RADIOACTIVE SOURCES
SECURITY MANAGEMENT
Name : FAEIZAL ALI (
[email protected])
Section/Division: SEKSYEN PERUNDANGAN
ATOMIC ENERGY LICENSING BOARD (AELB)
MINISTRY OF SCIENCE TECHNOLOGY AND INNOVATION
MINISTRY OF SCIENCE TECHNOLOGY AND INNOVATION
What is Security Management ?
Maintain the most cost effective and efficient security for an
organization to protect it’s assets, information, intellectual property,
operations, functions (radioactive material)
Takes into consideration the business and operations with a balance
between minimum standards, compliance and risk management
Ensures security measures and systems function properly
S
Security
Culture
C
is an integral part off security management
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Typical Management of Security
Compliance to obligations, regulation and governance
Security Plan (Objectives)
Threat Assessment,
Assessment DBT,
DBT increased threat scalability
Target Identification (Categories)
Securityy Culture
Inventories and Records
Efficiency and cost effectiveness
F ilit b
Facility
business,
i
operations
ti
and
d nuclear
l
safety
f t
Contingency plan
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Typical Security Management
Organization Chart/Structure
Security Plan
– Objectives
– Compliance
C
li
tto obligations,
bli ti
regulation
l ti and
d governance
– Policies
– Consideration facility operations, business & nuclear safety
– Contingencies
– Efficiency and Cost Effectiveness
– Review (Need & periods)
Threat
– Facility Characterization
– Threat Assessment, DBT, increased threat scalability
– Security
y Risk Assessment/Category
g y
– Target Identification (Categories)
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Typical Security Management
Personnel Security
– Roles & Responsibilities
– Authority
– Trustworthiness
– Procedures
– Adequate level of qualified staff
– Access
• Only authorized persons unescorted
• Authorization, logging and monitoring
• Key and key control
– Training (Induction, awareness & education) - Staff and guards
– Security event and/or breach reporting system
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Typical Security Management
Documentation
– Procedures
• Day to day operations (Staff, security & guards)
• Visitors and contractors
• Emergency
• Contingency (Media)
– Control
• Information Security
– Framework for types information (Polices, procedures,
operations, etc)
– Use storage, transmission, distribution, carriage and
destruction
• IT Security
• Need to know
• Quality Assurance
Inventories and Records – NM or sources
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Typical Security Management
Security Systems
– Detailed design – Protection in depth
– Hardware (security devices, physical barriers, access control/monitoring,
communications, intrusion detection, etc)
– Procedures and operation
– Repairs,
Repairs Routine preventative maintenance and testing
– Records
– False & Nuisance alarms - Performance
– Scalable measures for increased threat
Guarding and Response
– Procedures
– Capabilities and resources
– Deterrence (prevention)
– Monitoring,
Monitoring detection,
detection assessment
– Alarm/Incident response
– Increased threat
Security Culture
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Security Fundamentals
P t ti in
Protection
i Depth
D th
9Deterrence
(prevention)
9Detection
9 Assessment
9 Delay
9 Response
9 Contingencies
g
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Protection in Depth
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Protection in Depth
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Protection in Depth
9
9
9
9
9
9
9
9
9
9
9
9
Exterior & Interior Lighting
Strong Rooms
Information Security
Audit Trails
Trustworthiness Checks
Alarms
9
Recruitment Checks
Guards and Patrols
Detection Devices
Categorization
Encryption
S f
Safes
9
9
9
9
9
9
Policies and Procedures
Testing and Inspections
Regulation & Governance
Secure Rooms
Need To Know
ID Cards
Successful
9
9
9
9
9
Logon ID & Passwords
Perimeter Fences
Access Control & CCTV
Legislation
Locks
V lt
Vaults
http://www.aelb.gov.my
http://ansn.aelb.gov.my
What are we trying to do with
S
Security
it ?
