Articles by Chad Parris
Organisations can develop security master plan internally or use the assistance of an independent security consultant Whether it’s a college campus, a healthcare facility or a large corporation, organisations often tackle issues related to security management, operations, programs and technology in a reactionary manner. They often fail to consider the need to plan and develop a written roadmap to define and provide direction for the big picture of their security programme. This roadmap, oftentimes called a Security Master Plan, should be a well-thought-out document that includes input from important organisational stakeholders. It can be essential as a guiding document to “create a vision” for the future of the organisation’s strategic security approach. A Master Plan provides direction, overall guidance and is intended as a conceptual construct of what is projected for, and possibly needed, in the future. Roadmap for security management This document defines the standards at a high level, develops the direction for planning, and considers priorities based on need along with the culture and a sensitivity to budgetary concerns. However, this plan does not define the granular development of policies, processes, personnel training and security technology design. It does address each of these issues in a logical and organisationally sensitive manner. Organisations can either develop this document internally or use the assistance of an outside, independent security consultant to develop the plan from an objective, unbiased perspective and to provide realistic expectations suited for the organisation. The right consultant can also bring real-world experience, lessons learned from other engagements and may have insights into technologies that end-users may lack. Synchronisation with existing systems However, the development of this plan should not be completed in a vacuum. Careful consideration and coordination with other key organisational stakeholders are critical. Stakeholders may even include other outside resources such as a security integrator. For example, an integrator or a product’s manufacturer may be called on to help understand, for example, that the access control system software version or platform may no longer be supported in the near future. Or to understand it’s time to seriously consider making that migration to IP video since DVRs are no longer supported. Additionally, the Security Master Plan should be in sync with the organisation’s overall Master Plan (if one exists) to ensure the corporate mission and visions are aligned, with buy-off at the senior management level. A Security Master Plan is intended to be a dynamic, ongoing process resulting in the development of reasonable standards, based on the organisation’s assets, risks, threats, and vulnerabilities. The security standards developed should be flexible and scalable in order to meet ever-changing needs of an organisation. A Security Master Plan is intended to be a dynamic, ongoing process resulting in the development of reasonable standards, based on the organisation’s assets, risks, threats, and vulnerabilities Identifying risks and threats A Security Master Plan document is designed to provide the construct for the development of programmes and implementation of technologies that are reasonable and appropriate for the organisation over the next four to six years and to create the context for security programming for years beyond that. Although many recommendations will be applicable to the foreseeable future, it is vitally important the organisation’s assessment and planning processes continuously monitor the environment to ensure newly identified risks and threats are addressed in a timely manner. This is particularly important to organisations that use security technologies as a key component of their security programme. As technologies continue to change at a fast rate and new technologies are developed, it can be easy to fall behind. Therefore, maintaining updated information from trusted security contractors, consultants, and manufacturers is key to this process. As the corporate facilities continue to be updated, the development and implementation of effective, appropriate public safety and security management strategies will be essential. The Security Master Plan provides the philosophical, standards-based construct for this ongoing effort and should be considered a living document with flexibility to address new challenges, changes in the environment and new and emerging technologies. A Master Plan should be: Based on what is known and observed, what might be anticipated in the future and what might be considered as appropriate based on known or observed risks, threats, vulnerabilities, and best practices; Sensitive to the organisation’s culture, capabilities, and resources; Intended to address issues and programming from a holistic perspective; Intended to provide a foundation for enterprise-wide programme management. It should not: Provide security technology design nor is it intended to provide a step-by-step process and thus is not overly specific; Provide specific verbiage for policies, processes or procedures. As the corporate facilities continue to be updated, the development and implementation of effective, appropriate public safety and security management strategies will be essential Security and security technology planning in many organisations are oftentimes fragmented. Particularly in higher educational environments or because of corporate mergers and acquisitions, separate disparate technologies, policies, and processes may evolve with no interoperability. The development of the Master Plan is particularly important in this environment. It not only develops the planned approach to unification, but it can also lay out the path over multiple budget cycles and assist with Capital Planning efforts. The Security Master Plan presents a number of interrelated concepts, each of which addresses specific security programming, policies and security technologies typically found within the organisation. Underlying concepts included in the Security Master Plan are: Dynamic assessment and planning in an evolving environment; Enterprise-wide unified security and public safety programming; Standardisation of technologies and processes throughout the enterprise; Emergency planning and response; Development and implementation of active and passive security elements in both existing and new facilities, commonly found in basic CPTED (Crime Prevention Through Environmental Design) principles; Development of new and expansion of existing organisational partnerships; Programmatic and operational flexibility and scalability; Dynamic security improvement: implementation of best practices; Programme leadership and coordination under the auspices of a department of security and/or public safety; The transition from a primarily forensic to a functional security technology model. As the corporate facilities continue to be updated, the development and implementation of effective, appropriate public safety and security management strategies will be essential. The Security Master Plan provides the philosophical, standards-based construct for this ongoing effort and should be considered a living document with flexibility to address new challenges, changes in the environment and new and emerging technologies.
