What is Hazard?

• a situation, which poses a level of threat to:

Other definitions

• Any act or condition which may result in the compromise of

information, loss of life, loss or destruction of property or disruption
of the objective of the installation.
• It is usually used to describe a potentially harmful situation, although
not usually the e vent itself once the incident has started it is
classified as an emergency or incident.

Most hazards are dormant or potential, with only a theoretical

risk of harm, however, once a hazard becomes ‘active’ it can
create an emergency situation.
TYPES OF HAZARD
TYPES OF HAZARD
SABOTAGE AS A SECURITY HAZARD

• A deliberate action aimed at weakening an enemy, oppressor or

employer through subversion, obstruction, disruption, and /or
destruction.
• When disgruntled works damage or destroy equipment or interfere
with the smooth running of a workplace, it is called workplace
sabotage. This can be as part of an organized group activity, or the
action of one or a few workers in response to personal grievances.
Description of a Saboteur

1. He is the most dangerous foe whom security will have to deal with
while planning and implementing security measures and
techniques.
2. He is an ordinary looking as the next guy but in his mind, he has
the training in deception, knowledgeable in incendiaries,
explosives, chemistry, bacteriology, mechanics and psychology.
3. He can work alone, in-groups, or simultaneously in several places.
POSSIBLE TARGETS OF SABOTEUR

• Armed Forces Installation

• Natural resources mines, forest, farms and farm products
• Industries- buildings, power sources, machinery, fuel etc.
• Warehouses dépôts, communications, public utilities, etc.
COUNTERMEASURES AGAINST
SABOTAGE
• Use of an efficient, alert and trained guard force.
• Use of physical security aids like barriers, personnel and vehicular
control, intrusion devices, communication systems, and electric aids.
• Proper screening of personnel.
• Identification and movement control system
• Searches on incoming vehicles
• Safeguarding of classified information
COUNTERMEASURES AGAINST
SABOTAGE
• Designation of restricted areas
• Investigation of breaches of security
• Security education and indoctrination
• Good housekeeping methods
• Effective and compatible emergency planning
• Regular audit
• Continuing background checks
ESPIONAGE AS A SECURITY HAZARD

• The practice of gathering information about an organization or a

society that is considered secret or confidential without the
permission of the holder of the information.
Description of an espionage agent

1. He is very dangerous adversary and his skills in deception and his

cunning should never be under estimated.
2. He is usually a person of extensive training and will be highly
effective in gaining the confidence of people and of extracting
information of value to be relayed to his employer or handler.
3. Even how well-trained and espionage agent he might be, he is
human like the saboteur and he can be defeated in his own game if
proper methods and techniques are undertaken.
SOME METHODS EMPLOYED BY
ESPIONAGE AGENT

1. Stealing or information from employees.

2. Stealing information from records or other sources.
3. Using various methods of reproducing documents products equipment or
working models.
4. Using “front” as commercial concerns, travel agencies, associations, business
groups and other organizations to obtain confidential information or data.
5. Using various form or threats to obtain information.
6. Using blackmail techniques by exposing intimate and personal details
concerning an individual or organization.
7. Penetration and operational tactics.
COUNTERMEASURE AGAINST
INDUSTRIAL ESPIONAGE

1. Careful and complete pre-employment measures designed to control

threats of industrial espionage.
2. Continuing personnel check on employees and particularly personnel on
sensitive positions even already employed.
3. Prevention of unauthorized entry to the plant or industrial installation.
4. Restricting of movement of personnel in the premises of the plant.
5. Controlled disposal of waste papers including carbons in classified work.
6. Only properly cleared personnel should handle classified document.
SUBVERSIVE ACTIVITY AS A SECURITY
HAZARD

• It refers to an attempt to overthrow structures of authority, including

the state. Subversive activity is the lending of aid, comfort and moral
support to individuals, groups, or organizations that advocate the
overthrow of incumbent governments by forces and violence.
• All willful acts that are intended to be detrimental to the best
interests of the government and that do not fall into the categories of
treason, sedition, sabotage, or espionage are placed in the category of
subversive activity.
Threats of Subversive Activity

1. It can be local or national in nature and their mission is to

undermine the authority weaken the organization, and eventually
take over. This can be in business or any activity.
2. This can be in the form of rumor, mongering, propaganda
undermining, morale, and injecting defeatist attitudes, and other
emotional approaches
3. It is an activity not easy to detect.
COUNTERMEASURES TO SUBVERSIVE
ACTIVITY

1. The spreading of rumors, written materials, slogans or any other devices to confuse
the work population and discredit the government should be immediately reported.
2. Labor and other company unions can be infiltrated so that strikes and “slow downs”
can be called to disrupts the normal operation of a plant or installation.
3. Security force should be alerted for person trying to recruit others in organizing
movements for peace, anti-colonials, anti trade and anti-imperialism.
4. Employees or outside personnel seeking memberships in “paper organizations”
should report this activity to security.
5. Other methods of subversion like united fronts, mob action, terrorism and sabotage
will be done to gain the subversive ends.
PILFERAGE AS A BUSINESS HAZARD

• The act of stealing small amounts or small articles.

