Showing posts with label Threat. Show all posts
Showing posts with label Threat. Show all posts

Thursday, September 1, 2022

IP surveillance camera Installation for small industrial complex

IP surveillance camera Installation for small industrial complex 

As someone that is in the industry, I get this question on a Weekly basis. “Do I need IP or Analog cameras for my Company / Small Scale Industry?”  The answer to this question is quite simple, “How important is your stuff & Property?” There is one major truth about IP cameras that some people find hard to swallow and I am going to be very blunt about it, “Yes, they are more expensive”. Budget is another factor to consider. Small business owners often have to make budget their primary concern and want a quality camera that is easy to install, accessible on mobile, and hassle-free. Quite often selecting the best video surveillance camera is all about the best option within a limited budget.
End-users should look at the total cost of ownership, including warranties and cybersecurity protection. To achieve more cost efficiencies, end users will want an intelligent system, and again, this requires video analytics.

They are more expensive BUT the Cost vs. Price analysis shows that they are in essence less expensive when considering what you actually get with the IP camera solution.  So what do you get, Clarity is the huge one. With the right IP camera you can catch such great detail that you can not only see and describe who is walking up to the door, but the camera system can recognize the face, store it, and give you the exact time the person walked up to the door. While the camera system is doing this it also has the capability to catch the make, model and license plate of the car s/he drove up in. And if that wasn’t enough, the camera system can count the number of people that walk up to the door, pull into the drive way, or even walk by the house. And believe it or not, the system will even send you an email if someone walks up to the door after hours. The system can alert you if the UPS man walks up and leaves a package, or it can alert you if you have something on the porch and it suddenly walks off.
Can you get this type of clarity with an analog camera system?  Maybe?  On a clear day? The honest answer: probably not. Can you get these extra features like facial detection with an analog camera system? That answers easy, NO.
 
So now I ask the same question that I asked above, “How important is your stuff or property?”  or the real question is “How important is your safety?”.
 
Cybersecurity, encryption, and infrared imagery are also growing trends that are currently driving the selection of video surveillance cameras, especially for government and other critical infrastructure customers.
These facilities often prioritize cybersecurity, so procurement officers look for a system that meets regulatory requirements, is secure, and highly reliable — one that protects the data from the camera to monitoring.
Location and threat type factor into the decision as well. Even the best outdoor security camera system won't be effective if installed indoors. Thermal cameras can detect potential intruders at a distance of up to 15 miles, providing an extra margin of response time. Explosion-proof cameras, commonly used in hazardous industries, are hardened with protective housing.
Another factor end users need to consider is installing a completely new system or adding to an existing one. With a new build, they have a blank canvas to work with that can be customized to match the end user's needs rather than retrofit new equipment to an existing system.
 
The most critical factor in selecting the best video surveillance camera is to understand its ultimate purpose — the problems it's required to solve and what it's expected to provide in the way of detection, identification, and data-mining capability. Pain points such as 24/7 monitoring of the premises and compliance requirements set by the enterprise business policies all need to be considered during the selection process.
 
Determining the number of areas of interest, how much of them to cover, and how close they are to each other is the next step. These parameters will determine the types of cameras required and how many. For example, you can achieve adequate coverage of an area using multiple fixed cameras or with just a few pan-tilt-zoom (PTZ) cameras.
 
Risk assessment should be performed to ensure the design of the system results in an installation that adequately addresses the threats and reduces the security risks. In order to identify the level(s) of security required (and potentially therefore the grading of the elements of the system), an assessment of the factors which are likely to come into play is required. In very global terms, from a security perspective these elements are typically considered as:
Threat (Who): The threat will typically be defined as the persons or events to be protected against. Threats will vary greatly in termsof objectives, determination, capability, resourcefulness,
Vulnerability (What / Where): The vulnerability will typically be the areas of concern that require protection. The level of vulnerability will be defined by numerous factors such as desirability of the objects in the area, ease of access, operational hours of the environment, exposure / secluded nature of the area.
Risk (What if?): Risk is effectively the consequence of a successful or attempted intrusion or event. These risks can be wide and varied and not immediately obvious. Risks and impact levels of each identified risk will typically vary depending on the nature of site. Risks can include:

1.   Immediate Financial Loss: Immediate value of items lost.

2.   Ongoing Financial Loss: Increased insurance premiums, time to return to profit.

3.   Personal Safety: Injuries to staff and / or members of public involved in violent incident.

4.   Stress Related Issues: Reduced staff morale, loss of staff due to safety concerns.

5.   Non-financial loss: May include loss of intellectual property, company data or similar.

Typically security systems cannot change the identified threat or alter the risk, but well deployed security measures significantly reduce the vulnerability. This in turn helps to reduce the likelihood of risks occurring.
 
These services are provided in different environments, such as swimming pools, fitness areas, dining halls, common areas and individual rooms. Each area has its own potential risks; for instance, guests can slip and fall near the swimming pool area if not properly maintained or they may get injured in the fitness area. Some of the most common causes of injury in these places are:

1.   Physical Attacks: Although the premises of hotel and hospitality providers are considered safe, in some crowded and low budget hotels, criminals may attack guests for their money. In these situations, the presence of outdoor surveillance cameras acts as an evidence against those criminals.

2.   Slips: Usually, the flooring is not similar in all areas of the premises. The guests being new generally do not pay much attention towards the uneven flooring and so they may slip and fall. Moreover, cracked flooring, worn-out carpets and wet floors are some of the major causes of slip and fall accidents.

3.   Broken Furniture: In order to save money, some hotels do in-house repair of furniture that broke down due to overuse. Because of its age and some guests’ weight, the furniture may collapse and injure the guests.

It is important to consider the level of detail required in an image so that it matches the need of the user. This should be discussed with the client. The practical effect of this is that a camera may need to have a wider or narrower field of view so that the necessary amount of detail can be seen and that in some circumstances more cameras may be needed, either to increase the area covered with the same detail or to allow for different levels of detail to be seen from the same view.
 
Whether the different levels of detail can be achieved using a single PTZ or single camera of high resolution is a matter that should be agreed.
 
A lens is a transparent optical device with perfect or approximate axial symmetry which transmits and refracts light, converging or diverging the transmitted light and to form images. A simple lens consists of a single optical element. A compound lens is an array of simple lenses (elements) with a common axis; the use of multiple elements allows more optical aberrations to be corrected than is possible with a single element. Lenses are typically made of glass or transparent plastic.

The measure of the fine detail that can be seen in an image. For analog systems this is typically measured in Television Lines or TVL. Higher TVL rating, the higher the resolution. Same way megapixel (MP) like 1.3mp, 2mp, 4mp, 8mp etc.
 
Resolution-horizontal
The amount of resolvable detail in the horizontal direction in a picture. It is usually expressed as the number of distinct vertical lines, alternately black and white, which can be seen in a distance equal to picture height.

Resolution-horizontal - vertical
The amount of resolvable detail in the vertical direction in a picture. It is usually expressed as the number of distinct horizontal lines, alternately black and white, which can theoretically be seen in a picture.
 
Detection, Recognition and Identification (DRI) in video surveillance is very important terms to get image details. DRI ranges, expressed in meters, km (or miles), can be found in the specification table of infrared camera brochures.
The terms “Detection”, “Recognition” and “Identification” were defined as follow:

·        Detection: ability to distinguish an object from the background

·        Recognition: ability to classify the object class (animal, human, vehicle,  …)

·        Identification: ability to describe the object in details (a man with a hat, a Jeep …)

As a best practice, do not assume the camera resolution is everything in regards to image quality. For a camera to operate in a day-night environment, (the absence of light is zero lux), the night mode must be sensitive to the infrared spectrum. It is highly recommended to conduct tests or pilot installations before buying large quantities of any model of camera.

Considering Small Scale industry owner agreed to install PTZ cameras & as per below drawing want to execute this project.

