Safe Organization: Security Plan Development
Introduction, Background, and Rationale
This writing provides a security plan for an organization specializing in the training of police and correctional officers, including areas with substantial security resources as well as areas with more of an administrative and academic focus. The Police and Correctional Training Commission, located in Maryland, has a demand for a comprehensive security plan to be developed. However, as its budget is limited due to public funding, the organization is seeking a plan which is cost efficient yet optimized for effectiveness. This plan discusses the facility assets in need of various protection strategies, as well as the potential for loss or some incident to occur in the areas of intrusion, damage to physical assets, the security of personnel, data security, emergency planning and response, OSHA standards and violations, legal issues, recommendations for improvement, and other aspects of asset protection. As two main locations across an estimated 700 acres are involved in the operations, the comprehensive plan must consider many variables, considering the potential losses and demand for investment and the full range of areas applicable to this (Ortmeier). Thus, the plan is similar to the plan established by the United States Department of Transportation in that it assesses the negative impacts of a security breach alongside the consequences and demands for repair amid this. Security breaches in such an organization can lead to injuries, fatalities, a loss of revenue, a reduced reputation alongside a reduction in the customer base, loss of employees or stakeholders, intellectual property loss, and demands for physical repairs and cleanup among other areas. While the targeted organization wishes to minimize costs while only investing in what is required for a complete security plan (and not more than this), it should be mindful that common security expenses may include expenses in the areas of equipment, permits, project management, acquisition and transportation, construction, preparing and clearing sites, HVAC, air ventilation systems, heating and cooling installation, strategic energy points, and electrical or other utilities, customization and installation (which may include testing), and maintaining or monitoring changes (Ortmeier; USDOT). Meanwhile, a comprehensive security plan may involve direct and indirect benefits such as improved efficiency, reduced liability, increased safety, prevented terrorism and crime, support of the criminal justice system, and improvements in managerial control and organizational operations (Ortmeier, USDOT). The following discusses a full range of security processes and areas of benefits, showing the significance of plan development and demands for development alongside the variables for the described case.
Intrusion is one of the most significant aspects of a security plan, while this is especially true of organizations taking up a great deal of space, which is true for the 700 acre property described in the previous section (Ortmeier). The plant should be concerned with trespassing as well as with vandalism, burglary, and aggravated assault targeted at individuals on the premises. The Firearms Training Facility (FTF) already appears to be rich with security resources, although is still in demand of detection technology in order to optimize detection and burglary prevention. Meanwhile, the Drivers Training Facility (DTF) is in demand of this while it does not have the same in-site resources which are present in the FTF. The DTF houses vehicles and vehicle supplies for training, while these and the guns used at the FTF are prime targets for robbery. The computer equipment used for various academic functions, including emulation, are also potentially accessible and may be targeted by criminals. As the facility has agreed to not use a fence to separate the Academic and Administrative Complex (AAC) from the hospital buildings, there is an especial demand for some sort of intrusion resistance.
As mentioned, the facility wishes to minimize costs for security, but wishes to integrate the full range of effective measures which address all aspects of security demands. Giles recommended that a comprehensive intrusion resistance system include exterior sensors such as buried fiber optics capable of detecting someone on the ground, buried electromagnetic field cables capable of sensing an individual passing it, fence detection sensors (capable of detecting sounds and vibrations as well as pressures), cameras, software systems capable of interpreting the camera feedback, laser sensors, and microwave sensors. Alarms should be wired to these devices for the desired effect (Ortmeier). Such a comprehensive system appears to address the entirety of the facility demands, although it is unclear whether some of these aspects may be deemed to be insufficiently cost efficient for actual implementation. It would be best if the organization plan to complete the entirety of these developments, and possibly remove items when they have determined the full costs and demands for actual implementation. Tentatively, it is best to assume the entirety of the areas should be implemented for the organization.
Physical Asset Damage
The plan for optimizing intrusion detection and prevention further serves to reduce the extent of physical asset damage, such as vandalism, theft, or other types of damage to property. Internal detection systems of the same nature can serve to make the desired reductions in these areas, making the camera and software systems alongside some laser sensor devices among the most practical (Ortmeier). Pressure and microwave systems inside of the facilities appears to be an excessive investment, and while potentially beneficial, the organization should put these areas on hold as they attempt to optimize security with their available resources.
