Unformatted Attachment Preview
Alternate Final Project: Case Study
I. Alternate Project: Initial Note
This case study is designed for those who are unable to identify a suitable organization (as
defined in the Final Project description listed in the online classroom) within the geographic
proximity of their current residence or work and/or are unable to complete the site visits that
normally occur during the process for any security risk assessment. Those authorized to
complete this Alternate Final Project must employ their research skills fervently to learn as
much as possible about the site and the surrounding area. Interviews and discussions with
security executives about general security principles that might be applicable to the site under
review are encouraged. Those completing this project are also reminded to fully utilize the risk
management principles discussed in class along with the multitude reading resources.
II. Risk Assessment/Security and Safety Plan
Scenario: As a new aspiring professional with PLP Security Solutions, an upstart consulting
firm specializing in conducting risk assessments and developing effective management strategies
for mitigating threats and protecting assets from harm or loss, you have been assigned your first
project after completing your initial company orientation and on-the-job-training. You are
advised that PLP Security Solutions has contracted with the University of Maryland University
College (UMUC) to conduct risk assessments of their multiple facilities and operations that
include a security plan designed to effectively protect the institution’s assets, including any real
or personal property, tangible or intangible. Your specific assignment is to complete a risk
assessment and develop a security plan for the facility and operations at the UMUC Academic
Center at Largo, 1616 McCormick Drive, Largo, Maryland, 20774.
(http://www.umuc.edu/locations/regional/academic-center-at-largo.cfm)
The initial briefing you receive about the site is that UMUC purchased the 236,000 square-foot
building in 2008 and it is located in Prince George’s County, Maryland. The building has high
visibility since it is situated near major thoroughfares, including the Capital Beltway, Interstate
495, and is close to the Largo Town Center Metro station. The building is located on a 20-acre
site and houses classrooms, conference rooms, computer laboratories and servers, faculty and
supporting staff offices, financial aid offices, a Veterans office, a physical fitness room and
associated equipment, vending machines, study and lounge areas for students and staff, and
maintenance offices and storage. The property includes ample parking for faculty, staff,
students, and visitors. The property is large enough to accommodate the construction of another
good-sized building. Those entering the property in their vehicles to work, attend class, or
otherwise conduct business at the facility are not routinely subjected to any external security
checks prior to entering the building.
Although this is a good start, you know there is much more to know about the institution and its
current security operation and how effective it has been in protecting UMUC assets. Thorough,
independent research is the key component to the successful completion of this project. Students
are encouraged to begin their research using the URL listed above for the UMUC Academic
1
Center at Largo. From that site, students can access UMUC Safety and Security Policies,
UMUC Frequently Asked Security Questions, Emergency Preparedness, Police Coordination,
Health and Safety, Crime and Personal Safety, and Response Emergency Assessment Crisis
Team. The UMUC 2017 Annual Safety and Security Report should also be reviewed for
relevant information. It can be found at https://www.umuc.edu/documents/upload/annual-safetyand-security-report-2017.pdf. There are various UMUC and other online resources students
must employ to gather the information about the facility and its operation required to assess
physical and cyber security risks. One such source is the Facility Executive Magazine: Creating
Intelligent Buildings, located at https://facilityexecutive.com/. Students should consider
consulting with the UMUC Librarian for research assistance.
III. Project Background and Requirements: According to the Department of Homeland
Security, “risk management is the process for identifying, analyzing, and communicating risk
and accepting, avoiding, transferring, or controlling it to an acceptable level considering
associated costs and benefits of any actions taken” (DHS Risk Lexicon, September, 2010, p.
31). As result of your academic study at UMUC and your military and civilian work
experiences, you know that enterprise risk assessment and management are key job
responsibilities for security practitioners. More significantly, you recognize that assessing and
managing risk are actually critical competencies required of a security practitioner, such as
yourself, and proficiency in completing these tasks must be demonstrated consistently
throughout one’s security career to be fully successful as a bona fide security professional
(Enterprise Security Risks and Workforce Competencies: Findings from an Industry Roundtable
on Security Talent, Summer 2013, p. 8).
