemented this process, and the resulting robust solutions. We also will discuss operational steps that can be taken before, during, and after extreme events in conjunction with designed solutions to maximize resilience.
This talk is about incident response in ICS / OT environments. It uses some of the ideas of this talk (https://www.slideshare.net/FrodeHommedal/taking-the-attacker-eviction-red-pill-v15) and then applies that to incident response in an ICS / OT environment.
Top 5 secrets to successfully jumpstarting your cyber-risk programPriyanka Aash
Businesses like Autodesk understand that cyber-risk management is essential, but they often don’t know where to begin. Autodesk implemented a cyber-risk framework in six months by using Agile software development, risk modeling and risk quantification. This session will explore the company’s success secrets and offers advice on how security leaders can jumpstart their cyber-risk program.
(Source : RSA Conference USA 2017)
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
2014 NSF Cybersecurity Summit keynote presentation from Matthew Rosenquist, Cybersecurity Strategist for Intel Corp.
Cybersecurity is difficult. It is a serious endeavor which strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk have matured and expanded on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the challenges, organizational opportunities, and explore best practices to align investments in security to the risk appetite of an organization.
Accelerator Enduring Competition Challenge - Session 2
Security and defence perspectives of what the Enduring Challenge will bring to the front line.
Includes views from -
* UK security engagement expert
* Navy military adviser
* Maritime technology expert
* Army military adviser
* Land technology expert
* RAF military adviser
* air technology expert
16
Chapter 1. Encompassing Effective CPTED
Solution
s in 2017 and
Beyond: Concepts and Strategies.
CPTED is long established and used across the globe but not problem free operations.
CPTED is a preferred model to provide background information relative to the integration of
CPTED as conduit to enhance the creation of viable community growth, collaborative
partnerships, and reduction of risk management, complication, and diversity and irrelevance
concepts. CPTED often contribute to the development of wider planning goals considering the
development and maintenance of sustainable communities. Understanding and managing this
potentially new direction enables clear links with development and maintenance of sustainable
communities through urban planning to be profitable and impactful. Effective CPTED policies
aimed at reducing private violence against vulnerable innocent citizens and the community,
attempt must be executed to outline the obvious limitations, creating interconnected community is
an important component,
Consider, too, that many of the social interactions between men in these impoverished
communities do not include designing plans to lower crime rates. they are unemployed, these men
spend much of their time together drinking and taking illicit drugs, and lamenting about patriarchal
authority threatened by the disappearance of manufacturing jobs, The most reliable and proven
approach to accomplish the goal of combining security with design decisions is commonly known
as the environmental design model called CPTED. The environmental design approach to security
recognizes the designated space, which defines CPTED solution compatible for associated
activities often help to prevents crime. The embedded goals and objective of CPTED rest on design
and use of space, culture deviating from the traditional targeting pathway to prevent crime.
Traditionally. The focus rest predominantly on denying access to a crime target through physical
facility such as locks, alarms, fences, and gates. Apparently, modern approach tends to overlook
opportunities for natural access control and surveillance, which It can also make environments
sterile, unsightly, and unfriendly. The most reliable and proven approach to accomplish the goal
of combining security with design decisions is commonly known as the environmental design
model called CPTED. The environmental design approach to security recognizes the designated
space that defines CPTED solution compatible for associated activities often help to prevents
crime. The embedded goals and objective of CPTED rest on design and use of space, culture
17
deviating from the traditional targeting pathway to prevent crime. Traditionally. The focus rest
predominantly on denying access to a crime target through physical facility such as locks, alarms,
fences, and gates. Apparently, modern approach tends to overlook opportunities for.
Czwarte wydanie magazynu GLOBAL poświęcone zostało właściwemu zabezpieczeniu obiektów przemysłowych oraz obiektów wysokiego ryzyka, które w szczególny sposób narażone są na ataki terrorystyczne. W numerze znalazły się również informacje dotyczące drzwi bezpieczeństwa produkowanych przez Gunnebo.
