Security Vulnerability Assessment

Similar documents
October Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries, Second Edition

DEVELOPMENT OF A RISK ASSESSMENT PROGRAM AGAINST TERRORISM IN REPUBLIC KOREA

Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries. May 2003

Oil & Gas Industry Towards Global Security. A Holistic Security Risk Management Approach.

MAJOR PROJECTS CONSTRUCTION SAFETY STANDARD HS-09 Revision 0

National Infrastructure Protection Center

Security Guidelines. for the Petroleum Industry. Third Edition. Petroleum Refineries. Liquid Petroleum Pipelines

Oil and Gas Industry A Comprehensive Security Risk Management Approach.

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

Support across the value chain. Expertise for Offshore Renewables Projects. rpsgroup.com/downstream

Crisis Prevention and Response Services. NYA International. Crisis Prevention and Response Services. Crisis Prevention and Response Services

INTELLIGENCE. RISK MITIGATION. RESPONSE. CONSULTANCY.

Cyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity

Cyber Risk to Help Shape Industry Trends in 2014

Enabling Mission Success

LNG and Petrochemical Security Risk Assessment and Management

Subject: Critical Infrastructure Identification, Prioritization, and Protection

Ten Tips for Completing a Site Security Plan

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

December 17, 2003 Homeland Security Presidential Directive/Hspd-7

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

Terrorist Protection Planning Using a Relative Risk Reduction Approach*

How To Write A Book On Risk Management

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v

FREQUENTLY ASKED QUESTIONS

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

GAO. Information Security Risk Assessment Practices of Leading Organizations. Accounting and Information Management Division

Cyber security Building confidence in your digital future

CYBER SECURITY, A GROWING CIO PRIORITY

Address C-level Cybersecurity issues to enable and secure Digital transformation

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014

AT A HEARING ENTITLED THREATS TO THE HOMELAND

PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM

Industrial Control Systems Security Guide

CLOUD MANAGED SERVICES FRAMEWORK E-BOOK

PHYSICAL SECURITY. A Primer and a Story of Why it s Necessary

Risk Management Handbook

Cyber security: it s not just about technology

ICBA Summary of FFIEC Cybersecurity Assessment Tool

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk

APICS INSIGHTS AND INNOVATIONS SUPPLY CHAIN RISK CHALLENGES AND PRACTICES

Appendix A: Gap Analysis Spreadsheet. Competency and Skill List. Critical Thinking

Fundamentals of Energy Infrastructure Security: Risk Mitigation in the International Environment

Below are the module descriptions for all modules currently taught on our BA (Hons) Accounting and Finance course.

Internet Safety and Security: Strategies for Building an Internet Safety Wall

U.S. DoD Physical Security Market

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

SECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGY

SECURITY SERVICES GROUP

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

A Guide to the Cyber Essentials Scheme

FFIEC Cybersecurity Assessment Tool

Oil Spill Emergency Response. Oil Spill Emergency

m a s t e r o f s c i e n c e i n

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au

Integrated Risk Management Solutions

Optimizing Network Vulnerability

Cyber security: Are consumer companies up to the challenge?

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide

Cyber Security for audit committees

Cyber Information-Sharing Models: An Overview

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

Strategic Risk Management for School Board Trustees

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

CENTRE FOR STRATEGIC CYBERSPACE + SECURITY SCIENCE LEADERSHIP. RESEARCH. DEFENCE.

SCREENING FACILITIES FOR CYBER SECURITY RISK ANALYSIS. by Paul Baybutt Primatech Inc

Human mobility and displacement tracking

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

OVERVIEW OF THE ADMINISTRATION S FY 2005 REQUEST FOR HOMELAND SECURITY By Steven M. Kosiak

CENTRALIZED CONTROL CENTERS FOR THE OIL & GAS INDUSTRY A detailed analysis on Business challenges and Technical adoption.

SURVEY REPORT SPON. Identifying Critical Gaps in Database Security. Published April An Osterman Research Survey Report.

