Security management
SpeC for Log
Marine Menier
13 juillet 2017
September 2012
KLV3 – Security Chapter
13 juillet 2017
2
KLV3 – Security Chapter
13 juillet 2017
3
The framework of a systematic approach
Where are
we
Who are we
Visibility
Protection
Deterrence
Security system
Authorities
Acceptance
Inter-agency dimension
People
factors
Agency management
Intra-agency
factors
Security approaches
Security procedures
13 juillet 2017
4
Information management
SpeC for Log
13 juillet 2017
Information & Rumor
 What is an information ?
 “Knowledge of specific events or situations that has been
gathered or received by communication; intelligence or news”
 What is a rumour ?
 “A piece of unverified information of uncertain origin”
 What is the difference(s) between an information and a
rumour?
• Authenticated source(s)
• Verification / Crosscheck
 An origin
 A knowledge
 Can an information become a rumor?
 Can a rumor become an information?
13 juillet 2017
6
Information management system
 What is an information management system ?
It organizes the
• Collection
• Transmission
• Compilation
Of security informations, to observe the contexte, build
cartography, et adapt our strategies and procedures
 Roles and responsabilities
• Everybody knows those informations.
• The security officer collect and compil the
informations.
13 juillet 2017
7
Passive Information collection
 How de we collect security information ?
• Gather information
• Receive information
 Active information collection
 Passive information collection
Who receive security information ? Everybody, even you!
From who? Everybody!
When? At any time!
How? Daily, during or outside working hours, when you will
be with people who will give you spontaneously security
information.
 You roll is to collect enough information to crosscheck and
control them!




13 juillet 2017
8
Active information collection
 Identify and contact the actors
 Who can give you some informations?
• Local authorities: the Mayor, the Police, the army
• NGOs/IOs/UN,
• Embassies,
• Local population (including beneficiaries & suppliers),
• Community heads : elders, religious leaders, Staffs…
13 juillet 2017
9
When you collect information, don’t
forget to…
 Have multiple sources to cross check the informations
• Be careful not to crosscheck with people who have the same
source as you!
 Develop your confidentiality sense
• Sharing of information is not always an absolute transparent
process.
• Adapting informations and level of details depending on the
interlocutor.
13 juillet 2017
10
Information transmission
Point focal de
sécurité
Chefs
d'équipes
Acteurs
externes
Employés d'ACF
The time and the way of transmission will depend on the importance
and possible impact of the information.
13 juillet 2017
11
Security risk analysis
SpeC for Log
13 juillet 2017
Part 1. Security risk
assessment
RISK ANALYSIS TABLE (RAT) <BASE>
Last Update:
Ranki
ng
Threats (1)
Vulnerabilitie
s (2)
Contextual
factors
Risk
(3)
Likelihood
from 1 to 5
Impact
from 1 to 5
Reduction of
Threats
(Acceptance
Strategy)
Reduction of
Vulnerabilities
(Protection
Strategy)
Residual
Risk
0
0
CONFIDENTIEL
13 juillet 2017
13
1 – Threats assessment
A threat is a danger to you, your organisation or your assets
 A threat can be:
2 phases of a threat assessment:
• Direct
 Retroactive threat assessment: to
look at what has already happened
• Indirect
 Proactive threat assessment: seeing
the danger in advance
• Crime related
13 juillet 2017
14
2 – Vulnerabilities analysis
Vulnerability is the degree of exposure to a specific threat
 Why you /your organisation would be vulnerable to the threat?
 When you /your organisation would be vulnerable to the threat?
 Who would be vulnerable to the threat?
13 juillet 2017
15
3 – Formulate the risk
The risk is the likelihood of being faced with a threat and its impact
Depending of the nature of a threat, the
risk will be expressed differently:
 If the threat is direct, the risk for ACF
will be for our staff or organisation to
be the target of a specific threat
 If the threat is an indirect threat, the
risk for ACF will be related to
“collateral damages”
 If the threat is related to a crime, the
risk for ACF will be for our staff or
organisation to be victim of <a crime>
(you need to be specific about the
type of crime)
13 juillet 2017
• Example: a direct threat of
suicide attack against ACF, the
risk would be for ACF to be the
target of a suicide attack.
• Example: a threat of suicide
attack that target only
government or military forces,
the risk will be to be subjected
to a suicide attack and thus to
suffer collateral damages
• Example: to be victim of a
robbery.
16
Case study Leilaland – Part 1
 In working groups, identify the possible threats & associated risks
existing on the 3 bases in Leilaland.
