Security Risk Assessment
Client’s Situation, Threats, and Challenges
In 2018, Rozin Security worked with a State Department of Revenue headquarter building. State and Federal government buildings continue to be a highly attractive target to perpetrators of terrorist attacks and other mass violence. This Department of Revenue building is also attractive to criminally motivated entities because of its strong association with State taxes and finances.
The client’s primary challenge is maintaining a highly secure environment across multiple floors and entry points while providing several public-facing services, some of which do not directly relate to revenue operations. This client is a primary target for malicious actors and also as a secondary or collateral target because of the building’s location on the State Capitol Complex grounds. These challenges make effective access control and threat information sharing and analysis essential components within the client’s safety and security program.
Rozin Security Approach
Rozin Security’s protocol begins with an in-depth security risk assessment that considers the client’s unique operations, assets, threats, and vulnerabilities. Rozin Security uses the assessment findings to develop customized solutions that are prioritized, efficient, proven, and cost-effective.In this case, Rozin Security performed a full security risk assessment of the Department of Revenue building and its operations.
Rozin Security’s first task was to thoroughly understand the building’s operations. This included State revenue functions such as receiving and processing taxes and tax information, as well as the storage of sensitive financial data, tax stamps, and evidence related to potential financial crimes. However, it also included other peripheral operations such as administrative court hearings, periodic large meetings and events hosted by the governor, and even a publicly accessible ground-level cafeteria.
Concurrently, Rozin Security and the client identified key assets that should be protected. This included the staff and patrons, tax information and criminal evidence, the data center, and other infrastructure systems essential to the Department of Revenue’s operations and its reputation.
Next, Rozin Security analyzed the client’s threat profile. Rozin Security identified idiosyncratic, criminal, and ideologically motivated threat actors and malicious acts that were relevant to government entities, in general, and the revenue targets, in particular. The threat assessment included a review of security incidents that had occurred within the Department of Revenue property and across the State Capitol Complex. In developing the threat assessment, Rozin Security focused on the client’s assets and operational factors that may attract malicious activity.
The core feature of this project was an onsite assessment of the client’s property, operations, and assets. For this client, Rozin Security also conducted multiple Red Team assessments to test and demonstrate how deficiencies within the site’s security operations may be exploited in order to target 1) executive staff members and 2) critical tax documents and information.
To address identified vulnerabilities and risks, Rozin Security traditionally divides its solutions into three broad categories:
- Physical security features (exp. hardened doors and window safety features).
- Technological security features (exp. access control mechanisms and video surveillance systems).
- Human asset security features (exp. increased security personnel presence, access control procedures, and threat information sharing).
Rozin Security considered each of these categories at every layer of the client’s property and operations – from exterior and public facing zones to interior and restricted storage and operational spaces.
Once the client’s total risk was established, Rozin Security provided recommendations for physical, technological, staffing, policy, and procedural corrective measures that would improve security preparedness in the face of relevant threats. Recommended corrective measures were prioritized based on their abilities to deter, prevent, detect, and respond to relevant threats. In this way, Rozin Security consultants were able to highlight those corrective measures that would provide the greatest return on investment for the individual site. Furthermore, Rozin Security takes a holistic approach to security, understanding that a high-quality security program is only possible through effective integration of physical, technological, and human measures.
At the conclusion of this project, the client immediately committed to implementing several protective measures, including:
- Procedural enhancements aimed at improving routine and emergency security operations.
- Regular training for relevant security and non-security personnel to proactively identify and neutralize potential threats.
- A re-design of the building’s main lobby that will allow the client to more effectively control access and protect against potential threat actors while still maintaining a friendly an open atmosphere for its public-facing service areas.
Through this project, Rozin Security demonstrated the ability to consider a client’s security atboth the micro and macro levels. At the micro level, consultants identified and prioritized individual assets and vulnerabilities as they related to the unique operations of the Department of Revenue building. At the macro level, Rozin Security identified and addressed the need to consider joint security operations and preparedness between the Department of Revenue building and the rest of the State Capitol Complex.
Rozin Security offers security consulting services to help you design a comprehensive and proactive security plan to meet the needs of your organization today, and over time.