Manufacturers of electronic devices currently face various risks including insider threats, terrorist attacks, and natural disasters. These dangers come when competition and demand for electronic devices are high. Security practitioners in such corporations require full consideration of the ways to detect threats without having a detrimental impact on the assets: personnel, information, and facilities. The purpose of this paper is to present a system design for Smith-Brook Corporation’s threat detection system. This demands a risk assessment and an understanding of the most innovative security technologies and security management approaches. The application of the presented guidelines and a threat detection system can assist the corporation in implementing a security system where threat detection is significantly improved. The resultant system was devised with the help of the best industry-based practices which yield an effective representation of the key design issues, which security specialists and architects considered as necessary for successful integration of the threat detection systems in production and storage facilities.
Get a price quote
Threat Detection System
Introduction
An organization that has critical assets including products, production machines, and materials as well as IT-based assets, must protect these resources to prevent losses and ensure business continuity (Järveläinen, 2012; Walby & Lippert, 2014). Typically, when a human action is malicious, there should be always a desire or motivation behind this goal. For example, the goal of an arsonist could be to disrupt the production of ICs, thereby denying a company the opportunity to meet the demand of its customers. This is likely to happen between the competing companies. To achieve their aims, the culprits use various well-known methods and techniques to exploit vulnerabilities in security systems and policies in a site (Chołda, Guzik, & Rusek, 2014). Facility security deals with the detection and prevention of unauthorized action. Since the impact of a breach of security could be detrimental to the sustainability of an entity, the owner must know the facility profile and its value to develop protective measures in case of need (Gibson & Borodzicz, 2006). As a protective measure, threat detection allows the facility owner to detect the time when assets have been stolen, altered, or damaged and who is responsible for the damage. As a major designer and developer of Integrated Circuits (ICs) for large multinational communication companies, Smith Brooks Corporation is compelled to give more attention to business continuity management (BCM) to ensure that its facilities, assets, and stakeholders are secure.
The number of risks threatening business operations and continuity is growing. The incidence of terrorism, arson, commercial espionage, and theft have rapidly increased over the last years (Svata, 2013; Tammineedi, 2010). Apart from the increasing number of the abovementioned threats, there is also a greater visibility of these threats and their impact on the operations of manufacturers. The increased visibility is chiefly credited to the growing attention and profile-raising from the media outlets. The improved visibility has also underlined the need for a security design of the threat detection systems, especially for entities manufacturing integrated circuits needed by large multinationals for the production of electronic devices. Security practitioners in the manufacturing environment must plan for an array of potential security scenarios and situations (Grassie), as well as design and implement a suite of effective security measures according to the identified threats for each critical facility within a manufacturing site. Therefore, this paper develops a security design for a threat detection system using relevant technologies to detect contextual threats.
Overarching Guidelines
Security guidelines start the philosophy of the proposed security system, outlining expectations and the processes that constitute this system. In other words, the guidelines outline main objectives of the system, the security design process that integrates security management, the security design itself, and the risk management (Brooks D. , 2016). Essentially, the guideline is a narrative of the system requirements, system drawings, and potential threats to the success of the system.
Looking for essay Get 15% off your first order. Code start15 Order now
System Philosophy and Objectives
The philosophy and objectives of the proposed system must be predefined for the performance of the designed system to meet the expectations (Brooks & Smith, 2014). The central objective of the proposed threat detection system is to monitor the production facility and the secure storage facility to accurately and timely detect unauthorized intrusion to respond appropriately. The main objectives also include timely notification of the detections to relevant security personnel and the responses to any alarm where the intrusion was detected. Some of the most important assets in this site are personnel, production machines, and production material secured in the storage facility (Brooks & Smith, 2014). The security system should also manage authorized access, detect, delay, deter, and facilitate response to illegal attempts or actual access to a facility or asset. Most importantly, the security system should support Smith-Brook Corporations’ compliance with legislation and business objectives and provide a secure workspace. To deliver a security system that satisfies the needs of the site and aligns with the ever-changing threats and risk profiles, this paper uses the systematic approach to the security design. This is achieved by establishing system criticalities as well as articulating risks and threats through the security risk management. Moreover, the guidelines outline security expectations, whereas security infrastructure register outlines security zones. Collectively, these elements form the basis of the systematic approach to security (Brooks D. , 2016). Security level is a ranking approach within the security system. The site facilities are ranked based on their threat profile or criticality. These levels are directly linked to the security zones, which are areas of the site that have expected levels of security methods. These include restricted and non-restricted areas.