13 juillet 2017
17
Restitution – Leilacity
LEILACITY
Threat
Vulnerability
Intrusion +
Theft
 Protection (Watchmen,
fence, lighting,
neighbourhood …)
 Urban criminality
 To be the victim of an
intrusion and/or robbery
Riots +
Looting
(direct or
indirect)
 Information
 Premises’ localisation
 Visibility…
 Violent food related
demonstrations against
authorities
 Repression
To be subjected or to be
the target of a riot
To be subjected or to be
the target of an intrusion
and/or looting
Terrorism
(direct or
indirect)
 Movement
 Premises’ localisation
 Visibility…
 Against governmental
buildings
 To be subjected or to be
the target of a terrorism
attack
 Movements
 Visibility…
 Corruption
 Pressure on the Police
forces to find terrorist
 To have a staff victim of
an arrest
 Communication
 Visibility…
 Corruption in the Police  To have a staff/team
& army
victim of threat or
harassment
 Checkpoints
 Control for “infractions”
Arrest
Abuse of
power
13 juillet 2017
Contextual factors
Risk
18
Restitution – Leilabeach
LEILABEACH
Threat
Vulnerability
Contextual factors
Risk
 Criminals /Armed
gangs /Firearms
 Robbery at night in
the neighbourhood
 To be the victim of an
intrusion and/or robbery
 Movements
Armed
aggression  Personal behaviour…
 Criminals /Armed
gangs / Firearms
 To have a staff/team victim
of an aggression
Riots +
 Information
Looting
 Premises’ localisation
(direct or
indirect)  Visibility…
 Call for
demonstration
against the
government
 Firearms
 Violence expected
To be subjected or to be the
target of a riot
To be subjected or to be the
target of an intrusion and/or
looting
 All type of vehicle
 Road to the airport
 3rd district
 To have a staff/team victim
of a car-jacking
Intrusion
+ Theft
Carjacking
 Protection
(Watchmen, fence,
lighting,
neighbourhood …)
 Movement,
 Type of vehicle
 Visibility
13 juillet 2017
19
Restitution - Leilamount
LEILAMOUNT
Threat
Vulnerability
Armed
aggression
 Movements
 Personal behaviour…
Contextual factors
Risk
 AOG/ ACG
 To have a staff/team victim
of an aggression
 Mines
 To be subjected or to be
target of a mine explosion
 Movement,
Car-jacking  Type of vehicle
 Visibility
 Target: 4x4
 At nightfall
 Outskirt of the city
 To have a staff/team victim
of a car-jacking
Kidnapping
 Kidnapping of
foreigners
 Political demands
 Soft border
 AOG / ACG
 To have a staff/team victim
of a kidnapping
Mine
(direct or
indirect)
 Movement
 Information …
 Set up
 Movement
 Information …
13 juillet 2017
20
Part 2. Notation
RISK ANALYSIS TABLE (RAT) <BASE>
Last Update:
Ranki
ng
Threats (1)
Vulnerabilitie
s (2)
Contextual
factors
Risk
(3)
Likelihood
from 1 to 5
Impact
from 1 to 5
Reduction of
Threats
(Acceptance
Strategy)
Reduction of
Vulnerabilities
(Protection
Strategy)
Residual
Risk
0
0
CONFIDENTIEL
13 juillet 2017
21
1 – Likelihood
The likelihood is the probability of a particular event to occur
Descriptor
“Likelihood” definitions
Mark
Very unlikely
In the present situation and with the mitigation measures
actually in place, the probability of the event occurring is
considered as remote
1
Unlikely
In the present situation and with the mitigation measures
actually in place, the event is considered as not having a
realistic probability of occurring
2
Possible
In the present situation and with the mitigation measures
actually in place, the event is considered as having a
reasonable probability of occurring
3
Likely
In the present situation and with the mitigation measures
actually in place, the event is considered as having a high
probability of occurring
4
Almost
certain
In the present situation and with the mitigation measures
actually in place, the occurrence of the event is to be
expected at short-term
5
13 juillet 2017
22
2 – Impact
The impact is the severity of the casualties/ damages that ACF would
suffer if a particular event occurs
Human impact
Operational impact
Descriptors
Descriptors
No injuries
Minor
injuries
possible stress
No
/
life-threatening
injuries
/
high
stress
Severe
injuries
kidnapping
Death or kidnapping
Impact =
13 juillet 2017
Assets impact
or
Descriptors
1
Minor disruptions
1
Immaterial / no damages
1
2
Delays
2
Possible/minimal
damages
or
(under 5 000€)
2
3
Suspension
activities
4
5
of
loss
3
Significant
50 000€)
loss
(<
3
Closure of programs
4
Major loss (< 100 000€)
4
Withdrawal
5
Critical loss (> 100 000€)
5
(Human impact x 3) + (Operational impact x 2) + (Assets impact x 1)
6
23
3 – Level of risk & ranking
Level of risk = Impact x Likelihood
Rank is based on the level of risk: the greater level of risk is ranked 1,
the second, 2 and so on in decreasing order.
