Encyclopedia of Security Management

Encyclopedia of Security Management

Second Edition

John J. Fay

Table of Contents

Cover

Title page

Copyright

Contributing Authors

Foreword

Preface

Chapter 1: Business Principles

Apprenticeship Programs

Job Notices and Advertisements

Pre-Employment Inquiries

Benefits

Waivers of ADEA Rights

Challenging Basic Assumptions

Allocating Staff Resources

Using Appropriate Technology

Challenging Basic Operating Practices

Is the Service Being Delivered Effectively?

Is the Service Being Delivered Efficiently?

Pursuing Best Practices

Conclusion

Preparation

Authorization

Execution

Audit

Budget Director

Zero-Based Budgeting

Flow Directions

Limitations

Cost-Benefit Ratio

Controlling Costs

Overspending

Forecasting

Code of Ethics

Principles of Business Conduct

A New Form of Change

The Shamrock Organization

Security Problems in the Shamrock Organization

Controls Based on Motivation

A Best Practices Approach

Being a Contributor to Assets

Counseling Methods

Conducting a Counseling Session

Develop a Strategy for Constant Improvement

Adopt a New Paradigm

Replace Mass Inspection with Employee Troubleshooting

End the Practice of Awarding Contracts on Price Alone

Promote Leadership and Institute Training

Eliminate Hype and Quotas

Remove Barriers and Promote Continuous Quality Improvement

Conclusion

Discipline Can Be Difficult

Disciplinary Principles

Giving Clear Instructions

Self-Discipline

Title VII, ADEA, and ADA

Privacy Protections

Advantages and Disadvantages

Joining an Internship Program

The Task

The Task Inventory

Rating the Tasks

The Industrial Revolution

The Scientific Management Era

The Human Relations Era

The Management Science Era

The Age of Technology

Service Sector Growth

Maslow’s Theory of Motivation

Maslow in the Security Environment

About National Origin Discrimination

Language

Coverage of Foreign Nationals

The Formal Organization

The Informal Organization

Setting Objectives

Reviewing Performance

The Performance Appraisal Cycle

Merit Rating

The Position Description

Organizational Relationships

Position Data

Principal Accountabilities

Health Insurance

Fringe Benefits

Recruiting, Hiring, and Advancement

Harassment/Hostile Work Environment

Compensation and Other Employment Terms, Conditions, and Privileges

Segregation and Classification of Employees

Retaliation

Adverse Action

Covered Individuals

Protected Activity

Managers of Security Services

Technical Competence

Behavioral Competence

Sexual Harassment

Pregnancy Based Discrimination

Strategic Planning

Policy and Planning

The CSO and Strategic Planning

Core and Support Activities

Technical Knowledge

Strategy and Risk

No Absolutes in Strategic Planning

Strategy and Change

The Upward Feedback Process

Chapter 2: Emergency Management Practices

Prevention Activities

The Bomb Threat

Evaluating a Bomb Threat Call

Search and Evacuation Options

Searching Considerations

Search Methods

Discovery of a Suspicious Object

Command and Control

Why Plan?

The Planning Process

Project Management

Review

Finding Information

The World of Incident Management

A New Age of Security Management

Return on Investment (ROI)

Conclusion

National Response Plan

Types of Disasters

High-Rise Assets

Threats to Security and Fire Life Safety

Security Threats

Life Safety Threats

Security of Modern High-Rise Buildings

Fire Life Safety of Modern High-Rise Buildings

Summary

Interacting with the Media

On-Scene Functions

The Role of the Chief Security Officer

Chapter 3: Information Security

The Competitive Counter Intelligence Cycle

Disaster Recovery Analysis

Emergency Plans

Phase 1: Prewarning

Phase 2: During the Event

Phase 3: Immediately After the Event

Phase 4: Post-Event

Phase 5: Resumption of Normal Operations

Data Gathering

Public Relations

Digital Signatures

Digital Certificates and PKI

Digital Certificate Verification

FIPS 201 Cryptographic Keys, Digital Certificates, and Digital Signatures

Information Is Expansive

Information Protection Requires Barriers

Information Is Costly and Important

Information Is Coveted

Information Has a Limited Life

Information Is Difficult to Protect

Information Is Voluminous

Operations Security (OPSEC)

OPSEC Process

Sensitive Information

Classification

Proprietary Information

Data Protection

Information Classifications

Proprietary Information Program

Chapter 4: Investigation

Arson Motives

Accelerant Indicators

Arson Checklist

Conclusion

Nonverbal and Verbal Behavior

Behavior-Provoking Questions

DNA Testing Methodologies

Restriction Fragment Length Polymorphism.

