EXAMPLE OF SECURITY AND RISK MANAGEMENT (78%)

Security and
Risk Management

S8425382J_SecurityAndRiskManagement

Section 1: Threat Vulnerability and Risk Assessment

Introduction

1-1. Threat can be described as an element that contribute to disruption of service, tampering of
assets and possible destruction of facility. Thus, the significance of adopting a risk-based approach;
Threat Vulnerability and Risk Assessment (TVRA) to identify conceivable and realistic threat
scenarios that may affect the operations of Marx-T Corporation (Thailand). The TVRA will identify
components where ramification would be highest, and to determine the protection level required to
mitigate such risk factors.

1-2. The end-product of a TVRA assessment will affect the following components in the building
design with the architectural agencies and other stake-holders:

a. Security planning. Prior to the implementation of security measures, it is vital for

any organisation to identify and assess their risk exposures. This allows the Security
Manager (SM) to design a prudent yet holistic security plan. Such plans will provide an
 evaluation on the effectiveness of security control measures that will be developed into
policies and standard operation procedures.

b. Project management. It is important to address threat and security concerns at the

infant-stage of building design, where the security elements can be assimilated during the
planning stage with the project management team. A well-designed building will not only
minimise security constraints, but also control costs more effectively.

c. Security operations manual. The document entitled security operations manual, is

likened to the standard operating procedures (SOP) in almost every organisation and
businesses. This document shall be established as a form of guidelines; where it shall store
general information of the organisation and provide security principles, to avoid any
incidences that may defame and denigrate the organisation.

1-3. Refer to Appendix A, for the generic overview of the MARX-T Corporation (Thailand) complex.

Threat Vulnerability Risk Assessment Findings

1-4. To achieve realistic TVRA findings, the Security Manager must consult managers from other
departments or entities for brainstorming and address any other threats that may arise from the
assessment. Refer to Appendix B, for TVRA findings.

Section 2: Access Control Systems

2-1. A comprehensive study has been made on the access control systems of the complex, where
the breakdown of the locations and security system features are being deployed.

2-2. Budget breakdown of the access control systems are illustrated below for use of
references.

2-3. Vehicle barrier system. Vehicle barrier system will be deployed at both vehicular entry
points. Cost is projected at USD20,000.00.
Vehicle barrier system
2.3.1a Primary 10,000
2.3.1b Secondary 10,000

Total 20,000

2-4. HID i-Class card reader. The HID i-Class card reader will be employed for all
security access doors. Entry rights will be strictly controlled by the authority of the Security Manager
of MARX-T Corporation (Thailand). A total of 15 card readers will be required. Projection cost is
targeted at USD15,000.00.
HID i-Class Card Reader
2.4.1 Security Office
2.4.1a Main
1,000
2.4.1b Rear 1,000
2,000
 EXAMPLE OF SECURITY AND RISK MANAGEMENT (78%)

2.4.2 Main office

2.4.2a Security Command Centre (SCC)
1,000
2.4.2b MND Office 1,000

2.4.2c Marketing Director 1,000

2.4.2d Finance Director 1,000

2.4.2e Operations Director 1,000

2.4.2f Human Resource Director 1,000

2.4.2g Staff entrance 1,000

7,000
2.4.3 Warehouse
2.4.3a Factor storage
1,000
2.4.3b Finished product 1,000
2,000
2.4.4 Production
2.4.4a Block A (02 Entry points)
2,000
2.4.4b Block B (02 Entry points) 2,000
4,000

Total 15,000

2-5. Access Control Panel. Procurement and installation of access control panel will be highly
dependent on the number of HID i-Class card reader required for the entire complex. The access
control panel will be placed under the supervision of the duty security manager, based in the
Security Command Centre (SCC) in the main office building. With 15 card readers being utilised,
there is a need to have a back-up card reader for contingency scenarios. Thus, cost is projected at
USD 30,000.00.
Access Control Panel
2.5.1 Security Command Centre (SCC)
2.5.1a 8 card readers 10,000
2.5.1b 7 card readers 10,000

