Running head: RISK AND THREAT ASSESSMENT
Risk and Threat Assessment
David J Heininger
SEC/481
February 26,2018
Mr. Raymond Brown
1
RISK AND THREAT ASSESSMENT
2
Risk and Threat Assessment
Triad is ship repair facility that contracts with the Department of the Navy to repair, design, and
construct Heat Exchangers on board U.S. Naval Ships and Commercial Ships. Triad has a duty to
its customers and employees to ensure their facility is secured efficiently adequately. Through
risk and threat assessment, the company can identify risks and vulnerabilities to assets and
exactly what measures are currently in place for protection. The identified weaknesses in the
system will allow the company to plan for the future and build a relevant security network meant
to protect its future.
ORGANIZATIONAL OVERVIEW
As a design, repair, and construction facility for heat exchangers, Triad began exploring
opportunities within the Hampton Roads area of Virginia which is home to America's most
significant Naval Base. The facility in Norfolk located in an industrial park within 10 minutes of
the four naval bases stationed in Hampton Roads, Va. In August 1997, Triad invested $10m to
outfit the new 90,000ft² facility and signed a long-term lease for the building. The company has
expanded operations since coming online and conducts twenty-four-hour operations with
personnel at the facility. With a new risk and threat assessment survey completed covering all
current equipment, personnel, capabilities, and security measures in use at the time.
Triad is a leading company focusing on the design, repair, and construction of heat exchangers.
Triad specializes in the design, manufacturing of parts and assembly of original equipment
manufacturer (OEM) and new design models and components. With about 200 employees, Triad
repair and design operations revolve around producing a quality product to help our Navy
operate globally with ease to execute their mission successfully.
RISK AND THREAT ASSESSMENT
3
The immediate vicinity surrounding the facility is home to lower income housing and another
medium to large scale production operations. Labor demands within the facility range from
highly skilled technical operators to more menial tasks focused on cleaning and inventorying
material. The company sources these employees through nonunion means with direct hiring
through Human Resources and temporary labor through a local provider. As a higher than the
minimum wage paying facility the company enjoys a better than average retention rate among
hourly employees and is, therefore, able to remain selective in its hiring process.
With local crime, which includes gang activity synonymous with the region, being high, the onus
falls on companies in the area to protect their facilities. Recent instances of crime in the area that
have affected the company itself include equipment theft, including pallets and motors, and
vandalism to the exterior fencing and walls around the shipping area of the building.
FACILITY
The facility itself is a massive stand-alone building with entrances and exits on each side of the
building. Along the eastern, front, or Church Street-facing side of the building are two tractortrailer receiving doors, three self-locking man doors with controlled fob style access along fence
and a vehicle gate for access to the shipping and boiler areas. The organization has three separate
man doors using traditional locks, boiler equipment and office area, five tractor-trailer load-out
shipping doors and small garage area with a roll-up door for storage of unused parts and
materials. This edge of the facility connects to the vehicle entry gate that is a six-foot tall fence.
The interior of the building is maintained to sound industrial production standards by a twoperson team dedicated to facilities engineering and maintenance. Additionally, they maintain
relationships with local regulatory agencies to ensure compliance with electrical, chemical, pest
and fire control services. The company uses an overlapping fire alarm and sprinkler system
RISK AND THREAT ASSESSMENT
4
designed to extinguish flames and prevent loss of life and property. The fire extinguisher
program includes adequately spaced extinguishers and yearly familiarization training with all
company employees. Emergency drills for fire and gas occur on an annual basis.
Additionally, inside the structure is two, single buildings meant for offices and storage. The
operations office contains a six-cubicle workstation, male and female bathrooms, an employee
break room and parts storage on the ground floor. The one half of the floor is a dedicated parts
and supplies room.
The front office structure's houses offices for and human resource manager's office as well as a
small reception area staffed by an administrative assistant. The other half portion includes two
conference rooms, female and male restrooms and locker rooms as well as access to the roof and
electrical equipment. Access to the roof is strictly controlled and is available by only one key.
