(ASSIGNMENT TEMPLATE – ENGLISH VERSION)
FACULTY OF SCIENCE AND TECHNOLOGY
JANUARY / 2012
XBST2103
Basic Security Management
MATRICULATION NO
:
IDENTITY CARD NO.
:
TELEPHONE NO.
:
E-MAIL
:
LEARNING CENTRE
:
(COVER PAGE)
Basic Security Management | XBST2103
Table of Contents 1) Overview ..................................................................................................................... 2 2) The role of security in an organization ........................................................................ 2 i. Protect people ............................................................................................................ 2 ii. Protect asset ............................................................................................................... 3 iii. Protect information .................................................................................................... 3 iv. Protect reputation....................................................................................................... 4 3) Differences between the traditional and modern security operations management .... 5 4) Advantages and disadvantages of traditional and modern security operations management ........................................................................................................................ 6 i. Advantages of traditional security operations management ...................................... 6 ii. Disadvantages of traditional security operations management ................................. 7 iii. Advantages of modern security management ............................................................ 7 iv. Disadvantages of modern security management ....................................................... 7 5) Recommendations for the organization ....................................................................... 7 i. Organization background .......................................................................................... 7 ii. Security risk assessment ............................................................................................ 8 iii. Recommendation for improvement ........................................................................... 9 6) Conclusion ................................................................................................................... 9 7) References ................................................................................................................. 10
1
Basic Security Management | XBST2103
1)
Overview
Management is a process of planning, leading, organizing and control of resources to achieve objective effectively and efficiently while security is activity to protect something from threat. Managing of security operation is very crucial present day due to increasing of threat in so many forms to people, asset, information or the reputation of organization.
2)
The role of security in an organization
Below are the basic roles of security in an organization:
i. Protect people
Organization consists of people - the owner or employer and the staff or worker. These are people who involve with the organization activities. Thus it is important to ensure that all these people feel secure. The unsecure feeling can affect the effectiveness of the overall operation and also can cause people leaving the organization. It will be a big loss to organization when a competence member left.
Besides protecting people in the organization, security also has to protect other people that have relationship with the organization either directly or indirectly. The protection level to people outside the organization is depends on the organization policy. Generally, it is more relevant to visitor to the organization’s premises such as supplier, customer or sometimes the government servant.
Some of threats to people are robbery, assaulting and harassment.
2
Basic Security Management | XBST2103
Figure 2-1 Source: sxc.hu
Figure 2-2 Source:
Figure 2-3 Source:
camporealelaw.com
visualphotos.com
ii. Protect asset
Assets are the organization property either in tangible form or intangible form. Tangible form of asset is physical properties such as cash, building, equipment, vehicles and so on while intellectual property is one of the examples of intangible property.
Figure 2-4 Source: www.dreamstime.com Security needs to ensure all the property is safe from threat such as stolen, vandalism or even disaster.
iii. Protect information
Most of the organization has important and confidential data or records that need to be kept concealed from unauthorized party. Example is the business strategy or secret formulation which must be kept secure especially from the competitor. Besides protecting 3
Basic Security Management | XBST2103
the classified information from unauthorized party, security also has to ensure the information in not lost or damaged.
Figure 2-5 Source: infosecurityacademy.com
iv. Protect reputation
Reputation is the image of the organization. This is important factor in competing in the global business. A hundred years of brand can collapse with a simple mistake. Thus protecting the organization’s reputation is one of crucial role of the security. Example of threat to the organization’s reputation is misbehavior of employee with client and also the spreading of fake information or rumors.
4
Basic Security Management | XBST2103
Figure 2-6 Source: mohamedbhimji.com
3)
Differences between the traditional and modern security operations management
The most significant differences between traditional and modern security is in the aspect of technology. The vast development in technology enables a lot of invention for security sector such as closed-circuit television (CCTV) for surveillance and biometric recognition for identification. With CCTV and remote communication gadget, the security personnel have no longer to be face to face with visitor. It can be done from control room.
5
Basic Security Management | XBST2103
Figure 3-1 Surveillance Cameras
Figure 3-2 Modern Control Room
(Source: freefoto.com)
(Source: digital-slrcameras.info)
In the past, security was not an important division in an organization. The security office was very poor condition since the division has very limited budgetary and there were no security position at the higher level management in the organization. Due to the increase of threat and the perception change on the significant of security to reduce further loss to the organization, the security operation management also has gone through a transition. At present, security division has becoming an important division of the organization and the security office has no longer at the backyard or basement of the facility. With security person at the higher level of management who reports directly to the top management, better decision making on security budgetary can be achieved.