Smith-Brook Corporation must assess, improve, and communicate the overarching security procedure for all the facilities. The site assessment must include physical security, procedural security, access control, information technology control security, conveyance security, and personnel security (Atlas, 2013). As a part of the process of evaluating the site’s security, the corporation required information concerning the threats in each facility and security procedures in place (Grassie). Having reviewed the criteria and guidelines of other companies, it is possible to establish some general requirements that would be applicable for the whole corporation.
Business requirements. The storage facility must have written verifiable processes of screening the employees and business partners including contractors, carriers, vendors, and customers. The company should also ensure that companies contracted to provide security, cargo handling, and transportation services comply with the Smith-Brook Corporation Security Guidelines (Bielby, Björck, Cunningham, Leida, & Meran, 2011). A period review of service providers must be performed to eliminate potential weaknesses in the company’s security measures.
Conveyance Security. Trailer and tractor (conveyance) integrity procedure must be implemented at all times to prevent the introduction and transportation of unauthorized material and personnel. Additionally, the sealing containers and trailers must guarantee continuous seal integrity. All personnel that are responsible for loading finished products must ensure that all seals meet the industrial standards (Bielby, Björck, Cunningham, Leida, & Meran, 2011). The formal procedures must outline how product seals are controlled and affixed to complete ICs.
Security Risk Management
According to Brooks and Smith (2014), the security risk management is an integral process in the design and application of a security system to protect assets in a given facility. In this context, the risk management entails the analysis and assessment of the threat profile of a facility that are meant to help the security system designer have a better understanding of the potential threats or risks.
Security Level Performance
Table 1 Security Level Performance
Security Element | Descriptor | 1 | 2 | 3 | 4 |
Low | Mod | High | Critical | ||
Entry Control | Entry through the centralized security system (portal)
1) RFID card 2) Controlled entry 3) Lock/key 4) Smartcard |
3 | 2/3 | 2 | 4 |
Access point | Barrier type:
1) Turnstile – one individual at a time 2) Door, external solid core with window 3) Internal door with window 4) External solid core door with/without window |
3 | 2 | 4 | 1/4 |
Egress control | Exit via the centralized security system control:
1) RFID exit 2) Controlled exit, for instance guard validate exit 3) Smart card 4) Internally controlled push button |
4 | 1 | 3 | 2 |
Physical structure | 1) Material resistance to breakage, including windows, floor, walls, roof and/or ceiling
2) Predefined time for entry using power tools |
1 | 1 | 1 | ½ |
Perimeter barrier | Includes the facility exterior fence and gates:
1) Palisade fencing 2) Chain link mesh |
2 | 2 | 2 | 1 |
Video Surveillance | Ability to graphically:
1) Detect personnel/vehicle 2) Recognize personnel/vehicle 3) Identify personnel/vehicle |
– | 1 | 2 | 3 |
Detection -volumetric |
1) No detection 2) Single type of volumetric detector 3) Multiple volumetric detectors |
1 | 2 | 3 | 3 |
Detection barrier |
Criticality Register
The criticality register makes a summary of the identified threats against their level of criticality. This register serves as the reference point in categorization of the facilities.
Table 2 Criticality Register
Criticality | Rank | Level |
Operations – Impact all core business functions and operations
Safety – Has or could lead to a serious safety incident Regulatory – Entity loses statutory accreditation Information – Significant informational assets are exposed 1.1 Financial – Loss is greater than 10% of the operating budget |
4 | Critical (C) |
Operations –Multiple business functions affected. Moderate effect on the production operations
Safety – Has or could result in a safety incident Regulatory – Warning of non-compliance Information – restricted informational assets exposed Financial – Loss is greater than 5% of the operating budget |
3 | High (H) |
Operations – moderate effect on some parts of the facility operations
Safety – Limited probability that an incident could materialize Regulatory –Limited impact on accreditation Information – limited exposure of commercial information Financial loss greater than 2% of the operating budget |
2 | Moderate (M) |
Operations –No quantifiable operational effect
Safety – Limited safety issued Regulatory – No impact on accreditation Information –Limited exposure of operational information Financial loss of less than 1% of the operating budget |
1 | Low (L) |
Characterization of Site and Threats
Smith-Brooks Corporations is sited in an industrial area, adjoining other manufacturers, warehouses, and distribution centers. This place has several specialized and generalized buildings such as security storage facility, administration office, and production facility. The building looks as illustrated in the plans depicted in appendix A and B. As the first line of defense, the site is enclosed by a security fence which is high enough to protect the site from physical attacks or climbing.
Affiliate Program!
Invite your friends and get a 10% commission from each order they have made.