Frost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends

Development of An Analysis Tool For Performing Civil Aviation Security Risk Assessment

IT Insights. Managing Third Party Technology Risk

SECURITY / INTELLIGENCE / CONSULTING

Cybersecurity in the maritime and offshore industry

Obtaining Enterprise Cybersituational

CONSULTING IMAGE PLACEHOLDER

Transcription:

Security Vulnerability Assessment Deter, Detect, Delay, Respond the elements for minimizing your operational risk. A detailed SVA assists you to understand how best to do so.

Security Vulnerability Assessment The SVA methodology, when combined with our team of seasoned professionals, is the best risk-reduction approach available. In today s business environment, any impact to operations poses wide ranging consequences. A proper SVA will help companies understand their vulnerabilities and allow them to apply critical resources to help mitigate those risks. OSSI is pleased to offer a package service providing Security Vulnerability Assessments and related consultancy services to clients around the world. Our trained professionals have the experience and knowledge to assist in helping our clients better understand and protect against facility and process risks, as part of their organizational safety management system.

The Security Vulnerability Assessment A Security Vulnerability Assessment ( SVA ) is the identification and analysis of facility and/or operational vulnerabilities and threats. A systematic process, it analyses high-risk scenarios, characterizes the threat, and attempts to reduce the risk through the application of effective countermeasures. A quality SVA will determine the highest vulnerabilities, how successfully an adversary could exploit these vulnerabilities, and the resulting damage due to an attack. The client can then utilize this to make a determination on how best to protect against these attacks given the risk/reward scenarios. Types of Facilities OSSI Covers OSSI can provide SVAs for our clients across many industries. Whether your company owns oil refineries in Africa, mining operations in South America, construction projects in Afghanistan or terminal operations in Europe, OSSI s tailored SVA teams are uniquely qualified to assess and identify potential vulnerabilities. Based on that assessment, we will then suggest the best approach to mitigate against these scenarios. SVA Team Composition We have a team of trained SVA assessors with experience on military, government, and commercial facilities in high-threat areas throughout the world. Our team members have experience in military, maritime security, terminal and refining operations, construction engineering, and logistics activities. Methodology Step 1 Asset Characterization Step 2 Threat Assessment Step 3 Vulnerability Analysis Step 4 Risk Assessment Step 5 Countermeasures Analysis Upon completion of the SVA, OSSI will continue to assist the client with integrating new countermeasures into their overall operational processes. 2

Security Vulnerability Assessment Background Complete risk avoidance, while preferred, is very rarely achievable. We simply cannot establish operations within a bubble and expect to function properly. It is even more difficult when taking into account the complex operations and unique locations of our clients. As such, facilities, personnel, and operations are vulnerable to any number of threats, including geo-political tensions, environmental hazards, criminal activity, and terrorism. Today s business environment demands that leaders have a clear understanding of their operational environment and take the necessary steps to minimize any damage that might occur. The practice of identifying physical vulnerabilities is not new. Security managers have long placed emphasis on facility physical security while targeting perimeter security, material/equipment pilferage, equipment functionality, etc. But vulnerabilities are not just confined to the physical facilities and operational processes. With the increased reliance on automated equipment, IT professionals have diligently worked to keep systems fully operational and free from unauthorized access. HSE professionals continue to strive to foster safe work environments benefiting both their employees and the local communities. Given these numerous threats to companies today, the SVA methodology is focused on bringing all stakeholders together and forming a multidisciplinary team to identify and assess the operational environment. In general, this team identifies critical assets (human, physical, intellectual property, etc.), assigns a rank to each based on the risk potential verses consequences, and makes recommendations on how best to minimize against these consequences. Applications At the most basic level, any good risk assessment will attempt to minimize risk through deterrence, detection, delay, and response. The SVA takes these strategies and looks to apply them in a way that best utilizes the available resources. The SVA is designed with a methodology that can be tailored to numerous industries and specific segments within those industries. With respect to the petroleum and gas industry, OSSI can provide assessments for marine terminal operations, refineries, tank farms, pipelines, exploratory operations, transportation, and construction. 3

