Security Planning - Assignment Example

Security Planning and Assessment Question1) define workplace violence. To what degree is workplace violence a problem in the United s What factors contribute to it What, if anything, can be done to reduce the incidence of violent crime in the workplace Do private security organizations play a role in the solution Answer 1) Workplace violence is violence or the threat of violence against workers. It can occur at or outside the workplace and can range from threats and verbal abuse to physical assaults and homicide, one of the leading causes of job-related deaths. However it manifests itself, workplace violence is a growing concern for employers and employees nationwide. A very real, clear and present danger lurks just beyond the consciousness of people who work together eight to ten hours a day, five to seven days a week. It is the potential for violence to occur in workplace. Increasingly, the Human Resources function is both the target of these threats of workplace violence and the organization's first line of defense for the prevention of workplace violence. Homicide is the second leading cause of fatal occupational injury in the United States. Nearly 1,000 workers are murdered and 1.5 million are assaulted in the workplace each year. According to the Bureau of Labor Statistics (BLS) National Census of Fatal Occupational Injuries (CFOI), in additional information about workplace violence, there were 709 workplace homicides in 1998. These accounted for 12 percent of the total 6,026 fatal work injuries in the United States. Of these 709 workplace homicide victims in 1998, 80 percent were shot and nine percent were stabbed. According to the National Crime Victimization Survey (NCVS), 2 million assaults and threats of violence against Americans at work occur annually. The most common type of workplace crime was assault with an average of 1.5 million a year. There were 396,000 aggravated assaults, 51,000 rapes and sexual assaults, 84,000 robberies, and 1,000 homicides reported. These figures likely fall short of the actual number of violent acts occurring in workplaces as not all acts of workplace violence are reported. The news media tend to sensationalize acts of workplace violence that involve coworkers. In sensationalizing incidents of workplace violence, they remove the emphasis from the most important targets for workplace safety programs. In fact, the most common motive for job-related homicide is robbery, accounting for 85 percent of workplace violence deaths. The National Institute for Occupational Safety and Health (NIOSH) provides information that illustrates anyone can become the victim of a workplace assault, but the risks are greater for workplace violence in certain industries and occupations. The taxicab industry has the highest risk, nearly 60 times the national average for potential workplace violence. A good first step for prevention in all workplaces consists of a general assessment designed to evaluate the presence of any specific risks of violence, both from within and outside the organization. Such an assessment will help the organization to fully understand the particular safety and security needs of the workplace - information that will help shape its prevention efforts. Often, forms of behavior that signaled the violence to come have preceded a violent act. If those signs had been recognized and appropriately addressed, the violence might not have happened. A prevention program will include a ''No Threats, No Violence'' policy that is clearly communicated to all employees. The policy will state the employer's commitment to provide a safe workplace, free from violence or the threat of violence. It will also set forth a code of employee conduct that clearly defines unacceptable behavior and prohibits all violence and threats on-site and during work-related off-site activities. A workplace violence program further includes an interdisciplinary team created and trained to manage any violent incidents or reports of troubling behavior made under the workplace violence policy. Instead of waiting for a threat or violent incident to occur and then making ad hoc decisions regarding who will handle it and how, a company should create and train an interdisciplinary Threat Management Team so that procedures and lines of authority will be clear as soon as a threat or violent emergency occurs. Question 2) what do you believe is the most significant or important aspect of security assessment and planning In your answer, explain how other aspects of the security assessment and planning process would be affected adversely if the aspect you identified were improperly or inadequately performed Answer) An important part of any security strategy is to identify the current level of exposure and risk a company faces and to understand how to monitor, detect and respond to the growing number of vulnerabilities and threats to enterprise information. An adaptive security solution enables productivity by allowing companies to focus on core business functions rather than security risks. Assessments are done in cooperation with the system owners and are helpful in making the system owners aware of security issues that may exist with their assets. The assessment methodology is a six-step process. This includes initial research of university policies and procedures, applicable laws, and security best practices. Then the Information Security Office (ISO) creates a scope document, which is then signed by the system owner. The ISO next determines an assessment strategy--what and how--and creates an assessment checklist. 1. Entrance Conference In the entrance conference management, system owner(s), system administrator(s), and ISO assessment team should be in attendance. The scope document will be covered at this meeting as well as the assessment process, assessment roles, and the time frame for the assessment. 