Functions of DNA Testing

Physical Evidence

Rules of Evidence

Rules of Exclusion

Engineering Section Capabilities

Blood and Other Body Fluids

Rape Case Considerations

DNA Examinations

Chemicals

Document Examinations

Explosives Examinations

Firearms

Hairs and Fibers

Miscellaneous Examinations

Materials Analysis

Metallurgy

Mineralogy

Photographic Examinations

Reference Files

Shoe Print and Tire Tread Evidence

Tool Mark Identification

Conclusion

Perception

Prejudice

Hostility

Fear of Self-Involvement

Inconvenience

Resentment

Personality Conflicts

Historical Perspective

How Identity Theft Occurs

Identity Theft Terminology

Prevention

Protecting Computers

Protecting E-mail

Summary

The Victim

Direct and Indirect Witnesses

The Complainant

Conducting the Interview

Conclusion

Kinesics and Interrogation

Physiological Roots of the Kinesics Technique

Deceptive Signals

Photographic Techniques

Users of the Polygraph

Critics of Polygraph

Pre-Employment Test Accuracy

Polygraph Screening in Police Agencies

False Positive and False Negative Errors

Protection Procedures

Remedies

Prohibited Inquiries

Use of Results

Employee Polygraph Protection Act

Guidance for the Employer

Guidance for the Polygraph Examiner

Qualifications of a Polygraph Examiner

Obtaining Known Writings

How Much Is Enough?

Original Documents Are Critical

Selecting a Document Examiner

Establishing Control and Rapport

Assessing the Suspect

The Questioning Session

Tactics and Techniques

Documenting the Session

Conclusion

The Questioning Session

Concluding the Session

Setting Up Personal Defenses

The Accusatory Interrogation

Types of Robberies

Investigative Techniques

When Should Undercover Be Used?

The Undercover Investigative Process

The Cover Story

Employee Prosecution

Buy-Busts and Sting Operations

Recoveries

Case Closure

Interviews

Operative Extraction

The Administration of Disciplinary and Corrective Action

The Nature of White-Collar Crime

Types of White-Collar Crime

Necessary Elements of Investigative Success

The Investigative Framework

Process of Investigation

Methods of Investigation

Due Process

Burden of Proof

Reporting

Litigation Avoidance

Labor Union Involvement

Invasion of Privacy

Entrapment

Chapter 5: Legal Aspects

Probable Cause

Force

Searches

Questioning

Sources of Law

Constitutional Law

Statutory Law

Case Law

Administrative Law

Ethics

Indigent Defendants

Filing

Criminal History Data

Plea Negotiation

Speedy Trial

Jury Trial

Policies and Practices after Trial

Capacity Defenses

Specific Defenses

Necessary Elements

Detention Strategies

Making the Detention

Encountering Resistance

Processing the Subject

Conclusion

Corpus Delicti

Criminal Intent

Federal Offenses

Parties to Crime

Preliminary Offenses

Law Origins

Validate Training

Administer Training to Specifications

Evaluate the Trainees

Keep Training Records

Impose Instructor Standards

Rules of Exclusion

Search

Seizure

Search Warrant

Affidavit

Contraband

Fruits of the Crime

Tools of the Crime

Incriminating Evidence

Reasonableness

Search Without a Warrant

Search Incidental to Arrest

The Emergency Search

Search with Consent

Purposes of a Search

Guidelines

Developing a Compliance Program

Preparation before Trial

Testimony during Trial

Answering Questions on the Witness Stand

Cross-Examination

Conduct after Trial

Contract Law

Tort Law Purposes

Damages: Compensatory and Punitive

The Intentional Tort of Intrusion

Chapter 6: Physical Security

Does the System Work Correctly?

System Testing

Scenario-Based Testing

What to Test?