Administrative Measures
• Securely and safely manage sources by policies, procedures
and practices
Physical barriers to source, device or facility
• Separate it from unauthorized personnel
• Deter,
Deter delay or prevent unauthorized access or removal of a
source
Balanced
a a ced Measures
easu es – Efficient
c e t and
a d cost e
effective
ect e
• Physical
• Administrative
• Personnel
• Information Security
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Balanced Security Measures
PHYSICAL
-Physical Barriers
-Secure areas and buildings
-Security technology - access control, alarms, CCTV
-Secure storage
-Guarding
PERSONNEL
-Photo Identification Badges
-Pre-determined trustworthiness
-Security Education and Awareness
-Authorized access and limit to need
-Visitor and contractor supervision and control
ADMINISTRATIVE
-Authorizations and Delegations
-Policies and Procedures
-Confidentiality
-Key and badge control
-Facility
Facility Security Officer
INFORMATION
TECHNOLOGY
-Communications
-Access Accounts, passwords, screen savers
IT Security Officer
-IT
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Security Plan
Prepared by the user and submitted to the regulatory
b d as partt off the
body
th authorization
th i ti
Outlines securityy objectives
j
Detailed description of :
– Radioactive source/material inventory
– Security arrangements and procedures
– Security roles and responsibilities
– Contingencies
C ti
i (i
(including
l di media)
di )
Greater detail for sources in higher
g
security
yg
groups
p
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Threat
Collect and organize threat data
Identify
y threats and characteristics
Formalize threat assessment and gain
consensus
Define Design Basis Threat
Scalability for Increased Threat
- Administrative –(procedures, access)
- Physical –(walls,
(walls buildings)
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Key Points for Typical Security
C lt
Culture
Definition: “Characteristics and attitudes in organizations and of individuals which
establish that security issues receive the attention warranted by their significance”
9
OBJECTIVES
AWARENESS & EDUCATION
RESPONSIBILITIES
ACKNOWLEDGE THREAT
POLICIES & PROCEDURES
USER FRIENDLY SYSTEMS
SUPPORT & ASSISTANCE
HUMAN PERFORMANCE
ACCESS & TRUSTWORTHINESS
PERFORMANCE MONITORING
9
9
9
9
9
9
9
9
9
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Security Culture
OBJECTIVES
Usually
set out in Security Plan or Policies
Essential (necessary) to know security
Objectives
j
– Clear on what are we trying
y g to do
Obligations, compliance & governance
Legislation
Responsibilities
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Security Culture
AWARENESS & EDUCATION
Staff understand why have security and what to do
Aware of security arrangements and responsibilities
Site Security Presence
• Security always there - 24/7
• Contact numbers for reporting events (at all times)
• Events/reports/incidents
• Timely reporting to Senior Management (their responsibility too)
• Reporting process
• Remedial security actions completed
Given security tools including
Training & information
Handouts, manuals, intranet, staff briefing/seminars
Security contact email address
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Security Culture
RESPONSIBILITIES
Clear
responsibilities from OBTL through line
management to staff
Responsible
p
Officers for sources ((RPO/RPS))
Security is a shared responsibility
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Security Culture
IDENTIFY & ACKNOWLEDGE THREAT
•
Staff need to know generally what the
threats are • Theft or sabotage
g
• Typical adversaries and methods
Overt ((open)
p ) or covert
Insider (Passive or active)
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Security Culture
POLICIES & PROCEDURES
In
place and available to staff
Details organizations objectives, obligations
and responsibilities
p
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Security Culture
USER FRIENDLY SYSTEMS
Systems
easy to use
• Allow persons with authorized access to
temporarily disable measures (such as locked
doors)
• Verify persons identity and access authorization
• Use badge and PIN to activate door control
reader
• Key with effective key control
Reliable systems
Testing and maintenance
• Periodic preventative (check, clean, service, adjust
& walk test)
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Security Culture
ACCESS & TRUSTWORTHINESS
Authorized Persons
• Unescorted access to sources
• Access to sensitive information
Personnel Security - Staff and contractors
• Need access and information to perform their duties
• Background checks prior to granting access
• In accordance with national standards or as
determined by regulatory body
• Confirmation of identity, verification of references to
determine the individual’s character, integrity,
reliability, willingness to comply
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Security Culture
HUMAN PERFORMANCE
Overall
– SECURITY RELIES ON PEOPLE
Behavior, Attitude, Honesty, Maturity
Ability and willingness to carry out security
arrangements
Staff properly trained
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Security Culture
SUPPORT & ASSISTANCE
Security
advice readily available
Staff must have support from line
management
g
Consistency
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Security Culture
PERFORMANCE MONITORING
Security
incidents or faults reporting system
Timely reporting
Measurement - Number and type of incidents
Analysis of statistics and reporting
http://www.aelb.gov.my
http://ansn.aelb.gov.my
Summary
Security management to ensure cost effective,
efficient, balanced system with protection in
depth
Security Management ensures security
measures and systems function properly
Security Culture is an integral part of security
management
All persons in organization share the
responsibility for security
http://www.aelb.gov.my
http://ansn.aelb.gov.my