Definition of Protective Security

Definition of Protective Security

Since 1986, I have pondered on the definition of Protective Security, with changes occurring over the years seeing elements cut out whilst other elements coming under the banner.  In some employment roles, protective security has come to cover close protection.  For my personal benefit, I have developed a definition that meets my requirements and have added definitions of the various elements that make up Protective Security that support the security-in-depth concept.

___________________________________________________________________

Protective security

 

The organised system of defensive measures instituted and maintained at all levels of an organisation with the aim of achieving and maintaining the protection of assets, both tangible and intangible, for its rightful custodian, through the application of security intelligence, risk management, physical security, information security, cyber security, personnel security, security awareness training and administrative security, forming mutually supporting security-in-depth.

___________________________________________________________________

Administrative Security

 

Administrative security (also called procedural security) refers to Government Legislation, Regulations and organisational management constraints, policies and procedures, accountability procedures (including audit and other compliance and loss prevention checks and audits), security training, governance and supplemental controls, including business continuity/disaster recovery/contingency plans and procedures established to provide an acceptable level of control and protection for assets.

 

Asset

 

Anything that has value to an organisation, or value to achievement of organisational mission/business objectives including, but not limited to, another organisation, a person, sensitive information or information of value, a physical device, property, hardware or item (including security cabinets, encryption hardware, military or other weaponry), computing devices and communication devices, information technology (IT) system, IT network, IT circuit, software (both an installed instance and a physical instance), virtual computing platform (common in cloud and virtualized computing), and related hardware (e.g., locks, cabinets, keyboards).

Note 1: Assets have interrelated characteristics that include value, criticality, and the degree to which they are relied upon to achieve organisational mission/business objectives. From these characteristics, appropriate protections are to be engineered into solutions employed by the organisation.

Note 2: An asset may be tangible (e.g., physical item such as people, physical object, hardware, software, firmware, computing platform, network device, or other technology components) or intangible (e.g., information, data, trademark, copyright, patent, intellectual property, image, or reputation).

(Note: Slightly modified from asset definition at https://csrc.nist.gov/glossary/term/asset)

  

Cybersecurity

 

Cyber security or information technology security are the techniques of protecting computers, networks, programs and data from unauthorised access or attacks that are aimed for exploitation of systems and data/information contained to ensure confidentiality, integrity, and availability of information.

Major areas covered in cyber security are:

1) Application Security

2) Information Security

3) Disaster recovery

4) Network Security

 

Application security encompasses measures or countermeasures that are taken during the development life cycle to protect applications from threats that can come through flaws in the application design, development, deployment, upgrade or maintenance. Some basic techniques used for application security are:

a) Input parameter validation,

b) User/Role Authentication & Authorisation,

c) Session management, parameter manipulation & exception management, and

d) Auditing and logging.

 

Information security protects information from unauthorized access to avoid identity theft and to protect privacy. Major techniques used to cover this are:

a) Identification, authentication & authorisation of user,

b) Cryptography.

 

Disaster recovery planning is a process that includes performing risk assessment, establishing priorities, developing recovery strategies for all information technology and communication systems in case of a disaster. Any business should have a concrete plan for disaster recovery to resume normal business operations as quickly as possible after a disaster.

 

Network security includes activities to protect the usability, reliability, integrity and safety of the network along with the Confidentiality, Integrity and Availability (CIA) of data held on electronic systems. Effective network security targets a variety of threats and stops them from entering or spreading on the network. Network security components include:

a) Anti-virus and anti-spyware,

b) Firewall, to block unauthorized access to your network,

c) Intrusion prevention systems (IPS), to identify fast-spreading threats, such as zero-day or zero hour attacks, and

d) Virtual Private Networks (VPNs), to provide secure remote access

Information Security

 

Information security (infosec) is a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information. Infosec responsibilities include establishing a set of business processes that will protect information assets regardless of how the information is formatted or whether it is in transit, is being processed or is at rest in storage.

This includes the identification of information that is an organisational asset, classification of information, appropriate storage and protection of information and security of information in transit.

Information security directly interrelates with administrative security, cybersecurity, personnel security and physical security.