Learn moreProduction Facility
The production facility encompasses the control area for IC production, manufacturing area, test facilities for ICs, and loading bay for finished products. Based on the size of the production facility, the threat detection system should also include more sensors and detectors to enhance security. Furthermore, the fact that this area has greater personnel traffic than the storage facility, more security mechanisms should be installed in all the constituent areas. However, the test and manufacturing areas are categorized as restricted zones with moderate criticality. The security of production facility is rather complex and demands an integrated solution of technology, manned services, and procedural consistency. For example, the company should be careful about the security service provider to deploy personnel with skills necessary to observe and report conditions and actions that present threat of theft or damage.
Security Storage Facility
Unlike the production facility, the storage facility is slightly distanced from the main administration center. The key purpose of this facility is to provide high-level security for production material and components. Logically, the core assets must be given to the utmost security to ensure continuity in production and supply of ICs. Therefore, the whole facility is allocated to the critical level or highly restricted zone of the site. This demands for volumetric intrusion into the detection systems, including passive infrared and proximity detectors.
Threat Detection System
In the business world, physical security and threat detection are important aspects of BCM in the sense that they identify and address security threats in commercial facilities (Järveläinen, 2012; Tammineedi, 2010). A threat detection system collects and analyzes information from various critical sources within a site or facility to identify possible security breaches, which entail thefts and access to unauthorized locations. The treat detection requires vulnerability assessment approach to evaluate the security of the site (Borodzicz, 2005). Physical security implies the protection of personnel, data, and hardware from events or physical actions that could result in serious damage or loss of an entity (Fennelly, 2013; Grassie). This encompasses protection from theft, burglary, vandalism, terrorism, fire, and natural disasters. According to Rouse (2016), most companies overlook and underestimate the significance of physical security in favor of technical threats, including cyber espionage and hacking. However, physical security breaches can be realized with little technical knowledge and brutality by the perpetrator. In other words, breaches in physical security present serious threats to the continuity of operations in a facility (Pearson, 2007). In addition to this, the obstacles should be introduced and surmounted in physical sites. Such measures include fire suppression systems, access control cards, locks, biometric control systems, and fencing (Garcia M. L., 2008; Norman, 2007). Apart from this, the physical location should be continuously monitored using notification systems and surveillance systems equipped with smoke detectors, heat sensors, and intrusion detection sensors (Hughes, 2011; Walby & Lippert, 2014). Furthermore, disaster recovery (DR) procedures and policies should be regularly tested to improve security and minimize the time needed to recover from any disruptions (Rouse, 2016; Svata, 2013). In line with these security demands, the ensuing section agrees on some of the most innovative threat detection technologies to develop a reliable threat detection system for Smith-Brook Corporation.
Intrusion Detection Systems (IDSs) for Smith-Brook Corporation
While surveillance techniques are used by security officers to watch for unusual behaviors (Caputo, 2010), intrusion detection devices are mainly used to sense any changes within an environment. For example, the secure storage facility needs an array of detectors or sensors to notify security administrators of any changes that pose a threat of theft or damage of the materials in storage. Both surveillance and intrusion detection systems are monitoring methods, but vary in approach and devices (Fay, 2007; Sun, Osborne, Xiao, & Guizani, 2007). Following the criticality of the storage facility, IDSs were recommended for implementation alongside the existing physical security mechanism to detect any unauthorized access and alert the responsible security office to respond appropriately. IDSs can monitor doors, windows, and entries. Most of them apply the principles of vibration detection and electromagnetism to discover certain changes in the protected environment. When any slight change is detected, the intrusion detection device triggers an alarm either within the facility or both in the facility and central security station.
Intrusion detection system should be used to detect changes in motion: beams of light, electrical circuits, vibrations and sounds, and different types of fields, including ultrasonic, electrostatic, and microwave (Cutnell & Johnson, 2012; Garcia L. , 2005). IDSs can be implemented to detect intruders by using volumetric systems or electromechanical systems. Examples of electromechanical systems include magnetic switches, pressure mats, and metallic foil in windows of sensitive facilities. The volumetric systems are given priority because of their high sensitivity in detecting changes in subtle environmental characteristics, including vibration, infrared values, ultrasonic frequencies, and photo electric changes (Garcia L. , 2005; Sahba, Alameh, & Smith, 2006).
Your order will be assigned to the most experienced writer in the relevant discipline. The highly demanded expert, one of our top 10 writers with the highest rate among the customers.
Hire a Top writer for $10.95Electromechanical systems operate by detecting break or change in a circuit (Sun, Osborne, Xiao, & Guizani, 2007). Typically, the electrical circuitry of these systems is connected with or embedded in a window or door. If an intruder breaks the window, the circuit breaks and then sounds an alarm locally or at the centralized security station. In the same case, the vibration detectors can be installed to detect movements on ceilings, walls and floors when tiny circuits embedded within the protected structure are broken (Giladi & Serpanos, 2006). Apart from this, magnetic contact switches can be built-in doors and windows. In a case that these magnetic contacts are separated due to illegal opening of the door or window, a preprogrammed alarm sounds. Another important electromechanical detector that can be used in the storage facility is a pressure pad. The pad can be placed beneath a portion of the carpet in the facility. This system should be activated after normal working hours to trigger alarms corresponding to unauthorized access. The logic is that if an intruder steps on the pressure pad concealed under the floor carpet, an alarm is triggered because nobody from the personnel is supposed to be in that location during afterhours.
