Rozin Security Approach
Rozin Security’s protocol begins with an in-depth security risk assessment that considers the client’s unique operations, assets, threats, and vulnerabilities. Rozin Security uses the assessment findings to develop customized solutions that are prioritized, efficient, proven, and cost-effective.In this case, Rozin Security performed a full security risk assessment of the Department of Revenue building and its operations.
Rozin Security’s first task was to thoroughly understand the building’s operations. This included State revenue functions such as receiving and processing taxes and tax information, as well as the storage of sensitive financial data, tax stamps, and evidence related to potential financial crimes. However, it also included other peripheral operations such as administrative court hearings, periodic large meetings and events hosted by the governor, and even a publicly accessible ground-level cafeteria.
Concurrently, Rozin Security and the client identified key assets that should be protected. This included the staff and patrons, tax information and criminal evidence, the data center, and other infrastructure systems essential to the Department of Revenue’s operations and its reputation.
Next, Rozin Security analyzed the client’s threat profile. Rozin Security identified idiosyncratic, criminal, and ideologically motivated threat actors and malicious acts that were relevant to government entities, in general, and the revenue targets, in particular. The threat assessment included a review of security incidents that had occurred within the Department of Revenue property and across the State Capitol Complex. In developing the threat assessment, Rozin Security focused on the client’s assets and operational factors that may attract malicious activity.
The core feature of this project was an onsite assessment of the client’s property, operations, and assets. For this client, Rozin Security also conducted multiple Red Team assessments to test and demonstrate how deficiencies within the site’s security operations may be exploited in order to target 1) executive staff members and 2) critical tax documents and information.
To address identified vulnerabilities and risks, Rozin Security traditionally divides its solutions into three broad categories:
- Physical security features (exp. hardened doors and window safety features).
- Technological security features (exp. access control mechanisms and video surveillance systems).
- Human asset security features (exp. increased security personnel presence, access control procedures, and threat information sharing).
Rozin Security considered each of these categories at every layer of the client’s property and operations – from exterior and public facing zones to interior and restricted storage and operational spaces.
Once the client’s total risk was established, Rozin Security provided recommendations for physical, technological, staffing, policy, and procedural corrective measures that would improve security preparedness in the face of relevant threats. Recommended corrective measures were prioritized based on their abilities to deter, prevent, detect, and respond to relevant threats. In this way, Rozin Security consultants were able to highlight those corrective measures that would provide the greatest return on investment for the individual site. Furthermore, Rozin Security takes a holistic approach to security, understanding that a high-quality security program is only possible through effective integration of physical, technological, and human measures.
At the conclusion of this project, the client immediately committed to implementing several protective measures, including:
- Procedural enhancements aimed at improving routine and emergency security operations.
- Regular training for relevant security and non-security personnel to proactively identify and neutralize potential threats.
- A re-design of the building’s main lobby that will allow the client to more effectively control access and protect against potential threat actors while still maintaining a friendly an open atmosphere for its public-facing service areas.
Through this project, Rozin Security demonstrated the ability to consider a client’s security atboth the micro and macro levels. At the micro level, consultants identified and prioritized individual assets and vulnerabilities as they related to the unique operations of the Department of Revenue building. At the macro level, Rozin Security identified and addressed the need to consider joint security operations and preparedness between the Department of Revenue building and the rest of the State Capitol Complex.