際際滷

際際滷Share a Scribd company logo

Security vulnerability assessment & liability dsm linkedin

Download as PPT, PDF
Wivenhoe Management Group
Wivenhoe Management Group

The document discusses security vulnerability assessments (SVAs), their importance, history of related legislation, and liability issues. An SVA identifies threats, critical assets, recommendations, and costs. Without an SVA, an organization does not know its threat level, vulnerabilities, or appropriate security improvements. Federal agencies now require SVAs for many critical infrastructures. Properly addressing SVA findings can reduce liability, while ignoring issues could result in negligence claims if an incident occurs. Developing sound security design criteria is important to guide improvements and avoid legal issues.

1 of 58
Downloaded 57 times
SECURITY VULNERABILITY ASSESSMENT (SVA) & LIABILITY
TODAYS PRESENTATION WILL ENCOMPASS THE FOLLOWING: The Basics of an SVA Why an SVA is Important SVA History Federal & State Legislation Liability Arising from an SVA Solutions
THE BASICS OF AN SVA What is the Threat Level? Who and/or What Should be Protected? What Can or Should Be Done? What Will It Cost?
THE BASICS OF AN SVA Threat Levels Outsider Insider Cyber
AS A NATION THE US REMAINS AT ELEVATED THREAT LEVELS Current Prevailing Nationwide Threat Level: It was Raised to High around the Anniversary of Sept. 11
CURRENT STATE OF SECURITY OUTSIDER - PHYSICAL ATTACKS Type of Adversary Criminal Foreign State-Sponsored Terrorist Domestic Terrorist Environmental Extremist Vandals Threat Level Many users have historically protected at this level.
VANDAL (LOWEST RISK) Intentions: Minor Damage/Petty Mischief Motivations:Boredom, Drug Related gang? Capabilities: Minimum Tools (1 to 4 individuals) Police Response: Assessment?, Time?, Deployment? Threat Level: Low (Depending on past history) Impacts: Minimal (unless intent remains a mystery) Vandal: Usually between the ages of 7 19
FOREIGN STATE-SPONSORED TERRORIST (HIGHEST RISK) Intentions: Total Destruction/Panic/Casualties Motivations: Ideological/Terrorism Capabilities: Major Worst Case (3 to 6 Individuals) Police Response: Assessment?, Time?, Deployment? Threat Level: Very High Impacts: Very High International Terrorist: Adult, Male or Female, Ideology Driven
LETS EXAMINE INSIDER THREAT SPECTRUM Type of Adversary Disgruntled (Sending a Message) Super-Insider (coercion) Disgruntled (Revenge) Threat Level Criminal Acts (Personal Gain) Disgruntled (Collusion) Employee Contractor Vendor Increased Access, Motivation, & Skill Level increases threat
CYBER DBT IS AMATEUR HACKER & INSIDER WITH OPERATIONAL PRIVILEGES Novice Amateur Hacker Organized Crime Government Sponsored Type of Cyber Terrorist Knowledge
THE BASICS OF AN SVA Critical Assets People Infrastructure Equipment Data Inventory Processes Other
THE BASICS OF AN SVA Recommendations Security Improvements Mitigation IST Other
THE BASICS OF AN SVA Cost Security Versus Mitigation Implementation Period Electronic Versus Physical Security Threat Event Cost
Client XXX Security Improvement Cost Estimate Sandia Methodology Approach Summary of Risk Reduction Solutions for Client XXX RISK REDUCTION SOLUTION CRITICAL ASSET DESCRIPTION ESTIMATED COST (1A) Control # X Relocate with New Housing $TBD (1B) Control # X Perimeter Security Improvements & Upgrades $600,000 (2A) Control # Y & I-XX/C-XX Culverts Perimeter Security Improvements $200,000 (2B) As Above Hardening Measures $190,000 (3A) WTP Facility Perimeter Security Improvements & Upgrade 1,240,000 (3B) As Above Perimeter Security Improvements & Upgrade 300,000 (3C) As Above Hardening Measures 1,060,000 TOTAL $3,590,000
Client XXX Security Improvement Cost Estimate Deterrent Methodology Approach Summary of Risk Reduction Solutions for Client XXX RISK REDUCTION SOLUTION CRITICAL ASSET DESCRIPTION ESTIMATED COST (1A) Control # X Relocate with New Housing $TBD (1B) Control # X Perimeter Security Improvements & Upgrades $276,000 (2A) Control # Y & I-XX/C-XX Culverts Perimeter Security Improvements $105,400 (2B) As Above Hardening Measures N/A (3A) WTP Facility Perimeter Security Improvements & Upgrade $560,500 (3B) As Above Perimeter Security Improvements & Upgrade $192,000 (3C) As Above Hardening Measures $1,060,000 TOTAL REDUCTION OF 68.42% $1,133,900
WHY IS AN SVA SO IMPORTANT?
