Security - Agip Kazakhstan North Caspian Operating Company N.V. (Agip KCO)
Agip Kazakhstan North Caspian Operating Company N.V. (Agip KCO) is the single operator of the North Caspian Sea Production Sharing Agreement (PSA), which controls the development of 11 blocks in the Kazakhstan sector of the Caspian Sea. This region contains the giant field of Kashagan, the largest oilfield identified in the North Caspian Sea PSA contract area and widely considered to be the most important new oil discovery of the last thirty years worldwide. Agip KCO, a company fully owned by Eni S.p.A., operates on behalf of a consortium of seven international oil companies, including ConocoPhillips, Eni, ExxonMobil, INPEX, KazMunayGas, Shell and Total.
Agip KCO is committed to working towards the security and protection of its physical, reputational and human assets. In keeping with this policy objective the company wishes to operate a fully integrated electronic/physical/human/procedural security system which will encompass all company locations in Kazakhstan and be monitored from a central operations control centre called SOCC (Strategic Operations Control Centre).
The papers aims at describing the planning, development and implementation of a multi-functional system that will allow Agip KCO to build up an integrated Telecommunication, Security, HSE-ER (Emergency Response), POB (People on Board) and relevant it infrastructure, at each location covering the following aspects:
Automated Tracking System
Vessel Tracking Systems
Integrated AgipKCO-wide Access Control System and Video-surveillance
Radio communication
This Project is envisaged as a future company wide multi-user system providing benefits to a range of user departments beyond merely the security role.
Chapter 1
1.1 Introduction
The first phase of the AKCO (Agip KCO) Kashagan field development, the Experimental Program (EP) is currently in construction and execution. This consists of the following:
14 production wells injection wells
The combined production capacity of these wells is up to 300,000 barrels of crude oil per day. The future plans for Agip KCO are quite phenomenal
The EP phase will be substituted by a Full Field Development (FFD) program,
This program will utilize the lessons learned from EP to expand production to 1.5 million barrels per day (MMBPD).
Furthermore the production will be acquired from more than 200 wells.
However, it is noteworthy that FFD is currently in the design phase, and construction is planned to begin after first oil from the EP project is delivered in 2010.
Figure 1 - Kashagan Timeline
At the present time, all phases of the Kashagan development are in progress:
The EP phase is under construction;
FFD is under design; and the Operations phase is currently in the planning stage.
This phase will eventually take over the EP program after construction and start-up is complete.
The Kashagan project is widely considered to be the most complex oil field development in history, primarily because of 2 reasons.
The oil extracted from Kashagan wells is extremely toxic, with a high concentration of lethal hydrogen sulfide (H2S) in the extracted natural gas.
Reservoir pressures range from 700-800 bar, requiring state-of-the-art compressors, which will re-inject sour gas (high concentration H2S) to dispose of H2S, increase oil recovery, and maintain pressure in the reservoir.
To minimize the impact of this complexity, AKCO puts a lot of emphasis on ensuring a secure business environment during the Project Construction Phase up to First Oil, by protecting people, assets and information. This will allow AKCO to achieve the following:
Its business goals;
Taking care of the security and safety of its employees;
Demonstrating social responsibilities; and Assisting in minimizing impact on the unique natural environment AKCO operates in.
The Safety, Crisis and Emergency Response Management procedures are currently under development. Complementing those developments, this security feasibility study analyzed the potential benefits offered by the development of advanced technology security services, including a central security platform for the SOCC. The study, in addition, took into account how other divisions' developments could be re-utilized or complemented through the technology developments for security.
1.2 Background of the study
Joel (2003) in his study point out that companies, today, are more and more dependent on information to make critical business decision. This information is usually stored electronically in computers or company servers. Critical business decisions are made by those at the top end of the workforce hierarchy, who have access to these computers and servers. Corporate profitability, human resource development, asset security are some of areas, which come under the scrutiny before making decisions. This positions the information gateway as the most critical and important asset for the company. A good corporate security policy, therefore, should include protocols to secure this information from both internal and external sources. Joel (2003) writes, security policy establishes what must be done to protect information stored on computers. A well-written policy contains sufficient definition of "what" to do so that the "how" can be identified and measured or evaluated. An effective security policy also protects people. Anyone who makes decisions or takes action in a situation where information is a risk incurs personal risk as well. A security policy allows people to take necessary actions without fear of reprisal. Security policy compels the safeguarding of information, while it eliminates, or at least reduces, personal liability for employees."
Even a basic information security policy should include a comprehensively-written plan of action, which clearly illustrates the priorities of the company when it comes to security. A comprehensively-written plan of action with regards to information security should, at least, include the following in order to not only react but also recover from most risky situations in the minimal possible timeframe:
Risk Assessments
Password Policies
Administrative Responsibilities
User Responsibilities
E-mail Policies
Internet Policies
Disaster Recovery (Backup and Restore)
Intrusion Detection (both physical and virtual) (Joel, 2003)
1.3 Research questions of this study
The core research question of this thesis is as follows:
How can advanced technology security services, including a central security platform for the SOCC be used to fulfill the security policy of the company?
Additional sub-questions are as follows:
How can advanced technology security services, including a central security platform for the SOCC be used to fulfill personal security?
How can advanced technology security services, including a central security platform for the SOCC be used to fulfill the physical security of company assets?
How can advanced technology security services, including a central security platform for the SOCC be used to fulfill the information security?
How can advanced technology security services, including a central security platform for the SOCC be used to fulfill the aims of corporate governance?
How can advanced technology security services, including a central security platform for the SOCC be used to fulfill fraud deterrence
How can advanced technology security services, including a central security platform for the SOCC be used to manage risk properly?