In the past, education level of security is not crucial since the security system was more to the physical requirements. At present, new technology and new threats requires higher level or competency of security personnel. The old requirement, recruitment and training programme are no longer suitable. More educated persons are joining security to fill up certain special function.
4)
Advantages and disadvantages of traditional and modern security operations management
i. Advantages of traditional security operations management
6
Basic Security Management | XBST2103
Since traditional security operations are more to physical system, the advantage is less training required and can be considered as less investment.
ii. Disadvantages of traditional security operations management
Traditional security operations may not able to prevent the new threat. Technology not only improves security but also increase threat. For example, criminal also
iii. Advantages of modern security management
New technology allowing more tasks can be done effectively and efficiently. Monitoring process become easier and also contribute to evidence recording such as recording from the closed-circuit television (CCTV). Besides, the modern security management system has adopting periodical assessment of the threat level such as audit program. This allows the discovery of new potential threats and preventive action plan can be prepare.
iv. Disadvantages of modern security management
Investing in technology for security purposes could be quite high. Thus it is important to do security risk assessment to identify the risk level before deciding to invest in technology. The investment is not only on the equipment, but also inclusive of training to the available personnel and also to hirer specialties.
No system is 100% secure. Relying 100% on any technology is actually a risk too. For example, in a plant that has CCTV installed, the security personnel or the owner may make assumption that there will be no violation happened. In-fact, CCTV is not prevention equipment. 5)
Recommendations for the organization
i. Organization background 7
Basic Security Management | XBST2103
Nippon Oxygen Sdn. Bhd. (NOSB) is manufacture of industrial gases such as oxygen, nitrogen and carbon dioxide. These products are sold in bulk, delivered to customers through bulk tankers. Besides the bulk products, NOSB also trade specialty gases in form of compressed gas in cylinder. This specialty gases are imported from Singapore. Most of the specialty gases are hazardous types.
Headquarter is located at Shah Alam, Selangor which consists of main office and warehouses. Headquarter handles most of the administration processes and logistics. Basically headquarter will handle all customers in Kelang Valley to the south of Peninsular. For customers located at north Peninsular, there are small warehouse located at Bukit Minyak, Penang. While at east coast, there are manufacturing plants located at Kemaman, Terengganu and Gebeng, Pahang.
All NOSB office, warehouse and manufacturing plants are located either within customer’s or supplier’s territory. The manufacturing plant in Kemaman is built within Perwaja Steel Sdn. Bhd. (PSSB) area. This is because besides producing for bulk selling, the main business is actually to supply the gases directly to PSSB through pipeline. Another manufacturing plant at Gebeng is located within Petronas BASF area where NOSB recovering carbon dioxide from their waste. While headquarter and warehouse at Bukit Minyak are located in customer premises.
ii. Security risk assessment
In order to give any recommendation to improve the security operation, security risk analysis should be conducted. This is to justify whether the recommendation is relevant and significant.
Reviewing the overall NOSB operation, safety risk analysis has summarized below threats exist: 8
Basic Security Management | XBST2103
No 1
2
3
Threat (T) Bad behaviour of staff. Never happened before. (Low)(2) Loss of parts on road tanker. A case of stolen battery. (High)(4) Entertainment or gifts from contractor/ supplier. Reported there were contractor giving “angpow”. Few occasions of breakdown in past year. (Very High)(4)
Impact (I) Reputation (Very high) (5) Tanker breakdown. Miss a delivery. (High)(4)
Vulnerability (V) No clear written policy (High)(4) Road tanker are exposed to the threat during parking at public area at night (High)(4)
Staff did not take care of equipment - breakdown. Impact major delivery.
No clear written policy
(High)(4)
(High)(4)
Risk Level (T x I x V)
Lower (1), Low (2), Medium (3), High (4), Higher (5)
40
64
64
< 40 = Low ≥ 40 = High
iii. Recommendation for improvement
6)
Conclusion
Basically, there is no clear time border to differentiate between traditional era and modern era of security management. In fact, some of the so-called traditional ways of security still being practices in some organization such as dog unit and watch tower.
Figure 6-1 Source: cricf.com 9
Basic Security Management | XBST2103
7)
References
ASIS International Guidelines Commission. (2003). General Security Risk Assessment. Virginia: ASIS International.
C & A Security Risk Analysis Group. (2005). Introduction to Risk Analysis. Retrieved from The Security Risk Analysis Directory: http://www.security-risk-analysis.com
Diwan, P. (2010). XBST2103 Basic Security Management. Seri Kembangan: Open University Malaysia (OUM).
Serguei, B., Vlad, K., & Barry, R. (2005). Communications of the Association for Information Systems. Future Security Approaches and Biometrics, pp. 937-966.
10