2. Fieldwork Fieldwork is done in a systematic manner according to the previously developed checklist. The ISO reports new issues in a timely and professional manner to the system owner/administrator as defined in the scope document. The ISO also documents all security issues and includes them in the assessment report delivered at the end of the assessment. 3. Preparing the Report The Assessment Report should include Executive Summary Describe the purpose of the assessment. Describe the scope of the assessment. Findings and recommendations Conclusion A draft report should be reviewed and commented on by the system owner/administrator prior to the exit conference. 4. Exit Conference Management, system owner(s), system administrator(s), and the assessment team should attend the exit conference. The conference will accomplish Review report Assign tasks for remediation/mitigation Establish schedule for future assessments 5. Report to Management To identify the security vulnerabilities that may exist within a company's infrastructure, a Vulnerability Assessment should be carried out regularly. Several Vulnerability Assessments, includes: Internet Risk Assessment - Identifies vulnerabilities in a company's Internet infrastructure and any potential risks through their Internet connection. Enterprise Vulnerability Assessment - Audits an enterprise's security infrastructure and identifies potential areas of exposure in their servers, network topology and security policies. It includes a thorough analysis of the company's firewalls, routers, switches and operating systems. Malicious Threat Assessment - Helps companies understand the threats that exist at their Internet ingress/egress point. By strategically placing a network intrusion detection sensor at Internet access points, one can monitor and log the occurrence of probes and attacks against the company's network, as well threats emanating from within the network. Regulatory Compliance Assessment - Using a regulation-specific information gathering and assessment methodology, one works with each client to identify vulnerabilities and review security policies to assure that best practices are in place as required by regulations such as Sarbanes-Oxley, GLBA, HIPAA and ISO17799. Payment Card Industry Data Security Assessment - Helps clients understand their risk exposure related to the exacting requirements of the Payment Card Industry (PCI) Data Security Standard. Question 3) Describe the history of aviation security in the United States. What factors or events in our past gave birth to aviation security efforts How have those efforts changed over time As you contrast the past and present, be sure to thoroughly describe the state of aviation security today. The horror and tragedy of the September 11, 2001 terrorist attacks, with the loss of thousands of lives and the resultant economic damage, illustrates the vulnerability of the security system in United States. It showed that their transportation systems, in this case aviation, could be used as a weapon against us. The aviation security system, as a vital national security interest, is a critical line of defense, but it is not foolproof, particularly against terrorists who are willing to die in their criminal schemes. This is why the effort to stop terrorist attacks along with the strengthening of transportation security is so important. Also, public confidence in the security of the Nation's transportation systems, especially aviation, has been seriously damaged and needs to be restored. The President, Departments of Justice and Transportation and others already have a broad range of security measures underway to address this issue. One such measure is increasing the workforce in the Federal Air Marshall Program. Other additional measures currently in place at all the Nation's commercial airports include increased security such as: eliminating curbside baggage check-in, intensified passenger and carry-on baggage screening at security checkpoints, and limiting access beyond the screening checkpoints to passengers with tickets or ticket confirmations. The current U.S. system has a variety of organizations responsible for various elements of aviation security. Other nations use models different from ours. In Belgium, France, and the United Kingdom, the airports are responsible for screening. In the Netherlands, the government is currently responsible for passenger screening, but employs a security company to conduct the screening operations. Given the scope and complexity of the security challenge, coupled with a longstanding history of problems with the aviation security program, the time has come to consider the option of vesting governance of the program and responsibility for the provision of security in one Federal organization or not-for-profit Federal corporation. This entity would have security as its primary and central focus, profession, and mission. Under the current system, those charged with aviation security oversight and regulation (FAA) and those charged with providing the security (the airlines and airports) are themselves facing other priorities, missions, and, in some cases, competing economic pressures. A centralized, consolidated approach by an organization with a security mission would require passenger and baggage screeners to have uniform, more rigorous training, and performance standards applicable nationwide. The employees of this entity would not necessarily need to be Federal employees, but would be required to meet established performance standards, and would be subject to termination if they do not perform. This should result in more consistent security at our Nation's airports. A Federal organization or Federal corporation would be responsible for screening passengers, employees (anyone with access to the aircraft or secure