INTRODUCTION TO

INDUSTRIAL SECURITY

Types Of Security

Section I

Submitted by: RJ P. Cubillo

Submitted To: Mr. Glyjun Yangson

 THREE MAJOR AREAS OF SECURITY
Physical Security Overview
• Protects personnel, hardware, software, networks,
and data from physical actions causing serious loss or
damage.
• Includes protection from fire, flood, natural
disasters, burglary, theft, vandalism, and terrorism.
• Involves multiple layers of interdependent systems
including CCTV surveillance, security guards,
protective barriers, locks, access control, perimeter
intrusion detection, deterrent systems, fire protection,
etc.
• Five levels of physical security: minimum, low-level,
medium, high-level, and maximum.
• Principles include preparation, detection,
deterrence, delay, and defense.
• Physical security planning and design involves
layering key elements of security.
Personnel Security Overview

• Protects people, information, and assets by reducing

risk of harm to individuals, customers, and partners.
• Prevents loss, damage, or compromise of information
or assets.
• Designed to prevent unsitable individuals from
gaining access and appointment or retention.
• Reliable security services can react immediately in
emergencies.
• Private security guards can monitor children and
prevent infractions like kidnapping, child abuse, or
harassment.
• The Personnel Security Program (PSP) aims to protect
national security by ensuring only loyal, trustworthy
individuals access classified information.
• Practices include returning keys, issuing ID cards,
closing information system accounts, and changing
access authorizations during staff transfers or
reassignments.

Document Security Overview

• Safeguards documents and files from unwanted

access or theft.
• Prevents data manipulation or reproduction.
• Essential for protecting company and data from
hackers.
• Includes password protection, watermarking, digital
rights management, and document tracking.
• Ensures clear and concise procedures.
Types Of
Security
Physical security

The comprehensive approach to safeguarding

physical assets, people, and resources from unauthorized
access, theft, vandalism, or harm includes perimeter
security, access control, surveillance, intrusion detection
systems, security lighting, physical barriers, trained
security personnel, and emergency response
preparedness. This creates a robust security posture
against threats and vulnerabilities.
 Examples:

a) Personnel Security

Ensuring that individuals with

access to sensitive areas or information
within industrial facilities are trustworthy
and properly vetted. Personnel security
measures may include background checks,
security clearances, access control badges,
and employee training on security protocols.
b) Bodyguards

Bodyguards, or close protection

officers, offer personal security services to
individuals or groups at risk of harm. They
assess potential threats, develop security
plans, and maintain a physical presence.
They are trained in threat management,
surveillance, reconnaissance,
communication, emergency response, and
professionalism, respecting clients' privacy.
c) Corporate Security

Corporate security is a comprehensive

strategy to protect a corporation's assets, personnel,
information, and operations from threats. It includes
physical security, access control, surveillance,
emergency response, information security,
cybersecurity, intellectual property protection, risk
management, and regulatory compliance. It involves
establishing communication protocols, coordinating
emergency responses, protecting sensitive data, and
developing risk management strategies.
d) CCTV monitoring

Is a crucial part of modern security

systems, providing continuous surveillance to
deter crime, detect breaches, and aid
investigations. Strategically placed cameras
monitor live video feeds, and intelligent
algorithms automatically flag suspicious
activities. Remote monitoring enables quick
response to incidents. Integration with other
systems ensures coordinated responses. Regular
maintenance and training are essential for system
reliability.
Cybersecurity

Is the protection of computer systems, networks, and data from

unauthorized access, cyberattacks, and other security breaches. It involves
various technologies, processes, and practices to safeguard digital
information and ensure its confidentiality, integrity, and availability. Key
aspects of cybersecurity include network security, endpoint security, identity
and access management, data protection, application security, cloud security,
and incident response and forensics. Implementing robust cybersecurity
measures helps organizations protect themselves against cyber threats and
ensures the security and resilience of their digital assets. Cybersecurity
focuses on protecting digital assets, including networks, computers, software,
and data, from cyber threats such as hacking, malware, phishing, and data
breaches. It encompasses various techniques and tools like firewalls, antivirus
software, encryption, and intrusion detection systems.
 Examples:

a) Application security,

Is crucial for protecting software

applications from threats and vulnerabilities,
involving secure coding practices, testing,
vulnerability management, authentication,
data encryption, and integrating security into
the software development lifecycle to avoid
common pitfalls.
 b)Cloud security,