Acceptance Testing Phases

Testing Techniques

People Control

Traffic Control

Materials Control

The Human Component

Alarm Points

Alarm Communication and Display

Assessment

The Alarm History File

Geophone Transducers

Piezoelectric Transducers

Strain/Magnetic Line Sensors

Camera Scanning Function

Sensor Types

Solid-State Cameras

Solid-State Sensor

CCTV Resolution

Low-Light-Level Sensors

Format Sizes

Color Cameras

Lens Mounts

Pinhole Lenses

Mini-Lenses

Small Covert Camera

Sprinkler Head Pinhole Lens

Fiber-Optic Lenses

Configuration

Infrared (IR) Sources

Special Configurations

Wireless Transmission

Theft Reduction

Management Function

The Role of CCTV in Assets Protection

Color vs. Monochrome

CCTV as Part of the Emergency and Disaster Plan

Documentation of the Emergency

Stand-By Power and Communications

Security Investigations

Safety

Guard Role

Training of Employees and Security Personnel

Synergy Through Integration

Fire and Safety

Security Surveillance Applications

CCTV Access Control

Performance Characteristics

Sensor Classification

Sensor Technology

Buried-Line Sensors

Fence-Associated Sensors

Freestanding Sensors

Dual-Technology Sensors

Active or Passive

Covert or Visible

Volumetric or Line Detection

Application

Boundary-Penetration Sensors

Interior Motion Sensors

Proximity Sensors

Wireless Sensors

What Is IP Video?

Why IP Video?

Fiber Transmitters and Receivers and Microwave

Advantages of Digital and IP Video

IP and Digital Video Evolution

CCTV Components Moving to Digital Components

The New IP and Digital Video Products

Implementation of IP Video

Network Issues

New Systems

Old Systems

Threat Analysis

Traditional Threats

Contemporary Threats

Fire and Safety Officers

Maintenance Department

Balanced Magnetic Switch

Contact Switches

Continuous Line of Detection

Protection-In-Depth

Complementary Sensors

Priority Schemes

Combination of Sensors

Clear Zone

Sensor Configuration

Site-Specific System

Tamper Protection

Self-Test

Pattern Recognition

Physical Protection Systems Overview

Physical Protection System Design

PPS Functions

Relationship of PPS Functions

Characteristics of an Effective PPS

Design and Evaluation Criteria

Additional Design Elements

Asset Value

Asset Protection

Physical Barriers

Deterrents

Proximity Sensors

Point Sensors

The Birth of the Electronic Hotel Lock

Problems and Upgrades

Network Systems

Introduction

System Objectives

The Design and Integration Process

Requirements Analysis and System Definition

System Engineering and Design

System Integration

System Implementation

System Operation

Determining System Objectives

Preliminary Considerations

Security System Selection

Security System Performance

Integration Considerations

Photoelectric Detectors

Trip-Wire Devices

Types of Detectors

Electromechanical Transducers

Piezoelectric Transducers

Geophone Transducers

Electret Cable Transducer

Taut-Wire Switches

Volumetric Motion Detectors

Barrier Penetration Detectors

Operable Opening Switches

Interior Barrier Detectors

Proximity Detectors

Microwave Detectors

Infrared Detectors

Active Detectors

Passive Detectors

Chapter 7: Protection Practices

Perimeter Protection

Security Officers

Backup Systems

Other Considerations

Blood Alcohol Content

Pre-Evidentiary Testing

Evidentiary Testing

Identity Management

User Provisioning

FIPS 201

Role-Based Access Control

The Commodity Syndrome

Best Practices and Change

Legal Counsel and Human Resources

Benchmarking

Best Practices Is a Continuous Loop

Cost Is a Primary Driver

Security Is Measurable

Expectations and Realities

Conclusion

Introduction

What is Computer-Based Training?

Is CBT Effective?

Advantages to the Use of CBT

What Types of Interactivity Can CBT Provide?

What Are the Organizational Considerations for Using CBT?

Summary

Recognition Techniques

Urinalysis

Collecting Urine Specimens

Passive Inhalation

Accuracy of the Technologies

Adequacy of Cutoff Levels

The Issue of Confirmation

Applicable Legal Mandates

Employee Hotlines, Early Warning Systems

Selecting a System

Summary

Planning

Plan Execution

Abduction

Guiding Principles

Threat Assessment

Information and Coordination: The Advance

Reduction of Travel Risk

Countersurveillance

Role of Firearms

Security Awareness Training

FCRA Provisions

Consumer Credit Reports and Investigative Consumer Reports (ICRs)

Investigative Consumer Report

The Credit Header

Permissible Uses of the Credit Report

Background Checks

Right to Correct Inaccurate Information

Accountability

The First Step

Request for Proposal (RFP)

The Contract

Partnership

Training

Breeds

Research and Development

The Security Detail

After-Action Report

Three Essential Elements

Other Factors

Conclusion

Public records

Private Records

Credential Verification

Reference Checks

Legal and Practical Issues on Background Checks

Specific Statutory Prohibitions and Restrictions

Arrest and Criminal Records

What Can Be Done

Criminal Courts

Civil Courts

Driving Histories

Other Public Records

Federal Bankruptcy Court

What Should Be Searched?