2.5.1c Contingency 10,000

Total 30,000

2-6. Ingress-egress points. Ingress and egress points of all locations, shall be inclusive of the
emergency fire exits as per fire safety requirement, doors intrusion features as well as pedestrian
turnstile systems. Cost is projected at USD 35,270.00.
Access
doors Security Office (Main)
2.6.1
2.6.1a Emergency breakglass switch 50
2.6.1b Intruder alarm 100
2.6.1c Turnstile system (2 units) 20,000
2.6.1d EM Lock 300lbs 100
20,250
2.6.2 Security Office (Rear)
2.6.2a Emergency breakglass switch 50
2.6.2b Intruder alarm 100
2.6.2c Turnstile system (1 units) 10,000
2.6.2d EM Lock 300lbs 100
10,250
2.6.3 Main office building
2.6.3a Emergency breakglass switch 50
2.6.3b Intruder alarm 100
2.6.3c EM Lock 300lbs 100
2.6.3d EM Lock 600lbs (Security Command Centre) 200
2.6.3e Alarm door contact 20
470

2.6.4 Warehouse
2.6.4a Finished product
2.6.4a(i) Emergency breakglass switch 50
2.6.4a(ii) Intruder alarm 100
2.6.4a(iii) EM Lock 600lbs 200
2.6.4a(iv) Alarm door contact 20
370
2.6.4b Factor storage
2.6.4b(i) Emergency breakglass switch 50
2.6.4b(ii) Intruder alarm 100
2.6.4b(iii) EM Lock 600lbs 200
2.6.4b(iv) Alarm door contact 20
370
2.6.5 Production
2.6.5a Block A
2.6.5a(i) Emergency breakglass switch (6 units) 300
2.6.5a(ii) Intruder alarm (2units) 200
2.6.5a(iii) EM Lock 600lbs (6 units) 1,200
 EXAMPLE OF SECURITY AND RISK MANAGEMENT (78%)

2.6.5a(iv) Alarm door contact (4units) 80

1,780
2.6.5b Block A
2.6.5b(i) Emergency breakglass switch (6 units) 300
2.6.5b(ii) Intruder alarm (2units) 200
2.6.5b(iii) EM Lock 600lbs (6 units) 1,200
2.6.5b(iv) Alarm door contact (4units) 80
1,780

Total 35,270

Overall access control expenditure

2-7. The combined costs for access control expenditure shall equate to an estimated amount
of USD100,270.00.
Vehicle barrier system 20,000

HID i-Class card reader 15,000

Access control panel 30,000

Doors and security features 35,270

Total 100,270

Recommendation: Vehicle Entrances

2-8. The entry point of the complex needs to be located as far as possible from the production
buildings and offices and must possess the following factors:

a. Access roads. Access roads must be designed in a manner that allow utilisation of
access control systems or physical authentication checks by security officers.

b. Optimisation of access. Optimisation must meet the peak period traffic demand,
without impeding traffic flow.

c. Technologies to be installed. Anti-ramming barriers needs to be installed, as part

of TVRA findings to eliminate vehicle-ramming incidents that may potentially lead to
vehicle-borne improvised explosive device (VBIED).

d. Heavy vehicles. There is a need to have separate roads for service and delivery
vehicles, travelling away from the office buildings, with ample space for vehicle inspection
that does not hinder traffic flow.

e. Accident prevention. With considerations of having production buildings and

warehouse to be on higher ground, the roads leading to such locations needs to be
regulated without deploying a security officer. Thus, the need to deploy such features:
 (i) Radar-speed sign. By deploying a radar-speed sign, will help curb speeding and
raise awareness amongst all motorists in the complex. A study has been done by
US-Department of Transportation, where it indicated that up to 80% speeding
drivers will slow down when alerted by the speed sign as illustrated below.

(Ii) Speed bump. Erection of speed bump or commonly known as road humps is
highly recommended. This deter any vehicle from travelling above the imposed
speed limit. At the same time, it also acts as a counter-measure for antiramming
vehicles.

