Integrated Safety, Security & Surveillance

i3S
i3S
Integrated S afety, S urveillance & S ecurity

Physical, Virtual, People, Cash &
Information Security

White Paper & Solution(s) options
© Casper Abraham, FEB 2010
http://www.edgevalue.com
Email : casper@edgevalue.com
Cellphone : +91 98450 61870

Software, Backend,
Tool & Platform
Systems Integrators

Business Model,
Methodology,
and System(s)

The Firm

Fullrange services
in Governance, Base of Experts,
Risk & Compliance Advisory, Staffing &
Consulting.

List of NATURAL Hazards i3S

q Displaced Persons
q Drought
q Earthquakes
q Epidemics and other Health Threats
q Extreme Temperatures
q Floods
q Global Climate Change
q Hail
q Hurricanes and Tropical Storms
q Infestations/Invasive Species
q Landslides
q Power Outage
q Structural Fire
q Technological Hazards/HAZMAT
q Terrorism and Civil Hazards
q Thunderstorms and Lightning
q Tornadoes
q Wildfire
q Winter Snow/Ice Storms

List of MAN-MADE Threats i3S

q Vindictive Behaviour
q Weapons. Firearms. Chemicals. Explosives.
q Hostage Situation.
q Dacoit.
q Ideology, Psychological and Behavioural Situations.
q Selfish Behaviour
q Petty Theft.
q White Collar Entry.
q Identity Theft / Fake Identity.
q Fudged paperwork / documentation.
q Unauthorised Vehicles vs Changed Licence Plates.
q Removal of Assets.
q CoOperative Behaviour
q Cartels of Security + Staff + Others.
q Lax systems. NOR Audit NOR Oversight.

Aspect. It s about . i3S

1. Choice
1. Better to be ‘safe’ than ‘sorry’.
2. Insurance
1. If nothing is going to happen … you don’t need it.
3. Uncertainty
1. An attempt to Predict / Quantify the future.
4. The opposite of ‘Risky’ is ‘Secure’.

Priorities i3S

1. Databases.
2. People logins.
3. Remote access.
4. Storage & Backup issues.
5. Down & Repair related issues.

Two sides of the same coin i3S
Risky …
• Greed
• High risk – High rewards
• Force Majeure.
• Requires Insurance.
• Contingency & Backup Plans.
• Exit options.
• Speculation vs Gambling.
• Unknown threats / weaknesses.

Security …
• Safe
• Average Returns.
• Known threats / weaknesses.

Today s Reality i3S

Intent to destruct. Sixth Sense. Investigation, Modus
Intuition. Suspicious. Pattern. operandi, Witnesses, Suspects,
Intelligence Gathering. What if Evidence, Forensics, Motive,
…and IF. Word & Detective work, legal or
Observations of others. illegal. Law & Constitution.
Behavioural Patterns. Prepared Police. Courts. Jail.
to die. PROFILING.

Event, Incident,
Crime, observable
‘physical’ or
‘virtual’ action
takes place.

Track the WHOLE i3S
population?
1. CreateIdentify, Train, Motivate &
Manage a base of PROFILERS.
2. Start with the Criminals in Jail. Of
course you can PROFILE them.
3. Database of their accomplices.
4. Foreigners in INDIA.
5. Foreigners in INDIA STATE(s).

6. A risk metric on every TARGET.
Keypatterns …
1. Lifestyle. 7. Do you want to know more about
2. Family, friends & relationships. who is IN?
3. Travel. 8. Do you want to know more about
4. Opinions & Beliefs.
5. Behavioural Assessment. who is OUT?
6. Observable Behaviour Profile. 9. Do you want to monitor or watch
7. Income & Sources. their movements? Monthly?
8. Spending on what. Weekly? Hourly? Realtime?
9. What do they possess? 10. Public? Households? Private?
10. What was; and is now not with them?

Going to be a criminal i3S

1. Manual
24hour Surveillance. Detective work. Night Vision
Binoculars. Photo & Video Cameras. Bugs &
Microphones. Recorders. Telephone Taps.
Your life was hardly threatened.
Intuition, Sixth Sense, “I can feel it” & Behavioural
Pattern Recognition.  “I know this guy did it.”
2. Challenges today …
Surveillance presence detection. CBRN Presence.
Mobile phones. Internet.  Radio monitoring.
Encryption.
Aspirational threat to Planning threat.
Your own life is threatened if you challenge OR become
a part of the “situation”.
Intuition, Sixth Sense, “I can feel it” & Behavioural
Pattern Recognition.  “I know this guy is up to no
good … but is that a Homeland Security threat?”.

Further challenges i3S

1. There may yet be no infringement of the
law.
2. Is it a lawenforcement, Police, State issue?
3. When is it a central, Defense or Homeland,
Central issue?
4. Our man (or woman) … the whole range.
Personal Values; Individual behaviour;
Current Stress; triggerhappy; Moral issues
… Human Rights; Encounters; Self
defense; Whether armed; adequate
protection; onthespot ‘manual’ or
‘automated’ information; informationon
demand. Real time Decisionmaking

So how real is a threat? i3S

Threat nuances i3S
1. What are the Force Majeure threats?
2. Are lives at stake?
3. Can Insurance solve it?
4. Airlines were downed for 3 days … so what. The
city came to a standstill for 5 days … so what.
The US economy is slumping … so what? The
Delhi CWG games was a disaster … so what?
5. Katrina. Asian Tsunami. Gulf oil spill. Hungary
toxic spill. Pakistan floods. What could have been
done? Is something being done about other
FUTURE such events?
6. Even if someone knew something was going to
happen … Clairvoyants? Hollywood? Witches?
Aliens?
7. And if it never happened … perhaps it was not
going to happen at all. Who pays? How do you
prove this?

Security Activity Monitoring i3S

Traditionally, security has focused on putting up a perimeter
fence to keep others out, but it has evolved to monitoring
activities and identifying patterns that would have been missed
before. Information security professionals face the challenge of
detecting malicious activity in a constant stream of discrete
events that are usually associated with an authorized user and
are generated from multiple network, system and application
sources. At the same time, security departments are facing
increasing demands for evergreater log analysis and reporting
to support audit requirements. A variety of complimentary (and
sometimes overlapping) monitoring and analysis tools help
enterprises better detect and investigate suspicious activity –
often with realtime alerting or transaction intervention. By
understanding the strengths and weaknesses of these tools,
enterprises can better understand how to use them to defend the
enterprise and meet audit requirements.