ASSESSMENT
It is essential to maintain strong working relationships neighboring businesses to ensure a
collective approach to general security and wellbeing. As each company in a given area will see
a similar vulnerability risk, it is increasingly important to develop and foster relationships with
those that share the same environment. This communication can help each entity build an
interlocking set of protocols meant to protect the viability of the business community through
good times and bad. Even within the grasps of high crime area, the vulnerability of an entire
industrial neighborhood may be affected positively or negatively based on the overall
community-based relationships in place. The security representative currently meets with other
safety and security personnel at a bi-annual meeting hosted by the City and Police Department.
Personnel within an organization are sometimes an undervalued segment and one that requires
the most protection at all times. Allowing for a safe and secure workspace that fosters
RISK AND THREAT ASSESSMENT
5
productivity should be the result of any management process in a successful organization, it
should be a stated goal of the company to maintain a safe working environment at all times.
A significant portion of the security system that is in place and functioning revolves around the
company's ability to make sound hiring decisions. All new and existing employees are subject to
random drug screens in addition to initial security check for government clearance, and renewal
background checks every 5 to 10 years depending on the level of clearance. Each of these
measures ensures regulatory compliance. Finally, all employees receive initial and annual
instruction on all company policies and procedures in place providing that everyone is on the
same page.
VULNERABILITIES
The core concept of physical security, in this case, is to protect the plant from intrusion by
unauthorized entities. Physical security is concerned with physical measures designed to
safeguard personnel; to prevent unauthorized access to equipment, installations, material, and
documents; and to preserve them against espionage, sabotage, damage, and theft. To adequately
protect those assets requires a foundation of principals and planning to control access within the
constructs of a cost-conscious system effectively. The focus of the security framework will be on
the organizational ability to detect delay and respond to threats. The three areas lay the
foundation of the security network that will protect the organization.
SECURITY SYSTEM
The Layered Security is security measures increase the closer to the most valuable asset.
Perimeter security in place as a simple border fence creates a barrier around the entire exterior of
the property. During nighttime operations, there are lights illuminating the perimeter as most in
place is for the convenience of using the parking lot. External security is dependent mainly on
RISK AND THREAT ASSESSMENT
6
controlling access to the building to the three front-facing man doors that used the key fob access
system. Once inside the building, there are once again small security measures in place as of this
survey. All doors inside are self-locking and require an assigned key for entry while front office
areas to include human resources are part of the same key fob restricted access system in use on
the front facing doors.
TECHNOLOGICAL THREATS
The company holds secure and classified information on its more extensive network the
particular design specifications of heat exchangers and specific material along with operating
temperatures and pressures. In the course of production and logistical operations, the company
uses logistical software operating system that combines many facets of production into one
particular and user-friendly interface. The overall vulnerabilities in the current construct of the
network come via an aging software infrastructure and the threat of data leakage or corporate
espionage that could result in the loss of proprietary information.
On the servers of the current system, precisely at the facility, a user with proper access could
have access all information on available on the network. From a human resources perspective,
this includes all company progressive discipline and payroll files that are hidden in a folder and
protected by a simple password. Accounting and budgetary files, on the other hand, are relegated
to user-specific access certifications in addition to a regularly changed password changed, and
tracking all access and or logged.
This particular facility requires both hard-wired and Wi-Fi for all users of the system in any
department. A common practice within the facility is to move freely throughout the property
with a laptop in hand to facilitate management-level multi-tasking. Customers to the facility can
use a password protected non-secure Wi-Fi network that allows access to email and will also
RISK AND THREAT ASSESSMENT
7
support a 3rd party Virtual Private Network (VPN). With the relatively small workforce covering
organization and it is equally important that employees outside company proved network access
controls remotely log in with a VPN of their own. As it currently states each user or facility must
be specially wired into the grid for any access to be granted.
The overall digital network that the information system now sits on is aging from both software
and hardware perspective. The company must protect its information from outside sources as
well as from those granted physical access to the plant. A large threat to all parties involved
comes by way of data leakage or employee theft from those unengaged participants under the
security policy.