How can advanced technology security services, including a central security platform for the SOCC be used to fulfill the business continuity planning?
How can advanced technology security services, including a central security platform for the SOCC be used to manage crisis effectively?
How can advanced technology security services, including a central security platform for the SOCC be used to fulfill the company policies regarding environment, safety and health?
1.4 Justification of the research
To justify the research on television sponsorship, a few areas are looked at namely current sponsorship research, importance of television sponsorship, corporate sponsorship, neglect of the specific research problem by previous researchers, and usefulness of potential application of research's finding. First, a brief introduction as to why current sponsorship research is lacking.
Chaiw (2001) in his study points out that simply by protecting the information on computers, companies cannot assume that they are safe. The treats of the 21st century go well beyond hacking and stealing vital information. He writes, "Organizations face security threats from a wide range of sources and are vulnerable to attacks such as computer viruses, hacking and denial of service attacks. Information security by technical means is not sufficient and needs to be supported by policies and procedures (Chaiw, 2001)."
He explains his aforementioned point as follows, "Security policies are the foundation and the bottom line of information security in an organization. A well written and implemented policy contains sufficient information on what must be done to protect information and people in the organization. Security policies also establish computer usage guidelines for staff in the course of their job duties (Chaiw, 2001). System administrators and business owners have to acknowledge the fact that security threats exist and how to prevent and respond to them. Identifying and implementing suitable controls requires careful planning and participation of all employees in the organization is also vital for the success of information security management. Therefore, depending on the company's size, financial resources, and the degree of threat, we have to set up a security policy that finds the right balance between the overreacting and the vulnerable of exposing your system to any and every hack. The objective of a well written and implemented security policy is improved information availability, integrity and confidentiality, from both inside and outside the organization (Chaiw, 2001)."
Similarly, David (2002) outlines that all employees have got to comprehend the security policies the company has set up. They need to know what their responsibilities are not only as individuals but also as team members and corporate employees. David cites an excerpt from a corporate security document that illustrates his point: "A security policy serves many functions. It is a central document that describes in detail acceptable network activity and penalties for misuse. A security policy also provides a forum for identifying and clarifying security goals and objectives to the organization as a whole. A good security policy shows each employee how he or she is responsible for helping to maintain a secure environment (as cited in David, 2002)."
Therefore it is clear that companies have got to create security policies and educate their employees so that they are fully aware of not only the dangers that surround them but also respond to those dangers in an appropriate manner should any crisis unfold. This study aims at assessing the planning, development and implementation of a multi-functional security system that will allow Agip KCO to build up an integrated Telecommunication, Security, HSE-ER (Emergency Response), POB (People on Board) and relevant it infrastructure, at each location covering the following aspects:
Automated Tracking System
Vessel Tracking Systems
Integrated AgipKCO-wide Access Control System and Video-surveillance
Radio communication
It is noteworthy that Agip Kazakhstan North Caspian Operating Company N.V. (Agip KCO) is the single operator of the North Caspian Sea Production Sharing Agreement (PSA), which controls the development of 11 blocks in the Kazakhstan sector of the Caspian Sea. Preceding research studies in the area of corporate security and crisis management ignored Central Asia as a whole. Therefore this study will fill this vital gap and assess the planning, development and implementation of a multi-functional security system
1.5 the Methodology
Prior to developing this analysis, the current status of the technology services development for the security division has been understood. Based on review of existing documentation and on interviews, an as-Is document has been created to describe the current development status, including already developed and planned solutions. Together with the security current and planned capabilities, the as-is document includes information about the HSE and Operations technical development and plans, in order to better understand how those could be leveraged to support security needs.
The to-Be document provides an application blueprint and a technical blueprint presenting a high-level global view of a potential future AKCO technical security solution. The to-be blueprint has been developed leveraging the technology vision from AKCO security management department, and relevant industry benchmarks. It is based on the requirements expressed during the interviews with the AKCO staff.
The analysis will provide information on the relative benefits that the as-Is solution and the to-Be solution can bring to AKCO. The Analysis followed four options:
1.6 Delimitations of scope and key assumptions
The limitation of population, industries chosen, the locations chosen, environmental factors and variables that could not be controlled are briefly mentioned as followed. The population is about (Please insert the number of people interviewed), which is limited as it is on AKCO employees. The location chosen is Kazakhstan as the thesis is measuring the multi-functional security system being planned and developed for AKCO. The environmental factor that may affect the result is that AKCO may either change its plans or other companies in the oil business may adapt the same security protocols. Other limitation is that the data will be obtained at multiple points in time.
1.7 Conclusion
This chapter laid the foundation for the report. It introduced the research problem and research questions and hypotheses. Then the research was justified definitions outlined, and the limitations were given. On these foundations, the report can proceed with detailed description of the research, which is covered in chapter two.
The key achievement of this chapter is that it introduced the topic being studied and explained why the need to study it. Then it indicated the research gap and the purpose of the research. In addition, the chapter also looks into the overview of the research questions and issues, and how the problem is solved in a systematic way. Finally, the chapter looks into the justification of the research and the overview of the methodology. Next, the review of the previous research is being looked at.
Chapter 2: Literature Review
Jasu (2001) in his study point out that the 21st century economy has been revolutionized primarily by the digital revolution. However, this revolution has brought with it, enhanced corporate and organizational security risks. He explains, "The Digital revolution of the 21st Century has not been achieved without its consequences. Real time business requirements and economic drivers have forced rapid changes to the methods used to conduct business-to-business and business to client communication. The Internet has now become a convenient and economic deployment medium for global business (Jasu, 2001)."