The PSA track at ISC West will cover best practices in systems integration, risk management, video analytics trends PSA Security Network®, the world’s largest electronic security cooperative, recently announced it will host an education track at ISC West 2016 and cybersecurity sessions at the Connected Security Expo @ ISC West in Las Vegas, NV. The PSA track at ISC West will feature a full day of training sessions on April 5, 2016 covering best practices in systems integration, risk management, video analytics trends, and the skills needed to migrate the convergence of IT in the physical security industry. The sessions being offered will include: Taking the Edge Off of Systems Integration April 5, 2016 | 8:30 a.m. - 10 a.m. Presenters: Paul Boucherle, Principal, Matterhorn Consulting; Nigel Waterton, Sr. Vice President of Corporate Strategy & Development, Aronson Security Group; Chad Parris, President, Security Risk Management Consultants, LLC; Wayne Smith, President, Tech Systems Are We Secure? Business Know-How for the Risk Discussion April 5, 2016 | 8:30 a.m. - 10 a.m. Presenter: Paul Cronin, Senior Vice President, Partner, Atrion; David Willson, President/Chief Executive Officer, Titan Info Security Group; Fred Terry, System Integration Section Manager and Cyber Security Lead, Burns & McDonnell Engineering Video Analytics: The Real Past and the Imagined Future April 5, 2016 | 10:15 a.m. - 11:15 a.m. Presenters: Bill Bozeman, President/Chief Executive Officer, PSA Security Network; Matthew Kushner, President and CEO, 3xLOGIC; AJ Frazier, Vice President, Sales for the Americas, Agent Vi; Mahesh Saptharishi, PhD, Chief Technology Officer, Senior Vice President, Avigilon The Hottest IT Skills in the Physical Security Space April 5, 2016 | 11:30 a.m. - 12:30 p.m. Presenters: Eric Yunag, President and CEO, Dakota Security Systems Inc.; Randy Gross, Chief Information Officer, CompTIA; Jerry Bowman, InfraGard National Board of Directors; David Sime, VP of Engineering and Delivery, Contava In addition, PSA Security Network will host four education sessions at the Connected Security Expo which will be co-located with ISC West. The Connected Security Expo @ ISC West is a conference led event where industry professionals will experience physical security from an IT security lens. IT security professionals will join physical security leaders from a wide range of industries to explore how physical security can help mitigate cyber threats and bridge the gap between security and IoT. The following sessions will be offered on April 6-7, 2016: Mitigating Cybersecurity Attacks on Physical Security Systems April 6, 2016 | 10:45 a.m. - 11:30 a.m. Presenter: Darnell Washington, President / Chief Executive Officer, SecureXperts Engaging the Board in Cyber Security April 6, 2016 | 3:30 p.m. – 4:15 p.m. Presenters: Bill Bozeman, President and CEO, PSA Security Network; Andrew Lanning, Co-Founder, Integrated Security Technologies; Wayne Smith, President, Tech Systems Inc.; Paul Cronin, Senior Vice President, Partner, Atrion How Effective is Your Incident Response Plan? April 7, 2016 | 2:30 p.m. – 3:15 p.m. Presenter: David Willson, Attorney/Cyber Consultant, Titan Info Security Group Cybersecurity: Three Steps to Counter External Attacks on Physical Security Systems April 7, 2016 | 3:30 p.m. – 4:15 p.m. Presenter: Rodney Thayer, Smithee, Spelvin, Agnew & Plinge, Inc.