GSS | Gordon Security Solutions LLC

The Risk Assessment

2012-05-14T17:37:00.000-07:00

WHY A RISK ASSESSMENT?

With increasing certainty, corporate and government auditors are implementing requirements or expecting that organizations including banks, other financial institutions, universities and hospitals will conduct security risk assessments on a regular basis. However, many organizations that do perform what they perceive as 'risk assessment' currently utilize an outdated list of physical security threats stored within an Excel spreadsheet that is managed and analyzed manually. This traditional, time consuming approach is only a vulnerability assessment, and not a true risk assessment that includes the specific controls and safeguards needed to eliminate security threats, a cost benefit analysis of the associated financial data, and a projected Return on Investment (ROI) based on implementation of the selected security controls. If your department or staff is responsible for satisfying regulators, providing value added physical security data internally and ultimately protecting EVERYONE at a physical location from harm and security threats, then automated risk assessment is the tool of choice.

WHAT A RISK ASSESSMENT CAN DO FOR YOUR ORGANIZATION

Gordon Security Solutions (GSS) offers comprehensive risk assessment, an affordable and easy- to-use software tool that automates the surveying, data collection, analysis and reporting for physical security threat assessments and the management of these security risks. Basically, risk assessment is a process used to identify what controls are needed to protect your critical or sensitive assets adequately as well as cost effectively. Our risk assessment software determines and quantifies risk by analyzing the relationships between: assets value, potential threats to these assets, the vulnerabilities that would allow the threats to occur, the types of losses that the threats could cause, and then most critically, safeguards that would reduce loss or eliminate threats. The true value of GSS risk assessment is that our automated tool cuts down your organization's risk analysis time commitment by 70% when compared with a manual, spreadsheet-driven analysis. Additionally, users of our risk assessment product have the flexibility to conduct risk analysis within an organization in a variety of ways: vulnerability assessment only, risk assessment only, vulnerability and risk assessment combined, with or without financial data, and with or without ROI data.

JUSTIFYING THE COST OF A RISK ASSESSMENT SOFTWARE

The cost benefit of purchasing GSS risk assessment software becomes startlingly clear when confronted with the proposition of a manual risk analysis using in-house employees and simple spreadsheets. While the manual risk assessment can take from 10 to 15 weeks to complete and cost many thousands of dollars in lost productivity man hours, our automated risk assessment should only require about two weeks, resulting in tremendous man hour cost savings. Beyond cost effectiveness, a critical feature of our automated risk assessment tool is the ability to quantify your organization's risk and provide ROI metrics based on your selected controls once the risk assessment is complete. Through the risk assessment reporting function, users can generate an easy-to-understand graph that ranks and recommends security controls by projected ROI. Another graph measures ROI by illustrating how implementing the top 20 controls will lead to a cumulative loss reduction; this same graph also displays projected loss reduction for each single safeguard on its own.

ELIMINATE RISK WITH GORDON SECURITY SOLUTIONS AND SITE-SECURE SOFTWARE

In our current environment of challenging local, state and national security issues, risk management requirements will continue to increase and demand more standardization. Without a doubt, measuring and managing your organization's physical security by Return on Investment is the ultimate expression of corporate accountability. And, conducting an automated risk assessment is the best way to meet your security requirements, quantify areas of weakness, justify which security controls to implement first, and validate your security budget while monitoring its cost savings potential.

The Risk Assessment is a critical part of any business and business service. Without a complete understanding of the current vulnerabilities, both quantitative and qualitative you are only guessing when you put together your security plan.

This can be a time consuming and wide spread process. Our software will both organize and reduce the time (by up to 60%) spent on all your assessments.

Once it is setup your system is ready for repeat assessments.

3.7.2 Functions

2011-08-31T10:49:00.000-07:00

Release 3.7.2

This is a short list of latest upgrades to Site-Secure are by far some of the best I have seen in a while.

This post only lists some of the additions there are so many new features I am still updating this document so this is a quick list view of the options coming out.