He asserts that company security policy should be all-encompassing, and include not just digital information but also physical assets and its people. He writes, "Security policies govern the steps and procedures taken to protect business assets and confidential information from intrusion via the use of technology or physical intervention. When considering the possibility of transacting business over public networks, the goal should be how best to protect corporate ass etc., data integrity and confidentiality. Business assets can be considered to be and include items such as valuable and sensitive data that needs to be kept secure and confidential. For example financial data, client information or employee contract details. Business critical hardware such as routers, switches, network cables, firewalls, file servers, desktops, laptops, modems and backup systems are equally important to protect (Jasu, 2001)."
Similarly, Mike (2007) in his study reveals the various ways an organizations can face a security breach. He believes that companies need to not only secure their assets and people from external attacks but also from internal ones. In fact, the greatest threat, he believes, organizations face are from internal sources. He writes, "In order to secure and organization against internal incidents, it is important to understand what one is. An internal incident occurs when a resource inside of the organization is used in the attack. Examples could be anything from a resource accessed internally, an attack executed by an employee using the anonymity of the Internet to cover their tracks, to an outside entity that unknowingly factors into the execution of a security incident. It can even be an employee, contractor, or third party support technician who runs software or makes a change that has a negative impact on the organization. There are so many examples that many security administrators neglect to even consider when securing an organization (Mike, 2007)."
Sorcha and Sorcha (2007) in their study offer a number of suggestions and proposals for companies that are looking for a comprehensive security policy. They write, "It should be noted that there is no single method for developing a security policy or policies. Many factors must be taken into account, including audience type and company business and size, all of which are discussed in this paper. One other factor is the maturity of the policy development process currently in place. A company which currently has no security policy or only a very basic one may initially use a different strategy to a company which already has a substantial policy framework in place, but wants to tighten it up and start to use policy for more complex purposes such as to track compliance with legislation. When starting out it is a good idea to use a phased approach, starting with a basic policy framework, hitting the major policies that are needed and then subsequently developing a larger number of policies, revising those that are already in place and adding to this through the development of accompanying guidelines and job aids documents which will help support policy. The varying levels of maturity in policy development are discussed later in this paper in more detail (Sorcha and Sorcha, 2007)."
Chia Maynard and Ruighaver (2002) in their study point out that organizational security has become increasingly complex. The threats that companies face are interconnected and asymmetric in nature. Therefore, the response needed to tackle security issues should be interconnected and asymmetric in nature as well. They point out three common factors in all security policies. They assert that a comprehensive policy should:
Delay professional attackers and frustrate amateurs ones;
Include sensitive alarm systems;
Include security guard patrol;
Include security lightening;
Include close-circuit television;
Include a comprehensive security response or crisis management plan of action.
They assert that in a well thought out security plan; these indicators compliment one another to secure the organization from any security issue. Their model in addition, includes at least four levels of organizational security:
Environment blueprint
Electronic and mechanical control
Infringement identification
Video monitoring
Gonzalez-Herrero and Pratt (1995) in their study provide a crisis management model that illustrates the significance of managing the crisis before it occurs. Their model includes four variables:
issues management;
planning-prevention;
The crisis; and Post-crisis (Gonzalez-Herrero and Pratt, 1995).
Similarly, 12 Manage (2007 in their study point out that companies invariably will be confronted with a crisis. How they manage that crisis and how they manage the distribution of information to key media outlets are significant factors that will ultimately determine the negative/positive outcome (12Manage, 2007)
Infante, Rancer and Womack (1997) in their study point out the significance of the flow of information before-during-after a crisis has been held. They discuss the complexities of information portals and the communication hierarchy within the organization. They conclude that information, during a crisis, flows as a network, which is made up of members and links (Infante, Rancer and Womack, 1997). In this chapter we looked at some of the current organizational security concepts being used by companies all over the world. This has helped us understand the complexities of organizational security and crisis management issues.
Chapter 3: Methodology
By Choosing a methodology, a researcher implies the use of certain 'rules and procedures' with a different connotation and purposed, such as logic used for arriving at insights and as a means of communications, so that other people can inspect and evaluate the research" (Carson et al., 2001)
This chapter will focus on two aspects of the research:
The methodology being used to collect and analyse all the relevant data and the reasons and logics behind selecting a certain type of methodology over others available.
In order to clearly and implicitly illustrate the goal of this research, this chapter has been categorised into ten of subsections. The main subsection in this chapter includes:
1) Research Philosophy, 2) Research Approach, 3) Research Strategy, 4) Time Horizons and Research Type, 5) Data Collection Methods, 6) Semi-structured Interview, 7) Sample Description, 8) Data Quality Issues, 9) Analysing the Data and 10) Conclusion (Cohen, Manion and Morrison, 2000).
1.1 Research Philosophy
Qualitative research has two unique features: the researcher is the means through which the study is conducted and the purpose is to learn about some facet of the social world. Qualitative researchers are oriented toward the natural world; they try to understand people through multiple methods such as interactive and humanistic (Rossman and Rallis, 2003). Qualitative research draws many diverse assumptions from a complex field of enquiry. It focuses on context that is essential to assume that a sound understanding of human experience is gained by exploring these complexities. (Rossman and Rallis, 2003)
This thesis will use a qualitative format so that the intangible nature, characteristics and structure of crisis management can be clearly understood. This study uses a qualitative research design. Numerous studies have proclaimed and demonstrated that the qualitative format allows a very communicative, energetic, vibrant and evolving environment in which the researcher has the full liberty to design and structure the goal, principles, tactics, data, analysis methods, and verification strategies (Saunders et al., 2003). Furthermore, in this format, the researcher provides the main input as he has the freedom to modify the results as they develop. This is why every qualitative format becomes very personal and pertinent in its context (Saunders et al., 2003).
