Source Security Management

Published on February 2017 | Categories: Documents | Downloads: 28 | Comments: 0 | Views: 99
of 27
Download PDF   Embed   Report

Comments

Content

RADIOACTIVE SOURCES
SECURITY MANAGEMENT

Name : FAEIZAL ALI  ([email protected])
Section/Division: SEKSYEN PERUNDANGAN
ATOMIC ENERGY LICENSING BOARD (AELB)
MINISTRY OF SCIENCE TECHNOLOGY AND INNOVATION
MINISTRY OF SCIENCE TECHNOLOGY AND INNOVATION

What is Security Management ?
„

Maintain the most cost effective and efficient security for an
organization to protect it’s assets, information, intellectual property,
operations, functions (radioactive material)

„

Takes into consideration the business and operations with a balance
between minimum standards, compliance and risk management

„

Ensures security measures and systems function properly

„

S
Security
Culture
C
is an integral part off security management

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Typical Management of Security
„
„
„
„
„
„
„
„
„

Compliance to obligations, regulation and governance
Security Plan (Objectives)
Threat Assessment,
Assessment DBT,
DBT increased threat scalability
Target Identification (Categories)
Securityy Culture
Inventories and Records
Efficiency and cost effectiveness
F ilit b
Facility
business,
i
operations
ti
and
d nuclear
l
safety
f t
Contingency plan

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Typical Security Management
„

Organization Chart/Structure

„

Security Plan
– Objectives
– Compliance
C
li
tto obligations,
bli ti
regulation
l ti and
d governance
– Policies
– Consideration facility operations, business & nuclear safety
– Contingencies
– Efficiency and Cost Effectiveness
– Review (Need & periods)
Threat
– Facility Characterization
– Threat Assessment, DBT, increased threat scalability
– Security
y Risk Assessment/Category
g y
– Target Identification (Categories)

„

„

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Typical Security Management
„

Personnel Security
– Roles & Responsibilities
– Authority
– Trustworthiness
– Procedures
– Adequate level of qualified staff
– Access
• Only authorized persons unescorted
• Authorization, logging and monitoring
• Key and key control
– Training (Induction, awareness & education) - Staff and guards
– Security event and/or breach reporting system

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Typical Security Management
Documentation
– Procedures
• Day to day operations (Staff, security & guards)
• Visitors and contractors
• Emergency
• Contingency (Media)
– Control
• Information Security
– Framework for types information (Polices, procedures,
operations, etc)
– Use storage, transmission, distribution, carriage and
destruction
• IT Security
• Need to know
• Quality Assurance
Inventories and Records – NM or sources
http://www.aelb.gov.my
http://ansn.aelb.gov.my

Typical Security Management
Security Systems
– Detailed design – Protection in depth
– Hardware (security devices, physical barriers, access control/monitoring,
communications, intrusion detection, etc)
– Procedures and operation
– Repairs,
Repairs Routine preventative maintenance and testing
– Records
– False & Nuisance alarms - Performance
– Scalable measures for increased threat
Guarding and Response
– Procedures
– Capabilities and resources
– Deterrence (prevention)
– Monitoring,
Monitoring detection,
detection assessment
– Alarm/Incident response
– Increased threat
Security Culture

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Fundamentals
P t ti in
Protection
i Depth
D th
9Deterrence

(prevention)
9Detection
9 Assessment
9 Delay
9 Response
9 Contingencies
g
http://www.aelb.gov.my
http://ansn.aelb.gov.my

Protection in Depth

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Protection in Depth

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Protection in Depth
9
9
9
9
9
9

9
9
9
9
9
9

Exterior & Interior Lighting
Strong Rooms
Information Security
Audit Trails
Trustworthiness Checks
Alarms

9

Recruitment Checks
Guards and Patrols
Detection Devices
Categorization
Encryption
S f
Safes

9

9
9
9
9
9

Policies and Procedures
Testing and Inspections
Regulation & Governance
Secure Rooms
Need To Know
ID Cards

Successful
9
9
9
9
9

Logon ID & Passwords
Perimeter Fences
Access Control & CCTV
Legislation
Locks
V lt
Vaults
http://www.aelb.gov.my
http://ansn.aelb.gov.my

What are we trying to do with
S
Security
it ?
„

Administrative Measures
• Securely and safely manage sources by policies, procedures
and practices

„

Physical barriers to source, device or facility
• Separate it from unauthorized personnel
• Deter,
Deter delay or prevent unauthorized access or removal of a
source

„

Balanced
a a ced Measures
easu es – Efficient
c e t and
a d cost e
effective
ect e
• Physical
• Administrative
• Personnel
• Information Security
http://www.aelb.gov.my
http://ansn.aelb.gov.my

Balanced Security Measures
PHYSICAL

-Physical Barriers
-Secure areas and buildings
-Security technology - access control, alarms, CCTV
-Secure storage
-Guarding