Even with the elements discussed above, manual human security for both personnel and property benefits the organization. This serves to reduce the potential for assault, loss of personal property, and provides the organization with a more direct means of addressing the various types of violations possible. Security for personnel should be a fundamental element of the comprehensive security plan, while Houston, Wood, and Robinson argued that comprehensive plans and “their aggressive implementation can prevent major accidents,” further writing that they “serve as the most important deterrent to would be attackers bent on causing a major supply disruption whether they are terrorist insurgents or activists.” The analysts recommended that plans consider “the potential consequences of a major accident or act of sabotage against the MEP,” while these considerate plans “can be used to develop emergency response plans and procedures that can most quickly and effectively mitigate the consequences of such events and shorten the time of a disruption” (Houston, Wood, and Robinson).
The organization is home to 122 staff members, and it should continuously employ and manage at least three to four additional armed security guards, depending on what the budget permits. The demands of the 450 students can be addressed with these guards, so long as they are not expected to respond to anything trivial that does not need their immediate attention (the local police can still be utilized to handle many situations. The nearby medical facility already has a small security force patrolling the grounds and responding to calls, while the police are considered responsible for 911 calls from the internal buildings. Meanwhile, minimum security inmates perform some job duties such as janitor services, but are supervised by correction officers. The combination of this and the recommended additions of security staff should be sufficient for the level of protection sought amid the current threats to the facility.
The current developments of a comprehensive security program capable of addressing areas ranging from assault to personal property loss appears to be mostly sufficient, but in the need of some improvements. It has reportedly grown from 13 to 27 units, with the total staff quantity raising from 624 to 1,200. The acquisition team formed in 2004 addresses demands in identification, assessment, and risk management while supporting general management. The existing polices for security clearances and hiring need not be altered (see hiring practices section for additional details). Generally, the personnel security system should use as many employees and resources as believed to be effective while remaining cost effective, so that the organization can protect its personnel while retaining a sufficient human element as it electronically monitors its property and assets (Ortmeier).
Data security is another significant area, but this area is more reliant on electronic security than human security, although computer administrators should be used to monitor the computer networks (Ortmeier). Here, a full range of software types should be implemented for security, and the network should be watched continuously both automatically and manually throughout the duration of time which the facility is ‘open’ to any student or employee. This computer administrator should be able to request investigations or contact authorities based on the activities they observe being conducted with in the organization’s computers. Any sensitive information being copied or any breach in software security detected should be reported immediately. According to the case background provided as a given for the course, “the records maintenance of the PCTC at the Center includes administrative reports and correspondence as well as the certification records for every public law enforcement and correctional officer in Maryland - - approximately 30,000 personnel. Certification records include the name, SSA number, DOB, background summary and training information for all currently certified and previously certified personnel – over 200,000 records.” Such paper records should also be closely controlled and guarded, following disclosure best practices and law so that no unauthorized individual is permitted to view material believed or asserted to be confidential (Ortmeier). This information would be protected by law, and the sheer volume of these records may require multiple individuals controlling access to the information, while this control may require ID checking or other methods as needed to remain compliant with the law.
Emergency Planning and Response
Emergency planning and response can more easily be created using existing best practices and operational framework compared to the previous sections. This area can also make use of local emergency services. Emergency planning should address the full range of facilities and student activities, including potential hazards. In addition to fire and natural disaster hazards standard to all facilities and recommended in best practices in emergency planning (i.e. facility protection and evacuation plans, authority contacting, etc.), emergency planning should be consideration of the local swimming pool, weight training areas, FTF, maintenance shop and obstacle course, and location of the area in location to the emergency dispatch agencies (Ortmeier). The nearby hospital can serve to reduce response times, but this facility should not be relied upon to address the full range of potential needs across the facility
OSHA Standards and Violations
OSHA standards should be integrated with policy with violations taken seriously. A security plan should treat OSHA regulations similar to any other recommendations or demands that have been integrated into the plan, and observed closely. Specific OSHA regulations should be researched with policies updated routinely as demanded, while subject areas may include life safety awareness, safety hazards across the property, emergency equipment demands and placement, fire and hazard prevention and addressing, handling hazardous materials, training demands, pathogens, physical techniques and safety equipment use, and more (Giles). Failure to observe these policies should result in a reprimand, while the security system should be optimized with no area here avoided to save on the net investments in the security program; no sacrifices should be made here for the sake of cost effectiveness (Ortmeier).