PIM:
Increased integration with access control software
Increased reports from access control system

Asset Management:
Increased number of reports within the asset software

Key management module:
Adding additional fields
Ability to rename all of the fields in the bitting codes screen.
A level of authority has been added to key management,
Approval process is under development.
Temporary keys issue for date
Additional tables for predefined lists
Signature capture for key management issuance
Filter list of key codes
Total number of keys created
Integration of the key management and trouble call system for web based key requests

Visitor registration module
Track security approvals with dates and highlighted colors.
Display previous visitor name match

Restricted Access:
Track and manage fingerprints associated with a restricted person.

Incident reporting:
Limit the number of reports returned when you perform a search
Rules based incident reporting capability
DOL integration is now stronger

Miscellaneous:

The TRA module is taking shape nicely.

A new Non-employee table has been added.

Terminal Server or Remote Desktop Capabilities. 
Attendance log and historical data archiving.
User defined variables in the employee name search form.
Track tenants per building.

Naturally these are only a few of the new additions Site-Secure has added, to see exactly what was added you can subscribe to this post or look at the release notes from the latest version, if you don’t have access to them just ask Gordon Security Solutions for the latest list we are more than happy to share and go through them with our customers.

Thank you,

Scott Gordon

Visitor Registration Kiosk

2011-05-18T13:53:00.000-07:00

Kiosks by Parrabit:
Gordon Security and Site-Secure have formed a relationship with a major Kiosk manufacturer who currently provides kiosks of all shapes and sizes to banks, airports, train stations, multi tenant buildings and corporations. A kiosk will increase your corporate image and reduce vulnerabilities. High traffic lobbies can frustrate your visitors and take up your employees time when visitors are not processed quickly and efficiently. While a kiosk can be positioned in a low traffic lobby reducing costs and increasing corporate image.

A Kiosk assisting in the flow of traffic in a location where visitors are not pre-registered, allows the visitors to enter their information into the kiosk, scan a drivers license, take a photo and check the restricted access list. The guard/employee receiving the visitor will see and confirm all the information entered and print a badge for this visitor.

One client setup a camera to send a video feed to another lobby, post or command center (location determined on time of day). When a visitor arrived at the kiosk, a camera positioned on the Kiosk was triggered to show the live video of the visitor to the officer at the other location. Two way communication is setup allowing the visitor to speak with someone while entering data answering any questions they may have. Setting up a stand alone kiosk eliminates the cost of a person sitting at the desk managing a low traffic entry point.

With Site-Secure's reengineered visitors kiosk experience, each screen is now easier to use for the visitor. Visitors can scan badges, drivers licenses, a fingerprint, scan invitations sent to them via the Site-Secure web form, take a photograph and print a self expiring self adhesive badge.

These kiosks come loaded with Site-Secure visitor management kiosk registration software and can be deployed in multiple environments.
Whether you are reposition an employee or expediting the flow of traffic, a kiosk will free up security budgets and increase your corporate image.

Automatic notifications are sent upon successful entry into the visitor registration kiosk notifying the host their guest has arrived.

For additional information on Site-Secure's kiosk application and/or the kiosks please feel free to contact us or visit the appropriate page on the web site.

For Site-Secure Software Click Here.

For Kiosks Click Here:

PIM Integration

2011-05-17T17:36:00.000-07:00

PIM Integration:
This feature is a welcome addition to any company running reports on information collected on employees from the access control system. The request came in from those who find their access control software cumbersome to run reports from, some have said these reports are not available.

Security directors are seeking a method of lower the vulnerabilities caused from the lack of control of access control badges. Badges that have not been used in a certain period of time are deemed a threat to the company, possibly lost or stolen. Employees continually requesting temporary badges require guidance or penalties associated to lost or constant badge misplacement.

Site-Secure is now providing a method of viewing and reporting on access control badge information. Site-Secure is providing the ability to view active reads of each badge, along with information on badge holders. This capability provides you one easy to use interface to run reports from, one you are familiar with. Reports include when badges were last used, badges that have never been used and non-returned expired badges all of which mitigate the vulnerabilities many companies overlook due to complicated access control systems.

New TRA Module

2011-05-10T11:42:00.000-07:00

TRA: (new module)
Site-Secure is working on an exciting project, they are in the process of developing a Threat and Risk Assessment module (TRA) fully integrated with Site-Secure's already powerful suite of 14 modules.

Site-Secures objective
The objective is to assist our clients in achieving their corporate policy requirements to ensuring Departmental Designated and Classified information and other assets are safeguarded in an appropriate manner.

