information_assest_protection.pdf | |
File Size: | 300 kb |
File Type: |
cpted_guidebook.pdf | |
File Size: | 888 kb |
File Type: |
facilties_security_physical_guidlines.pdf | |
File Size: | 918 kb |
File Type: |
effectvesecurityplanningandintegration.pdf | |
File Size: | 877 kb |
File Type: |
My reflection on meeting this outcome:
Asset Protection
Network and Physical Security
Security before technology was one dimensional, no one had to worry about firewalls, switches or the internet. Security today is multi-dimensional though separate applications asset protection is asset protection. Network and Physical security share the same characteristics and both are assets that must be protected. Physical Security and Network security both share a concentric circle each containing layers of defense making the asset a harder Target.
Security lighting, gates and doors are examples of physical security which can makes an asset a harder target. Each physical component if it is a door, gate or lighting is controlled currently on a relay switch. Relay switches allows a physical component to be manipulated by a computer device (i.e. tablet, smartphone or pc) and are attached to switches which now can be connected to a Power over Ethernet (POE) switch allowing the physical component to be powered by a Ethernet cable. To the average physical security individual this may sound like Latin. It’s not Latin, but physical and network security coming together to create a faster, reliable security system than ever before. To defeat your enemy you must outsmart your enemy, to outsmart your enemy you must always be two steps ahead of your enemy. In the world of fighting crime, you have to be lucky all the time where your enemy only has to be lucky once. To accomplish this you must operate faster than your enemy, the only way to accomplish this is by understanding the OODA loop. Observe, Orient, Decide and Act was developed an Air Force pilot to in top gun school, which allowed top gun pilots to react faster than their counterparts allowing them to make the kill. This process is now used to fight terrorism; if you can be one-step ahead of the terrorist you can make the asset a harder target but deter the event from even occurring.
Hard Target vs. Soft Target
Making your asset a harder target is easier said than done, you can surround your compound with a hundred men and still be considered a soft target, when the enemy decides to hack into your system and bring your network down. Making your asset a hard target requires a process, before you can defeat the threat you must identify/detect it. Identifying or detecting your threat can be different every day, insider threats, end users, corporate espionage, cyber terrorism and the list can go on and on. Being able to identify your threats can save you thousands in equipment, training and staff. Once the threat is identified or detected, you must delay against that threat. The threat can be an advanced persistent threats (APTs) which can be an insider threat, end users or cyber terrorism who have already gotten a foothold on your network. Before you purchase any equipment or agree to any software you must understand it. Security equipment is only as good as its user. Delaying the threat gives you the opportunity to defend against it. Understanding the threat gives you mitigating options and a better understanding on how to defeat it. For example my company offers Home Hardening services which can mitigates up to 95 percent of any criminal threats to your home or business. By eliminating the vulnerability you eliminate the threat.
Crime Prevention through Environmental Design (CPTED)
One thing you must remember, protection starts at the property line. The key to defend against threats is to detect the threat in advance, giving you enough time to implement proper countermeasures. Crime Prevention through Environmental design does just that (CPTED). The four principles of CPTED are:
· Natural Surveillance
· Natural Access Control
· Territorial Reinforcement
· Maintenance and Management
Each principle giving you added layers of defense. Natural surveillance is the ability to view out your window without obstruction like trees, shrubs or bushes. The recommended height of these items will vary from 3’ to 7’ depending on location or items landscaped. Natural access control is another method to keep those visiting on a direct visual path. Items like low bushes or trees keep those on a path you have chosen. Applying this method allows you to easily detect individuals who stray of the beaten path. Territorial reinforcement is utilizing fencing, barriers or signs indicating where private property and public property is separated. Maintenance and management is the most noticeable application, maintaining and managing your area of responsibility the is most effective way to let others know your property is being taken care of. Items that are damaged or broken need to be fixed immediately, some call it the broken glass effect. Broken glass effect is something as simple as a broken glass not being fixed telling others that the property is properly is or is not maintained and the same can go for landscaping. By following simple CPTED’s measures you can deter, delay and defend your property and make it a harder target.