• Pilferage is one of the most annoying and common human hazards
which security has to deal with. This activity if uncontrolled can
become financial drain if not a menace to smooth and orderly
operation.
• Failure to detect shortage and inaccurate inventories will cause
inventory losses, which may be labeled as pilferage.
TYPES OF PILFERERS

• Casual Pilferer – one who steals due to his inability to resist the
unexpected opportunity and has little fear of detection is no plan or
premeditation and he usually a “loner” on the job. The temptation to
pick up the article is basically due to poor security measure. The
implication of casual pilfering is the big cumulative cost if it remains
unchecked.
• Systematic Pilferer – one who steals with preconceived plans and
takes away any or all types of items or supplies for economic gain.
Pilferers of this kind can be employees or outsiders of the
establishment.
FACTORS CONSIDERED IN PILFERAGE

1. Location of items to be pilfered – the systematic pilferer surveys

shopping and store areas, or through contacts from the firms.
2. Access to the items - techniques can be from fake documents, bribing
of guards, outsmarting security, creating disturbance and other
methods to divert attention while pilferage goes on.
3. Removal of item - this can be done as wearing the stolen shoes or
shorts, concealment in body or vehicles, use of false documents, etc.
Driver may conceal pilfered items in his vehicle.
4. Disposal of items - there is a need for “fences” “brokers” or “clearing
houses” for these “hot “items.
COUNTERMEASURES FOR CASUAL
PILFERAGE

1. “Spot”: check on outgoing vehicles and persons.

2. An aggressive security education and indoctrination program with
emphasis that “crime does not play”.
3. Superiors should set example of integrity and desirable moral climate
for employees in the establishment.
4. All employees must be enjoined to report or any loss to security.
5. Inventory and control methods should be done especially to pilferable
items.
6. Control of tools equipment and sets.
COUNTERMEASURES FOR SYSTEMATIC
PILFERAGE

1. Guards and electronics surveillance on all exist.

2. Package and material control system.
3. Parking area outside perimeter fence of establishment.
4. Careful screening and background checks on applicants to weed out
potential thieves.
5. Investigation of all losses quickly and efficiently to determine “modus
operandi” or obtain clues.
6. Alert all patrols to check areas and buildings for possible concealment
of stolen properties.
7. Install mechanical, electrical, electronic detention and alarm devices where
needed and applicable.
8. Establish an effective lock and key control system.
9. Use of appropriate perimeter fencing and lighting for parking facilities and
areas for vehicles and persons.
10. Store bulk quantities of pilferable items enclosed security areas and distribute
them to using section limited quantities.
11. Establish accurate inventory and accounting methods for procurement, use and
disposal.
12. Establish close liaison with governmental law enforcement and intelligence
agencies.
COMMON MEASURES AGAINST
PILFERAGE

1. Package inspection
2. Assets inventories
3. Body search
4. Uses of alarms
5. Personnel ID &management control
6. Security education
7. Lock and key management
8. regular reporting
9. Property audits
10. Garbage & trash check before disposal
11. Inspections
What is a Risk?

• Risk is the likelihood that something bad will happen that causes
harm to an informational asset (or the loss of the asset).
• The likelihood that a threat will use a vulnerability to cause harm
creates a risk. When a threat does use a vulnerability to inflict harm, it
has an impact.
Vulnerability define

• A weakness that could be used to endanger or cause harm to an

informational asset.

THREAT DEFINE
• Anything (man-made or act of nature) that has the potential to
cause harm.

IMPACT DEFINE
• a loss lost income, loss of life, loss of real property, loss of
availability, integrity, and confidentiality, and possibly other
losses.
The level of risk is a combination of two factors:

• The value placed on that asset by its owner and the consequence,
impact adverse effect of the loss or damage to that asset and;
• The likelihood that a specific vulnerability will be exploited by a
particular threat.
TYPES OF RISK:

1) Pure Risk
2) Dynamic Risk
What is Risk Management?

• The process of selecting and implementing security countermeasures to achieve an

acceptable level of risk at an acceptable cost.
• The process of identifying vulnerabilities and threats from resources used by an
organization in achieving business objectives, and deciding what countermeasures, if
any, to take in reducing risk to an acceptable level.
There are two things in his definition that may
need some clarification.

• FIRST THE PROCESS. It must be repeated indefinitely.