Involves policies and practices to protect data,

applications, and infrastructure in cloud environments from
threats. Network security includes measures like VPNs,
firewalls, and intrusion detection. Compliance with regulations,
industry standards, and policies is crucial. Continuous
monitoring, security awareness, and collaboration between IT
teams, security professionals, and stakeholders ensure
comprehensive protection against evolving threats.
c) Endpoint security

Endpoint security is a crucial part of a network's cybersecurity

strategy, protecting devices from threats like malware, ransomware,
phishing, and data breaches. It includes antivirus protection, firewalls,
and data loss prevention solutions. It complements network security and
perimeter defenses, providing comprehensive protection against cyber
threats. IDS/IPS solutions monitor network traffic, while DLP solutions
prevent data leakage. Device control features manage external devices
connected to endpoints, ensuring protection for remote and mobile
devices.
Supply Chain Security

Protecting the integrity of the

supply chain to prevent tampering, theft, or
sabotage of materials, components, or
finished products. Supply chain security
measures may involve supplier vetting,
secure transportation practices, inventory
tracking systems, and tamper-evident
packaging.
 Example:
Cargo tracking and monitoring

Cargo tracking and monitoring are essential for

supply chain security, providing real-time visibility and
control over goods' movement. Technologies like GPS, RFID,
barcodes, QR codes, and IoT sensors help organizations
monitor cargo movements. These technologies enhance
security, optimize operations, and ensure compliance with
regulations. By providing transparency, reducing risks, and
enabling proactive management, cargo tracking helps
organizations detect and respond to potential threats,
improve operational efficiency, and ensure compliance with
regulations.
Emergency Response and Continuity Planning

Developing plans and protocols to respond to

emergencies such as natural disasters, industrial accidents,
or security breaches. This includes evacuation procedures,
emergency communication systems, crisis management
teams, and business continuity plans to ensure the resilience
of operations.
 Examples:
a) Training and Drills

Training and Drills Regular training sessions and

emergency drills are conducted to familiarize personnel with
emergency procedures and validate the effectiveness of
response plans. These exercises simulate various scenarios,
allowing employees to practice their roles and test the
organization's preparedness. For example, conducting fire
drills helps employees know what to do in the event of a fire
and ensures they can evacuate safely and efficiently.
b) Emergency Response Plan (ERP)

An ERP outlines procedures for responding to

different types of emergencies, such as natural disasters, fires,
chemical spills, or security incidents. It includes roles and
responsibilities of personnel, evacuation procedures,
communication protocols, emergency contacts, and assembly
points. For example, in the event of a fire, the plan would
specify evacuation routes, designated fire wardens, and
procedures for alerting emergency services.
Compliance and Regulatory Security

Adhering to industry-specific regulations and

standards related to security, safety, and environmental
protection. Compliance and regulatory security measures
may include audits, inspections, documentation, and
adherence to standards such as ISO 27001 for information
security management.
 Examples:
a) Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act

(HIPAA) and the Data Privacy Act of 2012 (DPA) are influencing
healthcare policies and practices worldwide, including in the Philippines.
Both laws emphasize the importance of protecting patient health
information and ensuring privacy and security. In the Philippines,
healthcare providers are implementing measures to secure electronic
health records, ensure confidentiality, and prevent unauthorized access.
HIPAA has influenced global standards and best practices for healthcare
data privacy and security.
b) Bangko Sentral ng Pilipinas (BSP) Regulations

The Bangko Sentral ng Pilipinas (BSP) regulates the Philippines'

banking and financial sector to maintain monetary stability, protect the
financial system, and promote sustainable economic growth. BSP issues
cybersecurity regulations, risk management guidelines, anti-money
laundering (AML) regulations, consumer protection regulations, prudential
reporting requirements, and corporate governance guidelines. Compliance
with these regulations ensures cybersecurity resilience, risk management,
anti-money laundering prevention, consumer protection, prudential reporting,
and corporate governance. Failure to comply may result in sanctions,
penalties, or other regulatory actions, requiring banks and financial
institutions to stay updated.
c) Data Privacy Act of 2012 (DPA)