My Future Learning Goals related to this Outcome:
Asset protection has been my passion even before taking classes at Southwestern College. What I have learned is that we need to be more cyber centric to be an effective security professional. I believe the threat has changed and has become more cyber centric, which makes current security professionals less effective. Access Control, Bio-metrics and other means of access all require network skills and his a huge part of asset protection. I feel by being dual qualified both in network and physical security we can mitigate security issues involving assets that are vulnerable.
It doesn’t stop there, we need to look at spreading the word and share what we have learned to others. This summer I was able to assist a local school district in completing a vulnerability assessment. We were able to identify vulnerabilities that not only saved the district money but closed gaps in security.
I plan to research Near Field Communication (NFC), which can be used for access control for your home or office. The advantages of NFC is limitless it can be used for all kinds of access management. NFC is 256 bit encrypted which is harder to crack or hack, making it safe for access control. Second, NFC eliminates the need for proxy cards and is built into most new phones. Imagine never needing multiple access badges, your phone will hold your access privileges while eliminating proxy badges saving thousands of dollars. Technology like this will allow security professionals to be more effective, secure and while saving money.
I hope to combine old procedures with new techniques; I believe security professionals have gotten lazy due to technology. Security professionals need to concentrate more on procedures and not depend on tools, you can have a hundred tools, but if they are used property, you then become the tool.
I will continue to study IT Security, which is something security professionals are lacking. The future in asset protection is being dual qualified in both principles. Being dual qualified allows for quicker responses and quicker countermeasure implementation. Everything we touch and do with-in the confines of asset protection requires the need of information technology. Currently Southwestern College only has one class that covers information security, which I feel isn’t enough to be an effective Security professionals. We need to understand how the network functions, for example, access controls systems that are not on a static IP address, can come off line or become disconnected. This issues can be fixed immediately by a security professional and negate the need to place a work order in saving valuable time and resources. I believe the future of security lies in the hands of our younger security professionals.
Asset Protection
Network and Physical Security
Security before technology was one dimensional, no one had to worry about firewalls, switches or the internet. Security today is multi-dimensional though separate applications asset protection is asset protection. Network and Physical security share the same characteristics and both are assets that must be protected. Physical Security and Network security both share a concentric circle each containing layers of defense making the asset a harder Target.
Security lighting, gates and doors are examples of physical security which can makes an asset a harder target. Each physical component if it is a door, gate or lighting is controlled currently on a relay switch. Relay switches allows a physical component to be manipulated by a computer device (i.e. tablet, smartphone or pc) and are attached to switches which now can be connected to a Power over Ethernet (POE) switch allowing the physical component to be powered by a Ethernet cable. To the average physical security individual this may sound like Latin. It’s not Latin, but physical and network security coming together to create a faster, reliable security system than ever before. To defeat your enemy you must outsmart your enemy, to outsmart your enemy you must always be two steps ahead of your enemy. In the world of fighting crime, you have to be lucky all the time where your enemy only has to be lucky once. To accomplish this you must operate faster than your enemy, the only way to accomplish this is by understanding the OODA loop. Observe, Orient, Decide and Act was developed an Air Force pilot to in top gun school, which allowed top gun pilots to react faster than their counterparts allowing them to make the kill. This process is now used to fight terrorism; if you can be one-step ahead of the terrorist you can make the asset a harder target but deter the event from even occurring.