In this edition, Global talks to experts about the evolving threat faced by public areas and critical infrastructure sites. “Many more types of site are seen as potential terrorist targets and are therefore vulnerable,” says French security specialist, Jean-Charles Proskuryn. Global asks what approach should be taken.
Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...juliekannai
Scott Tucker and Verrick Walker, Page
A Black Swan is an event that appears random, is extremely difficult to predict, and usually occurs unexpectedly—with a huge impact. The flooding from Hurricane Harvey in 2017 was Houston’s Black Swan. Unfortunately, we seldom think of disastrous flooding in our commercial buildings, bioterrorism in our health care facilities, blasts in our mission critical facilities, or wildfires overcoming our civic infrastructure, until another black swan dominates the news.
Over the past two decades, Page has formally helped owners and operators of critical facilities and infrastructure to plan and organize programs to harden and protect assets from a wide range of common and not-so-common threats, both natural and artificial. Beginning in 2001, we implemented a flood mitigation solution for Baylor College of Medicine’s campus in the Texas Medical Center after Tropical Storm Allison. Since that first project, we have helped academic, corporate, and government clients safeguard their facilities against fires, hurricanes, earthquakes, explosions, terrorist attacks, and even nuclear detonations. Through our work, we have developed a useful analytical framework for exploring resilient design options that applies to all types of threats, responses, and recovery efforts. This approach focuses on planning and programming for system-wide robustness, based on generalizing threats to buildings, rather than using actuarial data or calculated risk analysis.
This presentation outlines a practical methodology for architects to evaluate facility vulnerabilities throughout the programming and design phases. We will share our threat matrix, a tool developed to summarize and prioritize risks, case studies of how we have implemented this process, and the resulting robust solutions. We also will discuss operational steps that can be taken before, during, and after extreme events in conjunction with designed solutions to maximize resilience.
This talk is about incident response in ICS / OT environments. It uses some of the ideas of this talk (https://www.slideshare.net/FrodeHommedal/taking-the-attacker-eviction-red-pill-v15) and then applies that to incident response in an ICS / OT environment.
Top 5 secrets to successfully jumpstarting your cyber-risk programPriyanka Aash
Businesses like Autodesk understand that cyber-risk management is essential, but they often don’t know where to begin. Autodesk implemented a cyber-risk framework in six months by using Agile software development, risk modeling and risk quantification. This session will explore the company’s success secrets and offers advice on how security leaders can jumpstart their cyber-risk program.
(Source : RSA Conference USA 2017)
2. There will be a Risk Appetite
Threat Likelihood Impact Risk
Risk appetite, at the organisational level, is the amount of risk
exposure, or potential adverse impact from an event, that the
organisation is willing to accept/retain. (Mark Carey - Deloitte
& Touche LLP)
An economically-conditioned balance between maintaining
profitability, while not facing reputational exposure through
culpable risk-mitigation failure. (Me)
3. Questions that might guide Risk Appetite
Identify headline risk impacts on life safety, economic
reinstatement or reputation
What adjacencies might increase or decrease risks?
What are the acceptable norms for protecting the space in its
operational and aesthetic context – is there an extant security
milieu that appeals as a benchmark?
What risks can be treated, transferred, terminated and what
is left to tolerate – the latter lies at the core of risk appetite?
What design basis threats are likely to remain beyond
practical (cost-effective) mitigation?
3
4. Risk Appetite Illustrated in Counter Terrorism
Levels of Resilience to the Effects of Blast
Life Safety
Life Safety + Evacuation
Economic Reinstatement
Operational Continuity
All of which is a little
counterintuitive, given that
organisations normally say
that they are want to be
operationally viable after a
catastrophic event
5. The Implications for Risk Owners
You cannot mitigate everything, so figure out what you can handle
as risk appetite – challenging with crowded places
Doing nothing is not an option, but mitigation sufficiency is linked
to risk appetite
Get a risk assessment done and one that offers deductions for best
protective fit against form, function and budget
Scalability – things change (think about review programmes)
Have an audit trail for what was agreed on and why
Do it early because security as an afterthought is ugly and
expensive (think sustainability)
Think about balances between security technology and operations.