High Risk High Rewards i3S

Good … Bad …
• Sound as a Bank. • Islamic Banking.
• Ensure capital return. • Gambling.
• The Markets • Speculation
• EQUITY. • Throw good
• DEBT money behind bad
• COMMODITY • Ponzi Schemes.
• CURRENCY • MLM
• Safe as houses.
• Property
• Art & Antiques.

Risk i3S

1. Controllable
– Manage it.
– Eg. Forward Contracts / Commodities
Exchange.
2. Uncontrollable
– Insurance
– Force Majeure Management.

Systems Thinking & i3S
Systems Dynamics related
to Risk
1. Behavioural Systems Thinking.
2. Financial Systems Thinking.
3. Risk Systems Thinking.

4. Systems Dynamics Modeling.
5. Team, Systems, Practice, Instrument level
Systems flowcharts.

6. Mathematical Modeling.
7. Behavioural Modeling.

Staff at Risk Management i3S
Steps

1. Identify the hazards
2. Decide who might be harmed and how
3. Evaluate the risks and decide on precaution
4. Record your findings and implement them
5. Review and update (if necessary)

Risk Factors i3S

Risk_Metric R% = A% x T% x V%
Asset(s)

Threat
Risk

n al
t er
Ex
Cost
Vulnerability
Internal

Choose .. i3S

Ideas for implementation : Security
• IT Policy Sharing
• Intangible Assets
• List. Cost. Manage. Usage.
• Internal Patent System.
• USA Defense Services Orange Book Integrity

• Setup a MarComm, Communications, Documentation Division.
• Establish a ‘VI’ practice.
• Develop a partbranded ‘consumerusable’ line of products.
• Design & Manage a Catalogue.
• Push OR Pull ‘strategy’ ….

Sharing + Security + Integrity = 100%

Built on shaky i3S
fundamentals

i3S

Risk because of Information &
Communications Technology

Six sigma credo i3S

Ø We don't know what we don't know.

Ø We can't do what we don't know.

Ø We won't know until we measure.

Ø We don't measure what we don't value.

Ø We don't value what we don't measure.

Your personal data i3S

1. Creditcard numbers.
2. CW2 security numbers. (back of creditcard).
3. Credit reports
4. Social Insurance numbers.
5. Driver’s License numbers.
6. ATM cards.
7. Telephone Calling Cards.
8. Mortgage details.
9. Date of birth.
10. Passwords, PIN’s.
11. Home address.
12. Phone numbers.
13. Address book and Personal contacts information.

Corporate data i3S

1. Trade secrets. Recipes & Formulations. Bill of
Materials.
2. Cost information. Vendors; procurement costs;
supplier chain information.
3. Price information. Customers; selling costs;
customer relationship information.
4. Purchase track record – Sales History.

Exposure cases i3S
1. DSW, USA. Creditcard information from 108 stores; from 96,000 USA
check transactions exposure of US $ 1.5 M.
2. CardSystems, USA. Cardinformation of Japan; HongKing; Phillipines;
and Australia. Exposure US $ 40 M.
3. MphasisCitibank. Stolen US $ 350,000/
4. Sumitomo Bank. Stolen passwords caught prior to stealing US $ 397 M.
5. Citibank UPS shipment of customer data; 123,690 Japanese customers;
exposure US $ 3.9 M.
6. Accura Bank; stolen microfilm data; exposing 26,400 customers.
7. Commonwealth Bank of Australia – ATM cashtransfers. Stolen US $ 17
M.
8. Central Bank of Russia. Bank transfer information sold online.
9. Michinoku Bank. Thrown CD’s retrieved of nearly all its customer
information; exposure US $ 1.3 M.

Who s got it i3S

1. Banks
2. Card companies.
3. Credit reference Agencies.
4. Merchants.
5. Government Agencies.
6. Phone companies.
7. Insurance Firms.
8. Data brokerage firms. List Managers.
9. Payment Processing Agencies.
10. Direct Marketing Agencies.
11. Market Research Firms.

The only three i3S

1. What you know.
o Login ID. Passwords. PIN. Personal data.
Public and Private Keys. (PKI).
2. What you have.
o ID Card. Token number. Ticket. Boarding
Pass. PKI Digital Certificate(s).
3. Who you are.
o Signature. Fingerprint. Blood Group. Your
walk. Iris Pattern. Hand Geometry. Body
language. Voice Recognition. DNA.

AutoID : A key Technology i3S

AutoID
AutoID Device
Device
Smart
Smart
Tag
Tag 1.
1. ID
ID
Enormous 2.
2. Pull data
Pull data
cloud 3.
3. Push data
Push data
of devices

i3S

Collective or Group Risk

Mixed community Handling i3S
1. Purple Zone
Residential Towers.

2. Orange Zone
Manufacturing (EZ)

3. Green Zone
Commercial Complexes

4. Cream Zone
Retail Public Access

5. Red Zone
Utilities. Admin. Control
Rooms.

Mapped Systems i3S
1. Perimeter Controls.
2. Roads. *
3. Conduits/Pipes. *
4. Water. Sewage. *
5. Power. * Lighting.
6. Sensors – Cameras.
7. KeyCards. Access Control.
8. Display Signage
9. Vehicle Parking.
10. Vehicle Movement.
11. Access Point(s Control.
12. Fibre Communications.
13. IT Infrastructure
14. CED Wireless Network.
15. Security Manpower
Information System.
16. Law Enforcement. *
17. Operational Systems.
* Systems with likely Central, State, City 18. Tactical Systems.
or Municipal Authority. 19. Emergency. Crises.
20. Miscellaneous
Manufacturing

It SHOULD NOT be what most people i3S
think of as Security Today.
1. Security Staff
• 10, 50 … 200 ‘uniformed
jokers’ floating around.
• Not empowered.
• Not trained.
• Not civil, nor helpful.
• Gate Pass. InOut Register. ID
Card. Plate recording.
• Happily outsource to socalled
‘exServices Experts’.
2. CCTV
• A bunch of cameras connected
to a few TV’s.
• No one sees it.
• If you see something, no action
is taken or actioned too late.
• Footage not available when
needed.
• Analog is ‘cheap’ but ‘dead’.
• Inadequate Lighting. Poor
angles. Low coverage. You thought …….. BUT the reality.

i3S Imperative Elements i3S
Staffing Element(s)
Statutory Element(s) * Operational STATE Deployment.
* Constitution Adherence * Owned STAFF Deployment.
* Federal Subject(s) * Outsource STAFF Deployment.
* State Subject(s) * Stakeholder(s) STAFF – ADMIN – MGT.
* Statutory Reporting

Intelligence (Elements)
* Doing the Best / Footwork
* CCTV (Visual intelligence)
* Sensory Intelligence / Alerts
* Virtual Convergence World
* IT aided Intelligence.
Infrastructure Element(s) * Automation.
* FibreWired and Wireless Network.
* Server(s), Client(s), CEDs, Handhelds etc.
* Connectivity, Availability, Redundancy & Backup.
* Devices, Cameras, Sensors, Lighting, PowerSupply etc.
* Control Rooms, Access Points, Distribution Points etc.