There are three main schools of thought for research and they are: positivisms, interpretivism and realism (Saunders et al., 2003). The positivist philosophy upholds that metaphysics does not exist and that knowledge is only what one can measure and calculate (Trochim, 2007). The interpretive philosophy promotes that human behaviour can be best understood by the pushes and pulls of the structural forces that exist in nature and by removing the bias of the both the researcher and the subjects (Contributions to Global Historical Archaeology, 2003). Realists assume that reality is 'out there' and 'real' but is only imperfectly and probabilistically apprehensible (Carson et al., 2001). Considering the delicacy and intricacy of our subject it would be much restraining to use either the positivist or realist notions, hence the interpretive notion will serve the nature of this research best. Most of the practitioners agree to the fact that the truth and veracity behind a situation needs to be thoroughly and clearly identified and assessed to comprehend or decipher its meaning and impact (Saunders et al., 2003). The main goal of this research is to describing the planning, development and implementation of a multi-functional system that will allow Agip KCO to build up an integrated Telecommunication, Security, HSE-ER (Emergency Response), POB (People on Board) and relevant it infrastructure, at each location covering the following aspects:
Automated Tracking System
Vessel Tracking Systems
Integrated AgipKCO-wide Access Control System and Video-surveillance
Radio communication
There will be some parts of this methodology that will incorporate the realist notion alongside the interpretive notion. There may to be some very large and influential social aspects of the internal and external environment of this company that cannot always be rightly interpreted or understood by the practitioner. In addition, these social structures could not be ignored if the researcher wishes to disentangle the real links and factors of corporate security specific to this case (Saunders et al., 2003). Hence, we will use the realist approach to analyse all the aspects, tangible and intangible, that affect security of this company. The interpretive approach will then be used to see how these security issues are understood and managed by the business managers.
1.2 Research Approach
The most common formats that are utilised for the applications of the different theories are, deductive and inductive. Since both these strategies are different in their structure and techniques, the conclusions that are presented will also appear distinct and separate. In the first strategy, the practitioner treats a theory as a suggestion and then provides supporting or contesting subject matter. In the second tactic, the information is always collected first and then assessed so that a theory can be formed within the diameters of certain situations (Saunders et al., 2003). There are some researchers who feel that the conclusions made through these tactics are not always the most satisfying or consequential, however, there are many who disagree with this perception and regard both these strategies as extremely useful. In this thesis, we will use the inductive tactic as it will allow the data to guide the research and theory building (Carson et al., 2001).
In an inductive approach, the researcher moves from the general to the specific, allowing the data to guide the research and theory building (Carson et al., 2001). This means that consistent patterns from the data will be noted to form either a theory or hypotheses about the multi-functional security system. The advantage of this approach is that it uses the inductive approach which will not only add to the deficient understanding that exists but will also add new knowledge to the subject matter. The inductive approach will help us find concrete evidence instead of mere overviews of the situation. This is because all the information will be collected and assessed and conclusions will be made. As Saunders et al. (2003, p.385) mention "the data collection, data analysis and the development and verification of relationships and conclusions are very much an interrelated and interactive set of processes." After that, all the conclusions will be put against the notions that already exist in relation to the multi-functional security system. These comparisons and conclusions will help us find the balance and the transformation of the theories in a practical setting (Saunders et al., 2003). Furthermore, the inductive method will help us in figuring out which theories are practical and applicable and which will be difficult for practitioners to employ in a practical and demanding setting.
1.3 Research Strategy
Credibility is important in any research strategy otherwise it will advocate bias distortion of data to serve the researcher vested interests and prejudices. Neutrality is also requires for any credible research strategy. (Patton, 2002)
Saunders et al. (2003) explained that the main tasks that need to be achieved in the research strategy section are:
1) the definition and explanation of the technique and process that will be used to collect the necessary data;
2) How this process is more applicable than others in terms of the objectives of the research;
3) All the potential limitations and challenges that might occur during the data collection and analyses process;
4) Indexing all the sources, suppliers and storage facilities that will be used for the data collection process.
After considering all the aspects of this study, the survey process seems to be most efficient method to adopt. Also, the success rate and accuracy of the survey process has been undeniable and has stood the test of time especially in a business study project like this one. Its accuracy lies in the indication of a targeted sample who is motivated to honestly answer a set of questions that have been designed by the researcher to help him clearly achieve his objectives. The advantage with the qualitative research is that it gives the researcher a very distinct data collection method at his disposal: interviews; which adds new dimensions to the discipline (Trochim, 2007). Trochim (2007) explains that these methodologies allow the researcher a certain level of plasticity that adds weight to the importance of the survey. This study will use an investigative semi-structured interview procedure to fulfil the aims of this study. The interview will be conducted with both the managers and their employees in the company.
1.4 Time Horizons and Research Type
The main aim of this study is to describe the planning, development and implementation of a multi-functional security system. This study is formatted as cross-sectional (the explanation of a specified incident or state within a timeline) and hence, will also correspondingly focus on the association that the changing styles of crisis management have with the development in the modern era. This will also be done with the help of pre-arranged and semi-structured interviews sessions which will be carried out over a designated timeline (Saunders et al., 2003).
