-
RADIOACTIVE SOURCES SECURITY MANAGEMENTSECURITY MANAGEMENT
Name:FAEIZALALI([email protected])Section/Division:SEKSYENPERUNDANGANATOMICENERGYLICENSINGBOARD(AELB)MINISTRY
OF SCIENCE TECHNOLOGY AND
INNOVATIONMINISTRYOFSCIENCETECHNOLOGYANDINNOVATION
-
What is Security Management ?What is Security Management ?
Maintain the most cost effective and efficient security for an
organization to protect its assets, information, intellectual
property, operations, functions (radioactive material)
Takes into consideration the business and operations with a
balance between minimum standards, compliance and risk
management
Ensures security measures and systems function properly
S C f Security Culture is an integral part of security
management
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
-
Typical Management of SecurityTypical Management of Security
Compliance to obligations, regulation and governance Security
Plan (Objectives)
Threat Assessment DBT increased threat scalability Threat
Assessment, DBT, increased threat scalability Target Identification
(Categories) Security Culturey Inventories and Records Efficiency
and cost effectiveness
F ilit b i ti d l f t Facility business, operations and nuclear
safety Contingency plan
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
-
Typical Security ManagementTypical Security Management
Organization Chart/Structure Security Plan Objectives
C li t bli ti l ti d Compliance to obligations, regulation and
governance Policies Consideration facility operations, business
& nuclear safety
Contingencies Contingencies Efficiency and Cost Effectiveness
Review (Need & periods)
Threat Threat Facility Characterization Threat Assessment, DBT,
increased threat scalability Security Risk Assessment/Category
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
y g y Target Identification (Categories)
-
Typical Security ManagementTypical Security Management
Personnel Security Roles & Responsibilities Authority
Trustworthiness Procedures Adequate level of qualified staff
Access Access Only authorized persons unescorted Authorization,
logging and monitoring Key and key control Key and key control
Training (Induction, awareness & education) - Staff and
guards Security event and/or breach reporting system
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
-
Typical Security ManagementTypical Security
ManagementDocumentation
Procedures Day to day operations (Staff, security & guards)
Visitors and contractors Emergency Contingency (Media)
Control Information Security Information Security
Framework for types information (Polices, procedures,
operations, etc) Use storage, transmission, distribution, carriage
and destructiondestruction
IT Security Need to know Quality Assurance
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Inventories and Records NM or sources
-
Typical Security ManagementTypical Security ManagementSecurity
Systems
Detailed design Protection in depth Detailed design Protection
in depth Hardware (security devices, physical barriers, access
control/monitoring,communications, intrusion detection, etc)
Procedures and operation
Repairs Routine preventative maintenance and testing Repairs,
Routine preventative maintenance and testing Records False &
Nuisance alarms - Performance Scalable measures for increased
threat
Guarding and ResponseGuarding and Response Procedures
Capabilities and resources Deterrence (prevention)
Monitoring detection assessment Monitoring, detection,
assessment Alarm/Incident response Increased threat
Security Culture
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
-
Security Fundamentals P t ti i D thProtection in Depth
9Deterrence (prevention)9Detection9Detection
9Assessment9Delay
9Response9Response9Contingencies
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
g
-
Protection in DepthProtection in Depth
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
-
Protection in DepthProtection in Depth
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
-
Protection in DepthProtection in Depth
9 Exterior & Interior Lighting9 Strong Rooms9 Information
Security9 Audit Trails
9 Policies and Procedures9 Testing and Inspections9 Regulation
& Governance9 Secure Rooms9 Audit Trails
9 Trustworthiness Checks9 Alarms
9 Secure Rooms9 Need To Know9 ID CardsSuccessful
9 Recruitment Checks9 Guards and Patrols
9 Logon ID & Passwords9 Perimeter Fences9 Guards and
Patrols
9 Detection Devices9 Categorization9 Encryption
S f
9 Perimeter Fences9 Access Control & CCTV9 Legislation9
Locks
V lt
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
9 Safes 9 Vaults
-
What are we trying to do with S it ?Security ?
