Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.
-
Upload
margaret-allen -
Category
Documents
-
view
219 -
download
2
Transcript of Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.
![Page 1: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/1.jpg)
Developing a Security Program
![Page 2: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/2.jpg)
Developing a Security Program
Exercise Plan
Develop/Update Plan
Review/Revisit
Plan
![Page 3: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/3.jpg)
Developing a Security Program
• Understanding One Size Does Not Fit All
• The Importance of Being Prepared
• Why Communication is the Key
• Ten Key Security Program Principals
• What Resources Are Available
![Page 4: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/4.jpg)
One Size Does Not Fit All
• Utility security programs should achieve consistent outcomes using utility-specific strategies.
• Implement approaches that are tailored to your utilities’ circumstances and operating conditions.
Source water Treatment Distribution & Storage
Customer
![Page 5: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/5.jpg)
![Page 6: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/6.jpg)
Security Program Scope
• Active and effective security programs should address:
– protection of public health– public safety (including infrastructure) – and public confidence
![Page 7: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/7.jpg)
![Page 8: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/8.jpg)
Significant System Failures
• An active and effective security program should consider:– Loss of pressure for significant parts of the
system.– Long term loss of supply, treatment, or
distribution system.– Adverse impacts to public health or
confidence resulting from a contamination threat or incident.
![Page 9: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/9.jpg)
![Page 10: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/10.jpg)
Key Threats or Methods of Attack
When developing an active and effective security program you should consider:
– Physical targeting of core facilities or independent infrastructure
– Chemical or biological material used to contaminate water supplies
– Cyber attack on technology assets to disrupt services
![Page 11: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/11.jpg)
“All hoaxes must be treated as actual events until proven otherwise”
![Page 12: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/12.jpg)
A Part of Being Prepared
• Commitment to security• Promote security awareness• Up-to-date assessment of vulnerabilities• Dedicate security resources and security
implementation priorities• Define security roles and employee
expectations
![Page 13: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/13.jpg)
![Page 14: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/14.jpg)
Being Prepared Continued
• Intrusion detection and access control for the physical plant, and/or at the source(s)
• Contamination detection
• Information protection and continuity
• Design and construction
• Threat level-based protocols
![Page 15: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/15.jpg)
![Page 16: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/16.jpg)
Communication is the Key
• Emergency response and recovery plans should incorporate security considerations and be tested and reviewed regularly.
• Internal and external communications.
• Partnerships
![Page 17: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/17.jpg)
![Page 18: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/18.jpg)
10 Key Security Principles
1. Security should be part of your utility’s day-to-day thinking.
2. A strong commitment to security is key.3. There are always ways to improve
security.4. Prevention is a key aspect of enhancing
security.5. Movement towards practices that are
inherently safer.
![Page 19: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/19.jpg)
10 Key Security Principles
6. Ongoing management and monitoring, and budget commitment.
7. Security issues should be a factor in building plans and design.
8. Security may not be convenient.
9. Build strong relationships with response partners and the public.
10.You have to put a price on security.
![Page 20: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/20.jpg)
Resources
• Technical Assistance Providers– National Environmental Services Center
• www.nesc.wvu.edu
– National Rural Water Association• www.nrwa.org
– Rural Community Assistance Partnership• www.rcap.org
– Safe Drinking Water Trust – eBulletin• www.watertrust.org
![Page 21: Developing a Security Program. Exercise Plan Develop/Update Plan Review/Revisit Plan.](https://reader030.fdocuments.us/reader030/viewer/2022032722/56649f4e5503460f94c6f391/html5/thumbnails/21.jpg)
Additional Resources
• American Water Works Association– www.awwa.org
• Association of State Drinking Water Administrators– www.asdwa.org
• National Drinking Water Clearing House– www.ndwc.wvu.edu
• U.S. Environmental Protection Agency– www.epa.gov