Verification of Prior Employment

Other Valuable Searches

Verification of Education

Selecting a Vendor to Conduct Pre-Employment Backgrounds

Summary

The Building Blocks

Objective Reporting

The Chief Security Officer

Turnover Costs

Turnover Factors

Twelve Ways to Keep Good Employees

Compensation

Conclusion

Examining the Main Qualifiers

The Resume and the Application

Interview Preparation

A Structured Interview

History

Working Dog Specialties

Law Enforcement

Security

Military

Search and Rescue

Public Health Assistance

Working Dog Training

Certification

The Dog Handler

Characteristics of an Aggressor

Motivation toward Violence

Behavioral Changes

Recognizing and Overcoming Denial

Redefining Boundaries

Threat Management

The Five-Step Safety Plan

Prevention

Summary

Chapter 8: Risk Analysis

Risk Analysis and Business Impact Analysis

Business Impact Analysis Methodology

Presentation of the Completed Data

Summary of Key Points

Assessing Criticality or Severity

The Decision Matrix

What Is Risk Analysis?

The Role of Management in Risk Analysis

Risk Exposure Assessment

Crime Record Research

Standard Crime Data

Uniform Crime Report (UCR)

National Crime Survey (NCS)

Law Enforcement Records

Calls for Service

In-House Security Reports

Proximity and Similarity

Field Interviews

Environmental Change

Summary

Cyber Offenses

The Internet

Restrictions on Internet Use

Industrial Espionage

Industrial Espionage Spies

Spy Technology

Competitive Intelligence

Sources of Information

Use of Computer Technology

Conclusion

Assets

Threats, Vulnerabilities, and Consequences

Mitigation Assessment

Risk Management

Risk Assessment and the Vulnerability Assessment Process

Statistics and Quantitative Analysis

Planning the Vulnerability Assessment

Project Management

Form the Vulnerability Assessment Team

Project Kick-Off Meetings

Protection Objectives

Facility Characterization

Detection

Intrusion Sensors

Alarm Assessment

Entry Control

Alarm Communication and Display

Delay

Response

Analysis

Reporting and Using the Vulnerability Assessment

Chapter 9: Security Fields

Theoretical Background

Practical Realities

Security as a Design Requirement

The Architect Is the Key

Design Planning

Zoning

Electronic Systems

Architecture Making a Difference

Defining Hospital Security

Unique Aspects of Hospitals

Rationale for Hospital Security

Common Problems

Hotel Problems

Motel Challenges

Bed and Breakfast (B&B) Facilities

Principles

Design for Three Modes of Operation

Common Design Flaws

A Typical Example

Vendor Support Can Affect Design Decisions

Plan for System Growth

The Budget Motel

Six Basic Steps

In-House Versus Outside Advice

Considerations

Security Proposals (Writing and Costing)

Chapter 10: Security Principles

Four Key Aspects of Convergence

Combining Physical Security and IT Security

Internetworking of Physical Security and Business Systems

Integration of Physical and IT Security Systems

Integration of Physical and IT Security Management

Rational Choice Theory (Cornish and Clarke)

Routine Activities Theory

Crime Pattern Theory (Paul and Patricia Brantingham)

Defensible Space: Crime Prevention Through Urban Design (Oscar Newman)

Displacement and Diffusion

Diffusion

Strategies

Neighborhood Watch

A Model Community-Centered Program

The Origin of CPTED

Strategies for Physical Security

Operational Security

Technical Security

Implementing CPTED

Designation

Definition

Design

The Use of Natural Surveillance

The Use of Natural Access Control

Territorial Behavior

Environmental Crime Prevention Theory

Social Crime Prevention Theory

Loss

Incident

Opportunities

Management Failures

Using the Model

Criticality

Accessibility

Recuperability

Vulnerability

Effect

Recognizability

The CARVER Rating System

Chapter 11: Terrorism

Brief History of Agricultural Terrorism

Potential Weapons of Mass Destruction (WMD) in Agroterrorist Attacks

Impact of an Agroterrorist Attack in the U.S.