areas of the airport), carry-on baggage, checked baggage, and cargo. It would also issue, control and account for identification media at airports nationwide; search aircraft and airport facilities with canine units; and manage airport access control systems. The aviation security system in place today is a layered system of systems in place at the Nation's airports. This system involves prescreening passengers at check-in, screening passengers, checked and carry-on baggage, and cargo at security control points in the airports; controlling access to secure areas of the airport; and restricting access to secure areas of the airport to unauthorized individuals. Aviation security in the U.S. is also based on a system of shared responsibilities among FAA, air carriers, and airport operators. FAA is responsible for establishing and enforcing regulations, policies, and procedures; identifying potential threats and appropriate countermeasures; deploying Federal Air Marshals on selected U.S. air carrier flights; and providing overall guidance and oversight to ensure the security of passengers, crews, baggage, cargo, and aircraft. Air carriers are primarily responsible for applying security measures to passengers, crews, baggage, and cargo. Airports, run by State or local government authorities, are responsible for the security of the airport environment and for providing law enforcement support for implementation of air carrier and airport security measures. Question) Imagine that you are a new security manager with several armed security officers and security planners working for you. Your security force is responsible for the security of a nuclear power plant and its grounds. You soon realize that the security officers and the planners have little regard for each other. You also realize that morale is generally very low between both groups. You do not have much money in your budget for raises this year, other than small cost of living adjustments. What might you do to build camaraderie among your employees and improve morale It takes more than a paycheck to get employees to come to work every day and do a good job. Attention must also be paid to what motivates employees, and what motivates one person may not motivate another. Management should create a climate to allow an employee to grow and achieve what he or she is capable of. If the right supportive environment exists, the theory goes, employees will take on responsibility and work to improve their performance. Motivation and morale are critical in the guard services industry, where low wages and little recognition can cause high turnover. Many factors can motivate employees and increase department morale. Among them are giving employees responsibility, dealing with them honestly, providing better training, providing pleasant working conditions, setting goals and providing recognition. Employees want to feel involved in and important to the success of their company. A good way to motivate officers is to give them genuine responsibility, which can include problem solving, decision-making and most importantly, accountability for a task. Since security is so important, the employee must actually be capable of carrying out an assigned task. Security people are tasked with handling accidents, emergency situations, and criminal behavior, so the responsibility cannot be given lightly. Examples of tasks that could be assigned to security personnel are responsibility for special events such as visits of dignitaries, researching and selecting vendors for security products, or writing security department post orders. Sometimes managers make the mistake of giving security officers and supervisors a task and then micromanaging its completion. This negative message tells the employee that he or she cannot be entrusted with tasks that really matter. Entrusting an employee with full responsibility for a task and watching as he or she completes it successfully is a great motivator and can extend throughout the entire department. One way to motivate employees is to tell them the truth. When security contracts end, for example, companies should not wait until the last minute to inform the security personnel. Employees need time to locate another contract or a different job. Employees also should be told when layoffs are impending. Often employees ask a lot of questions about what is going on within companies but feel they do not get sufficient answers. Another issue requiring honesty in dealing with employees is opportunity for advancement. If employees can expect no leadership or management opportunities, this should be communicated to them. It takes skills to be a leader of a security organization, and not everyone has those skills. Players on sports teams know their roles, and security managers should communicate with employees what their roles are in the organization in an honest way. Employees feel appreciated when management provides them the tools they need to do their jobs better. Additional training is especially appreciated if it goes beyond what is required by state regulation. Training should provide new skills or improve skills that security officers already perform. Sessions on conflict resolution, customer service, emergency planning and other skills are always great for morale. Peer-to-peer training can also be used as a motivator: Allowing an employee to conduct a training session for the entire security staff can provide a rewarding experience. What constitutes pleasant working conditions Requiring security officers to work at a construction site with no way to communicate and no way to stay dry or warm certainly does not qualify as pleasant working conditions. Making security officers comfortable may result in better work performance. Comfort does not require cable TV and recliners on their posts, but it does mean that they have a chair and a