Upload
tg-tarro
View
12
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Source Security Management
Citation preview
RADIOACTIVE SOURCES SECURITY MANAGEMENTSECURITY MANAGEMENT
Name:FAEIZALALI([email protected])Section/Division:SEKSYENPERUNDANGANATOMICENERGYLICENSINGBOARD(AELB)MINISTRY OF SCIENCE TECHNOLOGY AND INNOVATIONMINISTRYOFSCIENCETECHNOLOGYANDINNOVATION
What is Security Management ?What is Security Management ?
Maintain the most cost effective and efficient security for an organization to protect its assets, information, intellectual property, operations, functions (radioactive material)
Takes into consideration the business and operations with a balance between minimum standards, compliance and risk management
Ensures security measures and systems function properly
S C f Security Culture is an integral part of security management
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Typical Management of SecurityTypical Management of Security
Compliance to obligations, regulation and governance Security Plan (Objectives)
Threat Assessment DBT increased threat scalability Threat Assessment, DBT, increased threat scalability Target Identification (Categories) Security Culturey Inventories and Records Efficiency and cost effectiveness
F ilit b i ti d l f t Facility business, operations and nuclear safety Contingency plan
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Typical Security ManagementTypical Security Management
Organization Chart/Structure Security Plan Objectives
C li t bli ti l ti d Compliance to obligations, regulation and governance Policies Consideration facility operations, business & nuclear safety
Contingencies Contingencies Efficiency and Cost Effectiveness Review (Need & periods)
Threat Threat Facility Characterization Threat Assessment, DBT, increased threat scalability Security Risk Assessment/Category
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
y g y Target Identification (Categories)
Typical Security ManagementTypical Security Management
Personnel Security Roles & Responsibilities Authority Trustworthiness Procedures Adequate level of qualified staff
Access Access Only authorized persons unescorted Authorization, logging and monitoring Key and key control Key and key control
Training (Induction, awareness & education) - Staff and guards Security event and/or breach reporting system
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Typical Security ManagementTypical Security ManagementDocumentation
Procedures Day to day operations (Staff, security & guards) Visitors and contractors Emergency Contingency (Media)
Control Information Security Information Security
Framework for types information (Polices, procedures, operations, etc) Use storage, transmission, distribution, carriage and destructiondestruction
IT Security Need to know Quality Assurance
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Inventories and Records NM or sources
Typical Security ManagementTypical Security ManagementSecurity Systems
Detailed design Protection in depth Detailed design Protection in depth Hardware (security devices, physical barriers, access control/monitoring,communications, intrusion detection, etc) Procedures and operation
Repairs Routine preventative maintenance and testing Repairs, Routine preventative maintenance and testing Records False & Nuisance alarms - Performance Scalable measures for increased threat
Guarding and ResponseGuarding and Response Procedures Capabilities and resources Deterrence (prevention)
Monitoring detection assessment Monitoring, detection, assessment Alarm/Incident response Increased threat
Security Culture
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Security Fundamentals P t ti i D thProtection in Depth
9Deterrence (prevention)9Detection9Detection
9Assessment9Delay
9Response9Response9Contingencies
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
g
Protection in DepthProtection in Depth
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Protection in DepthProtection in Depth
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Protection in DepthProtection in Depth
9 Exterior & Interior Lighting9 Strong Rooms9 Information Security9 Audit Trails
9 Policies and Procedures9 Testing and Inspections9 Regulation & Governance9 Secure Rooms9 Audit Trails
9 Trustworthiness Checks9 Alarms
9 Secure Rooms9 Need To Know9 ID CardsSuccessful
9 Recruitment Checks9 Guards and Patrols
9 Logon ID & Passwords9 Perimeter Fences9 Guards and Patrols
9 Detection Devices9 Categorization9 Encryption
S f
9 Perimeter Fences9 Access Control & CCTV9 Legislation9 Locks
V lt
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
9 Safes 9 Vaults
What are we trying to do with S it ?Security ?