Assessment Team Our assessment team consists of seasoned security and industry specialists. The typical team will be composed of the following: 1. Team Leader has a clear understanding of the SVA approach and methodology with experience from performing many assessments across a number of industries. 2. Security Specialist fully knowledgeable on proper facility security methods, systems, and procedures. Typically will have a military/anti-terrorism background with unique knowledge of terrorism, weapons, insurgency/ guerilla warfare, and countermeasures. Able to utilize current industry practices to decrease threat risks and minimize damage. 3. Safety Representative fully knowledgeable on HSE requirements; including process hazards, safety procedures, methods, and systems. 4. Design Engineer (Petroleum/Gas or Construction) provides insight and guidance on the proper engineered design work incorporating the latest HSSE procedures into new facilities or existing facility updates. 5. Cyber Security / Technology Specialist (as required) knowledgeable on current cyber security practices and technologies. 4

Quantitative Analysis The importance of conducting a proper SVA can be boiled down to its core it presents a clear and concise determination of the likelihood of an adversary successfully exploiting a particular vulnerability, the impact of such an attack, and the best methods for decreasing both an attack s success and impact. It is a qualitative tool that presents to the organization the necessary information required to make key decisions. The team-based approach takes into account different experiences and skill-sets to provide a detailed synopsis of areas requiring additional emphasis. In doing so, it makes recommendations for general improvements across the facility/process while more specific security measures can be directed at those vulnerabilities that, as a result of attack likelihood or consequence, present the greatest needs. Key steps of the SVA are: 1. Asset Characterization a. Critical asset and infrastructure identification b. Current countermeasure evaluation c. Consequence impact evaluation 2. Threat Assessment a. Adversary identification b. Adversary characterization c. Target attractiveness determination 3. Vulnerability Analysis a. Scenario determination and consequence evaluation b. Existing security measures evaluation c. Vulnerability identification and rating 4. Risk Assessment a. Attack likelihood estimation b. Risk evaluation and need for additional countermeasures 5. Countermeasures Analysis a. Countermeasure options identification/evaluation b. Countermeasure prioritization The above methodology is a risk/performance-based approach. It is also only a snapshot in time and we recommend continuous improvement built upon the baseline assessment. 5

ABOUT US Overseas Security & Strategic Information, Inc. ( OSSI ) is an international security company providing risk mitigation, intelligence, and physical security services to multinational corporations, governments, aid organizations and private individuals. Operating throughout the world on security and logistics projects for over a decade, we offer a dynamic and responsive security partner, allowing our clients to best achieve their objectives. To date, OSSI has served our clients in 22 countries across Asia, Africa, South America, North America, Europe and the Middle East. International Experience OSSI has provided security services globally since 2000. Throughout our years of operation, our cadre of experienced, culturally adept professionals have refined and improved their techniques and procedures to ensure that we provide the most contemporary approach to operate in any environment. We have built exceptional capabilities to operate in the United States, Middle East, South Asia, Africa and South America, and have experience in Europe and Asia. We believe in engaging the local community to build regional partnerships to augment our operational capabilities and national connections. Security Professionals OSSI distinguishes itself from other security providers by employing the highest caliber security management personnel. Our seasoned professionals are experienced, mature operators and have generally worked with OSSI for multiple years. Our people tend to be pragmatic, low profile and responsive, and they strive to facilitate our clients operations in a calm and controlled manner. At the same time, they have the experience, operational knowledge and capability to take control of the situation, should a security incident occur. Social Responsibility OSSI prides itself on maintaining a sensitive cultural awareness and Code of Conduct to ensure that we reflect a positive image on both OSSI and our clients operations. Our personnel have extensive experience working remotely in a variety of foreign countries, collaborating and integrating with the local community to facilitate our operations in an appropriate and respectful manner, while at all times remaining acutely aware of regional security threats. OSSI is a founding signatory of the Swiss Government initiated International Code of Conduct for Private Security Service Providers and a member of the International Stability Operations Association. 6

Overseas Security and Strategic Information, Inc. PO Box 370488, Miami, FL 33137 USA tel: +1 (305) 576-4288 www.ossiinc.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information