Vulnerability of the U.S. Agriculture

Response to an Agroterrorist Incident

Conclusions

Chemical Weapons

Toxins

Nerve Agents

Mustard Agent

Hydrogen Cyanide

Chlorine

Biological Weapons

Bacterial Agents

Viruses

Toxins

Overview of the Electric Power Industry

Threats to the Electric Power Grid

Threat Deterrents

Vulnerability

Protection Measures

Potential Consequence of an Attack

Conclusion

Objectives

Authority

Risk Management

Organization

Sensitive Information

The National Response Plan

Long-Term Mechanisms

Theme 1: Detection and Sensor Systems

Theme 2: Protection and Prevention

Theme 3: Entry and Access Portals

Theme 4: Insider Threats

Theme 5: Analysis and Decision Support Systems

Theme 6: Response, Recovery, and Reconstitution

Theme 7: New and Emerging Threats and Vulnerabilities

Theme 8: Advanced Infrastructure Architectures and Systems Design

Theme 9: Human and Social Issues

Conclusion

Requirements

Strategy

Technical Challenges and Implementation Issues

Five-Point Security Initiative

A Systems Approach

Next Steps

Six Common Elements

Characterization of the Water System

Identification of Critical Assets

Identification of Critical Assets

Assessment of the Likelihood of Malevolent Acts

Evaluation of Existing Countermeasures

Analysis of Current Risk

The Roots of Cyberterrorism

The Fear of Cyberterrorism

What Is Cyberterrorism?

The Appeal of Cyberterrorism for Terrorists

Explosive Weapons

Explosion Dynamics

Bomb-Related Structural Damage

Radiological Weapons

Nuclear Weapons

Loose Nukes

Improvised Nuclear Device (IND)

Introduction

The Federal Response Plan

The National Response Plan

Emergency Support Functions (ESFs)

Field-Level Organizational Structures: JFO Coordination Group

Conclusion

A Brief History of Intelligence in the United States

The Problems Remain

Local Law Enforcement

Summary

Exploitation of the Media

Kidnap and Assassination

Suicide Attack

Vehicle Bomb Attack

Direct Action Attack

Preparation of Terrorists

Terrorist Group Typologies

Terrorist Strategy

Government Responses

Terrorist Tactics

The Security Professional and Terrorism

Proactive Observation and Awareness: The Key to Success

Search Procedures

Search for Evidence

Organizing for Terrorism

Educational Resources for Terrorists

Training for Terrorists

Al-Qaida Training

Terrorist Methods of Operation

Explosion Threat

Biological Threat

Chemical Threat

Nuclear Blast

Motives of Terrorist Groups

Policing Priorities

Conclusion

Requirements

Strategy

Technical Challenges and Implementation Issues

Five-Point Security Initiative

A Systems Approach

Next Steps

Cyberterrorism Today and Tomorrow

Chapter 12: Liaison

Firearms

Arson and Explosives

Alcohol/Tobacco Programs

Points of Contact

Field Offices

Baltimore Field Division:

Boston Field Division:

Charlotte Field Division:

Chicago Field Division:

Columbus Field Division:

Dallas Field Division:

Detroit Field Division:

Houston Field Division:

Kansas City Field Division:

Los Angeles Field Division:

Louisville Field Division:

Miami Field Division:

Nashville Field Division:

New Orleans Field Division:

New York Field Division:

Philadelphia Field Division:

Phoenix Field Division:

San Francisco Field Division:

Seattle Field Division:

St. Paul Field Division:

Tampa Field Division:

Washington Field Division:

Point of Contact

National Industrial Security Program

Collaborative Adjudication Services (CAS)

The DSS Counterintelligence (CI) Office

Point of Contact

Points of Contact

Field Offices

History

Federal Flight Deck Officers

Point of Contact

Budget and Strategic Plan

Locations

Points of Contact

Field Offices

FBI Albuquerque

FBI Anchorage

FBI Atlanta

FBI Baltimore

FBI Birmingham

FBI Boston

FBI Buffalo

FBI Charlotte

FBI Chicago

FBI Cincinnati

FBI Cleveland

FBI Columbia

FBI Dallas

FBI Denver

FBI Detroit

FBI El Paso