Roads vs IT analogy i3S
Network Roads, number of Wired or wireless.
lanes, number of Analog, Digital or
checkpoints, signal IP.
lights, flyovers.
Servers Parking Lots. Car Data and
Lifts. Parallel Information stored
Parking. remote centrally

Bandwidth Perhour vehicle Size and speed of
capacity, Types and data transfer
Speeds of cars,
uphill, curves
Connectivity Toll Gates, Exit Availability and
Ramps, Security usability to an end
Checks, Weather user.
conditions, Sex (!),
Age and Health of
Driver, VIP intown

Connectivity Tap-Points i3S

• Camera Station
TO • CED (MobileHandheld)
• Public Alarm
• Action to i3S Policy
• WorkStation Access
• CED (MobileHandheld)
FROM • Helpdesk Request
• Subscriptions View
• SelfService
• Accountable Staff
Internal
Management;
External Inputs and Out
Access; Inputs
and Out

Types i3S
1. Cash.
1. Theft. Fraud. Loss.
2. Liquidity. Unavailability.
3. Bad Debt.
2. Assets.
1. Plant & Machinery / Office Equipment.
2. Nonperforming Assets.
3. Lower than planned ROI.
4. Depreciation.
5. Cost vs Performance.
6. Availability. Reliability. Maintainability.
3. IPR.
1. WTO. WIPO. GATTS. CountryStatutoryIndustry.
2. Patents. Copyrights. Trademarks. Secrets.
3. Appreciation.
4. Capital vs Expense.
5. Inventory
1. Overstock. Understock. Justintime. Carrying Costs.
2. Obsolescence.
3. Rework. Recycling. Inefficiencies. Quality issues.
4. Waste. Writeoff.

Accountability Transfer i3S
Whose cash is it anyway?
1. Extremely INDUSTRY specific.
• Compare. Automobiles vs Pharma. vs Music
CD’s vs Bollywood Films vs Your Industry.
2. Manufacturer OR Distributor OR Retailer.
3. Investors. Shareholders. Stakeholders.
4. Banks. FI’s. Mutual Funds.
5. Mortgages. Loans. Leasing. Hirepurchase.
6. Purchase of risk. Intransit documents.
Invoices. Payments. Letters of Credit.
Hundi (in Asia).
7. Futures and Options.

Cost of FAILURE! i3S

Indirect
Costs

Loss of Corporate
Customer Liability
Confidence

Regulatory
Action

Force Majeure i3S

1. Those "physical" events that are foreseeable, although
unpredictable, such as fires, floods or vandalism.
2. Those daytoday "business" events or governmental
actions that cannot be forecast, but which are foreseeable,
such as strikes or regulatory activities. This includes your
service provider's subcontractors and vendors not
performing tasks possibly necessary to your provider's
performance under the agreement that your provider may
claim are "beyond its reasonable control."
3. Those events that, although admittedly still pretty rare, are
now unfortunately quite plausible in a world where
commerce is easily touched by international politics, such
as military actions, embargoes, rebellions and terrorism.
4. Those events caused by extraordinary elements of nature
or "acts of God," which are truly unforeseeable force
majeure events.

Business Continuity Factors i3S
vis-à-vis Information & Technology
1. Uptime  (near 100%)
1. Backup, Housekeeping, Mirror, Geographical Spread,
Employee Standby, Hotfix, 24x7x365 service(s)
availability.
2. Downtime  (near 0%)
1. MTTR, MTBF, 24x7x365 service(s) availability.
3. Assess, Quantify, Measure
1. Information Costing. Investor, Vendor, Customer &
Coworker ‘impact’. Whatif scenarios.
4. Risk & Qualify.  High, Medium, Low, No.
1. Insurance.  Personnel standby.  Internal & External
Audits.

YELLOW QUADRANT
10 i3S

Severity of Impact
High severity RED QUADRANT
Low Probability High severity
High Probability

Closely Monitor
for increasing Real Trouble
Probability Try to reduce Impact

Probability of occurrence
0 10

Nuisance
Problems not Problems
significant

GREEN QUADRANT GREY QUADRANT
Low severity Low severity
Low Probability High Probability
0

When risk happens . i3S

1. Ontrack plan. (Backup, contingency)
2. Insurance, premiums & documentation.
3. Handling the Media (and fallout …)
4. Not repeating a mistake …

5. Factor #1 Probability.
6. Factor #2 Outcome or hazard.

Tools i3S

1. Sensitivity Analysis. (What if …)
2. Statistics Normal Distribution.

The only three i3S

1. What you know.
1. Login ID. Passwords. PIN. Personal data.
Public and Private Keys. (PKI).
2. What you have.
1. ID Card. Token number. Ticket. Boarding Pass.
PKI Digital Certificate(s).
3. Who you are.
1. Signature. Fingerprint. Retinal Pattern. Body
language. Voice Pattern. DNA.

IT Best Practices i3S
1. Without SSL encryption, the integrity of data is
compromised.
2. Without robust physical and network security, sensitive
corporate data is at risk of intrusion
3. Building an effective inhouse PKI system will take
considerable time and expense. Opt for managed PKI
services.
4. Free software will crack your password in 30 minutes.
5. Email is leaking your business secrets.
6. Traditional access control solutions are either ineffective or
costly
7. Your web site can be spoofed with a point and a click.
8. Testing in production is tempting fate.
9. The weakest link in your security is your people.
10. On the web, nobody knows if you are a Martian.

