Taking A Closer Look: Why Federal Security Assessments Matter

No matter your political beliefs or registered party affiliation, many news outlets’ polls reveal that border security tops many voters’ priority lists.

For asset protection professionals charged with federal facility security, border security encompasses far more than monitoring geography and land crossings. Every federal border, from a federal building’s perimeter and employees’ and contractors’ respective security clearances to military bases and miles of protected shorelines, requires top-notch security. Ensuring federal facility security is a challenge that everyone can agree is a nonpartisan issue.

While it’s uncommon for unauthorized people to gain entry into federal buildings and sites, the threat is real. Recent instances of people trying to breach U.S. borders thousands of miles away from the Rio Grande include:

• A man attempting to crash through a security gate at the Atlanta Federal Bureau of Investigations office
• A man scaling the fence and throwing rocks outside the Chicago FBI office
• Two different attempts to crash through the outer gates at the White House, with another person trying to follow an authorized car through a security perimeter
• More than 100 foreign nationals, posing as tourists, “gate crashing” U.S. federal sites, including a missile range in New Mexico, a rocket launch site in Florida, and an Army base in Alaska

What Is a Security Risk Assessment?

Thwarting these attempted security breaches requires vigilance—with recurring facility security assessments. These assessments, in-depth audits and analyses of security system operations, determine the necessary security measures needed to protect federal personnel, property, and information. This includes reviewing the technology, hardware components, and practices that comprise physical security systems, including:

• Doors
• Entry points
• Resources
• Equipment
• Security clearances for authorized personnel
• Proprietary data
• File access
• Hardware 

This means looking across a site’s resources and assets that exist on-site, including:

• Buildings and physical spaces
• Building infrastructure components, like HVAC systems
• Digital systems, including networks and data storage facilities
• Operational equipment, like fleet vehicles
• Intellectual property and strategic knowledge documentation and files

What Is the Difference Between a Security Risk Assessment and a Security Plan?

Security risk assessments uncover gaps and weaknesses in security measures before bad actors can exploit them. As part of the process, leaders must review and test operating procedures, as well as the employees who are responsible for running them. An assessment concludes with a full report that provides specific and actionable technical recommendations to level up an organization’s security posture.

A security plan implements the assessment’s recommendations. The goal of a security plan is for leaders to continually address and improve security measures and eliminate emerging risks.

The 5-Step Process To Tackling a Risk Assessment

Before starting to investigate potential solutions, the risk assessment process should begin as a collaborative process with stakeholders to answer some pointed questions:

• What do we need to protect specifically?
• Who do we need to protect our facility from?
• What are our existing security measures?

1. Determine the Scope of the Security Risk Assessment

It’s a large and time-consuming process to undertake a security risk assessment. That’s why it’s important to understand the specific scope of the project. The assessment can cover the entire organization or focus on a specific business unit or geographic location, or hone in on one business function, like security gate access.

Once the scope is set, identify the relevant stakeholders and leaders whose responsibilities extend to that area of the business. Gaining insight into their roles and day-to-day work is imperative to fully identify all the processes and assets associated with that function, from defining risks to assessing the severity of the issues. 

2. Identify Potential Threats and Vulnerabilities

Once the risks are uncovered, the next puzzle to solve is to answer what kinds of vulnerabilities can turn into threats, compounding the various risks. There’s a difference between the two:

• A vulnerability is flaw that exposes potential threats
• A threat is the event that causes damage to the organization

Some questions to ask include:

• Who has authorized access to our site? Do we admit those without specific credentials?
• What are the current processes in place to prevent an incident from occurring?
• If a breach does happen, what measures do we have in place to contain it?
• What is our standard operating procedure to ensure we can recover from a security breach?

Answering these questions will help guide asset protection leaders on how to comprehensively tackle a wide range of complex security issues and vulnerabilities. It’s important to rank each risk and establish stakeholder’s responsibilities to address them.

3. Analyze Risks and Determine Potential Impact

A security risk assessment needs to determine how the risk scenarios impact the organization.

In a facilities risk assessment, the potential risk (the probability that a particular threat can exploit a vulnerability) is based on several factors:

• The ease with which a bad actor can discover security weakness
• How easy is it for a bad actor to exploit that risk
• Can the risk be replicated
• Is this a common risk across the industry
• Past security incidents or breaches

4. Prioritize Risks

Each risk must be assigned a level of importance, which should determine the appropriate action to take. Many security assessments incorporate a matrix to classify different scenarios and corresponding actions. 

5. Document Risks

This process reveals valuable information that needs to be compiled and shared with the appropriate people. Here are some useful examples of documentation that can be created from a comprehensive security review:

• Creating a database of current applications tools, and utilities in use
• Documenting security requirements, policies, and procedures
• Compiling security system architectures, network diagrams, data stored or transmitted by systems, and noting specific interactions with vendors and external service providers
• Creating a physical asset inventory, from hardware components to networking and software systems
• Establishing a library of operating systems’ usage and management, including current security controls, baseline operations and security requirements, technical and procedural reviews, and how to mitigate risks for each identified asset

LVT Units Help Secure Federal Facilities

LiveView Technologies provides another set of eyes to create a show of force by increasing situational awareness. LVT has partnered with several agencies to secure the U.S. border, federal facilities, and military bases around the clock by offering a state-of-the-art surveillance solution.

All LVT Units, ancillary products and services are approved for use by the U.S. General Services Administration. LVT systems use cutting-edge technologies to enhance existing physical security measures, monitor facilities in real time, detect intruders, and respond to threats promptly. By using a combination of thermal imaging, live alerts, and bounding boxes, LVT systems detect and stop intrusions in all conditions, including at night and in bad weather.

When it’s time to implement your security assessment recommendations, LVT can help. Schedule a free demo and we’ll show you how LVT can level up your security posture—and fast.