2. Training Aims:
The aims of this security culture and insider threat training are:
• To learn all processes and practices in order to promote, implement
and embed a positive security culture.
• Establish an appreciation of positive security practice amongst
employees
• Identify insider threats
• Mitigate risk of security incidents and breaches
• Actions to be taken when insider risks are identified
• Multiple choice test paper
3. What is Security Culture?
According to CAA Security Culture is:
“A set of norms, beliefs, values, attitudes and assumptions
that are inherent in the daily operation of an organisation
and are reflected by the actions and behaviours of all
entities and personnel within the organisation.
Security should be everyone’s responsibility – from
the ground up.”
4. What is Security Culture?
An effective security culture is about:
• Recognising that effective security is critical to business
success
• Establishing an appreciation of positive security practices
among employees
• Aligning security to core business goals
• Articulating security as a core value rather than as an
obligation or a burdensome expense
5. Why Is Security Important?
Security is a very important aspect of air travel. As a DFT/CAA regulated inflight
supplier, Royalblue must ensure that all security measures are undertaken and
monitored
The main aim of aviation security is to prevent acts of unlawful interference, above
all by keeping threatening items such as arms and explosives away from aircraft. It had
been high on the agenda for decades when it became a major cause for concern
following the terrorist attacks of 9/11
The aviation industry is one of the most tightly-regulated industries in the world with
complex standards that include food and so much more, leaving absolutely no room for
error. The smallest deviation from security standards can be disastrous to our airline
customers and highly dangerous for staff and passengers.
6. NOTE: All searches conducted at Royalblue will be non-physical
which means no contact is made between the searcher and the
person being searched
Royalblue Security Practices
• Access Control
• CCTV
• Control of goods in
• Preparation and screening of goods in by security trained
production team
• Screening and packing of in flight supplies by security trained
packing team
• Security check of catering carts by means of a final search
• Vehicle searches prior to loading of vehicles
• Security paperwork (i.e.. 8.1 and 8.2) and use of security
seals
7. NOTE: All searches conducted at Royalblue will be non-physical
which means no contact is made between the searcher and the
person being searched
Royalblue Security Practices
• Recruitment process carried out in accordance with
CAA/DFT regulations
• Criminal record checks undertaken for all staff
• Initial and refresher In-flight Supplies Security Training
must be provided to all staff
• Search policy in place for both staff and visitors
• Security policy and security notices
• Security auditing, contingency plans and emergency
procedures
• Incident reporting and threat reporting
8. NOTE: All searches conducted at Royalblue will be non-physical
which means no contact is made between the searcher and the
person being searched
Who is a Risk?
A current or former employee, contractor, or business partner who
has or had authorised access to the organisation's network, systems,
or data.
Examples of an insider may include:
•A person given a badge or access device.
•A person whom the organisation supplied a computer or network
access.
•A person who develops products and services.
•A person who is knowledgeable about the organisation's
fundamentals.
•A person with access to protected information.
9. NOTE: All searches conducted at Royalblue will be non-physical
which means no contact is made between the searcher and the
person being searched
Insider Threat
What is Insider Threat?
Any type of malicious activity against an organisation that
comes from users with access to an organisations network,
systems or data
10. NOTE: All searches conducted at Royalblue will be non-physical
which means no contact is made between the searcher and the
person being searched
Insider Threat
The insider threat can be either unintentional or intentional.
•Unintentional Threat
• Negligence – An insider of this type exposes an organisation to a threat through carelessness.
Negligent insiders are generally familiar with security policies but choose to ignore them,
creating risk for the organisation. Example includes allowing someone to “tailgate” through a
secure entrance point.
• Accidental – An insider of this type mistakenly causes an unintended risk to an organisation..
Example includes improperly disposing of sensitive documents
•Intentional Threats - Intentional threats are actions taken to harm an organisation for personal
benefit or to act on a personal grievance.” The motivation is personal gain or harming the organisation.
For example, many insiders are motivated to “get even” due to unmet expectations related to a lack of
recognition or even termination. Their actions can include violence, espionage, theft, sabotage or cyber
threats.
•Other Threats
• Collusive Threats – A subset of malicious insider threats is collusive threats, where one or
more insiders collaborate with an external threat actor to compromise an organisation.
• Third-Party Threats – Additionally, third-party threats are typically contractors or vendors
who are not formal members of an organisation, but who have been granted some level of
access to facilities, systems, networks, or people to complete their work.
11. NOTE: All searches conducted at Royalblue will be non-physical
which means no contact is made between the searcher and the
person being searched
Insider Threat
Insider threats manifest in various ways:
Violence Espionage Sabotage Theft Cyber Acts
12. NOTE: All searches conducted at Royalblue will be non-physical
which means no contact is made between the searcher and the
person being searched
Your Security Role:
• Do not allow ‘tailgating’ of unknown persons through entry/exit
doors
• Ensure your ID pass is worn at all times once you enter the unit and
remove it from view once you exit the unit
• Follow the visitor signing-in procedures. All visitors must display a
visitor pass, escorted by a company ID holder and never unattended
• Sign your clock card in/out
• Report a lost or stolen ID pass immediately
• Stop and challenge anyone not displaying a valid ID pass
13. NOTE: All searches conducted at Royalblue will be non-physical
which means no contact is made between the searcher and the
person being searched
Your Security Role:
• Keep private, confidential or sensitive information stored/locked away
from view
• Report lost company property/equipment
• Regularly check security board for any security updates or information
• Help and assist in protection of our in-flight supplies by correctly
following and implementing screening processes and procedures
• Password lock unattended IT devices and ensure removable media
storage and laptops are locked and protected when not in use
• Report any suspicious emails
14. NOTE: All searches conducted at Royalblue will be non-physical
which means no contact is made between the searcher and the
person being searched
Your Security Role:
• Gain approval if publishing, posting or commenting on company
related business online
• Be careful when handling queries from customers, suppliers,
partners or public (check for sensitivity before sharing
information and verify identity before giving out information)
• Private, confidential or sensitive company information should not
be shared outside of work with family, friends or contacts.
• Report unusual or suspicious behaviour in the workplace
• Be vigilant and remember :
SECURITY IS EVERYONE’S RESPONSIBILITY!!!
15. NOTE: All searches conducted at Royalblue will be non-physical
which means no contact is made between the searcher and the
person being searched
Reporting:
Insider threats are real and impose significant risk to lives. Insider
threats can take days, months or even years to plot and involve one or
even multiple individuals.
If you identify potential insider threats, please report the incident or
behaviours to your Supervisor/Line Manager or the Security Manager or
even law enforcement ( If required- Threat/Incident report forms are
kept with Duty Managers in the Operations Office)
When reporting what you have observed please be as descriptive as
possible and include the 5W ‘s:
WHO WHAT WHERE WHEN WHY
16. Reporting:
WHO – Who you saw
WHAT – What you observed
WHERE – Location
WHEN – Date and time
WHY – Why is the activity or behaviour suspicious
17.
18. NOTE: All searches conducted at Royalblue will be non-physical
which means no contact is made between the searcher and the
person being searched
Security Reminders
19. NOTE: All searches conducted at Royalblue will be non-physical
which means no contact is made between the searcher and the
person being searched
Security Reminders