Considering Product Make is under NDAA Compliant IP Surveillance Cameras

BOQ of this Projects are

SL NO

Item Description

Qty

1

Supply of 1080p Resolution IP IR Outdoor PTZ Camera 4.6mm-165mm Vari focal Lens, 36X optical Zoom, 1/2.8" SONY Starvis Back-illuminated CMOS Sensor. IR 120Mtr and True Day/Night.

2Nos

2

Supply of 04CH Embedded Linux NVR with upto 6TB SATA Port; H.265; 1nos HDMI out, 1Nos USB.

1Nos

3

Supply of 2 TB Surveillance Hard Disk for NVR

1Nos

4

Supply of 04 PORT Network Switch for IP  Surveillance Camera

2Nos

5

Supply of 2C 1.5sqmm Armour Copper FRLS Cable.

90Mtr

6

Supply of 20mm PVC Conduit/ PVC Casing with accessories

30Mtr

7

Supply of CAT6 Cable to connect IP Camera to switch

 

8

Supply of 2U Rack for Network Switch.

1Nos

9

Supply of 9Mtr PTZ Camera MS Pole Powder Coated without Junction Box arrangement for One PTZ camera installation.

1Nos

10

Supply of Junction Box, Welded body construction in CRCA MS sheets.
Size: 600mm(W) x 200mm(D) x 450mm(H). Single hinged front door in 2mm thk with lock and foamed in place gasketing. Powder coating shade RAL 7035. For One Antenna injector, Camera Power Supply & Switch etc.

1Nos

11

Supply of 867Mbps 5G High Power Outdoor PTP Antenna for Two Camera

2Nos

12

Supply of 32” Surveillance Monitor for Viewing two PTZ camera

1Nos

13

Supply of CCTV Signage (We Checked Video Footage Every day)

2Nos

14

Installation, Testing, Commissioning & Handover including all documentation, arrangement, Transportation, Lodging Fooding.

1 Lot

 Note: Civil work in customer Scope. UPS power arrangement is in Customer Scope.

Display screens may be desk or wall mounted with consideration given to the ergonomics of the operator. The display screens should be installed to minimise the effect of lighting, particularly sunlight, which can adversely affect the viewing experience. Wall or ceiling mounted display screens should be mounted using suitable brackets in accordance with manufacturer’s instructions.
Consideration should be given to the positioning of such screens to ensure they are above head height or not in a position where people may bang their head on them.
Your guest needs to be aware that they are entering hotel area that is being monitored by CCTV surveillance equipment. Signs should be placed so that they are clearly visible and legible. The size of the sign will vary according to the circumstances of its location.



Incident Response

Locally agreed procedures should detail the action to be taken in the event of an incident. These procedures should conform to those laid out as below:
• Action to be taken
• Who should respond?
• The timescale for response
• The times at which observation should take place
• The criteria for a successful response
• CCTV operators should maintain a record of all incidents in the appropriate incident log.

The overall indicator of successful response to incidents is that the CCTV scheme fulfils its objectives, i.e.:
• Restoration of tranquility
• Dispersal or control of the situation
• Prevention or minimization of injury and damage
• Reduction of crime and disorder, to improve safety and reassure the guest
• Identification of a suspect
• Gathering relevant information to assist in the subsequent apprehension of offenders
• Apprehension of a suspect with evidence
• Guest safety through effective evacuation
• Traffic flow restored
 
Our CCTV projects are intended to reduce cases of theft and misconduct in the organisation premises. Like any other project, our CCTV projects will involve a degree of cost to the client, in terms of the cost of the installation, maintenance as well the impact it will have on personal privacy within the precincts of the organisation/ business premises.
SSA Integrate  will carry out a detailed survey of the area under surveillance and armed with experience in the field of public / social control techniques is proposing to install/ deploy CCTV and/ or alarm surveillance system that will make it possible to have a real time total visibility of the Areas under surveillance.
CCTV can be effective in reducing or preventing crime if it is part of a broader crime prevention and community safety strategy, as such, it should not be implemented as the only means of addressing crime in public places.