Reality checklist i3S

1. Almost everything is turning electronic & digital.

2. Applications will never be secure.

3. The perimeter is disappearing.

4. The determined hacker will get in, always.

5. Awareness training will help, only so much.

i3S
ID Theft.

CreditCard Fraud

18% Phone or Utilities Fraud
24%
Bank Fraud
4% Employmentrelated Fraud
5%
Govt. documents fraud
7% 16%
Attempted ID Theft

11% Loan Fraud
15%
Other Identify Theft

Your Physical Lobby i3S

DMZ on Extranet

The proposal i3S

1. Approach your ‘I.T.’ as you would your physical
office. You have a centralised reception area.
2. You have physical security. You have cameras.
You have offoffice hours infrastructure.
3. You have a backgate for materials. In/Out
registers. Documentation.
4. You also have Policies, Rules & Regulations,
Guidelines, Methods, Processes & Systems.
5. There is ‘Human Decision Making’ in terms of
outofpolicy, contingency & crises.

The Service i3S

Business Continuity is a matter of Practice and includes :
1. Study of Existing Systems.
2. Desired State Definition..
3. Gap Analysis.
4. Budgets & Costs Allocation.
5. Design & Plan.
6. Implement.
a. Buyout, License, Acquire, Recruit.
b. Integrate, Implement, Train, Setup, Establish.
c. Intensive Monitoring Services. (Typically 3 months).
d. Regular Monitoring Services. (Annual Contracts).
7. Review, Feedback, Correction.

Possible Scope of Supply i3S

From your Indiabased establishment … as your
Worldwide SinglePoint Source ….
1. Study of Existing Systems.
2. Desired State Definition..
3. Gap Analysis.
4. Budgets & Costs Allocation.
5. Design & Plan.
6. Implement.
a. Buyout, License, Acquire, Recruit.
b. Integrate, Implement, Train, Setup, Establish.
c. Intensive Monitoring Services. (Typically 3 months).
d. Regular Monitoring Services. (Annual Contracts).
7. Review, Feedback, Correction.

including i3S

1. Top Management ‘Interaction’ & ‘Support’.
2. Design & Management of your ‘Red Book’
3. Physical Manning at all physical server locations.
4. 24x7x365 Manned Monitoring
5. 24x7.x365 Automated ‘Sniffiing’ & ‘Snooping’ Conrols.
6. Hardware & Software Firewalls.
7. Internal Audit(s). Infrastructure, Administrators & I.T.
Departments of Internal, Vendors, Customers, Investor &
Coworker Groups access.
8. External Audit Support
9. Downtime Services.
10. Crises Services.
11. Choice of Technologies.
12. Online Certificate Design, Method & Systems.

If I.T. down assessment i3S

1. If Hardware, Networking, Storage goes
down ….
2. If Systems Software goes down …
3. If Application(s) Software goes down …
Bugs, Staging, Testing, Y2K type scenarios
….
4. If Data goes down …
5. If Information unavailable …
6. If unable to findout what has gone down
…

i3S
Security Policy

1. Written General Security Policy.
2. Written IT Security Policy.
1. IP’s. Listed & Controlled.
2. Allow & Deny. Group, individual & others.
3. Logs. Logs backup. Logs Analyses. Decisions.
4. Disaster Recovery.
5. DOS, DDOS etc.
3. Client ‘transparent’ document.
4. Internal audit.
5. External audit.

i3S
Information or Intelligence
Domain

i3S
Central Intelligence

•Gather Information, OR
Intelligence.
•Data. Images. Audio.
Video.
•Store. Retrieve. Analyze.
Pattern Recognition.
Intuition. Assign Field
Work.
•Gather MORE
information.
•Sort. Extract. Merge.
Collate. Integrate.
Consolidate. Automate.
• Efficiencies. ROI. TCO.

i3S
Disseminate. Execute. Act.
Assist. Support. Help.
Facilitate.

• Assign Work
• Intelligence on Demand.
• Verification.
Authentication, Fact
Checks.
• Friend or Foe Decision
Making.

i3S

People Risk

The ‘Human Being’ behind every
‘Risk’ related event.

i3S

Shrinkage

One word for Risk, Safety, Security,
Surveillance, Graft, Corruption,
Negligence; Stupidity; Ignorance; ill
informed; uneducated; Theft. Fraud;
Counterfeit; Negligence; Attrition …???
PRAY (People Risk
Assessment & Yield) Model

Risk from People i3S

People Actions Costs Behavioural

Employees Order Acceptance Direct OR Indirect Stopped Learning

TEMPS Procurement Fixed OR Variable Ego – AlphaMale

Ghost Employees Wrong Vendor
Not Insured
Wrong Hiring No Succession Planning
Obsolescence
Suppliers

Catering Staff Poor DueDiligence Rework & Waste
High Risk Behavour

Housekeeping
Liable for Litigation Personal Debt
Negligence
Security Staff
Greed
Graft (CORRUPTION)
Drivers 100% Revenue Loss
Clinical Problem(s)
Cartel
Increased Cost

Customers Poor Decisions
Lower Profits Long term consequence

New Economy i3S
Organisational Design
Sales

Commercial Contract
Internal Staff
Our Control
People
Our
Staff

Customer Contact External
Outside Control

Marketing

Delivery / Production / Manufacturing
Modern Organisations do not work from one The Enterprise has to be MORE
premises. All Staff may not be homogenous; not in control while being forced
from one area; community; state or even country. OUTOFCONTROL by the
Wireless allows into and out of any location; voice, pace of Technology.
video & definitely data.

Out-sourcing i3S

• Benefits • Risks
1. Required Skills. 1. Culture misfit
2. Lower Costs. 2. Increased Costs.
3. Quicker Access. 3. Less coordinated.
4. Better Systems. 4. Integration issues.
5. More Professional. 5. Lessincontrol

Types / Categories of i3S
Workforce
Class A
1. Board, Committee, Association.
2. Our Staff. Permanent.
3. Key Owners, Managers, Stakeholders of Members.
4. VIP’s. Statutory Authorities. Preapproved Guests/Visitors.
5. Outsourced Security KeyManagers, Authorised Staff.
Class B
1. Our Security Staff
2. Outsourced Permanent Security Staff.
Class C
1. OUR or external Parttime OR Temporary Security Staff.
Class D
1. Staff of ‘MemberUnits’.  Permanent.
2. Temporary Staff.  TEMPS.
3. ServiceProvider. Utilities. Supplies.  Catering. Transport Drivers +
SupportStaff.
4. Any new Employee / Regular LESS than one year of Regularity.
Class E
1. Contractor.  Staff. Labourforce. Contractor Suppliers. Contractor
Services.
2. Trade or Manufacturing. Goods Inward and Goods Outward.
3. Waste Disposal.  IN and OUT movement.