The secondary objective is to provide management with:

an opinion as to their current level of compliance with the Policy on Corporate Security;
an opinion as to the efficiency with which they are implementing the Security Policy;
to identify significant security exposures or areas of potential risk, that may be attributable to deficiencies in current security safeguards or operating practices;
a heightened security awareness; and practical recommendations for improvement.

This information will help us provide you with recommendations that will support your business objectives by safeguarding employees and assets and assuring the continued delivery of services.

The approach is to leverage and utilize data from specific modules currently within Site-Secure, allowing the TRA module to remain in a constant state of motion, changing as the environment changes. Information entered and associated to buildings, assets, facilities trouble calls, restricted people, incidents and activities along with a customizable questionnaire will be leveraged to expose vulnerabilities. This is the closest form of a quantitative assessment, when one is pulling data in realtime into the current assessment. If modules within Site-Secure are not in use there will be a way to enter information used in the assessment to properly measure the SLE, ARO and ALE.

The qualitative portion will utilize a customizable question based system, to allow the user to configure and manage any type of assessment they deem necessary. This can include a site survey or workplace violence survey, simplifying and automating the data collection process. Each question can be tailored to the appropriate respondents category. Answers will provide a first hand knowledge on security policies, security awareness while exposing deficiencies in the safety and security department all aiding in compliance with standards and initiate a proactive reduction in vulnerabilities. The TRA module will be able to perform site surveys along with qualitative response surveys independent of the full assessment.

The data collected through both approaches will be presented for analysis in ways allowing management to act before incidents occur, compliance is breached, and vulnerabilities are exposed.

Key, Parking and Visitor Approval

2011-05-05T17:05:00.000-07:00

Key, Parking and Visitors Approval:
Site-Secure is getting ready to release a four level approval process for the issuance of keys, the registration of visitors and the issuance of parking passes.

The approval process ensures the issuance of keys, registration of visitors, issuance of parking passes go through the proper vetting channels. The Issuing of a key to a person who was not supposed to have a key or was issued the wrong key can be a vulnerability or a wast valuable time and money. From reclaiming the wrong key and issuing the correct key to the possibility of an issuance to someone who should not have a key, there is a lot at stake. Time can add up especially if the mistake is not noticed until the key recipient has traveled any distance with what they though was the correct key to only find out they have the wrong key.

With heightened security concerns approving a visitor is one step that can lower vulnerabilities. Some sites require all visitors to meet specific standards to come on company property, Site-Secure can greatly assist with the approval of visitors no matter how relaxed or strict your policies are.

Lets not forget about parking permits, as employees come and go, parking is always a premium. Site-Secure will greatly assist with who is granted a parking space and who is not. This applies to corporations, universities and government agencies alike. Parking is a premium, space is limited ensure those who are supposed to have a space do and in the lot they are assigned. Site-Secure's parking management program issues passes, ensures the proper income is collected and the lots spaces are allocated properly. Tickets are issued and tracked for collection of funds due when violations occur.

The approval process involves the either the trouble call web form for the keys and parking modules, and the visitor pre-registration web form for visitor approval. Site-Secure sends automatic notifications to the person/people who will be responsible for approving the issuance of the keys, parking passes or approval of the visitor.

Site-Secure Release V3.6R4

2011-04-17T09:58:00.000-07:00

Site-Secure's Release of V3.6R4 has some great new features all of which are client requests.

Biometrics integration was requested in the visitor registration module and it was delivered. Going above and beyond, Site-Secure integrated fingerprint scanning of a visitor and use that print to recall visitor information upon their return for faster look and sign in.

As usual Site-Secure takes it above and beyond, adding the same fingerprint recognition capability to more than one module. Now employees can log into Site-Secure with a fingerprint scan, contractors can be signed in with a fingerprint scan, restricted people can be verified with a fingerprint scan. This capability allows Site-Secure to lead the way in reporting software capabilities.

Parking Management has increased capabilities which include automatic notifications when permits are expiring suspensions are coming up for reinstatement. The capturing of a digital signature can be collected and associated to a permit holder when permits are issued.

The Restricted Access Module has increased capabilities and found its way into more place through out Site-Secure making you the user to eliminate the potential threats people who have been restricted from your facility can pose.