phone to communicate with in case of an emergency. Confining a 6-foot-tall officer to a small closet post can be disruptive to the officer's performance, for example. Many security companies have a policy to accept only certain types of jobs, such as in an office complex as opposed to a construction site on the night shift, which can lessen the need for their employees to work in unpleasant conditions. The better the work conditions, the better the morale of employees. No one can be expected to be fresh, diligent and effective when they have been working too many hours in a row. When employers are upset with security officers who sleep on the job, they should also be upset with themselves for allowing officers to work too many hours. Employees, who come from one job where they have already worked eight hours, often come to a second job prepared to work another eight hours - potentially causing mishaps and careless mistakes due to being overtired. Although some employees need the hours to make up for low wages, what they do not recognize is that the more hours they work in the week, the less effective they become. There are times when management must step in and set limits. A burned out employee is not a motivated employee. Emergencies sometimes require working extra hours without relief. This should be the exception, however, not the rule Goal setting is a great way to motivate employees. Sometimes employees do not even know what they are capable of. Having them set goals allows employees to aim for their full potential. Another key is recognition. Management must ensure that they recognize employees for the great things they do. Expressing appreciation is a great motivator for individuals and can build morale for the entire department. Communication to all employees via e-mail, voice mail, department newsletter or "Officer of the Month" programs is one way to recognize great work Question) One of the lingering questions concerning the mission of the U.S. Department of Homeland Security is whether or not the department should assume protection duties for private-sector critical infrastructure facilities. These include cargo terminals, utility plants, food stocks, and laboratories. Do you believe the federal government should play a greater role in securing these kinds of facilities Or are the security needs adequately met by private sector security agencies with the determination of those needs made by executives of the private organizations (e.g. utility company executives) in question Justify your answer. Training can play a key role in helping the Department of Homeland Security (DHS) successfully address the challenge of transformation and cultural change and help ensure that its workforce possesses the knowledge and skills needed to effectively respond to current and future threats. This includes the training offered to local police agencies in order to achieve maximum first-response capabilities. The DHS has taken several positive steps toward establishing an effective department-wide approach to training, yet significant challenges remain. Progress was made in addressing department-wide training issues, but efforts are still in the early stages and face several challenges. Actions taken by DHS include issuing its first training strategic plan in July 2005, establishing training councils and groups to increase communication across agencies, and directly providing training for specific department-wide needs. However, several challenges may impede DHS from achieving its departmental training goals. First, the sharing of training information across components is made more difficult by the lack of common or compatible information management systems and a commonly understood training terminology. Second, authority and accountability relationships between the Office of the Chief Human Capital Officer and organizational components are not sufficiently clear. Third, DHS's planning may be insufficiently detailed to ensure effective and coordinated implementation of department wide training efforts. Finally, according to training officials, DHS lacks resources needed to implement its departmental training strategy. Examples of planning and evaluation of training demonstrate some elements of strategic practice. Specific training practices at both the component and departmental levels may provide useful models or insights to help others in DHS adopt a more strategic approach to training. Some components of DHS apply these practices, while others do not. For example, Customs and Border Protection aligns training priorities with strategic goals through planning and budgeting processes. In the area of evaluation, the Federal Law Enforcement Training Center obtains feedback from both the trainee and the trainee's job supervisor to inform training program designers in order to make improvements to the program curriculum. Training has been used to help DHS's workforce as it undergoes transformation and cultural change. The creation of DHS from different legacy organizations, each with its own distinct culture, has resulted in significant cultural and transformation challenges for the department. At the departmental level, one of the ways DHS is addressing these challenges is by encouraging the transformation to a shared performance-based culture through the implementation of its new human capital management system, MAXHR. DHS considers training to be critical to effectively implementing this initiative and defining its culture. Toward that end, the department is providing a wide range of training, including programs targeted to executives, managers, and supervisors. For example, at the component level, CBP has developed cross training to equip employees with the knowledge needed to integrate inspection functions once carried out by three different types of inspectors at three separate agencies Read More