Risk Level Rating of People i3S

1. 0 to 9 : 9 = no risk; 1 VERY HIGH RISK. 0
= unknown / not assigned.
2. Everyone is assigned a Level 5.
Has to earn by time, inputs, selfservice, behaviour,
references, feedback to lower the Risk LEVEL.

PRAY (People Risk
Assessment & Yield) Model

Negligent Hiring i3S

1. What is negligent hiring?
2. Should all companies be expected to have a
screening policy?
3. Does every employee need to be screened?
4. How much should a company expect to pay
for screening?
5. What can it cost a company should they
chose not to have a screening program?
6. Do you have enough ‘Johariwindow’
information to make an offer?
7. Are all screening companies alike?

Negligent Hiring Problems i3S

1. Shrinkage. Theft. Robbery. White collar crime.
2. Security Staff are compromised!
3. Cartels / Organised Crime are formed!
4. IT, data, Information & knowhow leaks.
5. Rapists! Women’s Issues.
6. Pornography. VideoCam. Exploitation.
7. Pedophiles. Children abuse. (Where applicable).
8. Fellowworkers being blackmailed.
9. Paperwork fudging albeit for personal gain.

People Risk examples i3S

1. Ghost Employees. Not on your payroll, not coming to
work being paid maybe electronically.
2. Cartel of Security, Catering, Housekeeping & Admin. in
waste (and other) removal from the premises.
3. Labour (HR or line Staff) taking a ‘cut’ in recruitment,
placement, promotions.
4. Poor DecisionMaking. Order Acceptance, Vendor
Identification, Technology duediligence, Loan
disbursement. Based on wrong or Inadequate data or
information.
5. Highrisk behaviour in their personal, private life.
Gambling. Drugs. Debt. Wine. Women/Men.
6. Timeallocation. Priorities, motivation, interests in a
different direction or area. Nonprofessionalism.
7. Travel + Stay when it could have been done with Video
conferencing.

Some Solution(s) Step(s) i3S

1. Rating : Keep a simple scorecard. On a scale of 1 to 9 everyone is a 5
till proved otherwise based on Actions and Performance.
2. Internal FIR : Maintain a database of any and all incidents (tangible and
intangible) transparent ensuring personal privacy; warnings; letoffs;
rewards & recongition.
3. PMS : Perform periodic Reviews. Behavioural as important as
Performance.
4. Voperty : The modernorganisation is no longer on onepremises. It is
virtual and online as much as offline. Intellectual Property is as
important as Property. Tradesecrets, diagrams, customer or supplier
databases.
5. Infrastructure Enhancement & Technology Support.
6. KRI : Acquire, implement, maintain and manage a set of Key Risk
Indicators.
7. Process, Methodology, Workflow. Checklists. Visual Maps. Step
accountability.

Infrastructure i3S
Recommendations
1. Singlewindow Access Control System. (Staff, Catering,
Housekeeping, Temps, Security). Audited Attendance.
2. Eyes and Ears on the ground. Networked Cameras;
Adequate Lighting; Sensors for required needs.
3. Tripleplay convergent digital networks.
4. Things monitoring. Raw materials & Finished Goods.
Consumables. Fixed and Mobile Assets. Repairmen kits.
Catering, Housekeeping, Waste removal.
5. Centralised Servers + Platform for Intergrated, Realtime,
Remote & Localised Routine Reporting, Audits and
Alert/Alarm Systems.
6. Transparency, Convenience, Easeofuse, Ergonomics,
Managed Queues, Systems, Peopleflow.

Infrastructure i3S
Functionality
Information or Intelligence
Domain

Central Intelligence Disseminate. Execute. Act.
Assist. Support. Help.
Facilitate.

•Gather Information, OR • Assign Work
Intelligence.
• Intelligence on Demand.
•Data. Images. Audio.
Video. • Verification.
Authentication, Fact
•Store. Retrieve. Analyze. Checks.
Pattern Recognition.
Intuition. Assign Field • Friend or Foe Decision
Work. Making.
•Gather MORE
information.
•Sort. Extract. Merge.
Collate. Integrate.
Consolidate. Automate.
• Efficiencies. ROI. TCO.

Managed Services i3S

1. Choose to work with Riskpro India.
(http://riskpro.in) Typically a minimum of
15month contract.
2. Study, Report, KRIset & GRC
(Governance, Risk & Compliance)
Roadmap within one month.
3. Put in place our clextra Software Platform.
4. Identify and Train the ‘Taskforce’ on GRC
Roadmap.
5. Maintain, Monitor, Manage, Analyze.
‘Routine’ and ‘Alert’ Reporting to
Management.

Risk of No Information i3S
Risk of No Information & Communications Technology
Supply Side Supply Side
E D C B A
Source Interface Distribution Interface Request
SERVERS WebPipe EtherSpace Local ISP CLIENTS

1.4 90% plus
1.3 6089%
1 Relevance
1.2 Ok
1.1 Less than 50%

2.4 Predictive
2 Timeliness 2.3 Intime
2.2 Yesterday
2.1 Postmortem

3.4 DataHouse
3.3 Database
3 Quantity
3.2 11500 Pages
3.1 110 Page

4.4 Video
4.3 Audio
4 Media
4.2 Visuals
4.1 Text

5.3 Sharing
5 Quality 5.2 Integrity
5.1 Security

5.3 Backup
Infrastruc
6 5.2 Hardware
ture
5.1 Power

Any IT-record in your i3S
Business
1. Tangible Assets Master
2. Buy Purchase Orders Master
3. Main Metrics
4. Expenses Master
5. Firms Master
6. Inventory Master
7. Invoices Master
8. Mfg. JobWork Orders Master
9. Intangible Assets Transactions
10. Intangible Assets : Library : Info.Units
11. Owners : Contacts Customers Vendors
12. Individual Employee Master : Login II
13. Teams Master
14. Unit Master
15. RFID Hardware etc.
16. Seats Management Database
17. Individual Users Master : Login I
18. Vehicle Master