Figure 2: Speed bump

Figure 1: Radar-speed gun

Section 3: Surveillance and Alarm Management

Indoor surveillance equipment

3-1. Provisions of 7 CCTV cameras to be made for indoor installations per building. Further
discussions with the Operations Manager in due course will generate outcomes on the placement
of the CCTV cameras. A total of 28 indoor M1350 cameras and its accessories shall be expected
to be mounted, expecting a budget of around USD23,200.00.
3.1.1 Main office 3.1.1a M1350
7,000
3.1.1b PoE switch 2,000

3.1.1c Mounting brackets 2,100

3.1.1d Boundary sensors (4 units) 2,000

13,100

3.1.2
Warehouse
7,000
3.1.2a M1350
3.1.2b PoE switch 2,000

3.1.2c Mounting brackets 2,100

 EXAMPLE OF SECURITY AND RISK MANAGEMENT (78%)

3.1.2d Boundary sensors (4 units) 2,000

13,100

3.1.3 Block A
M1350 7,000
3.1.3a
3.1.3b PoE switch 2,000

3.1.3c Mounting brackets 2,100

3.1.3d Boundary sensors (4 units) 2,000

13,100

3.1.4 Block B
M1350 7,000
3.1.4a
3.1.4b PoE switch 2,000

3.1.4c Mounting brackets 2,100

3.1.4d Boundary sensors (4 units) 2,000

13,100

Total 52,400

Outdoor surveillance equipment

3-2. Johnson Controls has agreed to provide complimentary intruder system. However, the
installation fees shall be borne by MARX-T Corporation at USD30,000. A projected cost of
USD66,600 shall be expected. Refer to Appendix C for a more detailed deployment of outdoor
surveillance equipment.

3.2.0 Outdoor equipment

3.2.1 Axis camera M1150 (12 units) 24,200
3.2.2 PoE switch (2units) 4,000

3.2.3 Mounting pole (12 units) 8,400

3.2.4 Boundary photo beam sensors (labour fee) 30,000

Total 66,600

Overall surveillance equipment cost

3-4. The combined costs for servers and surveillance equipment shall equate to an estimated
amount of USD179,000.00.
 Outdoor equipment 66,600

Indoor equipment 52,400

Server (2units to support 48 cameras) 60,000

Total 179,000

Installation, monitoring system and cabling cost

3-5. The combined costs for installation, monitoring system and cabling is expected to be at
USD390,000.00.
Fibre optic
150,000
cables
Video management system 10,000
Installation cost 200,000
Power cabling 30,000

Total 390,000

Section 4: Security Officer Deployment

4-1. Reputation is key to MARX-T Corporation (Thailand). Thus, the cardinal need to have a robust
security master plan to place high emphasis of pro-active approach in the security field, as a form
of strong deterrence. Pro-active approach here refers to the following:

a. Mindset. Security officers must be drilled to have an ‘eagle eye’, constantly looking
out for any abnormalities in the surroundings for suspicious activities. In the event of any
adversaries, security officers will be able to alternate smoothly from ‘routine normalcy’ to
‘high-alert’ mode.

b. Deployment. By having a pro-active deployment approach, potential perpetrators

and aggressors will initiate a paradigm shift in their targets. This can be achieved by the
proper deployment of security assets at key areas.

c. Command, control and communications (C3). Security supervisors are required to

have leadership traits akin to that of a military commander, where they are expected to be
highly proficient in the necessary security skill-sets and operational effectiveness.

d. Specialised training and audits. To achieve a robust security master plan, it is

important to conduct regular training e.g. scenario-based training (SBT) and red-teaming
drills. This is to ensure all security officers are in-sync, remained stay focus and maintain
operational effectiveness even in duress conditions.
 EXAMPLE OF SECURITY AND RISK MANAGEMENT (78%)

4-2. Justification. With a revenue of USD1Billion for the financial year 2016, and the impending
Boeing contact, it is imperative to safeguard the business interests of the corporation. MARX-T
Corporation are strongly advised to be allowed to have a full-proprietary guard force.

a. Reputation. Stock closing price has doubled upon the contract from Boeing.
Therefore, the stature and reputation of MARX-T Corporation must not be compromised.

b. In-house security pedagogy. In the efforts to enhance corporate security

measures, it is imperative for the corporation to adopt the various domains of heightened
security measures in accordance to the ISO27001, which is not achievable from the local
security context.