The interview questions were derived from extensive and exhaustive literature review. The researcher also put in a lot of effort in designing and structuring the questions for the semi-structured interview technique. The researcher will assess all the related literature available while still keeping an open mind on taking a few more liberties that previous researchers had not taken. This will add a new dimension to the approach used in the thesis. In their study, Saunders et al. (2003) asserts that this form of liberty is not only indispensable but it is also very helpful in dealing with or adapting to an unpredictable situation. For example, by taking liberties, the researcher will be able to understand the limitations and strengths of the unpredictable situation. The main approach of this type of format is to start off by getting a broad or macro perspective of the situation or incident that is being researched and then become more precise and aim-oriented with time, that is, in the concluding phases of the study.
1.5 Data Collection Methods
The use of qualitative research in the social sciences has grown substantially since the 1980s and continues to expand (Huberman and Miles, 2002). Bouma (2000) explains that the qualitative studies are valuable in assisting a researcher to understand the social dynamics of societies and business alike as they focus on their traditions, principles, ethics, values, philosophies as well as behavioural patterns (Bouma, 2000).
Saunders et al. (2003) also backup the qualitative format by asserting that it helps the practitioner to identify the unofficial yet universal associations between the different elements that influence structure and activities. Furthermore, the qualitative research format also allows the practitioner to identify the fundamentals of all the choices, approaches, viewpoints and logics of their target audience (Saunders et al., 2003).
Qualitative formatted researches have got a sufficient amount of support from numerous practitioners. For example, Bouma (2000) asserts that with the qualitative research the practitioner can simultaneously gather and modify all the data that is being collected. He adds that in this format the researcher has a lot more face-to-face and intimate interactions with the sample which allows him to see more angles of the situation and understand the phenomenon that is being investigated a lot more clearly. This format of leadership also allows the researcher to add unperceived dimensions that emerged from the close contact with the interviewees (Bouma, 2000). Yin (1994) in his study explains that the importance of qualitative format is more within the social dynamics of research than the quantitative or statistical format because it helps the researcher to point out the new and generalised tactics, methodologies, preferences, and choices of the administrators and member of the business (Yin, 1994).
The consistent and investigative style or structure of interviews will be the main tool that will be used for the data collection process for this study. There are numerous studies as mentioned earlier that support the use of qualitative format of studies for the collection of in-depth and reflective data. Another advantage of conducting personalised and interactive interviews is that there is a greater and better chance of inducing honest and truthful answers from the samples, more so than any other survey (Sudman and Bradburn, 1982).
In addition to all the objectives, this thesis will also include the limited notions and structures that have already been explored and investigated in the past describing the planning, development and implementation of a multi-functional security system. The results of this thesis will be compared with the results of studies specified in the literature review. The main aim behind the inclusion of prior literature reviews and their conclusions can clearly identify the most useful method and notion for the data collection. Furthermore, it also presents all-encompassing, detailed and analytical deductions that can be attained after a successful survey has been carried out (Sudman and Bradburn, 1982).
Yin (1994) explains that the main benefit of the interview format is that it facilitates a healthy and interactive communication between the interviewer and the interviewee which as a result allows the interviewer to pay the highest attention to the topics and concerns of the goal and not digress. Furthermore, the interviews allow the practitioner or interviewer to get more in tune or familiar with the history and life of the interviewee which allows him to use his observations with much more awareness and perception. This in turn helps him make much more solid and authenticated deductions about the choices of the interviewee. This is something that is rarely ever achieved in other forms of surveys or studies (refs).
Apart from all the liberties and depths that can be attained with the interviews, it has to note here that there are disadvantages of using the qualitative formatted interviews as well. The one major weakness of this format is that it is completely based around the biases of the interviewee in his formulation, designing or delivery of the questions. Also, the answers can be biased or influenced by the practitioner who is probably looking for a certain answer and designs his questioning in a way that he gets that answer. Furthermore, the interviewees may choose to answer in ways that they feel are needed or wanted by the researcher instead of being honest and upfront with their true opinions. Also, the validity and verification of the answers is lost if the answers are not recorded as they are being given and instead have to be remembered later by the researcher (Yin, 1994).
The interview process helps the researcher attain three goals:
Personalise the structure i.e. The interactive and face-to-face setup of interviews allows the practitioner to engage all the individuals in the sample completely and truthfully so that he can acquire all the information he needs to structure a thorough thesis. This will also bring forward conclusions and theories that are inclusive of the traditions, philosophies and choices of the sample from a very personal and up-close angle (Tuckman, 1972);
Analyse and propose, that is, all prior notions can be tested, authenticated or refuted while newer or developed ideas and theories can be highlighted with the changing times;
Adapt and mix, that is, is it compatible to other research tactics in a constructive manner while at the same time allowing the researcher to identify new angles to an already recognised theory (Kerlinger, 1970).
The aforementioned aspects of the interview process are the main reasons why we have chosen to incorporate the process of interviews in this study. These interviews will not only help us to establish but also authenticate the thoughts and viewpoints that make the interviewees respond a certain way. Furthermore, they will help us identify new characteristics that were not visible before (Wilson and McLean, 1994). Additionally, it will help us recognise the changes that have taken place with regards to crisis management.
1.6 Semi-structured Interview
To fully utilise the advantages that the investigative or partially prepared interviews give to a study, one has to first identify their meaning. It is appropriate to use semi-structured interviews if the researcher knows enough of the topic to frame the needed discussion in advance (Morse and Richards, 2002). Wengraf (2001) explained that a number of interview questions are to be designed in advance for semi-structured interviews and the prepared questions are to be sufficiently open for further questionings. Riley (1996) defines semi-structured interviews as a process formulated for the attainment of an objective while at the same time designed to include the fundamental or history of the subject instead of just gathering numeric proofs (Riley, 1996). Yin (1994) explains that these forms of interviews allow the reality, irrespective of how brutal it is, to surface along with the opinions of those who are affected by it (Yin, 1994). Yin's definition is probably highlighting the most important facet of the semi-structured interviews. The semi-structured format is very flexible and does not need to be severely altered to be both official and non-official as the need arises.