User definable #1/3 i3S
A000,FORCE MAJEURE C005,Central Labour Compliance
A001,Unpredictable C006,Local Labour Compliance
A002,Political Forces C007,Local Safety Compliance
A003,Terrorism D000,LEGAL
A004,Genuine D001,Major Lawsuit
B000,FINANCE D002,minor Lawsuit
B001,Cash Liquidity D003,Loss of original documents
B002,Market valuation of Equity D004,Legal fees
B003,Audit D005,Stay order Costs
B004,Financial duediligence D006,Stay order Time
B005,Technology duediligence E000,PLANNING
B006,Theft of cash E001,Vendor Base. (Contractual and Moral)
B007,Misuse of cash E002,Customer Base. (Affinity and Purchasing).
B008,Misuse of documents E003,Sales Projections
B009,nonPerforming Assets E004,Expenses Projections
B010,Tax E005,Cashflow Projections
B011,External Audit E006,Meeting Manpower Plans
B012,Internal Audit F000,HR
B013,Depreciation FA00,INVESTORS
B014,Credit Risk FA01,The Head of the Board
B015,Bad Debt FA02,The Board
B016,Book Value of EquityShares FA03,The CEO
B017,Market Value of EquityShares FA04,The CEOs Team
B018,Bullrun FA05,Investors ROI needs
B019,Bearrun FA06,Investors Values
C000,COMPLIANCE FB00,EMPLOYEES
C001,Regulatory Compliance FB01,Absenteeism
C002,Central Compliance FB02,Nonperformance
C003,SOX Compliance FB03,Quality
C004,StockExchange Compliance

FB04,Quantity FD11,Handson
FB05,Negligence FD12,Motivation
FB06,Fraud FD13,Timewastage
FB07,Unionism FD14,Gambling
FB08,Training FD15,Other pursuits
FB09,Requisite Operational Skills FD16,Indoor inclinations
FB10,Motivation FD17,Outdoor inclinations
FC00,MANAGERS FD18,Commitment to Quality
FC01,Not a Manager FD19,Commitment to Quantity
FC02,Not a CoachLeader FD20,Personal problems
FC03,Manager Unionism FD21,Financial burden
FC04,Labour Unionism FD22,Family problems
FC05,Fraud FD23,Personal Health
FC06,Planning FD24,Alcoholism
FC07,Plan adherence FD25,DrugsChemicals effect
FC08,Gap closure FD26,Obsessive Compulsive Disorder
FC09,Training FD27,Attention Deficiency
FC10,Requisite Operational Skills FD28,Hyperactive Syndrome
FC11,Motivation G000,INVENTORY
FD00,BEHAVIOURAL G001,Book Valuation
FD01,Narcissistic G002,Market Valuation
FD02,Nepotism G003,Physical Checking
FD03,Authoritarian G004,Obsolescence
FD04,Physical MaleFemale G005,Overstocking
FD05,Verbal MaleFemale G006,Understocking / Stockouts
FD06,Submissive G007,H. LOGISTICS RISKS
FD07,Sycophancy G008,Delayed inflow
FD08,Destructive Intelligence G009,Delayed outflow
FD09,StupidDumbIdiotic G010,Transit Damage
FD10,Handsoff G011,Transit Theft

G012,Transit Spoilage K000,MARKETING
G013,I. PURCHASE RISKS . KA00,EXTERNAL
G014,Quality. Rework KA01,Customer understanding
G015,Wastage and writeoff. KA02,Customer need specifications
G016,Shortsupply KA03,Quantity of Reach
H000,MANUFACTURING KA04,Quality of Reach
H001,Line Downtime KA05,Too much communications
H002,Partial Downtime KA06,Too little communications
H003,Shopfloor Accidents KA07,Market segmentation
H004,Labour unionism KA08,Choice of channels
H005,Capacity availability KA09,DeliveryInstallCommissioning
H006,Output efficiency KA10,Training
H007,Inlogistics Space KA11,Customer Usage
H008,OutLogistics Space KA12,After Market Services
H009,PowerEnergy availability KA13,Product Lifecycle Revenue
H010,Water availability KA14,Product Lifecycle Expenses
H011,Flow constraints KA15,Product Lifecycle Profit
H012,Process inefficiency KA16,Reputation Risk
H013,Safety Systems KA17,Brand Dispersion Risk
J000,REDUNDANCY BACKUP KB00,PUBLICITY
J001,Duplication KB01,Bad Press due to internal incidences
J002,Backup KB02,Bad Press due to extraneous incidences
J003,Alternate System KB03,Investor relations.
J004,mismatched capacities KB04,exemployee relations.
J005,Absenteeism KB05,Customer relations.
J006,People Training KB06,Vendor relations.
J007,Use of ConsultantsAdvisors KB07,Press relations.
KB08,Political relations.

Define & Manage Sets i3S
Set 1 Set 2 Set 3 Set 4 Set 64 Set 65 Set 7821
A000,FORCE MAJEURE a
A001,Unpredictable
A002,Political Forces
A003,Terrorism a
A004,Genuine
B000,FINANCE
B001,Cash Liquidity a a
B002,Market valuation of Equity a
B003,Audit a
B004,Financial duedilligence a
B005,Technology duedilligence a
B006,Theft of cash a
B007,Misuse of cash a
B008,Misuse of documents
B009,nonPerforming Assets
B010,Tax
B011,External Audit
B012,Internal Audit
B013,Depreciation
B014,Credit Risk
B015,Bad Debt a
B016,Book Value od EquityShares a
B017,Market Value of EquityShares a
B018,Bullrun
B019,Bearrun a a

A set can have any number of userdefinable metrics.

Assign Set to a Record i3S
1 Tangible Assets
2 Buy Purchase Orders
3 Main Metrics
4 Expenses
5 Firms
6 Inventory
7 Invoices
8 Mfg. JobWork Orders
9 Intangible Assets Transactions
10 Intangible Assets : Library : Info.Units
11 Contacts Customers – Vendors – Agents – Drivers Traders
12 Level II login users : Employee, Customer, Doctor, Patient, Student
13 Teams
14 Unit – Group – Household (In addition to Teams).
15 RFID Hardware etc. Gates, Doors and Access Equipment.
16 Seats Workstations – Desks etc.
17 Level I login users
18 Vehicle

Each Metric includes i3S
1. Cost.
On a scale of 0 (nocost) to 10 (very high); this is the means to ‘level’
ANY and ALL Threats to a business.
2. Vulnerability
On a scale of 0 (none) to 10 (definite) Internal  weaknesses and under
reasonable control factors.
3. Threat
On a scale of 0 (none) to 10 (definite) External factors perhaps with
minimal or no control.
4. Percentage
This is a percentage for leveling. P = C x V x T (Multiplication and
Percentage of the above earlier 3 parameters).
5. Statistical Chance
Independent of the above, a Standard Market statistical percentage of
an occurrence for this type of risk.  Allows upto 4 decimal
places. Ie.  1 in 10,000 chance of occurrence.