c. Command, control and communications (C 3). Language must not be the barrier,
where all stakeholders are expected to understand the overall security master-plan, in
times of peace or adversaries. This is to allow the corporation the fully understand and
follow the C3-concept, with neither altercations nor concoction.

d. Quote – “Pay peanuts, get monkeys”. The quote may sound silly or racist, but it
explicitly describes that any organisation must be prepared to pay more to secure
highlyskilled staffs.

e. Remuneration package. The costs of owning a proprietary security force is very

high, and it surpasses the budget constraint. However, the safety and security of the staffs
and operations must never be jeopardised. MARX-T Corporation ought to adopt the
mindset ‘Stay Secure Stay Assured’, in order to have guaranteed assurances on business
continuity for the foreseeable future.

4-3. Manpower staffing. Upon assessment of the TVRA and site location
deployment, a 12-hr shift system will be implemented for the security force deployment,
with the following table as a form of guide. For a team of security professionals to operate
for a 12-hour shift, a team of 8 security officers led by a security supervisor is required at
all times.

Staffing
S/N Sector Remarks
Security Supervisor Security Officer
1. Security office (main) 1 1 -
2. Security office (rear) - 2 -
3. Production Blk A - 1 Roving
4. Production Blk B - 1 Roving
5. Warehouse - 1 Roving
6. Perimeter patrol - 2 Vehicle patrol
7. Duty strength 1 8 -
8. Shift strength 9 -

4-4. Shift system. It shall be recommended that the corporation employs a security
force consisting of at least 3 teams, where the shift rotation system as illustrated below.

1 2 3 4 5 6 7

MON TUE WED THU FRI SAT SUN

 AM PM AM PM AM PM AM PM AM PM AM PM AM PM

ALPHA REST ALPHA REST TRG ALPHA REST ALPHA OFF ALPHA REST

REST BRAVO REST BRAVO OFF BRAVO REST BRAVO REST TRG BRAVO

OFF CHARLIE REST CHARLIE REST TRG CHARLIE REST CHARLIE OFF

4-5. Terms of references. A uniformed security officer may be well-trained in his duties,
in ensuring a smooth running in their organisations’ daily operations. However, as a rule of
thumb, all work-stations are to be equipped with a document entitled ‘Terms of Reference’
(TOR), where it should briefly describe the roles and responsibilities of a security officer. A
sample of a TOR is attached to the Appendix D.

Section 5: Enhancement Recommendations

Carpark Design

5-1. Considerations and certain flexibility needs to be considered when designing carparks. In some
industries and military installations, carparks are commonly used as a gathering point in most
contingency scenarios, e.g. fire, earthquake, etc. Thus, the need to protect critical infrastructure
assets, from any attacks or catastrophic events. Critical assets will include the following:

a. Emergency water supply,

b. Fire hydrants,
c. Water cannons,
d. Emergency electricity supplies, etc.

5-2. The following are the recommendations in the design of car parks for MARX-T Corporation
(Thailand).

a. Key buildings. Car parks must not be located alongside key structural elements. In
any areas where this is not feasible, that parking area will be demarcated with red-
paint, as reserved parking spaces for main stakeholders of MARX-T Corporation
(Thailand).

b. Barriers. Bollards and concrete barrier erection is recommended at the perimeter

of the car park. The primary purpose for it is to deter other vehicles from ramming
into the carpark.

c. Stand-off distance. Stand-off distance will be the mitigating factor to reduce the
impact of an explosive attack, eliminating the possibility of a Vehicle-Borne
Improvised Explosive Device (VBIED). Stand-off distance is recommended to be
at a range of 10 to 25 metres.

Employment of K-9

5-3. The security force can be greater enhanced with a K-9 guard dog patrols. The guard dog
will present more fear onto potential perpetrators, as they are #1extremely effective when it comes
to intruder detection in a large complex. Recommended breed for K-9 guard dogs are as follows:

a. German Shepherd.

b. Rottweiler.
 EXAMPLE OF SECURITY AND RISK MANAGEMENT (78%)

c. Kuvascz.