5
6. Threats, Likelihoods and Mitigation Impact
Anti-Social Behaviour Civil Disorder Bodily Harm Arson
Minor Serious
Vandalism Theft Robbery Kidnap Terrorism
More Likely Less Likely
Relatively Low Project Impact Relatively High Project Impact
7. A Built Environment‟s Characteristics
Accessed by many people and services during an often
extended working day – highly permissive
Capable guardian numbers will be small in relation to space
user populations
A highly predictable and well-publicised diurnal cycle
There will be lots of back-of-house areas
Private spaces are contiguous with public spaces - so good
mobility corridors (vehicle and pedestrian)
Technical surveillance challenged in crowded multi-function
spaces
Protective stand-off distances between potential threat loci
and key assets is often well below what is desirable.
7
8. Permeability
• Pedestrian routes need to be as open as possible to
facilitate the business day and avoid clogging at
pinch points (e.g. mass transit interchanges etc)
• Effective vehicle control will generally rely on
compliant behaviours – traffic enforcement rather
than HVM
• Natural barriers need to be enhanced (e.g. water
obstacles)
• Fences used sparingly and only along poorly
surveyed and „lonely‟ boundaries
• Atypical behaviours need to stand out – video
analytics.
8
9. Urban Buildings
• Highly packed on constrained footprints
• Dense occupation – the economics of modern high-rise
• Pedestrian connections across building demises – access
control zoning
• Mixed use inner spaces
• Legibility and way-finding encouraged
• Servicing and logistics areas
• Multiple security points needed
• Presence patrolling challenged by site complexity and
multiple ownership.
9
10. Building Forms
Sightlines along frontages
Heritage
Lighting
Nuisance alcoves
Pinch points
Capable guardianship
Fear of crime promoters
IED Blast propagation.
10
12. Do Not Forget Crime
• Crime
• High concentration of retail outlets
• High footfall
• High level of mixing between
workers, shoppers, tourists and others
• Mix of space management (inconsistent security
operations)
• Night-time economies
• Cash machines
• Fear of crime
12
13. Introducing Crime Prevention Early in Design
Space designers, owners and users can rarely influence the
law, the nature of targets (specifically their attractiveness), but
they can do something about the nature of a crime target‟s
location.
There is an academically supported view that “the proper design
and effective use of the built environment can lead to a
reduction in the fear and incidence of crime, and an
improvement in the quality of life”
(Crowe, 2000)
Crime prevention through environmental design (CPTED) is all
about „shaping‟ the working, entertainment, retail, domestic,
commute and recreational spaces we use; to encourage legitimate
use, whilst discouraging the illegitimate use of those spaces.
14. CPTED Intent
The theory of CPTED is based on a simple idea i.e. that
crime results partly from the opportunities presented by
physical environment
CPTED is the design or re-design of an environment to
reduce crime opportunity and fear of crime through
natural, mechanical, and procedural means
CPTED is best applied with a multi-disciplinary
approach that engages
planners, designers, architects, landscapers, law
enforcement and (ideally) residents/space users
The synergies with sustainability are a good selling
point
It has limits and cannot solve all crime issues.
15. CPTED
Territoriality - reinforcing notions of a “sense of ownership” in
legitimate users and discouraging illegitimate users
Surveillance - if offenders perceive that they can be observed
(even if they are not), they may be less likely to offend
Access control - denying access to potential target spaces creating
a heightened perception of risk in offenders
Target hardening - increasing the effort that offenders must
expend in the commission of a crime
Image maintenance - ensuring that the physical environment
transmits positive signals to all users
Activity support - the use of design to promote and strengthen
intended patterns of usage of space
16. The Security Master-plan Must Account For
More Open Environment – Inclusive and welcoming immediately
challenges desire for legitimate use
Greater Permeability – pedestrian and vehicle permissive – not all future
space users will be influenced by soft controls versus clear harder rule-
setting design
Concentrations of People – increased duty of care and policing/guarding
demands
Space Complexity – increased high-rise complex building forms and
complex space relationships – natural and technical surveillance
challenged
Situational Awareness and Incident Response – the things that will be key
influencers of overall operational effectiveness.