 Personnel Security

 

Personnel security involves initial and periodical vetting and aftercare of  its employees and contractors to ensure they have their identity positively established and are considered suitable to access organisational resources/assets, and meet an appropriate standard of integrity, loyalty, probity and honesty.

 

Physical Security

 

Physical security involves the use of multiple layers of interdependent systems that can include (but is not limited to) CCTV surveillance, security guards, protective barriers, locks, access control, perimeter intrusion detection, deterrent systems, fire protection, and other systems designed to deter, detect, delay and  respond in order to  protect assets.

 

Risk Management

 

The management of security risks applies the principles of risk management to the management of security threats. It consists of identifying threats (or risk causes), assessing the effectiveness of existing controls to face those threats, determining the risks' consequence(s), prioritising the risks by rating the likelihood and impact, classifying the type of risk, and selecting an appropriate risk option or risk response (mitigations strategy).

 

Security Intelligence

 

Security intelligence (SI) is the collection, evaluation, and response to potential security threats in real-time. It involves information relevant to protecting an organisation from external and inside threats as well as the processes, policies and tools designed to gather and analyse that information.

Intelligence, in this context, is actionable information that provides an organisation with decision support and possibly a strategic direction to mitigate identified threats.

Grant of Liveryman status with the Worshipful Company of Security Professionals to Raymond V Andersson.

I am delighted to have received the honour of becoming a Liveryman of the Worshipful Company of Security Professionals.

The Worshipful Company of Security Professionals is the 108th Livery Company of the City of London. Liveryman is considered the highest level of membership within the Worshipful Company and qualifies a member for election to the Court of Assistants.

Membership is drawn from the security industry in its widest sense and includes the industrial and retail sectors, serving and retired members of the police and armed services, consultants, academics, heads of security for corporate businesses, investigators and electronic surveillance practitioners.

A Liveryman is the highest level of membership within the Company and qualifies a member for election to the Court of Assistants from which further election, through the levels of Warden, to Master is possible. In keeping with City of London traditions there is a cap on the number of Liverymen within the Company. It is the prerogative of the Court to identify those Freemen who fit the qualifying criteria and invite them to be clothed in the Livery of the Company.

The ceremony took place on the 17^th July 2020 via a ‘Virtual Ceremony’ with Raymond, (pictured), being invested into the Livery in a ‘clothing ceremony’ by the Master, Michael Barley.

Commenting on his most recent accolade, Ray explained: "Having been a Freeman of the Worshipful Company for several years, it is an absolute privilege to achieve the honour of Liveryman.

Whilst the industry continues to evolve and grow thanks to new technologies, it is important to preserve the knowledge and traditions that the Company so graciously stands for. I would like to extend my thanks to everyone involved with the Company and my peers in Australia for their support and best wishes."

It is not the first time Ray has been recognised for his contribution to the profession. He was awarded the Freedom of the City of London in 2014 - a privilege bestowed on valued members of the community, visiting dignitaries, and those who have achieved success or recognition in their chosen field - in this instance – security. Ray was also awarded the Australian Security Medal for Conspicuous Service in 2017 for his service to the security profession in Australia.

Some background to City of London Livery Companies.

The livery companies of the City of London were originally mediaeval guilds, of a kind which were common in cities all over Europe in the Middle Ages. In many ways they were the forerunner of modern trade bodies or professional associations.

The term “Guild” is said to derive from the Saxon word “gildan”, to pay, since members paid towards the costs of the brotherhood. Guilds were craft or trade societies. They protected consumers and employers against incompetence or fraud by training sufficient apprentices to provide an adequate supply of skilled craftsmen selling goods of true quality and weight. They helped workers by preventing unlimited competition and ensuring reasonable wages and conditions. They searched out inferior work and punished the offenders. They settled trade and domestic disputes by arbitration, while their halls served as centres for meeting and recreation. They generally held a monopoly over practicing their particular trade within city limits - to be a tailor, for example, you had to be a member of the Worshipful Company of Merchant Taylors. Becoming a member would entail serving an apprenticeship and passing a practical exam, ensuring that professional standards were maintained.