ICT Best Practices i3S

1. Without SSL encryption, the integrity of data is
compromised.
2. Without robust physical and network security, sensitive
corporate data is at risk of intrusion
3. Building an effective inhouse PKI system will take
considerable time and expense. Opt for managed PKI
services.
4. Free software will crack your password in 30 minutes.
5. Email is leaking your business secrets.
6. Traditional access control solutions are either ineffective or
costly
7. Your web site can be spoofed with a point and a click.
8. Testing in production is tempting fate.
9. The weakest link in your security is your people.
10. On the web, nobody knows if you are a Martian.

RFID and Physical Location
based.

Incident areas and
Bibliography
1. clextra Cupboard dodocs
1. archival system for all periodic Reporting.
2. clextra Cupboard cdocs
1. archival system for all random Reporting.
3. Organisational Filing System.
1. Individual and/or Team based.
2. Selective access to everyone in the organisation.
3. Supports MS Office, schematics, multimedia and/or any
other format.
4. Numbered email. PULL System. (No PUSH).
5. Multimedia File binning.
6. Technology permitting …. SMS, Mobile etc.

Coding System(s) : 2 of i3S
10 s, dozens.
1. Location Code.
Eg. inKAblrAZON01 (13 character code).
1. 2 chars – ISO country code.
2. 2 chars – Country State code.
3. 3 chars – City code.
4. 1 alpha – Zone code.
5. 3 chars – Preferably 9 or 81 directions N,E,W,S,C
6. 2 chars – Cna be subzones OR floors OR any other.
2. Device Code
inKAblrAZON01rc000006
1. Device no. 6 Grouped treatment as a Particular type of
Display, or Camera, or IN or OUT gate, reader, writer,
sensor etc.
3. Also supported EPC codes; GPS codes and point
maps on ANY image(s).

i3S

Shrinkage, Risk, Security

Shrinkage Euphemism for Theft.
Fraud; Counterfeit; Negligence;
Attrition;

i3S
Inventory Shrinkage ...
1. Empty boxes or "hollow squares" in stacked goods.
2. Mislabeled boxes containing scrap, obsolete items or
lower value materials.
3. Consigned inventory, inventory that is rented, or traded
in items for which credits have not been issued.
4. Diluted inventory so it is less valuable (e.g., adding water
to liquid substances).
5. Increasing or otherwise altering the inventory counts for
those items the auditor did not test count.
6. Programming the computer to produce fraudulent
physical quantity tabulations or priced inventory listings.
7. Manipulating the inventory counts/compilations for
locations not visited by the auditor.
8. Doublecounting inventory in transit between locations.
9. Physically moving inventory and counting it at two
locations.

Inventory More Shrinkage i3S

1. Including in inventory merchandise recorded as sold but
not yet shipped to a customer.
2. Arranging for false confirmations of inventory held by
others.
3. Including inventory receipts for which corresponding
payables had not been recorded.
4. Overstating the stage of completion of workinprocess.
5. Reconciling physical inventory amounts to falsified
amounts in the general ledger.
6. Manipulating the "rollforward" of an inventory taken
before the financial statement date.

i3S
Inventory & shrinkage
1. Not retiring WIP and not classifying completed jobs as
finished goods after dispatching them to customers.
2. Falsifying computer runs by overriding the WIP
applications.
3. Including extraneous elements, like period costs, in WIP
tabulations.
4. Excluding jobrelated direct costs, such as special
purpose tools and jigs, from WIP tabulations.
5. Tinkering with process cost allocation and overhead
calculation functions.
6. Including abnormal process losses in WIP.
7. Overstating the stage of completion of workinprocess.
8. Programming the computer to produce fraudulent
physical quantity tabulations or priced inventory listings

Inventory i3S
Not the final word on Shrinkage

1. Physically counted percentage factor.
2. Items requiring further audit scrutiny.
3. Surreptitious check(s) percentage factor.
4. Physical opening and caselabel match factor.
5. Increase in count factor from original plan due to findings.
6. Timegap between disparate location physical counts.
7. Factor of likely owned property/materials/stock.
8. Specialist factor. Does observer understand the inventory?

Loss of Original Documents i3S

1. Litigation.
2. Direct cash loss.
3. Lack of control over your ‘Staff’.
4. Reduced Customer confidence.
5. The ‘good faith’ in which these were given to you
in the first place.
6. Perception of ‘corruption’ and ‘deliberate’ act.
7. Negligence.
8. Inability to ‘store’, ‘monitor’ and ‘manage’ over
long periods of time. (10+ years).
9. Inability to use technology such as Library
Science methods, barcode, RFID etc.
10. Inability to cost perdocument storage and ROI,
TCO for Document Management.

Other fraud i3S

1. Identify Theft.
2. Credit Card.
3. Password Theft.
4. TCPIP Theft.
5. Patent Infringement.
6. Copyright, Trademark Theft.
7. Industrial espionage.
8. Counterfeits and Knockoffs.

i3S

GPS etc.

Integrating GPS, GIS, GPRS, 3G,
RFID, AutoID & related technologies
onto a Single Unified Integrated
Realtime Remote Triple Play
Solution.