Friday, July 1, 2022

Security Assessment Vs Security Audit

Security Assessment Versus Security Audit 

It is not often that security organizations purchase professional security services.  Perhaps once every five to ten years.  As such, consumers may not know exactly what service to request to best align to their physical security needs.  This article is intended to clarify the difference between a security audit and a security assessment for organizations trying to validate the effectiveness of their security program to enable the appropriate choice to be made when the time comes.

Let’s start with two questions managers should ask themselves about their security program:

1.   Are we doing the right things to protect our people, assets and information?

2. For the things we are doing in our security program, are we meeting the commitments we have made to security and are we doing things in a way that achieves desirable outcomes?

The security audit answers the second question, and the security risk assessment answers the first.  Let’s start with a view of the many things that should be looked at to determine security adequacy. The following formula illustrates the three areas of security risk that are typically analyzed.

Risk = Threat + Consequence + Vulnerability

A security audit is only going to be focused on one of these elements of the security risk formula as shown below.  An audit is not necessarily designed to diagnose criminal and terrorist risk, but certainly mitigates non-compliance risk.

Risk = Threat + Consequence + Vulnerability (or effectiveness of security)

Security Audit Focus

Security Audit By comparison, a security audit is probably the easiest methodology to execute for the consultant as it is simply a verification that all security measures which are supposed to be in place are in fact in place, functioning and documented correctly.  The security audit will focus on the effectiveness of security or confirm whether vulnerability is being properly mitigated.  This as opposed to a security risk assessment which is intended to be much more diagnostic and predictive into the future, typically five years or more.  The security audit is a point in time check only.  If the basis of design for the security program is incorrect, the audit may not shed light on this.  However, the security audit is an important tool in the toolbox as an agent of positive change to protect people, assets and information.  Refer also to Physical Security Audit for a video discussion by a Certified Security Professional and Certified Security Consultant.

The challenge when organizations ask for an audit and have no established security standard, what is the security professional using as the benchmark against which the security audit results will be measured?  Some considerations if you face this common scenario:

·        If your organization does not have a set of security standards, you must ask your prospective security professional what methodology will be used to audit your organization. Ask to see the methodology so that you can review it and ensure you will be satisfied with the outcome.  Will it cover all the necessary elements of your physical security program?  For instance, at a minimum, a proper physical security audit should include within its scope thee following (note this list is by no means all inclusive):

o   Governance

o   Access control – site perimeter, building perimeter, restricted internal areas

o   Security systems installation, operation and maintenance

o   Security related policies and procedures

o   Security awareness training and education

o   Information protection

o   Asset protection

o   Security officer utilization (if applicable)

o   Competency of non-security persons in key security roles

o   Crisis and emergency management protocols

o   Security change management

·        If you are going to request an audit from an outside security professional without having organizational security standards, you will want to ensure that the security professional has some experience in the following areas:

o   Prior similar work within your industry (for example, if you are a chemical plant, the consultant should have some level of experience in the oil, gas or chemical arena).

o   Setting up corporate or global security programs for organizations.

o   Reporting out on audits with a methodology that supports a stratification of the findings. Some findings are going to be more important than others.  There should be a means to classify gaps.  For instance, the following definitions for high and lower priority observations and findings is shown below.

Findings – represent clear departures from, or exceptions to, existing applicable federal or state laws or established audit security standards, where such departures or exceptions can be confirmed.  Exceptions may include any issues that were previously discovered in prior audits that are still open or were improperly or incompletely closed.

Suggestions – represent options for enhancing the plan and/or plant security to reduce the possibility of any exceptions or vulnerability to a security incident in the future.

Another caution is the type of audit that conducted as this will have a direct correlation to the validity of the outcome.  Two types of audits are discussed below.