They were responsible for checking the quality of goods, weights and measures, and imposed severe penalties on those who broke the rules. They controlled imports and immigrant labour, set wages and working conditions. They trained the young and looked after members in sickness and old age.

In mediaeval times these trade guilds often performed a military role as well. Most of the large employers of a city were members of guilds, and so in an emergency they could quickly assemble all their apprentices and craftsmen to form a large, organised body of men of military age. Wealthy guilds could also afford to issue those men with high quality arms and armour at their own expense, turning them into a formidable military unit that was a match for any lord or baron's feudal levies.

This was a source of both raw power and civic pride, and many guilds - including those of the City of London, encouraged their members to train and drill at weekends to make themselves even more effective as soldiers, and then allowed them to parade through the city streets to show off their skills. Even as late as the English Civil War of 1642, the fact that London, with its trained bands of disciplined militia, decided to fight for Parliament instead of the King was a major factor in Charles's defeat.

These trade guilds morphed into Livery companies that continued the traditions and work of the guilds but  also served a social function, bringing members of the particular craft together and help them network, as well as staging banquets and ceremonies, both secular and religious. The money they collected in membership dues or as bequests was also used for charitable purposes - primarily for their own members who fell on hard times, but also sometimes to the general public. Over the centuries some livery companies became extremely wealthy, and funded schools, hospitals, alms-houses, churches, libraries and many other institutions.

In modern times these functions have almost all been abolished. A few livery companies still carry out traditional functions, but now on behalf of the State and with statutory authority. The social functions of the livery companies are still alive and well today, of course, and members benefit from the ability to go to banquets or attend open days etc.

The role of Livery Companies in charitable work has continued throughout the ages and the Worshipful Company of Security Professionals provides support to the education of  children from underprivileged backgrounds, providing them with opportunities for an insight into the many and varied employment and career opportunities in the City of London.

The Company also supports the benevolence of those working in the security industry, supporting them in their times of distress when urgent welfare support is needed.

The Company sponsors The Sheriffs Award that is open to members of the public as well as members of the Emergency Services, the Armed Forces and people employed in the Security Industry in the UK, recognising their acts of bravery in crisis situations, providing a Certificate of Recognition as well as a financial reward.

The Worshipful Company of Security Professionals continues the ideals of its founding fathers and mediaeval trade guilds supporting youth, education, professional development within the industry and its charitable works.

As an Australian citizen it is an honour to be able to maintain a direct ancestral connection to the London Livery Companies that goes back to the late 1700’s and a privilege to be ‘enclothed’ as a Liveryman of the Company.

Business security during temporary closure

In these "unprecedented times there is a need for businesses to prevent crime and stop criminals from taking advantage of the situation.

Here are some crime prevention tips to increase security to properties that are temporarily closed:

• Remove all valuables from storefront displays to help reduce smash-and-grab thefts.
  
• Remove all valuables such as cash from the till and leave it open. Place cash tray in plain view on the counter to signal there’s no money in the till.
  
• Remove signage from front windows so police can see the inside unobstructed during patrols.
  
• Consider installing an alarm monitoring system. If you already have one, ensure the contact list is up to date.
  
• Clearly post signage on the door/window to indicate that the premises are monitored by an alarm company; that no money is kept on the premises and contact information for police and the business owner in case a member of the public sees damage to the property or suspicious activity.
  
• If the premises are closed for an extended period, clean all glass surfaces and create a tracking log of when cleaning was completed. This may help investigators with suspect fingerprints in the event of a break-in.
  
• Consider installing a surveillance camera system that can be monitored online by owner/management.
  
• Consider using a laminate on all windows and glass doors to prevent the glass from being broken from blunt force. Although damage to glass will occur in a break-in attempt, it will greatly discourage or prevent entry.
  
• Install latch guards on doors to protect against prying including on secondary doors such as employee and loading entrances.
  
• Keep some lighting on inside for surveillance opportunities during the evening.
  
• Ensure all doors are properly secured and regularly check all exterior lighting is functioning.
  
• Remove material around the exterior of the property that may be used to gain entry into the premises such as bricks, metal poles and construction materials.