8/10/2019 advo inc

1/12

Advo Inc.: Integrating IT

and Physical Security

Group 4 - Hackers

Chakka

Deepti

SanthoshShiyamraj

Preeti

Rahul

Vijayashree

Vineeth

8/10/2019 advo inc

2/12

Advo - Background

One of the largest providers of mail advertising in US

Aout !"## employees $orking in %& fa'ilities

Over %(### 'lients and distriutes advertisements to

&!#) household addresses and &%*+) usiness

addresses in US and Canada

,argest 'ommer'ial user of USPS

8/10/2019 advo inc

3/12

Security before Sept 11 !""1

Se'urity $as given least priority

-o predefined se'urity poli'ies or pro'edures

-o a'kground 'he'ks on the temporary employees efore theyhired

Poor outdoor lighting and fen'ing

)inimal se'urity during usiness hours

-o surveillan'e 'ameras or alarms

-o 'ontrol over visitors

-omailing room

Sensitive do'uments $ere dis'arded

.eys to doors $ere not 'arefully 'ontrolled

/usiness 'ontinuity plan or disaster re'overy $ereundo'umented

8/10/2019 advo inc

4/12

#ontd..

0he se'urity around Advo1s appli'ations anddataase $as strong*

Advo entered a year agreement $ith 2/) gloal

servi'es to provide 'omputer pro'essing systemsdevelopment and systems lega'y support

0he se'urity servi'es in'luded in the agreement $ere3 Real time system monitoring

3 2ntrusion4 dete'tion and prevention3 in'ident management

8/10/2019 advo inc

5/12

Terrorist and Bio terrorist related attacks-

Sept 11 !""1 C5O and several senior level managers from the

'ompanies operating 'ommittee $ere in -6during atta'k

0he terrorist atta'ks elevated the importan'e ofse'urity $ithin Advo and physi'al se'urity gothighest priority

Reaction

7a'kenhut 'orp $as hired to provide uniformedse'urity offi'ers at all fa'ilities and 89 %: hrs a

day4 seven days a $eek

8/10/2019 advo inc

6/12

T$o $eeks later 0he first io terrorist related Anthra; atta'k o''urred in US

-umer of USPS employees died after handling mailsinfe'ted $ith Anthra; spores

Out of fear4 many people refused to open their mail $hi'h inturn 'ould lead to the end of Advo

0here $ere also a fear in the 'ompany that Anthra; spores'ould spread to Advo1s o$n fa'ilities as the USPS providedthem $ith e

8/10/2019 advo inc

7/12

Strengthening Security Senior VP of Se'urity management $as appointed

.roll 2n' and 5=6 $ere hired to do risk analysis of Physi'al and20 se'urity respe'tively

5a'h fa'ility had a lead se'urity offi'er assisted y three

se'urity asso'iates 0our management system from 0is'or $as implemented* Palm

Pilot $as used y se'urity asso'iates to s'an pre estalishedinspe'tion points

Outdoor lighting $as improved4 fen'ing $as installed and mailroom $as 'reated

Visitors $as no longer allo$ed to $alk freely4 they $ere made to$ear a visitor1s adge and sign a log

All fa'ilities $ere audited t$i'e a year to ensure the se'urity yse'urit mana er

8/10/2019 advo inc

8/12

Security %easures !""& and S##

2n %##:4 a se'urity management system $as implemented to'onne't all fa'ilities to Se'urity Control Centre at 89 and SCCre

8/10/2019 advo inc

9/12

Security Audits

A''ess 'ontrol

/om threats

Cleaning of een'ing

2dentifi'ation adges

.ey 'ontrol ,aptop se'urity

,ighting

,o'king devi'es

)ail room

Parking 'ontrol

Pre?employment s'reening Re'ord a''ess and retention

Se'urity 'amera

Se'urity in'ident reporting

Utility se'urity

7orkpla'e violen'e 0our management system

Se'urity offi'ers andte'hni'ians

2n %##:4 se'urity managers 'ondu'ted a se'urity audit in 89 and %& mailingfa'ilities* 0he audit 'overed %& key areas*

8/10/2019 advo inc

10/12

'inal #o%%entsAudits are 'ondu'ting every si; months

Su''essful transformation $as e'ause of three fa'tors3 0op management attention remained fo'used on the

need of stronger se'urity3 0$o se'urity dire'tors hired @ dire'tor of 20 se'urity and

enterprise ar'hite'ture and the dire'tor of 'orporatese'urity $ho report dire'tly to top management

3 20 and Physi'al se'urity are not treated as separateentities ut inter'onne'ted 'omponents

2ntegrated se'urity management system has allo$edAdvo to a'hieve greater level of se'urity

8/10/2019 advo inc

11/12

(uestions 0raditionally4 managing 20 se'urity and physi'al se'urity haveeen treated as t$o separate domains* 7hy should they eintegrated

7hy is top management1s a$areness and support essential for

estalishing and maintaining se'urity7hy should those responsile for leading the organiBation1s

se'urity efforts e pla'ed high in the organiBational 'hart

0he first de'ision made y Advo1s top management in theaftermath of the "&& atta'ks $as to improve physi'al se'urity*

7hy $as attention fo'used on this parti'ular aspe't of se'urity

7hat are the advantages and disadvantages of using'onsultants and third?party organiBations to provide se'urity?related servi'es 7hat reasons $ould a 'ompany have for

hiring 'onsultants to provide guidan'e for its se'urity efforts

8/10/2019 advo inc

12/12

#ontd..

7hy is it a good se'urity pra'ti'e to have fe$ visitors in a re'eptionarea

2dentify the se'urity risks involved in allo$ing net$orked systems toe used y large numers of temporary employees $ho do not need to

log in* 7hat pass$ord guidelines should e implemented for strongeruser authenti'ation

8o$ far a$ay should a a'kup site e lo'ated from 'ompanyhead