CRIME AND CRIMINOLOGY
The focus on crime when conducting a risk assessment is one that could potentially make or
break an organization from the onset. In a community like Hampton Roads, VA specifically in
the area, this operation is taking place the influence of crime is a real threat. To be successful in
the long run and maintain an ability to retain skilled workers the plant will need to enact
measures meant to promote a safe and secure working environment. As a trusted supplier of
natural and organic products to consumers, it is essential that the company maintains an image as
an active participant in the betterment of the community at large. Focusing on ways to reduce or
mitigate the damage seen from crime in the area is a substantial step in that direction.
NATIONAL AND GLOBAL ISSUES
Within a global society comes a system that is, for better or worse, dependent on outside entities
to deliver their logistical needs. Even in the case of a vertically integrated company that provides
on all logistical needs in-house, there comes reliance on the outside. That would be in the general
upkeep and usability of transportation mediums, road, rail, air and or sea, to deliver goods and
RISK AND THREAT ASSESSMENT
8
services to the end consumer. The general vulnerability of each medium to outside influence
directly affects the company that would otherwise rely on them to provide products and services
efficiently to maintain the overall bottom line. The company, in this case, is highly reliant on the
ability of others outside their control to keep and ensure their usability. Therefore, the potential
to be vulnerable to outside influences in the case is quite high.
As with natural threats, each organization is widely susceptible to, or a product of the
environment that they call home. In regards to socio-economic and criminal activity, it is ever
important to consider the physical location of company facilities and how the neighboring
business and the general community interact. Many companies will enter into contractual
agreements for land and facility use based on the availability of workforce and direct cost to the
bottom line. In the case of the Hampton Roads Area, VA this mostly industrial area comes with
relatively cheap rent, flood susceptibility, and high crime. The neighboring communities,
bordering the industrial developments and municipal airport, are regarded as the poorest in town
and are known for higher than average gang and criminal activity.
Through this assessment of current risks, threats, and vulnerabilities, Triad can move forward in
the security planning process. As a member of the business and local community, the company is
a team player interested in a safe working environment for all employees.
RISK AND THREAT ASSESSMENT
9
REFERENCE
https://www.fema.gov/pdf/plan/prevent/rms/428/fema428_ch1.pdf
https://www.dhs.gov/sites/default/files/publications/ISC-Facility-Security-Plan-Guide2015-508.pdf
https://www.cdse.edu/documents/student-guides/risk-management.pdf
Grading Guide: Organizational Behavior and
Management Design
SEC481 rev.2/2017
Grading Guide
Organizational Behavior and Management Design
This assignment is due in Week Four.
Content
60 Percent
Points Earned
7/
Resource: Risk and Threat Assessment from Week One
Comments:
Write a 1,750- to 2,100-word paper in which you apply the
concepts of organizational behavior and management in designing
an organizational security plan. Response should be addressed
for the SECURITY department, not the larger business or
organization. Your design should be consistent with
organizational behavior and management theory and practices
and include:
•
•
•
•
•
•
•
•
•
A mission
Vision
Goals
Philosophy
Code of ethics
Structure
Staffing needs
Roles and responsibilities of personnel
Applicable discussion of leadership, processes,
communication, and organizational behavior
Format your assignment consistent with APA guidelines.
Click the Assignment Files tab to submit your assignment.
Organization and Development
20 Percent
Points Earned
2.5/
•
•
Comments:
•
•
•
The paper is 1,750 to 2,100 words in length.
The paper is clear and organized; major points are supported by
details, examples, or analysis.
The tone aligns with the assignment’s purpose and is geared
towards the appropriate audience.
The paper provides relevant background on the topic and uses
visual aids appropriately and effectively.
The paper is logical, flows, and reviews the major points.
Mechanics and Format
20 Percent
Points Earned
2.5/
•
•
Comments:
The assignment file is presentable and functional.
Rules of grammar, usage, and punctuation are followed; spelling
Copyright © 2012 by University of Phoenix. All rights reserved.
1
Grading Guide: Organizational Behavior and
Management Design
SEC481 rev.2/2017
•
is correct.
The paper—including the title page, reference page, tables, and
any appendixes—is consistent with APA guidelines. Intellectual
property is recognized with in-text citations and references.
Total Percent
X%
Total Earned
12/X
Additional Comments:
Copyright © 2012 by University of Phoenix. All rights reserved.
2
Purchase answer to see full
attachment