A PROPERLY EXECUTED SVA PROVIDES: Identification of Appropriate Threat Level Identification of Critical Assets Measurement of Consequences Sound Recommendations Security Improvements Mitigation & Inherently Safer Technology (IST) Orderly Steps Cost Effectiveness
WITHOUT PERFORMING A VA What is Threat Level? What are the Critical Assets? What is Likely to Happen? What will be the Response? What are the Likely Consequences? Who will be held Responsible?
HISTORY OF SVA LEGISLATION Nuclear Power Plants Sandia National Laboratory 1998 Directive
CRITICAL INFRASTRUCTURES SUPPORT COMMAND AND CONTROL
HISTORY OF SVA Water and Waste Water US EPA required SVA of public water systems: Serving more than 100,000 by March, 2003 Serving 50,000 to 100,00 by December, 2003 Serving 3,300 to 50,000 by June, 2004 Funding was available for the largest water systems to cover cost of SVA, but no funding yet for smaller water systems.
HISTORY OF SVA Oil and Gas Since1998 the National Petroleum Council has been reviewing the vulnerabilities of oil & gas industry to attack (both physical and cyber). Post 9/11, oil and gas has been monitoring the security of its oil and gas transportation network, its refineries and its distribution facilities The American Petroleum Institute is coordinating information sharing among members. ISAC (Information Sharing and Analysis Center) has been promoting collection, assessment, and sharing of oil & gas member information on physical and electronic threats, vulnerabilities, incidents, and solutions/best practices.
HISTORY OF SVA Chemical Early in 2002, the American Chemical Council asked its members to complete a SVA of their facilities. Highest risk by 12/31/02 Lesser risk by 6/30/03 Low risk by 12/31/03 No off-site risk by 12/31/03 Enhancements to be completed one year later. Third party verification three months later.
NEW INITIATIVES BY STATE New Jersey Maryland Illinois Florida New York California
NEW JERSEY New Legislation Enacted November 2005 Requires SVA Plus Response Plan Plus Schedule Emphasis on Security and IST Monitored by NJDEP Possible Further Legislation Stressing IST
MARYLAND New Legislation Similar Requirements to New Jersey SVA Monitoring?
ILLINOIS Bill Introduced May 2006 by State Senator Will Require All Chemical Companies to Declare all Hazardous Chemicals Manufactured or Stored On Site Will Require SVA Based on Terrorist Attack
HISTORY OF SVA Pharmaceutical Although no current regulatory or statutory regulations, some FDA requirements in place for quality control. HIPPA regulations creating great changes in information and IT security. Comprehensive SVA may identify vulnerabilities to counterfeit drugs and drug reimportation, and opportunities for competitive intelligence. SVA may identify weaknesses in supply chain security
HISTORY OF SVA Manufacturing EPA has not yet required a SVA of non-chemical manufacturing facilities. However, performing an SVA at a manufacturing facility will reduce the risk of: Attacks on Employees Theft of Company and Personal Property Loss of Confidential Information Accidents involving Non-Employees Accidents involving Workers
NEW LEGISLATION Gas Storage New Jersey Food Manufacturing Federal & State Chemical Additions Federal & NJ Transportation Federal & States Healthcare Federal & States Education New Jersey
CLEAR PATTERN Legislation Not Going Away Legislation Activity is on the Increase SVA is the Common Denominator
LIABILITY
LIABILITY ISSUES In simple terms, a properly executed security vulnerability assessment will identify the vulnerabilities or weaknesses of a facility or organization to specific threats In identifying those vulnerabilities or weaknesses, the facility or organization has been placed on notice that something has to be done with respect to such issues
LIABILITY ISSUES In the event that there is an incident, and it turns out that it was related to one of those vulnerabilities, and nothing had been done to address that particular vulnerability the facility or organization is not only facing a clear liability but possible negligence as well.