Hiring and Training Practices
Hiring and training practices can contribute to the cost effectiveness of security programs if they are carefully considerate of demands and addressing them at these stages. Individuals with little experience in the key security areas are likely to be a greater risk to the organization and cost effective security versus those that do have experience. Training practices should be comprehensive while ensuring all employees understand the full range of issues relevant to the area of security. Giles recommended that periodic training programs address a full range of issues in the areas of substance abuse, modes of communication, violence in workplaces, traffic control and parking security, conflict resolution, crowd control, labor relations, crises management, first aid, and more. The facility has already integrated a polygraph and security clearance program which serves to address some aspects of hiring and training, while these and background investigations helps to minimize the potential for employees to drain investments in this area. Aside from these aspects of hiring regulations and training potential, the organization should routinely assess its demand for training while ensuring that it integrates comprehensive training programs which address the full range of issues on a regular basis.
Legal issues for the case include addressing criminals and having policies for employees and students. Breaching the aforementioned confidentiality issues can have repercussions similar to individuals believed to be intruding or damaging the property. The facility must ensure that it does not divulge information or wrongfully accuse individuals of committing crimes. Similarly, armed security must take care to not injure any innocent individuals or use excessive force. The site must also ensure that proper care is followed in the FTF and that some authority is providing sufficient equipment and instructions for all activities to be OSHA compliant. Legal issues that are believed to be violated must be reported and addressed by a mediator, while legal consequences may be considered to be the next logical course of action for outside offenders or people that have breached the policies from within the organization. Aside from this, no other legal aspects appear to be unique to the site, and thus a clear and accessible set of policies and practice legal information should be made available to all employees and publically.
There is substantial potential for improvement in the case, but the exact extent of improvements and developments depend on the specific variables and changing dynamics in the organization. Considering intrusion, recommended policies and procedures include research and installation for additional laser and invisible detection systems, with the exact amount depending on the facility’s remaining budget. External sensors of some kind should be prioritized, but additional types should be more sensitive to the budget. The details should be examined, considering probability of loss in all areas (see following section for details). Meanwhile, considering physical asset damage, the organization should examine the capacity for damage with previous figures from academic years as well as statistics measured and recorded by police. Research in this area and installation of preventative measures should be less prioritized than property intrusion but involve a greater investment of resources than the additions to personnel security. There is already a substantial amount of personnel security, but it is still recommended that the amount of armed personnel is slightly increased to address the full demands and probability for negative occurrences. The amount of software demanded for optimized data security should be researched, while it is believed that one administrator observing the facilities throughout the duration of its operating hours (or hours permitting other employees to access its systems) would be sufficient in combination with the access to security and law enforcement. Emergency planning and response is simply recommended to remain in line with best practices, and to examine existing policies to see if any area is missing. The same is generally true for OSHA standards, hiring and training practices, and legal issues. The facility appears to be OSHA compliant with sufficiently strict hiring practices, but could benefit from more targeted training practices and comprehensive training as described. The extent of this should also depend on the free amounts of budget funds and the areas most avoided in the organization. Legal issues appear to be sufficiently addressed, but the organization should continually (i.e. annually) examine its policies in this (like all) areas for weaknesses and demands for improvement (Ortmeier).
Other Variables in Asset Protection, Threats, and Loss Probability
The only other variables which need by considered for asset protection are intellectual properties, which do not appear to be directly included in any similar policy. The main threats appear to be from random outsiders or the students themselves, which cannot be addressed in any way which is more strategic than the aspects that have already been established or recommended. The probability for any loss to occur in these areas is only speculation, but it is believed that data and property have the greatest demand for security, followed by burglary and personnel.
This work has examined safety and security for a large plant facility, discussing several key elements while making recommendations for improvements over the existing conditions. Overall it is evident that the plant could use improvements in several areas, though the exact nature of demand and costs of investments are unknown amid the given information. Through addressing the blanks in the case and applying best practices, the organization is sure to make a worthwhile investment while experiencing improvements.
Air Ease Leaks – Electrical Generation and HVAC Energy Distribution in the US. Tinley Park Home Heating and Cooling Association. https://aireaseleaks.org/electrical-energy-production-distribution
Federal Bureau of Investigation (FBI). Energy Systems Security.
Giles, T. How to Develop and Implement a Security Master Plan. New York, NY: CRC Press.
Houston, F., Wood, W., and Robinson, D. Black Sea Security: International Cooperation and Counter-trafficking in the Black Sea Region. Washington, DC: IOS Press.
Ortmeier, P. Introduction to Security: Operations and Management. New York, NY: Pearson Higher Ed.
United States Department of Transportation (USDOT). Developing a Security Strategy.