First-Party Audits

First-party audits are often called self-audits. This is when someone from the organization itself will audit a process or set of processes to ensure it meets the expectations set forth in the audit protocol.  This person would typically be an employee of the organization.  In some cases, particularly under some counter-terrorism regulations such as the Marine Transportation Security Act (MTSA), first party audits are prohibited and persons with any affiliation with the security program may not audit the program.

A first party audit might be appropriate as a rehearsal for a more robust audit conducted by a third party.  Otherwise it could be argued that there could be a potential conflict of interest by auditing oneself.

I would consider an audit by an internal audit group to be a step up from the self-audit as the internal auditors are typically strict and objective.  The problem with internal auditors doing physical security audits is the lack of knowledge of the subject matter.  If internal auditor is going to be involved in physical security audits, it is important to carefully script what will be their scope so that they are looking at things they can fairly judge that are simple and high impact.

Third-Party Audits

A third-party audit occurs when a company hires an independent entity to perform an audit to verify that the company is executing a security program consistent with regulatory expectations, internal standards or the methodology agreed with the auditor up front.  Some would argue that this is the best and most stringent means of conducting an audit to ensure objectivity.  But it also comes with a cost.

To close out the audit discussion, this type of physical security review is intended to answer the question, “For the things we are doing in our security program, are we meeting the commitments we have made to security and are we doing things in a manner that achieves the desired outcomes?”  You state that you do A, B, C and D in your security program and you have or pay someone to come in and verify that you are doing A, B, C and D.

The Security Risk Assessment

Continuing with the A, B, C, and D discussion, the audit will not necessarily tell you if A, B, C, and D are the right things to be doing in your security program.  To get this type of diagnostic insight, organizations need to be asking their consultant for a security risk assessment versus a security audit.

Risk = Threat + Consequence + Vulnerability

The security risk assessment is going to analyze all elements of the risk formula shown above.  The predictive nature of the risk assessment is borne out of the threat assessment and pairing threats with critical assets to formulate future security scenarios that will be analyzed for consequences (how bad would it be if it occurred) and vulnerability (how susceptible is the organization to a criminal or terrorist attack or conversely, how well prepared is thee organization to prevent a security incident).  Risk assessments are forward looking, but of course will take into account historical security incidents which are one of the best predictors for future incidents.  Security risk assessments can nicely inform a security master plan versus the security audit which may generate some findings and corrective actions to remediate shortcomings in existing security measures.

There are many benefits of a security risk assessment:

·        Prevent incidents and criminal activity.

·        Compliance with the OSHA General Duty Clause.

·        Identify to all stakeholders what needs to be protected, why and from whom.

·        Learn where you can be victimized by criminals or terrorists.

·        Identify holistic mitigation strategies to reduce security risk to people, assets and information.

·        Stage implementation of recommendations at your own pace rather than hastily responding or overreacting after a security incident.

·        Secure funding for security improvements by making a compelling business case. (Management will sometimes react more rapidly to third party recommendations or those that are well supported with crime and other data analysis).

·        Implement many improvements without a capital investment. There are always easy, inexpensive and impactful recommendations that can be implemented at a low or even no cost.

·        Identify emergency scenarios and calibrate emergency response and business continuity plans accordingly.

·        Defend against frivolous litigation.

The illustration below shows how scenarios can be analyzed and scored to identify the highest concerns to an organization.

Security Audit

·        Point in time assessment

·        Verifies security commitments are being met

·        Leads to potential action items where gaps are identified

·        Less expensive typically that a risk assessment

·        Does not validate that the security program is aligned with risk

·        Does not provide a basis of design for an organizational security program

Security Risk Assessment

·        Forward looking methodology

·        Verifies security commitments are being met

·        Leads to a long-term security master plan and cost staging

·        More expensive than a security audit

·        Validate that the security program is aligned with risk

·        Provides a better defense of conformance to the OSHA General Duty Clause

·        Provides a better defense against frivolous premises liability claims

·        Provides a basis of design for an organizational security program

·        Enhances crisis management and resiliency