LIABILITY ISSUES Definition of Liability Liability as it pertains to security: relates to an obligation one is bound or have a responsibility to do; it is the condition of being actually or potentially subject to an obligation; the obligation required is based on the comparison of what others in an industry would do in the same circumstances that is, they are held to an industry standard. if that obligation or standard is not met then there is a liability exposure
LIABILITY ISSUES Definition of Liability As an example, if tenants in a building are exposed to unauthorized intrusion it becomes the responsibility for the landlord to provide a reasonable level of security to prevent the intrusions. There is sufficient case law supporting the obligation of the landlord to provide for the protection of the tenant when it is clearly recognized that the tenant is vulnerable due to unauthorized intrusions and insufficient security in the building.
NEGLIGENCE ISSUES Definition of Negligence The legal definition of negligence is: the omission to do something which a reasonable person, guided by those ordinary considerations which ordinarily regulate human affairs, would do, or the doing of something which A reasonable and prudent person would not do .
NEGLIGENCE ISSUES Definition of Gross Negligence The legal definition of gross negligence is: the intentional failure to perform a manifest duty in reckless disregard of the consequences as affecting the life or property of another; such a gross want of care and regard for the rights of others as to Justify The Presumption Of Willingness And Wantoness .
NEGLIGENCE ISSUES Definition of Punitive Damages (also known as exemplary or vindictive damages) Damages awarded by a court against a defendant as a deterrent or punishment to redress An Egregious Wrong Perpetrated By The Defendant ; damages on an increased scale, awarded to the plaintiff over and above what will barely compensate him for his property loss, Where the Wrong Done to Him Was Aggravated by Circumstances of Violence, Oppression, Malice, Fraud, or Wanton and Wicked Conduct on the part of the defendant.
FURTHER LIABILITY ISSUES Implementation of Security Recommendation including new systems Are the new security systems based on good Design Criteria that is consistent with Security Industry standards?
STATEMENT Many Security Systems Are Installed Without Being Designed, And More Importantly, Without Proper Design Criteria
FURTHER LIABILITY ISSUES Without good design criteria consistent with Security Industry, and even having installed new security systems, it is possible that a facility or organization could be liable, and possibly negligent
油
LACK OF DESIGN CRITERIA Leads to Four Major Problems: Inadequate Counter Measures to Meet Threat Level Faulty Security System Design Inability to Support Installed Security System Possible Legal Consequences
INADEQUATE SECURITY Failure To Detect Failure To Surveil Inadequate Perimeter Security Inadequate Security At All Critical Assets Inappropriate Equipment Does Not Provide Adequate Protection To Meet Threat Level
QUESTIONS THAT CAN BE ANSWERED BY PROPER SECURITY DESIGN CRITERIA
LIKELY QUESTIONS. 1) Why did you use this equipment Cameras Motion Detectors Type of DVR Intrusion Detection Equipment Type of Fence
LIKELY QUESTIONS Explain the reasons for installing this type of security system? Why did the security only attempt to cover the outer perimeter? Why were Insider threats ignored? The following people had clearance for all access points. Why? What was the Design Criteria for the security system?
FURTHER LIABILITY ISSUES Monitoring and Operation of Security Systems Expectation of Public Third Form of Possible Liability
FURTHER LIABILITY ISSUES TRAINING Has Adequate Training Been Given to All Staff Security Awareness Specialty System Training Crisis Response Procedures
SOLUTIONS
SECURITY VULNERABILITY ASSESSMENT (SVA) If you have not performed an SVA, do it soon Use experienced, certified professionals who understand existing and future Legislation
SECURITY VULNERABILITY ASSESSMENT (SVA) If an SVA has already been done, have experienced professionals review the results Prepare Sound Design Criteria Implement, Modify, Add as Appropriate
SECURITY VULNERABILITY ASSESSMENT (SVA) If you are not sure where you currently stand, initiate an SVA Screening Evaluation Provides an Outline of where you currently stand with respect to SVA Requirements, Legislation, and more importantly, options on what to do next
SOLUTIONS Consider new security measures properly designed with design criteria that meets or exceeds current legislation Implement over phased period that reduces initial costs Incorporate as part of Business Plan
SOLUTIONS Consider Deterrent Approach together with Detect, Delay, and Respond Consider Security Audit Invest in Professional Training
SOLUTIONS Work with Local and Federal Law Enforcement Work with Emergency Management Stay Up To Date
QUESTIONS www.wivenhoegroup.com Phone: 609-208-0112 E-mail: info@wivenhoegroup.com

More Related Content

Security vulnerability assessment & liability dsm linkedin

  • 2. TODAYS PRESENTATION WILL ENCOMPASS THE FOLLOWING: The Basics of an SVA Why an SVA is Important SVA History Federal & State Legislation Liability Arising from an SVA Solutions
  • 3. THE BASICS OF AN SVA What is the Threat Level? Who and/or What Should be Protected? What Can or Should Be Done? What Will It Cost?