APPENDIX
MARXT416-171001

Appendix A

01 OCT 2017
 MARXT416-171001

GENERIC OVERVIEW OF MARX-T CORPORATION (THAILAND)

 MARXT416-171001

Appendix B

01 OCT 2017

Threat Vulnerability Risk Assessment (TVRA) findings

Threat Matrix
S/N Threat Identified Threat Implementable Control Measure
Harm Rating Grade
Rating

Stop work, all persons to evacuate buildings for headcount outside Security Post
Earthquake (Natural
1 High (C) Low (5) C5
disaster) Periodic checks with Thai Meteorological Department (Seismological Bureau), for
latest updates and advisories.
Deliberations on findings to be further discussed with architecture project teams
Floods (Natural disaster, for advanced control measures
2 High (C) Low (5) C5
human factors) Elevation of ground for productions and warehouse buildings to protect raw
materials and end-product.
Usage of pre-cast load bearing walls at point of construction
Improvised Explosive
3 Very High (B) Medium (4) B4 Creation of stand-off distance to absorb impact
Device, IED (all variations)
Integrate vegetation and water obstacles to absorb explosive impact
Upgrade fence-line to anti-ramming barriers/walls (Impact Standard SD-STD-
4 Vehicle Ramming High (C) High (3) C3 02.01)
To consider ballistic resistance elements as part of building facades
5 Fire Very High (B) High (3) B3 All buildings to strictly comply to fire safety standards with adequate fire-exits.
6 Burglary Medium (D) Medium (4) D4 Deployment of surveillance and access control system as form of deterrence
Security officers to perform random bag inspections to ensure no documents
7 Industrial espionage Very High (B) High (3) B3
were

Appendix C
 MARXT416-171001

01 OCT 2017

OUTDOOR SURVEILLANCE OF MARX-T CORPORATION (THAILAND)

MARXT416-171001
 Appendix D
MARXT416-171001
01 OCT 2017

SAMPLE: Terms of Reference (TOR) for Security Officer Conduct.

1. Security officers should conduct themselves in a vigilant manner befitting the reputation of
MARX-T Corporation.
2. Security officers are to observe principles of professionalism, firm and respect, to all staff and
visitors.
3. First impression counts, make it count.

Reporting of duty at 0800hrs.

1. Ensure building main entrance gate is unlocked and Motorola GP328 walkie-talkies are
charged.
2. Ensure proper handing-taking-over of documents, keys and assets are done explicitly.
3. All security officers to go through the shift report with the incoming Duty Supervisor for additional
instructions.

Physical security control.

1. Ensure turnstile barriers are in operation.

2. Ensure all staff prominently display their ID-passes upon entry of premises.
3. Visitors are to be verified and authenticated with the relevant offices, prior to allow changing
of visitor passes.

Vehicle access screening and personnel access screening (VASPAS).

1. VASPAS screenings are to be done diligently (verify frequency of checks with Duty Supervisor),
to prevent any undesirable outcome.
2. Adopt SAFETY-FIRST mindset when encountering any suspicious situations.
3. Ensure all vehicles are thoroughly screened, less those pre-identified by the Security Manager.

Duress Conditions.

1. In any scenario that warrants immediate evacuation, the complex shall be in a ‘Lock Down’ at
initial stage. Verify with Security Control Room for next course of actions.

BY ORDER AND AUTHORITY OF

SECURITY MANAGER

MARX-T CORPORATION (THAILAND)

REFERENCING

1. Bodyguard: Practical guide to VIP protection, Mark V. Lonsdale (Specialized Tactical Training
Unit) 1995.

2. Critical infrastructure location – “Guidelines for Enhancing Building Security in Singapore:

Special Attention Areas”, joint publication by Ministry of Home Affairs (Singapore) 2010.

3. Risk-based supply chain security, Pinkerton Consulting and Investigations.

4. Technology risk management guidelines, Monetary Authority of Singapore (MAS)

5. Enhancing building security through video surveillance, SUPT Alvin Lim, Assisting Director
Operations (Singapore Police Force)

6. Aviation security and detection systems (Cae study), Centre for Strategy and evaluation
services (United Kingdom)