The business environment is constantly changing and new
threats and vulnerabilities emerge every day.
• SECOND, THE CHOICE OF COUNTERMEASURES
(controls) used to manage risks must strike a balance
between productivity, cost, effectiveness of the
countermeasure and the value of the informational asset
being protected.
 What is risk analysis?
• It includes examinations of the VULNERABILITY, PROBABILITY AND
CRITICALITY of potential threats and include natural and man-made risk.
• The entity should assess the risk of a terrorist attack. The assessment should
include a determination of the likelihood of an act or attack, the type of
terrorist action, and consequences, depending on the size and location of the
system. The assessment should include potential risks to the following:
1. Workers
2. Environment and surrounding community
3. Impact to the local, regional and national economics
4. Adjacent and/or interdependent facilities and infrastructure.
 MAJOR RISK
Among the major categories of risk which are arranged
according to Criticality are:

1. Nuclear Attack
2. Natural Catastrophe
3. Civil Disturbances and Malicious Destruction
4. Other Crimes
5. Conflict of Interest
6. Other Risk
What is Asset?

• Any information, facility, material, information, or activity which has a

positive value to its owner whether it is an individual, private o0r
government entity.
• Any person, facility, material, information, or activity
which has a positive value to its owner whether it is an
individual, private or government entity.
• The asset may have value to an adversary, as well as to
the owner, although the nature and magnitude of those
values may differ.
 WHAT IS
VULNERABILITY
Any weakness that can be exploited by
an adversary to gain access to an asset.
An action taken or a physical entity used to reduce or
eliminate one or more vulnerabilities.
The cost of a possible countermeasure may be
monetary, but may also include non-monetary costs
such as: reduced operational efficiency, adverse
publicity, unfavorable working conditions, and
political consequences.
What is an Adversary?

• An individual, group, organization, or government that conducts activities or

has the intention and capability to conduct activities detrimental to the
individual, private or government entity.
Useful definition of a security problem requires that three
things be recognized and evaluated in quantitative terms:

1) the kinds of threats or risks affecting the assets to be

safeguarded;
2) the likelihood or probability of those threats becoming
actual loss events;
3) the impact or effect upon the assets or upon the
enterprise responsible for the assets if the loss occurs.
The first we may call Loss Event Profile, the second
Loss Event Probability or Frequency and the third Loss
Event Criticality.
•The kinds of threats or risks affecting
the assets to be safeguarded.
 PROBABILITY

The chance or likelihood that a loss

will take place. Indicated by a
mathematical statement concerning
the possibility of an event
occurring.
Probability
Probability is quantified as a number between
0 and 1 (where 0 indicates impossibility[2]
and 1 indicates certainty).

0<P<1
Probability known or unknown

0.999 Virtually Certain

0.75 Very Probable
0.50 Average Probability
0.25 Less Probable
0.001 Very Improbable
• The impact of a loss as measured in financial terms.
How important it is in terms of the survival or
existence of the organization.
Criticality includes the following cost
considerations

K= (Cp+ Ct+Cr+CD) - (I - a)

where:
K= Criticality Cost of the Loss
Cp= Cost of Permanent Replacement
Ct = Cost of Temporary Replacement
Cr = Related Cost
Cd= Discounted Cash
I= Insurance
a= Allocable Insurance Premium
Percentage of Impact:

100% Fatal
75% Very Serious
50% Average
25% Less Serious
0% Unimportant
PROBABILITY AND CRITICALITY MATRIX

0.999

0.75

0.050

0.25

0.001
0% 25% 50% 75% 100%
An effective method of designing and
implementing an assets protection program is the
systems approach. The systems approach has
been defined as “a comprehensive solution to a
total problem.” It is an orderly and rational method
of problem solving and, if properly carried out,
should insure an effective assets protection
program.
THREE GENERAL STEPS IN THE
IMPLEMENTATION OF THE SYSTEMS
APPROACH :

1. a vulnerability analysis
2. installation of countermeasures :
• software
• hardware
• people
3. a test of the operating program to
insure its effectiveness.
 Risk Management Alternatives
and Strategies
• Risk Avoidance
Eliminating or removing the risk totally from the
business, government, or industrial environment for
which the risk manager has responsibility.

• Risk Reduction
Decreasing the risk by minimizing
the probability of the potential
loss. This reduction of criminal
opportunity is often accomplished
by situational crime prevention
strategies to discourage, deter, or
deny criminal incidents.
• Risk Spreading
Spreading the risk(s) through compartmentation or
decentralization to limit the impact (criticality) of the
potential loss.
• Risk Transfer
Moving the financial impact of the potential loss
over to an insurance company.

• Risk Self-assumption
Planned assumption and
acceptance of the potential
risk(s) by making a deliberate
managerial decision of (a) doing
nothing about the threat, or (b)
setting aside resources for use in
case of a specific loss incident.
• Combination of the Above

Using a combination of two or more of the above

strategies to manage potential risk and threats.