PERSONNEL

-Photo Identification Badges
-Pre-determined trustworthiness
-Security Education and Awareness
-Authorized access and limit to need
-Visitor and contractor supervision and control

ADMINISTRATIVE

-Authorizations and Delegations
-Policies and Procedures
-Confidentiality
-Key and badge control
-Facility
Facility Security Officer

INFORMATION
TECHNOLOGY

-Communications
-Access Accounts, passwords, screen savers
IT Security Officer
-IT

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Plan
„

Prepared by the user and submitted to the regulatory
b d as partt off the
body
th authorization
th i ti

„

Outlines securityy objectives
j

„

Detailed description of :
– Radioactive source/material inventory
– Security arrangements and procedures
– Security roles and responsibilities
– Contingencies
C ti
i (i
(including
l di media)
di )

„

Greater detail for sources in higher
g
security
yg
groups
p
http://www.aelb.gov.my
http://ansn.aelb.gov.my

Threat
Collect and organize threat data
„ Identify
y threats and characteristics
„ Formalize threat assessment and gain
consensus
„ Define Design Basis Threat
„ Scalability for Increased Threat
- Administrative –(procedures, access)
- Physical –(walls,
(walls buildings)
„

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Key Points for Typical Security
C lt
Culture
„

Definition: “Characteristics and attitudes in organizations and of individuals which
establish that security issues receive the attention warranted by their significance”

9

OBJECTIVES
AWARENESS & EDUCATION
RESPONSIBILITIES
ACKNOWLEDGE THREAT
POLICIES & PROCEDURES
USER FRIENDLY SYSTEMS
SUPPORT & ASSISTANCE
HUMAN PERFORMANCE
ACCESS & TRUSTWORTHINESS
PERFORMANCE MONITORING

9
9
9
9
9
9
9
9
9

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture
„

OBJECTIVES
… Usually

set out in Security Plan or Policies
… Essential (necessary) to know security
Objectives
j
– Clear on what are we trying
y g to do
„ Obligations, compliance & governance
„ Legislation
„ Responsibilities
„

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture
„

AWARENESS & EDUCATION
…
…
…

Staff understand why have security and what to do
Aware of security arrangements and responsibilities
Site Security Presence
• Security always there - 24/7
• Contact numbers for reporting events (at all times)
• Events/reports/incidents
• Timely reporting to Senior Management (their responsibility too)
• Reporting process
• Remedial security actions completed

…

Given security tools including
„
„
„

Training & information
Handouts, manuals, intranet, staff briefing/seminars
Security contact email address
http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture
„

RESPONSIBILITIES
… Clear

responsibilities from OBTL through line
management to staff
… Responsible
p
Officers for sources ((RPO/RPS))
… Security is a shared responsibility

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture
„

IDENTIFY & ACKNOWLEDGE THREAT
…•

Staff need to know generally what the
threats are • Theft or sabotage
g
• Typical adversaries and methods
Overt ((open)
p ) or covert
„ Insider (Passive or active)
„

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture
„

POLICIES & PROCEDURES
… In

place and available to staff
… Details organizations objectives, obligations
and responsibilities
p

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture
„

USER FRIENDLY SYSTEMS
… Systems

easy to use
• Allow persons with authorized access to
temporarily disable measures (such as locked
doors)
• Verify persons identity and access authorization
• Use badge and PIN to activate door control
reader
• Key with effective key control
… Reliable systems
… Testing and maintenance
• Periodic preventative (check, clean, service, adjust
& walk test)
http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture
„

ACCESS & TRUSTWORTHINESS
…

Authorized Persons
• Unescorted access to sources
• Access to sensitive information
… Personnel Security - Staff and contractors
• Need access and information to perform their duties
• Background checks prior to granting access
• In accordance with national standards or as
determined by regulatory body
• Confirmation of identity, verification of references to
determine the individual’s character, integrity,
reliability, willingness to comply
http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture
„

HUMAN PERFORMANCE
… Overall

– SECURITY RELIES ON PEOPLE

Behavior, Attitude, Honesty, Maturity
„ Ability and willingness to carry out security
arrangements
„ Staff properly trained
„

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture
„

SUPPORT & ASSISTANCE
… Security

advice readily available
… Staff must have support from line
management
g
… Consistency

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Security Culture
„

PERFORMANCE MONITORING
… Security

incidents or faults reporting system
… Timely reporting
… Measurement - Number and type of incidents
… Analysis of statistics and reporting

http://www.aelb.gov.my
http://ansn.aelb.gov.my

Summary
„

„
„
„

Security management to ensure cost effective,
efficient, balanced system with protection in
depth
Security Management ensures security
measures and systems function properly
Security Culture is an integral part of security
management
All persons in organization share the
responsibility for security
http://www.aelb.gov.my
http://ansn.aelb.gov.my

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close