13 juillet 2017
24
Part 3. Mitigation measures
RISK ANALYSIS TABLE (RAT) <BASE>
Last Update:
Ranki
ng
Threats (1)
Vulnerabilitie
s (2)
Contextual
factors
Risk
(3)
Likelihood
from 1 to 5
Impact
from 1 to 5
Reduction of
Threats
(Acceptance
Strategy)
Reduction of
Vulnerabilities
(Protection
Strategy)
Residual
Risk
0
0
CONFIDENTIEL
13 juillet 2017
25
1 - Mitigation measures
Mitigation measures is what can be done to reduce the risk
1. Reduction
of
the
threat
 Acceptance strategy
2. Reduction of the vulnerability
 Reducing the likelihood
 Reducing the impact
 Rules and procedure
Equipment and means
Facilities
Human Resources
13 juillet 2017
26
Case study Leilaland – Part 2
 In working groups, propose solution, security rules to mitigate one of
the risks your group identified in the first part (10’)
LEILALAND
Risk
Reduction of
threats
Reduction of
vulnerabilities
 Restitution per group (3 x 5’)
13 juillet 2017
27
2 – Action Plan
Category
Action
Rules and
procedures
Action 1
Tasks to be
undertaken
Task 1
Contributors
HoB + LC
ETS
(estimated
date of
start)
XX/ XX / 201X
ETC
(estimated
date of
completion)
Comments
XX/ XX / 201X
Task 2
Task 3
Action 2
…
Equipment /
means
Action 1
Action 2
….
Facilities
Action 1
Action 2
….
HR
Action 1
Action 2
….
13 juillet 2017
28
Part 4. Risk threshold
RISK ANALYSIS TABLE (RAT) <BASE>
Last Update:
Ranki
ng
Threats (1)
Vulnerabilitie
s (2)
Contextual
factors
Risk
(3)
Likelihood
from 1 to 5
Impact
from 1 to 5
Reduction of
Threats
(Acceptance
Strategy)
Reduction of
Vulnerabilities
(Protection
Strategy)
Residual
Risk
0
0
CONFIDENTIEL
13 juillet 2017
29
1 – Risk Threshold
The threshold of acceptable risk for the organisation is
the point beyond which the risk is considered too high
to continue operating; influenced by the probability
that an incident will occur, and the seriousness of the
impact if it occurs
13 juillet 2017
30
2 - Level of residual risk
Level of residual risk = Residual likelihood x Residual impact
RESIDUAL LIKELIHOOD
1
- Very
2 - Unlikely
unlikely
3 - Possible
4 - Likely
5 - Almost
certain
RESIDUAL IMPACT
5 - Critical
5 - Low
10 - Medium
15 - High
20 - Critical
25 - Critical
4 - Severe
4 - Low
8 - Medium
12 - High
16 - High
20 - Critical
3 - Moderate
3 - Very Low 6 - Low
9 - Medium
12 - High
15 - High
2 - Minor
2 - Very Low 4 - Low
6 - Low
8 - Medium
10 - Medium
1 - Negligible
13 juillet 2017
Nil
2 - Very Low 3 - Very Low 4 - Low
5 - Low
31
3 - Fixing the threshold of acceptable risk
Depending of the level of residual risk, ACF has defined a clear line of
decision making:
 The Very Low and Low level of risks are considered inherent to our
mandate and therefore acceptable.
 The Medium level of risks is also inherent to our mandate but its
acceptance has to be discussed in between the HoM, the Desk and the
Head of the Security Service. The decision will be endorsed by the
Desk Officer.
 Risk acceptance for the High level risks has to be discussed in between
HoM with the Desk, the Security Adviser & the Head of Operations.
The conclusion will be endorsed by the Head of Operations.
 The Critical risks are unacceptable (where ACF has knowledge of a
credible threat that could harm its staff if it materializes with a very
high probability to materialize)
13 juillet 2017
32
Questions?
13 juillet 2017
33