  • 4. THE BASICS OF AN SVA Threat Levels Outsider Insider Cyber
  • 5. AS A NATION THE US REMAINS AT ELEVATED THREAT LEVELS Current Prevailing Nationwide Threat Level: It was Raised to High around the Anniversary of Sept. 11
  • 6. CURRENT STATE OF SECURITY OUTSIDER - PHYSICAL ATTACKS Type of Adversary Criminal Foreign State-Sponsored Terrorist Domestic Terrorist Environmental Extremist Vandals Threat Level Many users have historically protected at this level.
  • 7. VANDAL (LOWEST RISK) Intentions: Minor Damage/Petty Mischief Motivations:Boredom, Drug Related gang? Capabilities: Minimum Tools (1 to 4 individuals) Police Response: Assessment?, Time?, Deployment? Threat Level: Low (Depending on past history) Impacts: Minimal (unless intent remains a mystery) Vandal: Usually between the ages of 7 19
  • 8. FOREIGN STATE-SPONSORED TERRORIST (HIGHEST RISK) Intentions: Total Destruction/Panic/Casualties Motivations: Ideological/Terrorism Capabilities: Major Worst Case (3 to 6 Individuals) Police Response: Assessment?, Time?, Deployment? Threat Level: Very High Impacts: Very High International Terrorist: Adult, Male or Female, Ideology Driven
  • 9. LETS EXAMINE INSIDER THREAT SPECTRUM Type of Adversary Disgruntled (Sending a Message) Super-Insider (coercion) Disgruntled (Revenge) Threat Level Criminal Acts (Personal Gain) Disgruntled (Collusion) Employee Contractor Vendor Increased Access, Motivation, & Skill Level increases threat
  • 10. CYBER DBT IS AMATEUR HACKER & INSIDER WITH OPERATIONAL PRIVILEGES Novice Amateur Hacker Organized Crime Government Sponsored Type of Cyber Terrorist Knowledge
  • 11. THE BASICS OF AN SVA Critical Assets People Infrastructure Equipment Data Inventory Processes Other
  • 12. THE BASICS OF AN SVA Recommendations Security Improvements Mitigation IST Other
  • 13. THE BASICS OF AN SVA Cost Security Versus Mitigation Implementation Period Electronic Versus Physical Security Threat Event Cost
  • 14. Client XXX Security Improvement Cost Estimate Sandia Methodology Approach Summary of Risk Reduction Solutions for Client XXX RISK REDUCTION SOLUTION CRITICAL ASSET DESCRIPTION ESTIMATED COST (1A) Control # X Relocate with New Housing $TBD (1B) Control # X Perimeter Security Improvements & Upgrades $600,000 (2A) Control # Y & I-XX/C-XX Culverts Perimeter Security Improvements $200,000 (2B) As Above Hardening Measures $190,000 (3A) WTP Facility Perimeter Security Improvements & Upgrade 1,240,000 (3B) As Above Perimeter Security Improvements & Upgrade 300,000 (3C) As Above Hardening Measures 1,060,000 TOTAL $3,590,000
  • 15. Client XXX Security Improvement Cost Estimate Deterrent Methodology Approach Summary of Risk Reduction Solutions for Client XXX RISK REDUCTION SOLUTION CRITICAL ASSET DESCRIPTION ESTIMATED COST (1A) Control # X Relocate with New Housing $TBD (1B) Control # X Perimeter Security Improvements & Upgrades $276,000 (2A) Control # Y & I-XX/C-XX Culverts Perimeter Security Improvements $105,400 (2B) As Above Hardening Measures N/A (3A) WTP Facility Perimeter Security Improvements & Upgrade $560,500 (3B) As Above Perimeter Security Improvements & Upgrade $192,000 (3C) As Above Hardening Measures $1,060,000 TOTAL REDUCTION OF 68.42% $1,133,900
  • 16. WHY IS AN SVA SO IMPORTANT?
