advo inc
-
Upload
karthik-chanakya -
Category
Documents
-
view
218 -
download
0
Transcript of advo inc
-
8/10/2019 advo inc
1/12
Advo Inc.: Integrating IT
and Physical Security
Group 4 - Hackers
Chakka
Deepti
SanthoshShiyamraj
Preeti
Rahul
Vijayashree
Vineeth
-
8/10/2019 advo inc
2/12
Advo - Background
One of the largest providers of mail advertising in US
Aout !"## employees $orking in %& fa'ilities
Over %(### 'lients and distriutes advertisements to
&!#) household addresses and &%*+) usiness
addresses in US and Canada
,argest 'ommer'ial user of USPS
-
8/10/2019 advo inc
3/12
Security before Sept 11 !""1
Se'urity $as given least priority
-o predefined se'urity poli'ies or pro'edures
-o a'kground 'he'ks on the temporary employees efore theyhired
Poor outdoor lighting and fen'ing
)inimal se'urity during usiness hours
-o surveillan'e 'ameras or alarms
-o 'ontrol over visitors
-omailing room
Sensitive do'uments $ere dis'arded
.eys to doors $ere not 'arefully 'ontrolled
/usiness 'ontinuity plan or disaster re'overy $ereundo'umented
-
8/10/2019 advo inc
4/12
#ontd..
0he se'urity around Advo1s appli'ations anddataase $as strong*
Advo entered a year agreement $ith 2/) gloal
servi'es to provide 'omputer pro'essing systemsdevelopment and systems lega'y support
0he se'urity servi'es in'luded in the agreement $ere3 Real time system monitoring
3 2ntrusion4 dete'tion and prevention3 in'ident management
-
8/10/2019 advo inc
5/12
Terrorist and Bio terrorist related attacks-
Sept 11 !""1 C5O and several senior level managers from the
'ompanies operating 'ommittee $ere in -6during atta'k
0he terrorist atta'ks elevated the importan'e ofse'urity $ithin Advo and physi'al se'urity gothighest priority
Reaction
7a'kenhut 'orp $as hired to provide uniformedse'urity offi'ers at all fa'ilities and 89 %: hrs a
day4 seven days a $eek
-
8/10/2019 advo inc
6/12
T$o $eeks later 0he first io terrorist related Anthra; atta'k o''urred in US
-umer of USPS employees died after handling mailsinfe'ted $ith Anthra; spores
Out of fear4 many people refused to open their mail $hi'h inturn 'ould lead to the end of Advo
0here $ere also a fear in the 'ompany that Anthra; spores'ould spread to Advo1s o$n fa'ilities as the USPS providedthem $ith e
-
8/10/2019 advo inc
7/12
Strengthening Security Senior VP of Se'urity management $as appointed
.roll 2n' and 5=6 $ere hired to do risk analysis of Physi'al and20 se'urity respe'tively
5a'h fa'ility had a lead se'urity offi'er assisted y three
se'urity asso'iates 0our management system from 0is'or $as implemented* Palm
Pilot $as used y se'urity asso'iates to s'an pre estalishedinspe'tion points
Outdoor lighting $as improved4 fen'ing $as installed and mailroom $as 'reated
Visitors $as no longer allo$ed to $alk freely4 they $ere made to$ear a visitor1s adge and sign a log
All fa'ilities $ere audited t$i'e a year to ensure the se'urity yse'urit mana er
-
8/10/2019 advo inc
8/12
Security %easures !""& and S##
2n %##:4 a se'urity management system $as implemented to'onne't all fa'ilities to Se'urity Control Centre at 89 and SCCre
-
8/10/2019 advo inc
9/12
Security Audits
A''ess 'ontrol
/om threats
Cleaning of een'ing
2dentifi'ation adges
.ey 'ontrol ,aptop se'urity
,ighting
,o'king devi'es
)ail room
Parking 'ontrol
Pre?employment s'reening Re'ord a''ess and retention
Se'urity 'amera
Se'urity in'ident reporting
Utility se'urity
7orkpla'e violen'e 0our management system
Se'urity offi'ers andte'hni'ians
2n %##:4 se'urity managers 'ondu'ted a se'urity audit in 89 and %& mailingfa'ilities* 0he audit 'overed %& key areas*
-
8/10/2019 advo inc
10/12
'inal #o%%entsAudits are 'ondu'ting every si; months
Su''essful transformation $as e'ause of three fa'tors3 0op management attention remained fo'used on the
need of stronger se'urity3 0$o se'urity dire'tors hired @ dire'tor of 20 se'urity and
enterprise ar'hite'ture and the dire'tor of 'orporatese'urity $ho report dire'tly to top management
3 20 and Physi'al se'urity are not treated as separateentities ut inter'onne'ted 'omponents
2ntegrated se'urity management system has allo$edAdvo to a'hieve greater level of se'urity
-
8/10/2019 advo inc
11/12
(uestions 0raditionally4 managing 20 se'urity and physi'al se'urity haveeen treated as t$o separate domains* 7hy should they eintegrated
7hy is top management1s a$areness and support essential for
estalishing and maintaining se'urity7hy should those responsile for leading the organiBation1s
se'urity efforts e pla'ed high in the organiBational 'hart
0he first de'ision made y Advo1s top management in theaftermath of the "&& atta'ks $as to improve physi'al se'urity*
7hy $as attention fo'used on this parti'ular aspe't of se'urity
7hat are the advantages and disadvantages of using'onsultants and third?party organiBations to provide se'urity?related servi'es 7hat reasons $ould a 'ompany have for
hiring 'onsultants to provide guidan'e for its se'urity efforts
-
8/10/2019 advo inc
12/12
#ontd..
7hy is it a good se'urity pra'ti'e to have fe$ visitors in a re'eptionarea
2dentify the se'urity risks involved in allo$ing net$orked systems toe used y large numers of temporary employees $ho do not need to
log in* 7hat pass$ord guidelines should e implemented for strongeruser authenti'ation
8o$ far a$ay should a a'kup site e lo'ated from 'ompanyhead