The overall interview structure has been divided into numerous sub-sections so as to present a more cohesive, systematic, logical, flexible and easy to comprehend information and deductions from the entire literature review. For the sake of efficiency and familiarity, the set of questions will be copied and circulated amongst the targeted interviewees. Care will be taken that the set of questions are not restricting or rigid so that the interviewee can feel free to highlight the subjects that are his or her top priority. Morover, the interview can take on a new course as new questions can be formulated from the answers that the interviewees give or the subjects that they choose to talk about. This is the biggest advantage of having semi-structured interviews, questions can be asked pertaining to the situational setting of the interview as well as the main objective. The interview can be setup with both a video and an audio recording with the approval of the interviewee and can be recorded in writing as well. This written down interview format allows the interviewee to still be open to giving the interview even if his communication isn't up to the par or he/she is uncomfortable with getting everything he says being stored on tangible records (Saunders et al., 2003).
For authenticity and clarity in the concluding phases of the study, all the answers given have to be documented immediately. If all the answers are documented correctly, then the researcher can reference back and quote a response, adding realism to his presentation. It is also very crucial that the researcher does not allow his personal prejudices or preferences cloud his evaluation which is why it is wise to carry out individual analysis after every interview has been conducted. The privacy policy also needs to be exercised with efficiency and care so that the identification of the interviewees remain confidential, especially if they ask for it, and also because of the receptive or controversial outlook of the subject that is being highlighted (Saunders et al., 2003).
For the ease of deriving the connections between questions as well as the recognition of sub-questions, the study will employ the facilities of a flow chart to list all the necessary and relevant questions. There are numerous studies that support the use of a flow chart proclaiming that an illustrative representation of the questions allows the researcher to explore the best ranges towards approaching a subject. Furthermore the flow chart will help in recording and analysing the answers a lot more easily and quickly (Cohen, Manion and Morrison, 2000).
Questions that are designed for interviews have three main categories, a) a structured-question format where all the questions are pre-arranged;
b) a semi-structured -- question format where there is a pre-arranged set if questions available to the interviewer who also has the liberty to add questions pertaining to the situation or the answers of the interviewee; and c) an unstructured-question format is made up of complete improvisation; it is up to the researcher to choose any of these formats after deciding on the extent and size of the targeted sample. The smaller the group, the more unstructured the interview can be. However, with a larger group and limited timelines, a structured interview is the best way to go (Cohen, Manion and Morrison, 2000).
The semi-structured format of interviews, which is being used in this study, is most useful when the sample size is relatively smaller, restricted and precise. It is understood here that the use of the semi-structured format will take up time as the interviewer will need to skip through all the information thoroughly before he can include what he feels is relevant and disregard that which is not relevant. This is why defining the timeline is so important in any form of study that is being done with the use of surveys (Cohen, Manion and Morrison, 2000).
1.7 Sample Description
Qualitative research designs tend to work with a relatively small number of samples. (Silverman, 2005). Since there is no statistical support or guidance, the sample size usually serves as a function of the purpose of the study in the light of its sampling frames and of practical constraints (Punch, 2000). Therefore, for this study we will focus on a smaller and restricted sample. Numerous studies have supported that to fully understand the background of a subject or a situation, a smaller sample size is always more appropriate and accurate than a larger one (Saunders et al., 2003).
One of the restrictions of a qualitative study is that it is always constrained within the characteristics of the sampling tactics used because the main aim of the qualitative research is to be receptive towards the logic behind the existence of a phenomenon (Bouma, 2000). This is one of the main reasons why the non-probability strategy of sampling is employed by a majority of the practitioners examining a societal phenomenon (Saunders et al., 2003). The reason behind the popularity of the non-probability tactic is that it incorporates an extensive spectrum of strategies that are formed on the individual needs and logics.
Since this study has a specified targeted sample and is investigative in nature, we will use the "purposive" or "judgemental" tactic for sampling within the popular non-probability sampling technique. This will help in selecting the sample with a particular criterion in mind (Saunders et al., 2003). Furthermore, the purposive tactic also ensures that the sample is knowledgeable and opinionated, which means that a clear identification of the social phenomenon being investigated has to be made before the researcher can choose his targeted sample. Saunders et al. (2003) explain that the researcher cannot have the sample be made up of all the citizens because of physical and financial deficiencies.
It is very important that all the answers are analysed carefully and appropriately and the reactions of the knowledgeable interviewees are used to add new dimensions to the subject at hand. This is so because these answers are the only source of validating all theories and activities discussed in the paper. Also, these answers will help us see tentative patterns and differences between the various stages of the planning, development and implementation of the multi-functional security system. This is why it is very important that all the questions in the interviews are designed to understand the phenomenon being investigated (Wilson and McLean, 1994; Sudman and Bradburn, 1982).
The overall sampling procedure will be casual and personal contacts or associations will be used because it will prove to be difficult to officially gather the subjects who will work with the practitioner in the attainment of specified objectives within such a short timeline. There will be a need for communal cooperation as many of the social contacts will be used to conduct non-certified interviews (Sudman and Bradburn, 1982).