  • 17. A PROPERLY EXECUTED SVA PROVIDES: Identification of Appropriate Threat Level Identification of Critical Assets Measurement of Consequences Sound Recommendations Security Improvements Mitigation & Inherently Safer Technology (IST) Orderly Steps Cost Effectiveness
  • 18. WITHOUT PERFORMING A VA What is Threat Level? What are the Critical Assets? What is Likely to Happen? What will be the Response? What are the Likely Consequences? Who will be held Responsible?
  • 19. HISTORY OF SVA LEGISLATION Nuclear Power Plants Sandia National Laboratory 1998 Directive
  • 20. CRITICAL INFRASTRUCTURES SUPPORT COMMAND AND CONTROL
  • 21. HISTORY OF SVA Water and Waste Water US EPA required SVA of public water systems: Serving more than 100,000 by March, 2003 Serving 50,000 to 100,00 by December, 2003 Serving 3,300 to 50,000 by June, 2004 Funding was available for the largest water systems to cover cost of SVA, but no funding yet for smaller water systems.
  • 22. HISTORY OF SVA Oil and Gas Since1998 the National Petroleum Council has been reviewing the vulnerabilities of oil & gas industry to attack (both physical and cyber). Post 9/11, oil and gas has been monitoring the security of its oil and gas transportation network, its refineries and its distribution facilities The American Petroleum Institute is coordinating information sharing among members. ISAC (Information Sharing and Analysis Center) has been promoting collection, assessment, and sharing of oil & gas member information on physical and electronic threats, vulnerabilities, incidents, and solutions/best practices.
  • 23. HISTORY OF SVA Chemical Early in 2002, the American Chemical Council asked its members to complete a SVA of their facilities. Highest risk by 12/31/02 Lesser risk by 6/30/03 Low risk by 12/31/03 No off-site risk by 12/31/03 Enhancements to be completed one year later. Third party verification three months later.
  • 24. NEW INITIATIVES BY STATE New Jersey Maryland Illinois Florida New York California
  • 25. NEW JERSEY New Legislation Enacted November 2005 Requires SVA Plus Response Plan Plus Schedule Emphasis on Security and IST Monitored by NJDEP Possible Further Legislation Stressing IST
  • 26. MARYLAND New Legislation Similar Requirements to New Jersey SVA Monitoring?
  • 27. ILLINOIS Bill Introduced May 2006 by State Senator Will Require All Chemical Companies to Declare all Hazardous Chemicals Manufactured or Stored On Site Will Require SVA Based on Terrorist Attack
  • 28. HISTORY OF SVA Pharmaceutical Although no current regulatory or statutory regulations, some FDA requirements in place for quality control. HIPPA regulations creating great changes in information and IT security. Comprehensive SVA may identify vulnerabilities to counterfeit drugs and drug reimportation, and opportunities for competitive intelligence. SVA may identify weaknesses in supply chain security
  • 29. HISTORY OF SVA Manufacturing EPA has not yet required a SVA of non-chemical manufacturing facilities. However, performing an SVA at a manufacturing facility will reduce the risk of: Attacks on Employees Theft of Company and Personal Property Loss of Confidential Information Accidents involving Non-Employees Accidents involving Workers
  • 30. NEW LEGISLATION Gas Storage New Jersey Food Manufacturing Federal & State Chemical Additions Federal & NJ Transportation Federal & States Healthcare Federal & States Education New Jersey
  • 31. CLEAR PATTERN Legislation Not Going Away Legislation Activity is on the Increase SVA is the Common Denominator
  • 33. LIABILITY ISSUES In simple terms, a properly executed security vulnerability assessment will identify the vulnerabilities or weaknesses of a facility or organization to specific threats In identifying those vulnerabilities or weaknesses, the facility or organization has been placed on notice that something has to be done with respect to such issues
  • 34. LIABILITY ISSUES In the event that there is an incident, and it turns out that it was related to one of those vulnerabilities, and nothing had been done to address that particular vulnerability the facility or organization is not only facing a clear liability but possible negligence as well.
  • 35. LIABILITY ISSUES Definition of Liability Liability as it pertains to security: relates to an obligation one is bound or have a responsibility to do; it is the condition of being actually or potentially subject to an obligation; the obligation required is based on the comparison of what others in an industry would do in the same circumstances that is, they are held to an industry standard. if that obligation or standard is not met then there is a liability exposure
  • 36. LIABILITY ISSUES Definition of Liability As an example, if tenants in a building are exposed to unauthorized intrusion it becomes the responsibility for the landlord to provide a reasonable level of security to prevent the intrusions. There is sufficient case law supporting the obligation of the landlord to provide for the protection of the tenant when it is clearly recognized that the tenant is vulnerable due to unauthorized intrusions and insufficient security in the building.