Hard Target vs. Soft Target
Making your asset a harder target is easier said than done, you can surround your compound with a hundred men and still be considered a soft target, when the enemy decides to hack into your system and bring your network down. Making your asset a hard target requires a process, before you can defeat the threat you must identify/detect it. Identifying or detecting your threat can be different every day, insider threats, end users, corporate espionage, cyber terrorism and the list can go on and on. Being able to identify your threats can save you thousands in equipment, training and staff. Once the threat is identified or detected, you must delay against that threat. The threat can be an advanced persistent threats (APTs) which can be an insider threat, end users or cyber terrorism who have already gotten a foothold on your network. Before you purchase any equipment or agree to any software you must understand it. Security equipment is only as good as its user. Delaying the threat gives you the opportunity to defend against it. Understanding the threat gives you mitigating options and a better understanding on how to defeat it. For example my company offers Home Hardening services which can mitigates up to 95 percent of any criminal threats to your home or business. By eliminating the vulnerability you eliminate the threat.
Crime Prevention through Environmental Design (CPTED)
One thing you must remember, protection starts at the property line. The key to defend against threats is to detect the threat in advance, giving you enough time to implement proper countermeasures. Crime Prevention through Environmental design does just that (CPTED). The four principles of CPTED are:
· Natural Surveillance
· Natural Access Control
· Territorial Reinforcement
· Maintenance and Management
Each principle giving you added layers of defense. Natural surveillance is the ability to view out your window without obstruction like trees, shrubs or bushes. The recommended height of these items will vary from 3’ to 7’ depending on location or items landscaped. Natural access control is another method to keep those visiting on a direct visual path. Items like low bushes or trees keep those on a path you have chosen. Applying this method allows you to easily detect individuals who stray of the beaten path. Territorial reinforcement is utilizing fencing, barriers or signs indicating where private property and public property is separated. Maintenance and management is the most noticeable application, maintaining and managing your area of responsibility the is most effective way to let others know your property is being taken care of. Items that are damaged or broken need to be fixed immediately, some call it the broken glass effect. Broken glass effect is something as simple as a broken glass not being fixed telling others that the property is properly is or is not maintained and the same can go for landscaping. By following simple CPTED’s measures you can deter, delay and defend your property and make it a harder target.
My Future Learning Goals related to this Outcome:
Asset protection has been my passion even before taking classes at Southwestern College. What I have learned is that we need to be more cyber centric to be an effective security professional. I believe the threat has changed and has become more cyber centric, which makes current security professionals less effective. Access Control, Bio-metrics and other means of access all require network skills and his a huge part of asset protection. I feel by being dual qualified both in network and physical security we can mitigate security issues involving assets that are vulnerable.
It doesn’t stop there, we need to look at spreading the word and share what we have learned to others. This summer I was able to assist a local school district in completing a vulnerability assessment. We were able to identify vulnerabilities that not only saved the district money but closed gaps in security.
I plan to research Near Field Communication (NFC), which can be used for access control for your home or office. The advantages of NFC is limitless it can be used for all kinds of access management. NFC is 256 bit encrypted which is harder to crack or hack, making it safe for access control. Second, NFC eliminates the need for proxy cards and is built into most new phones. Imagine never needing multiple access badges, your phone will hold your access privileges while eliminating proxy badges saving thousands of dollars. Technology like this will allow security professionals to be more effective, secure and while saving money.
I hope to combine old procedures with new techniques; I believe security professionals have gotten lazy due to technology. Security professionals need to concentrate more on procedures and not depend on tools, you can have a hundred tools, but if they are used property, you then become the tool.
I will continue to study IT Security, which is something security professionals are lacking. The future in asset protection is being dual qualified in both principles. Being dual qualified allows for quicker responses and quicker countermeasure implementation. Everything we touch and do with-in the confines of asset protection requires the need of information technology. Currently Southwestern College only has one class that covers information security, which I feel isn’t enough to be an effective Security professionals. We need to understand how the network functions, for example, access controls systems that are not on a static IP address, can come off line or become disconnected. This issues can be fixed immediately by a security professional and negate the need to place a work order in saving valuable time and resources. I believe the future of security lies in the hands of our younger security professionals.
final_paper.docx | |
File Size: | 12 kb |
File Type: | docx |
final_portfolio_alva.doc | |
File Size: | 261 kb |
File Type: | doc |