1.8 Data Quality Issues
Qualitative data refer to information gathered in a narrative form, for example, through interviews, focus groups and observations (Cavana et al., 2001). It is important to give a strong sense of consistency, authority and verification to the structure of the study so as to increase the possibility of honest, helpful and accurate responses from the interviewees (Saunders et al., 2003). Consistency mainly means that other studies in the same area have shown similar deductions and statistics. Authority and verification mainly means that all the challenges and hurdles are accurately represented and all the methods or formulas used in the numeric representations are backed up with authenticated sources (Bouma, 2000).
Saunders et al. (2003) in their study highlight the two most common partialities that are associated with the consistency of deductions. These two partialities are:
1) the design and delivery of the questions by the interviewer (i.e. pitch, vocabulary, etc.) and 2) the beliefs or perceptions of the interviewer which can drive the entire structure of the interview especially a semi-structured interview towards the verification or refutation of a particular phenomenon (Saunders et al., 2003).
Considering these two forms of research bias, the interviewer will be extremely careful in designing the questions in such a way that they (the questions) seem fair and impartial.The building of confidence and reliance between the interviewee and the interviewer is very important as well. It has to be noted here that partiality can exists from the interviewee's side as well, especially if they have reservations on the subject being investigated or try to highlight either the constructive or unconstructive aspects of the subject instead of clearly proclaiming their opinion (Saunders et al., 2003).
1.9 Analysing the Data
Perhaps the most useful and efficient way of analysing and using qualitative information is by spearing all the data in numerous sub-sections which are evaluated separately and then the conclusions are compared and put together. The important thing to realise here is that there is no universally recognised procedure to analyse the qualitative data (Saunders et al., 2003). Although there is an increase in the sheer number and the widening range of qualitative research studies, there has been no parallel proliferation of studies of the actual process of doing qualitative research (Huberman and Miles, 2002). In this thesis the researcher will analyse all the information in context to the entire spectrum of possible notions or strategies that have already been discussed within the phenomenon being studied. This will allow the paper to follow the original objectives of the researcher and the entire methodology of collecting the information will be structured on the basis of previously experimented systems (Yin, 1994). All the conclusions made will be in correspondence to the notions and theories used. Therefore, during the discussion of the deductions, the researcher will clearly define where the focus of the study shifted based upon the original objectives and the interview session (Saunders et al., 2003).
When all the conclusions are being corresponded to their respective theories, there is a chance that the researcher will identify some conclusions that will bring forth new insights that were not available previously when evaluating the planning, development and implementation of a multi-functional system. The new theories will hence need to be thoroughly and verifiably explained so as to be taken seriously and the authenticated associations between these theories and this study will need to be highlighted. All the evaluations and assessments will be made during the data collection process as well as after the entire information has been gathered (Saunders et al., 2003). Saunders et al. (2003) further explain that the data collection and evaluations process allows the researcher to identify and understand the basic ideas and connections of the subject or phenomenon being investigated.
1.10 Conclusion
The objective of this research is to examine the planning, development and implementation of a multi-functional security system. The entire study will be formed on the professional ethics and principles that are believed by the researcher. The study will not disregard the self-respect of individuals or societies and will work within the realms of social integrity. The ulterior motives behind this study are the recognition, facilitation and growth of crisis management as opposed to merely studying them in accordance to the aims of the practitioner. Furthermore, the likely influence of the study is that it will augment the interest and awareness on the subject as well as provide a foundation for the future researches to base their work on (Wilson and McLean, 1994).
Chapter 4: Results
Option 1: This option represents the baseline of the analysis and outlines the current Agip KCO security strategy. Since Agip KCO is currently in the development phase, there is an incomplete "as-is" picture of the security capability. There is however a planned course of action and list of capabilities being pursued at each site. The compilation of these capabilities will represent Option 1.
Option 2: This option uses the baseline capabilities established in Option 1 and additional proposed capabilities that will encompass a new security strategy, as described in the to-be document - phase 1. This option provides access to all necessary information with limited integration.
Option 3: This option represents a third security strategy. It extends on the development of Option 2. It provides a highly integrated solution for AKCO Security, and includes advanced security services, as described in the to-Be document - phase 2.
Option 4: This option represents a final security strategy. It provides the same capability as Option 3. However, it does not rely on a phase development approach. It seeks to provide a fully integrated security strategy upfront.
Figure 2 - Security Options
In order to achieve an overall costing of the different options, each location will be classified by its level of security requirements. This will enable to rationalize the diversity of the sites, and achieve standardization for the recommendation.
Site Type 1: This type of site will establish the baseline security capabilities what will be consistent across all Agip KCO sites. Most sites that fall into this category are office locations that do not include hazardous and sensitive areas or materials.
Site Type 2: This type of site will have elevated security capabilities above site type 1 that will fulfill the security standards for facilities where hazardous and sensitive areas or materials can be found.
Site Type 3: This site type includes extremely sensitive facilities where the highest level of security is required. These sites will have all of the systems of the Site Type 1 & 2, with additional, more sophisticated security requirements and systems.
Security benefits are focused on site access controls, rules enforcement and asset protection. The economic benefits of security are going to be non-quantifiable.
The analysis will be composed of 2 parts. The first section will focus on intangible benefits for AKCO. The second section will concentrate on costs associated to the security development. Whenever possible, financial benefits will be included too.
3. The Security Enhanced Role
The SOCC application capabilities will be aligned with the four main security responsibilities:
Intrusion Detection and Response
The Security Division has responsibility for putting in place processes and systems that enable the detection of intrusions and their management through appropriate responses.
Rules Enforcement
The Security Division is in charge of putting in place processes and systems to enforce the application of security rules. The main operated controls are physical access controls (to grant or deny access).
Asset Security
The Security Division is responsible for putting in place processes and systems to ensure the valuable company assets are efficiently protected against theft, intentional misuse and destruction.
