PHYSICAL SECURITY AUDITING SERVICES
While Cyber-Hunt specializes in computer security, we can also perform an audit of your physical security as well. We believe that while your computers may be safe from cyber-attacks you will still always run the risk of "normal" physical attacks such as theft. These attacks can compromise your data, or the security of your employees or customers.
Shoplifting and Theft
A good physical security audit will point out potential areas that shoplifting and theft can occur in. These areas are often places where cameras are not present, out of staff view, and sometimes even poorly illuminated. These are the ideal places for a thief to take merchandise over to and hide on their person, remove product security features, or trade off to another thief (in a multi person job) to remove suspicion from another thief. Thieves constantly look for stores that have these issues, and once they identify areas they can use to steal from they will often return several times over a period of months each time taking products away with them.
Our security audit will identify locations in your store or place of business that can be used to steal products. Our audit will identify the best locations to place cameras, mirrors, and lighting. Remember also that it is not only customers you must worry about stealing products, but employees as well. We will check not only the shopping floor but other areas as well such as behind the cash register, employee break rooms, and product storage areas.
In the world of protective security, physical security measures are often overlooked in favour of IT security technology and solutions; but electronic security measures alone will not protect you from a determined intruder Cyber-Hunt provides a holistic, integrated and risk mediated approach that includes security design, reviews/auditing and commissioning services to assist businesses with their physical security requirements, whether that business is a government department, retail outlet, data center, public access facility or part of the UK's Critical National Infrastructure (CNI). Cyber-Hunt checks, visits and reviews benchmark existing security measures and procedures against industry or sector best practice. Reports identify vulnerabilities, make prioritized recommendations and include budget costings where appropriate. Services include:
- Threat Assessments – Intelligence and security trained analysts determine all threats to your business, its assets and brand, including terrorist; environmental, criminal and insider threats, based on their Modus Operandi (MO), likelihood and impact. It is the foundation upon which all security planning should be based.
- Physical Security Health Check (PSHC) - A PSHC is a high-level review of ALL physical security components for an organization and includes a high-level Threat Assessment. The result of the PSHC is a high-level report that describes each security component in turn and comments on its effectiveness and whether it is “Fit for Purpose”.
- Protective Security Advisory Visit (PSAV) -A PSR is a comprehensive examination of ALL physical security components for an organization including CCTV, access control, lighting, fences and barriers and the manned-guarding elements. The result is a detailed report, supplemented with photography and prioritized recommendations.
- Physical Security Reviews (PSR) –A PSAV is used to review the effectiveness, need and status of a specific physical security component, such as a CCTV or Access Control System. The work will identify if a particular security component is “Fit for Purpose” or, if not already in place, make recommendation and benchmark against the relevant best practice. The result from a PSAV will be a detailed report that specifically addresses issues raised by the client, particularly where conformity to legislation is required
- Design & Commissioning –Providing advice and guidance on all security measures, including aesthetics and ergonomics, perimeter security, lighting, CCTV, access control and ironmongery including fire interface intruder detection systems and integration of all security components. All of these are measured against realistic scenarios. Once the systems are installed, a thorough and sequential commissioning process is conducted to ensure the end product meets the requirement.
- Secure Area Designs –Reviews to determine security requirements commensurate with protective marking for secure areas. e.g. data centres, forensic laboratories, server and safe/panic rooms.
Cyber-Hunt consultants have extensive experience in safeguarding personnel, premises and high-value assets. Many have a HM Forces Intelligence Corps background and are trained analysts. All hold current government security clearances and provide best practice advice based upon government guidelines, as well as International, European and British Standards. Cyber-Hunt consultants are also Home Office trained in numerous physical security disciplines.
Physical Security Audit
Our Physical Security Advisory services include:
- Threat-Vulnerability Risk Assessment
- Technical design and implementation
- Policy/procedure creation and implementation
- Protective services
- Outsourced security leadership
- Third party security audits
- Loss prevention
- Thought leadership advisory
- Crisis support
- Electronic counter-surveillance / TSCM
The Audit of the Physical Security was identified in the 2009–2012 Risk-Based Audit and Evaluation Plan, which was approved by the Deputy Minister on July 28, 2009.
Objectives and Scope
The main objective of the audit is to assess the adequacy and effectiveness of Cyber-Hunt’s security measures and management controls, through four specific objectives focusing on high-risk areas:
- A. To assess the adequacy of the physical security threat identification and risk management process, with a focus on activities performed at the facility level.
- B. To determine whether roles and responsibilities of all parties involved in departmental physical security are clearly defined, performed by the appropriate party, and cover the span of security activity, as defined by the TB Policy on Government Security;
- C. To determine whether physical access to facilities, classified information and sensitive assets is limited to authorized individuals who have been security screened at the appropriate level and who have an express need for access; and
- D. To determine whether employees are aware of and comply with their roles and responsibilities with regard to physical security.
The scope of the audit included all facilities used in Cyber-Hunt operations, regardless of the ownership, along with information and assets they contained. It also included all security practitioners, along with employees and managers having general security responsibilities other than Occupational Safety and Health (OSH), as this component was already covered in the Audit of Occupational Safety and Health (2009-2010).
Elements of the management control framework examined included, but was not limited to, policies, processes and procedures, organizational structure, roles and responsibilities, job descriptions, incident reporting system, monitoring, and threat and risk assessments.
At the departmental level, the audit addressed the following Management Accountability Framework (MAF) areas of management:
- • Stewardship (Assets are protected)
- • Risk Management (Management has a documented approach with respect to risk management)
- • People (The organization provides employees with the necessary training, tools, resources and information to support the discharge of their responsibilities)
The audit was conducted in accordance with the Treasury Board Policy on Internal Audit. The planning phase consisted of interviews and consultation with the auditee, review of information, documents and reports and the development of an audit program and associated tools.
The examination phase included the following approach:
- • Interviews with security practitioners, program managers and employees;
- • Observations of physical safeguards in different facilities; and
- • Documentation examination and comparative analysis against best practices and guidance provided by lead security agencies.