Volumetric intrusion detection systems include microwave, acoustical-seismic, and photoelectric systems (Bocchetti, Flammini, & Pappalardo, 2009). Passive infrared (PIR) systems record changes in the heat waves within an environment they are configured to monitor (Shankar, Burchett, Hao, Guenther, & Brady, 2006). For example, PIR systems can be configured in the secure room to sound an alarm whenever there is intruder-induced temperature change in the room. In contrast to the PIR systems, the acoustical detection systems uses microphones concealed in ceilings, and floors and walls to detect any sound made during a forced entry. There limitation is that they are very sensitive to the extent that they should not be installed in facilities open to sounds of traffic or storms (USDA Forest Service, 2013). This feature makes them suitable for the storage facility which is slightly distanced from the noisy production facility. Vibration detectors work similarly; thus, can be implemented to detect any forced entry. Smith-Brooks Corporation chose to implement these sensors on the walls of the secure room, where thieves may attempt to drill the holes through. Additionally, they can be used around flooring and ceiling of the secure room to detect any intruder trying to make an unauthorized material transfer.
Further, wave pattern motion sensors detect the changes in the frequency of waves they are configured to monitor (Sahba, Alameh, & Smith, 2006). These devices generate a wave pattern that is conveyed over the protected area and reflected back to the device receiver (USDA Forest Service, 2013). Under the alteration of the wave pattern, an alarm sounds, because a foreign object is in the sensitive area. Frequencies used include ultrasonic and microwave. Capacitance or proximity detectors can also be useful in the detection of unauthorized movements in restricted zones of a facility (Fennelly, 2013). These devices constantly monitor the magnetic fields. Any disruption to the fields triggers an alarm. Proximity detectors are suitable for protecting specific objects, including vaults and cabinets. If an intruder enters the protected area with electrostatic IDS, a capacitance change induced by this process in electrostatic field sounds an alarm. The type and the number of the motion detector implemented by the company depend on their configurations and power capacity. Besides, the shape and size of the protected room as well as the items within the areas marked as sensitive may cause barriers (U.S. Patent No. 7,277,012, 2007). Hence, demanding more detectors to provide the appropriate level of coverage is required.
To summarize, intrusion detection systems are support systems meant to detect and communicate an attempted intrusion. In that regard, they do not prevent intruders; thus, should be considered as an aid to Smith-Brook’s security mechanisms. Despite having valuable controls in the company’s physical security program, several issues must be articulated and understood prior to their implementation in the abovementioned facilities. First, IDSs are very expensive and need human intervention for timely responses to alarms. Second, these systems require a redundant power supply or backup power supply to ensure business continuity (Torabi, Soufi, & Sahebjamnia, 2014). Finally, the advancements in technology make it easier to integrate into a centralized security system (Raol & Gopal, 2016). To improve security, IDSs demands a fail-safe configuration and resistance to tempering.
Conclusion
The number of threats that pose a risk to the continuity of daily business operations, production, and business continuity is growing rapidly. Some of these threats include corporate espionage, terrorism, vandalism, and theft. According to this trend, there is a growing visibility of the impact of various threats on the operations of large manufacturers in the electronic industry. For this reason, there is an urgent need to detect threats and address them timely and economically. This paper explores a security design for Smith-Brooks Corporation’s threat detection system. The distributed environment of the site puts much more responsibility on the security officer, administrative procedures, controls, and facility management than in site marked by one facility. Physical security extends beyond guard, to include extremely technical measures. Additionally, natural disasters, floods, intruders, power supplies, vandals, and fires need to be planned for and monitored centrally. Smith-Brook Corporation is compelled to design, implementation, and monitor physical security program that includes deterrence, detection, delay, and response control categories. It is at the discretion of the company to establish the acceptable risk level and the corresponding controls required to maintain security. Most of physical phenomena in the site can be detected by sensors, monitored by trigger circuits, and then communicated by sirens, alarms, and bells. The protection systems and detectors use sensors/detector to investigate pressure, light, temperature, metals, toxic gases, smoke, and proximity. To design an effective security system, there is a need to integrate security with risk management. In summary, the corporations’ security design was shaped by security technology for detection control and monitoring physical security for deterrence, control and delay, security management, and security risk management to direct and inform.