As a part of any risk management process, PLP Security Solutions requires you to employ your
knowledge, skills, and abilities in applying the risk assessment and management principles and
methodology outlined by ASIS International’s “General Security Risk Assessment Guideline,”
which includes the following: identifying all the assets requiring protection at the site you have
selected and “understanding” the organization you are evaluating; determining all the possible
criminal and non-criminal risk events confronting the organization; establishing the probability
and impact of loss risk events; identifying physical, procedural, and virtual security control
options for mitigating risks; assessing the feasibility of implementing those security options; and
conducting a cost-benefit analysis of the security options under consideration or specifically
recommended.
Within the context of protecting a client’s assets from harm or loss, PLP also expects you to
address the following general topics in the Risk Assessment/Security and Safety Plan:
Cyber/communications security
Workplace violence prevention and response, including active shooter threats
Crisis (emergency) management and response (natural disasters, fire, terrorism, lone wolf
attacks, etc.); business continuity planning
Employee selection, screening, rescreening (insider threats)
Physical plant intrusion (e.g., burglary)
Property damage, interior and exterior (e.g., vandalism, theft, etc.)
Personal security (e.g., assault, personal property loss/damage, robbery, etc.)
2
Information/records physical security
Litigation for inadequate security, including negligent hiring/supervision/retention, and
other legal issues unique to the site
OSHA safety standards potentially applicable at the site and violations
Training practices
Unethical business practices
Liaison activities with first responders, security professional organizations
Other security issues germane to the site.
These topics were discussed throughout the course of study and include, in broad terms, the
various risks to assets; security and safety control operating standards, guidelines, and
procedures; and management and operational issues and challenges confronting security
practitioners. You will incorporate into the Risk Assessment/Security and Safety Plan a succinct
discussion for each of the topics as they relate to the organization and the site under review.
PLP also expects that you include in the project “deliverable” (paper) specific recommendations
for enhancing security and protecting the organization’s assets from harm or loss. As the
consultant on site, you understand the client is entitled to the results of any and all analyses you
complete, along with a description of any necessary actions the client should consider in view of
your observations and findings.
Since this is your first project with PLP, you are keenly aware of the significant opportunity you
have for demonstrating your technical and analytic competence in assessing and managing risk
and applying the associated core principles. Moreover, the project also serves to establish your
literacy in other crucial areas of the security industry, including business and financial
management, written and oral communication skills, anticipatory and strategic planning,
decision-making, critical thinking, persuasive influencing, and maximizing others’ performance
(Security Industry Survey of Risks and Professional Competencies, Fall 2013, p. 9). For you, the
“bottom line” is to provide a credible, comprehensive product to the client and, at the same time,
show the PLP Security Solutions corporate executives that your skills, abilities, and work ethic
and product adds tremendous value to the PLP organization.
IV. Risk Assessment/Security and Safety Planning Instrument: Instructions for
Conducting Site Observations and Research
Note: Typically, PLP consultants would be expected to complete site visits during the day and
evening hours to gather the information required to complete this project. Because studentconsultants presented the supervisor-instructor bonafide challenges that prohibit them from
making site visits, none are required in this Alternate Final Project. Since consultants cannot
make personal, on-site observations at the facility, they must rely totally on their course
classroom resources and the thoroughness and capacity of their library and online research to:
Understand the organization and its facility, operations, and possible assets
Identify the various risk events possible and likely to occur at the site
Assess the impact or harm (criticality) that can result from those risk events
3
Develop feasible risk mitigation options that potentially include physical, procedural, and
logical security controls
Assess cost/benefit of recommended security enhancements.
PLP consultants are required to use the “Risk Assessment/Security and Safety Planning
Instrument” as a template or guide when conducting independent research to record the
following:
Research and observations in response to the survey questions and other information
required to be collected
Interviews and discussions with security or company executives about general security
procedures and processes (that might be applicable to the UMUC site), only if
arrangements can be made by the consultant
Drafts of any necessary diagrams that will be finalized and included in the final project
Completed research notes and accompanying draft references.
Note: PLP consultants may be unable to collect all the information listed on the planning
instrument for a number of reasons. This is particularly true when site visits cannot be made
and/or interviews with security officials are not conducted. However, with thorough research,
along with the review and application of the concepts, principles, and standards presented in all
the online educational resources listed in the classroom, PLP consultants will be able to gather
and record sufficient information to successfully complete this project. Consultants may
disregard any reference in the planning instrument to onsite visit dates and site security
representative names and contact numbers.
Refer to the instructions for completing the “Risk Assessment/Security and Safety Planning
Instrument” for additional information and guidance for this project. This document will be
maintained as a “work paper” and submitted to the supervisor as described below.