Administrative Measures Securely and safely manage sources by
policies, proceduresand practices
Physical barriers to source, device or facility Separate it from
unauthorized personnel
Deter delay or prevent unauthorized access or removal of a
Deter, delay or prevent unauthorized access or removal of a
source
Balanced Measures Efficient and cost effectivea a ced easu es c
e t a d cost e ect e Physical Administrative Personnel
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Information Security
-
Balanced Security MeasuresPHYSICAL -Physical Barriers-Secure
areas and buildings
-Security technology - access control, alarms, CCTV-Secure
storage-Secure storage-Guarding
PERSONNEL -Photo Identification Badges-Pre-determined
trustworthiness-Security Education and Awareness-Authorized access
and limit to need-Visitor and contractor supervision and
control
ADMINISTRATIVE -Authorizations and Delegations-Policies and
Procedures-Confidentiality-Key and badge controlFacility Security
Officer-Facility Security Officer
INFORMATIONTECHNOLOGY
-Communications-Access Accounts, passwords, screen savers-IT
Security Officer
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
TECHNOLOGY IT Security Officer
-
Security PlanSecurity Plan Prepared by the user and submitted to
the regulatory
b d t f th th i tibody as part of the authorization
Outlines security objectivesy j
Detailed description of : Radioactive source/material inventory
Radioactive source/material inventory Security arrangements and
procedures Security roles and responsibilities
C ti i (i l di di ) Contingencies (including media)
Greater detail for sources in higher security groups
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
g y g p
-
ThreatThreat
Collect and organize threat data Identify threats and
characteristicsy Formalize threat assessment and gain
consensus Define Design Basis Threat Scalability for Increased
Threat Scalability for Increased Threat
- Administrative (procedures, access)Physical (walls
buildings)
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
- Physical (walls, buildings)
-
Key Points for Typical Security C ltCulture Definition:
Characteristics and attitudes in organizations and of individuals
which
establish that security issues receive the attention warranted
by their significance
9 OBJECTIVES9 OBJECTIVES9 AWARENESS & EDUCATION9
RESPONSIBILITIES9 ACKNOWLEDGE THREAT 9 POLICIES & PROCEDURES9
USER FRIENDLY SYSTEMS9 SUPPORT & ASSISTANCE9 HUMAN PERFORMANCE9
ACCESS & TRUSTWORTHINESS9 PERFORMANCE MONITORING
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
-
Security CultureSecurity Culture
OBJECTIVESUsually set out in Security Plan or PoliciesUsually
set out in Security Plan or PoliciesEssential (necessary) to know
security
Objectives Clear on what are we trying to doj y g Obligations,
compliance & governance Legislation Responsibilities
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
-
Security CultureSecurity Culture
AWARENESS & EDUCATION Staff understand why have security and
what to do Aware of security arrangements and responsibilities Site
Security Presence Site Security Presence
Security always there - 24/7 Contact numbers for reporting
events (at all times) Events/reports/incidents Timely reporting to
Senior Management (their responsibility too) Reporting process
Remedial security actions completed
Given security tools including Training & information
Handouts, manuals, intranet, staff briefing/seminars
Security contact email address
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Security contact email address
-
Security CultureSecurity Culture
RESPONSIBILITIESClear responsibilities from OBTL through
lineClear responsibilities from OBTL through line
management to staffResponsible Officers for sources (RPO/RPS)p (
)Security is a shared responsibility
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
-
Security CultureSecurity Culture
IDENTIFY & ACKNOWLEDGE THREAT Staff need to know generally
what the Staff need to know generally what the
threats are - Theft or sabotageg Typical adversaries and methods
Overt (open) or covert( p ) Insider (Passive or active)
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
-
Security CultureSecurity Culture
POLICIES & PROCEDURES In place and available to staff In
place and available to staffDetails organizations objectives,
obligations
and responsibilitiesp
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
-
Security CultureSecurity Culture
USER FRIENDLY SYSTEMS Systems easy to use
Allow persons with authorized access to Allow persons with
authorized access to temporarily disable measures (such as locked
doors)
Verify persons identity and access authorization Verify persons
identity and access authorization Use badge and PIN to activate
door control reader Key with effective key control Key with
effective key control
Reliable systems Testing and maintenance
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
Periodic preventative (check, clean, service, adjust & walk
test)
-
Security CultureSecurity Culture
ACCESS & TRUSTWORTHINESS Authorized Persons
Unescorted access to sources Unescorted access to sources Access
to sensitive information
Personnel Security - Staff and contractors Need access and
information to perform their duties Need access and information to
perform their duties Background checks prior to granting access
In accordance with national standards or as determined by
regulatory bodydetermined by regulatory body Confirmation of
identity, verification of references to determine the individuals
character, integrity, reliability, willingness to comply
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
-
Security CultureSecurity Culture
HUMAN PERFORMANCEOverall SECURITY RELIES ON PEOPLEOverall
SECURITY RELIES ON PEOPLE
Behavior, Attitude, Honesty, Maturity Ability and willingness to
carry out security
arrangements Staff properly trained
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
-
Security CultureSecurity Culture
SUPPORT & ASSISTANCESecurity advice readily
availableSecurity advice readily availableStaff must have support
from line
managementgConsistency
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
-
Security CultureSecurity Culture
PERFORMANCE MONITORINGSecurity incidents or faults reporting
systemSecurity incidents or faults reporting systemTimely
reportingMeasurement - Number and type of incidentsMeasurement
Number and type of incidentsAnalysis of statistics and
reporting
http://www.aelb.gov.myhttp://ansn.aelb.gov.my
-
SummarySummary
Security management to ensure cost effective, efficient,
balanced system with protection in depthdepth
Security Management ensures security measures and systems
function properlymeasures and systems function properly
Security Culture is an integral part of security management
All persons in organization share the responsibility for
security
http://www.aelb.gov.myhttp://ansn.aelb.gov.my