Administrative Measures Securely and safely manage sources by policies, proceduresand practices
Physical barriers to source, device or facility Separate it from unauthorized personnel
Deter delay or prevent unauthorized access or removal of a Deter, delay or prevent unauthorized access or removal of a source
Balanced Measures Efficient and cost effectivea a ced easu es c e t a d cost e ect e Physical Administrative Personnel
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Information Security
Balanced Security MeasuresPHYSICAL -Physical Barriers-Secure areas and buildings
-Security technology - access control, alarms, CCTV-Secure storage-Secure storage-Guarding
PERSONNEL -Photo Identification Badges-Pre-determined trustworthiness-Security Education and Awareness-Authorized access and limit to need-Visitor and contractor supervision and control
ADMINISTRATIVE -Authorizations and Delegations-Policies and Procedures-Confidentiality-Key and badge controlFacility Security Officer-Facility Security Officer
INFORMATIONTECHNOLOGY
-Communications-Access Accounts, passwords, screen savers-IT Security Officer
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
TECHNOLOGY IT Security Officer
Security PlanSecurity Plan Prepared by the user and submitted to the regulatory
b d t f th th i tibody as part of the authorization
Outlines security objectivesy j
Detailed description of : Radioactive source/material inventory Radioactive source/material inventory Security arrangements and procedures Security roles and responsibilities
C ti i (i l di di ) Contingencies (including media)
Greater detail for sources in higher security groups
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
g y g p
ThreatThreat
Collect and organize threat data Identify threats and characteristicsy Formalize threat assessment and gain
consensus Define Design Basis Threat Scalability for Increased Threat Scalability for Increased Threat
- Administrative (procedures, access)Physical (walls buildings)
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
- Physical (walls, buildings)
Key Points for Typical Security C ltCulture Definition: Characteristics and attitudes in organizations and of individuals which
establish that security issues receive the attention warranted by their significance
9 OBJECTIVES9 OBJECTIVES9 AWARENESS & EDUCATION9 RESPONSIBILITIES9 ACKNOWLEDGE THREAT 9 POLICIES & PROCEDURES9 USER FRIENDLY SYSTEMS9 SUPPORT & ASSISTANCE9 HUMAN PERFORMANCE9 ACCESS & TRUSTWORTHINESS9 PERFORMANCE MONITORING
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Security CultureSecurity Culture
OBJECTIVESUsually set out in Security Plan or PoliciesUsually set out in Security Plan or PoliciesEssential (necessary) to know security
Objectives Clear on what are we trying to doj y g Obligations, compliance & governance Legislation Responsibilities
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Security CultureSecurity Culture
AWARENESS & EDUCATION Staff understand why have security and what to do Aware of security arrangements and responsibilities Site Security Presence Site Security Presence
Security always there - 24/7 Contact numbers for reporting events (at all times) Events/reports/incidents Timely reporting to Senior Management (their responsibility too) Reporting process Remedial security actions completed
Given security tools including Training & information Handouts, manuals, intranet, staff briefing/seminars
Security contact email address
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Security contact email address
Security CultureSecurity Culture
RESPONSIBILITIESClear responsibilities from OBTL through lineClear responsibilities from OBTL through line
management to staffResponsible Officers for sources (RPO/RPS)p ( )Security is a shared responsibility
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Security CultureSecurity Culture
IDENTIFY & ACKNOWLEDGE THREAT Staff need to know generally what the Staff need to know generally what the
threats are - Theft or sabotageg Typical adversaries and methods Overt (open) or covert( p ) Insider (Passive or active)
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Security CultureSecurity Culture
POLICIES & PROCEDURES In place and available to staff In place and available to staffDetails organizations objectives, obligations
and responsibilitiesp
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Security CultureSecurity Culture
USER FRIENDLY SYSTEMS Systems easy to use
Allow persons with authorized access to Allow persons with authorized access to temporarily disable measures (such as locked doors)
Verify persons identity and access authorization Verify persons identity and access authorization Use badge and PIN to activate door control reader Key with effective key control Key with effective key control
Reliable systems Testing and maintenance
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Periodic preventative (check, clean, service, adjust & walk test)
Security CultureSecurity Culture
ACCESS & TRUSTWORTHINESS Authorized Persons
Unescorted access to sources Unescorted access to sources Access to sensitive information
Personnel Security - Staff and contractors Need access and information to perform their duties Need access and information to perform their duties Background checks prior to granting access
In accordance with national standards or as determined by regulatory bodydetermined by regulatory body Confirmation of identity, verification of references to determine the individuals character, integrity, reliability, willingness to comply
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Security CultureSecurity Culture
HUMAN PERFORMANCEOverall SECURITY RELIES ON PEOPLEOverall SECURITY RELIES ON PEOPLE
Behavior, Attitude, Honesty, Maturity Ability and willingness to carry out security
arrangements Staff properly trained
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Security CultureSecurity Culture
SUPPORT & ASSISTANCESecurity advice readily availableSecurity advice readily availableStaff must have support from line
managementgConsistency
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Security CultureSecurity Culture
PERFORMANCE MONITORINGSecurity incidents or faults reporting systemSecurity incidents or faults reporting systemTimely reportingMeasurement - Number and type of incidentsMeasurement Number and type of incidentsAnalysis of statistics and reporting
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
SummarySummary
Security management to ensure cost effective, efficient, balanced system with protection in depthdepth
Security Management ensures security measures and systems function properlymeasures and systems function properly
Security Culture is an integral part of security management
All persons in organization share the responsibility for security
http://www.aelb.gov.myhttp://ansn.aelb.gov.my