V. Writing Assignment Requirements: PLP consultants will write a Risk
Assessment/Security and Safety Plan primarily based on their general and specific research
conducted about the UMUC Academic Center at Largo. This includes interviews and
discussions with security or other organization executives consultants might be able to obtain
that focus on general and security procedures and processes.
The paper will total between 1,700 (minimum) to 2,500 (maximum) words (about 7-10 pages,
not including the title page, abstract, reference page, or attachments depicting photographs and
diagrams). Consultants must select Microsoft Word’s Tools >Word Count to confirm
conformity with word count requirements.
Consultants are required to systematically apply the risk management principles and processes
discussed throughout the course and as discussed above. Consultants will also ensure:
4
The Risk Assessment/Security and Safety Plan includes a strong introductory section at
the beginning that thoroughly explains the purpose of the document and incorporates a
brief summary of the facility under review (organization name, address, building
description, business and/or purpose of building, hours/days of operation, etc.). Included
in the introductory section should be a brief overview of security issues that will be
addressed in the security plan. You should review the project description to complete
this section. The loss prevention measures and security controls currently in place must
be described based on your research.
Include in a section of the paper a brief discussion of the risk management methodology
used to rank order or quantify security risks to ascertain the most serious risks based on
the probability of occurrence and impact (e.g. very likely to occur, extreme impact),
requiring the organization’s urgent action and those less critical and/or less likely to
occur that may be addressed later. Note: To enhance the presentation of the risk
assessment findings, consultants will devise and present a criticality/probability matrix
for all identified risks.
The general topic areas previously described are discussed in the Risk
Assessment/Security and Safety Plan as they relate to the organization and the site under
review.
Based on the results of the risk assessment, consultants will identify and detail security
vulnerability areas in the paper and provide recommendations for security improvement
by initiating and/or updating specific physical, procedural, and virtual controls,
contingency procedures for emergencies or other non-criminal and criminal risk events,
along with any policy revisions required to enhance the organization’s overall security
apparatus.
VI. Format and Related Requirements: Consultants will include a minimum of four (4)
attachments of photographs or sketches capturing security concerns or general references in the
Risk Assessment/Security and Safety Plan. Do not incorporate these attachments into the
narrative of the paper. Locate them after the last page of the narrative, before REFERENCES,
and be sure to number them so you can effectively refer to them in your narrative. When doing
so, be sure to provide a cogent explanation of the attachments. Also be sure to provide citations
for each of the photos and sketches. Note: Attachments and the descriptive information listed on
them are not included in the project word count constraints.
Other requirements include:
References must include at least three (3) external (not class instructional material)
scholarly sources. Support the points made in the report. Refer to the following UMUC
link for information about scholarly sources:
http://sites.umuc.edu/library/libhow/articles.cfm .
No directly quoted material may be used in this project paper. Resources should be
summarized or paraphrased with appropriate in-text and Resource page citations.
Paper must be a Word document, double-spaced, 12 pt. font, 1” margins.
American Psychology Association (APA) in-text citations for all sources must be used.
5
Reference page titled References using APA format guidelines must be included (not
included in word count).
DON’T for get to follow APA format and place page numbers on the deliverable.
A cover page for the assignment that includes name, course title and number, project title,
and date of submission must be included (not included in word count). No other
information or drawings or designs are permitted.
VII. Submission Requirements: Consultants will submit the “Risk Assessment/Security and
Safety Plan” with the listed attachments (Photos and/or Sketches). Additionally, as a separate
document, consultants will submit the “Risk Assessment/Security and Safety Planning
Instrument” (work product), complete with responses (which may be handwritten) to the
questions and other information required. Both documents must be submitted separately to the
Assignments Folder by the designated due date.
VIII. Project Grading Rubric Review: Consultants are encouraged to closely review the
grading rubric used to assess performance on the final project before planning, writing, and
submitting the paper. The initial element of the rubric relates to the submission of the planning
instrument and its degree and quality of responsiveness to the requirements. The rubric elements
then evaluate the diligence demonstrated in conforming to the requirements for completing the
introduction and stated purpose of the paper, the level of responsiveness in addressing the
general topics listed in the project description, and the levels of conformity with grammar and
format standards. Several rubric elements assess your ability in applying the various risk
assessment and management core principles.
Revised March 23, 2020
6