Geography : 7 level Detail i3S

Map Tracks : Actual Path(s) i3S

Route Maps : Commute etc. i3S

Beats, Timings, Circuits i3S

i3S Incident(s) Database i3S

1. MANUAL and/or AUTOENTRY
Recording of all incidents.
2. MANUAL cataloging and bibliography of
incidents.
3. THEREFORE search of incidents.
4. Checklists for followup & Tracking.
5. Opening of a ‘Case’ for legal procedure.
Information and evidence handling, court
followup.

i3S Case(s) Tracking i3S

1. If FIR is registered.
2. Case Development and Management.
3. Evidence and Support information.
4. Court dates and Followup.
5. Longterm tracking of all Cases.
6. Costs and Decision making related to each
Case.

i3S Bibliography, Search i3S
etc.

i3S

Individual Risk

The ‘Human Being’

Typical Certification Areas i3S

1. Access Control
2. Application Development Security
3. Business Continuity and Disaster Recovery Planning
4. Cryptography
5. Information Security Governance and Risk
Management
6. Legal, Regulations, Investigations and Compliance
7. Operations Security
8. Physical (Environmental) Security
9. Security Architecture and Design
10. Telecommunications and Network Security

Features i3S
1. Assuming 100’s of 1000’s of camera / eyes are deployed …
2. Primary thinking and application is deterrence.
3. Can’t CAPTURE, TRANSMIT and STORE ALL in highdefinition; 25 fps; Colour …
the costs are astronomical.
4. Any ‘realtime’ alerts from streaminglive from multiple camera automation based on
Pattern Recognition is WAY TOO EXPENSIVE and NOT REALISTIC.
5. Being proactive cannot imply predicting ‘what will happen’ or ‘the future’.
6. So what do you capture …
1. Assume lasthour or last 3days or whatever.
2. Prealert and postalert EXTRACT from the above stream.
3. CLEAR bibliography; date, time, physical location, camera, view, quality, quantity, length,
guardonduty etc. etc.
4. Alerts can happen …
1. incamera – Motion Detection. Field of View. Range of programmable features. License Plat
recognition.
2. noncamera – Sensors. Vibration. Tripwire. Light. Noise. RF. Optical etc. etc. etc.
3. Currency. Cheques. Documents or other Verification.
7. Intelligence on the Edge
1. Camera stores fullstreams locally. Discarding after preset lifecycles.
2. UPLOAD to central STORE any and all incidents.
3. Create an clextra bibliography record for every UPLOAD.
8. GuardServices Alert
9. Forensics. Evidence. Search. Analytics.

Guard Services i3S
1. Guards have to watch 100’s at a time. NOT POSSIBLE.
2. Guards are human. Don’t expect them to watch even ONE
all the time.
3. When an ALERT happens; must be able to localise;
locate; have decisionoptions and mobilise to tackle the
ALERT as appropriate.
4. Systems of ALERT prioritisation.
1. Fire. Earthquake. Flood.
2. Dacoity. Terrorist Threat. Bomb.
3. Single Incident. Armed vs Unarmed.
4. Small start threat. Smoke. Water. GasLead etc.
5. Tampering alert. Door. Window. Cables. Camera etc.
6. Client or Customer THEFT vs Employee THEFT.
7. System Authority. CEO. Police. Guards themselves.
8. Infringement. Person in nonauthorised zones.
9. Infringement. Animals. Dogs. Cats. Rodents. Pests.
5. Risk and Falsealarm RULES Management.

Not just your cameras i3S
there are more
1. Storefronts
2. InStore Cameras.
3. Gas Stations
4. Police stations
5. Businesses
6. Government & Office Buildings
7. Houses. Estates. Gate Security. Guard Security.
8. Traffic cams. Red light cams.
9. Taxi companies – Most taxis nowadays have dash
cams, and a driver can manually trigger them
10. Any witnesses with cellphones
11. Any witnesses with digital cameras, camcorders
12. Any witnesses. Record their statements with your
onhand camera.

Someone should want to i3S

1. Pay for it.
2. Look at it.
3. Use it.
4. Make it count.
5. Just evidence. Seeing is believing.
6. Use it as evidence in a court of law.
7. Save a life.
8. Save property.
9. Save time.
10. Do something … for someone.

i3S
The face of Information Security
1. There is someone looking
over your shoulder.
2. Uniform & Authority
Matter.
3. He is trained and tough.
4. This person is authorised
‘internal’ and ‘by law’ to
act on our behalf.
5. This person is Technically
Qualified and aware.
6. If you ‘cross the line’ … you
are in trouble.
7. You can ask me as to ‘what
the line is’.
8. Honestly; I am here to help
you do your job ‘honestly’.

Counterfeit Management i3S

1. Identifying counterfeit NOTES and COINS
requires a combination of AUTOMATION &
PEOPLE skills.
1. Automation Concerns
1. Automated kiosks DO NOT have this luxury and have to be
able to standalone and independently decide to ACCEPT or
REJECT.
2. Reject in many instances can mean loss of Business and
Consumer confidence.
3. Automated kiosks can be misused for moneylaundering; coin
hoarding; highernote disposal etc.
2. Manual Concerns
1. Remove the drudgery of counting.
2. ONUS on protecting and endofshift settlement.
3. Know how to be able to identify counterfeit.

The Solution i3S

1. Coin operated Vending Machines.
2. Coin or Cash based Media Dispensing.
3. Ticketing kiosks.
4. Utilities Bill Payment by Cash and/or Smartcards and/or
Debit and/or Credit Cards.
5. GPS, GIS, GRPS, GSM, RFID based Tracking.
6. Touch screen based interaction.
7. Network integration with central computing facilities.
8. Local alarms & alerts; including automated and manual
video surveillance.
9. Supply of HARDWARE, SOFTWARE, SYSTMES
PROCESSMETHODOLOGY starting with Awareness
Training.
10. PreSale; InSale and PostSale Staff & User training.

Who needs this i3S

1. Any business handling cash.
2. Banks. Cash deposit. Cash withdrawal.
3. Cointocash and cashtocoin exchangers.
4. Retail operations.
5. Notes and/or Coins counting.
6. Government Utilities. Receipt Printing.
7. Parking. Ticketing. Events. Journey slips.
8. Vehicle Parking.
9. Toll Gates and payperuse applications.
10. Currency Exchange.

http://www.edgevalue.com
http://www.clextra.in
casper@edgevalue.com  © JAN 1999
Edgevalue
62 B Modi Residency
Miller Road
Bangalore   560 042     INDIA
Phone : 91 (india)  80 (bangalore)  2595 0059
Cellphone : 98450 61870

Integrated Safety, Security & Surveillance

Recommended

Recommended

More Related Content

Similar to Integrated Safety, Security & Surveillance

Similar to Integrated Safety, Security & Surveillance (20)

More from Edgevalue

More from Edgevalue (20)

Recently uploaded

Recently uploaded (20)

Integrated Safety, Security & Surveillance