  • 37. NEGLIGENCE ISSUES Definition of Negligence The legal definition of negligence is: the omission to do something which a reasonable person, guided by those ordinary considerations which ordinarily regulate human affairs, would do, or the doing of something which A reasonable and prudent person would not do .
  • 38. NEGLIGENCE ISSUES Definition of Gross Negligence The legal definition of gross negligence is: the intentional failure to perform a manifest duty in reckless disregard of the consequences as affecting the life or property of another; such a gross want of care and regard for the rights of others as to Justify The Presumption Of Willingness And Wantoness .
  • 39. NEGLIGENCE ISSUES Definition of Punitive Damages (also known as exemplary or vindictive damages) Damages awarded by a court against a defendant as a deterrent or punishment to redress An Egregious Wrong Perpetrated By The Defendant ; damages on an increased scale, awarded to the plaintiff over and above what will barely compensate him for his property loss, Where the Wrong Done to Him Was Aggravated by Circumstances of Violence, Oppression, Malice, Fraud, or Wanton and Wicked Conduct on the part of the defendant.
  • 40. FURTHER LIABILITY ISSUES Implementation of Security Recommendation including new systems Are the new security systems based on good Design Criteria that is consistent with Security Industry standards?
  • 41. STATEMENT Many Security Systems Are Installed Without Being Designed, And More Importantly, Without Proper Design Criteria
  • 42. FURTHER LIABILITY ISSUES Without good design criteria consistent with Security Industry, and even having installed new security systems, it is possible that a facility or organization could be liable, and possibly negligent
  • 43.
  • 44. LACK OF DESIGN CRITERIA Leads to Four Major Problems: Inadequate Counter Measures to Meet Threat Level Faulty Security System Design Inability to Support Installed Security System Possible Legal Consequences
  • 45. INADEQUATE SECURITY Failure To Detect Failure To Surveil Inadequate Perimeter Security Inadequate Security At All Critical Assets Inappropriate Equipment Does Not Provide Adequate Protection To Meet Threat Level
  • 46. QUESTIONS THAT CAN BE ANSWERED BY PROPER SECURITY DESIGN CRITERIA
  • 47. LIKELY QUESTIONS. 1) Why did you use this equipment Cameras Motion Detectors Type of DVR Intrusion Detection Equipment Type of Fence
  • 48. LIKELY QUESTIONS Explain the reasons for installing this type of security system? Why did the security only attempt to cover the outer perimeter? Why were Insider threats ignored? The following people had clearance for all access points. Why? What was the Design Criteria for the security system?
  • 49. FURTHER LIABILITY ISSUES Monitoring and Operation of Security Systems Expectation of Public Third Form of Possible Liability
  • 50. FURTHER LIABILITY ISSUES TRAINING Has Adequate Training Been Given to All Staff Security Awareness Specialty System Training Crisis Response Procedures
  • 52. SECURITY VULNERABILITY ASSESSMENT (SVA) If you have not performed an SVA, do it soon Use experienced, certified professionals who understand existing and future Legislation
  • 53. SECURITY VULNERABILITY ASSESSMENT (SVA) If an SVA has already been done, have experienced professionals review the results Prepare Sound Design Criteria Implement, Modify, Add as Appropriate
  • 54. SECURITY VULNERABILITY ASSESSMENT (SVA) If you are not sure where you currently stand, initiate an SVA Screening Evaluation Provides an Outline of where you currently stand with respect to SVA Requirements, Legislation, and more importantly, options on what to do next
  • 55. SOLUTIONS Consider new security measures properly designed with design criteria that meets or exceeds current legislation Implement over phased period that reduces initial costs Incorporate as part of Business Plan
  • 56. SOLUTIONS Consider Deterrent Approach together with Detect, Delay, and Respond Consider Security Audit Invest in Professional Training
  • 57. SOLUTIONS Work with Local and Federal Law Enforcement Work with Emergency Management Stay Up To Date
  • 58. QUESTIONS www.wivenhoegroup.com Phone: 609-208-0112 E-mail: info@wivenhoegroup.com

Editor's Notes

  • #22: Notes:
  • #23: Notes:
  • #24: Notes:
  • #29: Notes:
  • #30: Notes:
  • #49: The wording of these questions will be improved
  • #59: This is just a slide indicating that I will be happy to answer any questions