The Data Privacy Act of 2012 is a law in the

Philippines that regulates the processing of personal data,
including collection, use, storage, and disclosure. It outlines
principles for data privacy, including transparency, legitimate
purpose, proportionality, accuracy, and accountability. The
Act grants individuals rights over their data, mandates a Data
Protection Officer, mandates security measures, and restricts
cross-border data transfers. Organizations must report data
breaches to the National Privacy Commission and individuals,
and non-compliance may result in fines, penalties, or
regulatory actions.
Risk Assessment and Management

Identifying potential security risks and

vulnerabilities within industrial operations and implementing
measures to mitigate these risks. This involves conducting
risk assessments, vulnerability assessments, and
implementing risk management strategies to protect assets
and personnel.
 Examples:
a) Financial Institution Risk Assessment

Financial institution risk assessment is a process that

involves identifying, analyzing, and evaluating risks in the
operations of financial entities like banks, credit unions, and
insurance companies. Risks can include credit risk, market risk,
liquidity risk, operational risk, compliance risk, and reputational
risk. Institutions use qualitative and quantitative methods to assess
and quantify risks, prioritize them, develop mitigation strategies,
monitor and review their risk profiles, and provide regular risk
reports to stakeholders. This dynamic and iterative process ensures
financial stability, reputation, and compliance with regulatory
requirements.
 b) Information Technology (IT) Risk Management

Financial institution risk assessment is a process that

involves identifying, analyzing, and evaluating risks in the
operations of financial entities like banks, credit unions, and
insurance companies. Risks can include credit risk, market risk,
liquidity risk, operational risk, compliance risk, and reputational risk.
Institutions use qualitative and quantitative methods to assess and
quantify risks, prioritize them, develop mitigation strategies, monitor
and review their risk profiles, and provide regular risk reports to
stakeholders. This dynamic and iterative process ensures financial
stability, reputation, and compliance with regulatory requirements.
Insider Threat Mitigation

Addressing the risk posed by insiders,

including employees, contractors, or partners, who
may intentionally or unintentionally compromise
industrial security. Insider threat mitigation
measures may include monitoring employee
behavior, implementing access controls, and
conducting periodic security awareness training.
 Examples:

a) Employee Training and Awareness

Employee training and awareness programs are essential in

mitigating insider threats by educating employees about security risks,
promoting best practices, and fostering a security culture. These programs
cover security policies, threats, social engineering, password security, data
handling, physical security, incident reporting, and continuous learning.
They should cover data protection, access control, password management,
and incident reporting. By investing in comprehensive training,
organizations can empower their workforce to actively participate in
security efforts, enhance their ability to recognize and respond to threats,
and contribute to a stronger security posture.
b) Monitoring and Auditing

Monitoring and auditing are crucial for an organization's security

strategy, providing insights into the effectiveness of security controls,
detecting anomalies, and ensuring compliance with policies and
regulations. Monitoring involves real-time observation of systems,
networks, and user activities, while auditing involves systematic
examination of security controls, processes, and activities. Audits can be
conducted internally or externally, adopting a risk-based approach.
Documentation and reporting of audit findings help management,
stakeholders, and regulatory authorities understand the organization's
overall security posture. Remediation actions may include implementing
additional security controls, updating policies, providing employee
training, or allocating resources.
c) Behavioral Analysis and User Profiling

Behavioral analysis and user profiling are techniques used to identify

patterns of behavior and detect anomalies that may indicate security threats or
insider risks within an organization. These methods involve understanding
normal behavior patterns, detecting anomalies, assessing context, assigning risk
scores, and creating behavior profiles. They help identify normal patterns,
reduce false positives, improve incident response, and enable continuous
monitoring. These tools are essential components of an organization's security
strategy, providing proactive threat detection capabilities and enabling effective
identification and mitigation of insider threats and malicious activities.