Incidents Reporting
The Security Division will need to do internal reporting on top of the incidents data. This will further lead to analytics in order to drive the security operations according to the risk management process. Specific KPI may be identified and monitored to help assessing the security division efficiency.
4. Security Findings
The as-Is and to-Be analyses uncovered important information related to the technology security options. The following summarizes the findings of both documents.
As-Is
The research and interviews conducted during the early phase of this study demonstrated that Agip KCO is already fairly advanced in providing security and HSE infrastructure for each of the sites in Kazakhstan. An extensive infrastructure base already exists or is planned on which to further develop security capabilities.
The security capabilities are currently distributed across all sites, and there is limited central capability to monitor information at the country level, based on manual information collection. Some of the information of interest to security is currently being gathered by other departments, especially through the capabilities implemented by the HSE department. Given that HSE has different strategic objectives than security, the information gathered through their technical infrastructure does not exactly fit the needs of security. However, information gathered by HSE could be leveraged in the security capability, to avoid infrastructure redundancy.
Based on the AKCO security strategy, the current, perceived Security Risk Profile of Kazakhstan can be classified as low to moderate. There have been no recorded terrorist or militant actions against AKCO assets or people during the last 3 years. It is expected that the continued investment in local content by Agip KCO including providing support to local security authorities should help keep these threat levels stable. Therefore site security targeted to prevent terrorism and vandalism are not of the highest priorities.
However, one of the priorities is to prevent unauthorized site access. It is necessary for security to instantaneously know who is present in each site, ensure access to only authorized personnel and detect intrusion attempts. As an example, offshore sites are especially sensitive and therefore have very strict security guidelines concerning access. In order to fulfill these guidelines, the security division is looking to improve the physical security rules enforcements and the intrusion detection capabilities by monitoring and controlling personnel boarding all vessels and helicopters, before they leave for the offshore facilities.
Another concern is based on contractor management. Currently, security on local sites is managed through various contractors, and there are no formal processes or capabilities in place to control the efficiency of their activities. The security division is consequently looking for a solution to improve its control over these important field security capabilities.
To-Be
The to-Be solution outlines a number of capabilities that could be added to the technical security solution. This solution is articulated around two main points: the centralization of services and the development of innovative technology solutions in addition to the planned infrastructure.
This to-be application solution is based on the following assumptions regarding the security data needs:
The Security Division will be allowed to obtain data from the following external systems
ATS (Automated Tracking System)
POB (People on Board)
Vessels / Vehicles / Helicopters tracking
Radar
Possible FLIR (forward looking infrared) systems on vessels and off-shore facilities
GIS digital maps
SAP
Fire & Gas alarms
Pipe Monitoring and Valve Station Monitoring
The Security Division will be allowed to access the following end-user applications available to other divisions' operators, potentially with restricted rights
ATS
POB
Vehicle / Helicopter tracking.
Centralization of services
Agip KCO Security Operations identified a need to have a Strategic Operations Control Center (SOCC) which held access to strategic information from all sites in Kazakhstan. Within the SOCC, Agip KCO could provide a Security Application Portal that would show correlated information from all available sources. This application should be able to either access or launch other departments' applications, such as the POB (People on Board) information system, or integrate data representation directly, such as RADAR and Vessel tracking information. Ultimately, this application would also provide an integrated overview of all strategic information valid for AKCO in the form of a map that raises alerts to a specific site/region when issues are detected. When an alert is raised, all relevant data for this alert could be instantaneously presented to the operator, including associated video feeds, detailed personnel location tracking and profile, etc.
Centralization of security operations requires improving integration of AKCO infrastructure components. If possible, shared integration architecture could be provided to all departments to ease data exchange. However, the financial analysis of the proposed integration architecture presented in this analysis is specifically for the Security division.
In a first phase, the SOCC application will present all security data in a synthetic way within a central application. This will provide a capability for remote monitoring of local security activities.
The Security Department will use the SOCC to decrease risk on sites through a further monitoring service and improve its service levels. In a second phase, the SOCC will eliminate the need for part of the other department's applications. This may be done by integrating all strategic data in an enterprise-level viewing application. The use of advanced and innovative technology developments will enable all divisions to draw information from the central SOCC system for their own departmental objectives.
Advanced services
To further improve security operations, technology may provide additional controls on top of the base capabilities. Advanced data analysis or emerging technologies can support the development of improved security services. Identified technologies in the to-be solution include:
Voice over IP (Internet Protocol) can reduce infrastructure and telecommunication costs, while improving network reach. It also enables a more flexible control and monitoring of communications.
Data integrity verification based on the different data sources accessed by the security division may trigger additional security alerts.
2-Factor identification through a combination of access cards and biometrics, thus improving the restriction of access to highly sensitive areas
Advanced video analytics supporting the surveillance of the security staff by identifying specific behaviour and events in the video streams.
Additionally, asset security represents a concern for the security division. A specific asset security capability may be supported by a Track & Trace application. Attaching GPS (Global Positioning System) and sensor enabled token to sensitive mobile assets can significantly improve the visibility and security of those assets. A central view of all assets could be provided on a map and additional security controls realized for the asset storing locations.
Overall, the proposed to-be application will be a unique entry point to access to all information needed by the central security operators and present it in through a synthetic, enriched visualization.
5. Security Benefits Analysis
The benefit of a security operation is inherently non-financial, since its objective is not to increase profit but to avoid losses through risk analysis and mitigation. This may be seen as financial savings, however when security operations work successfully, there are no relevant associated costs besides operations expense. The financial benefit of security can therefore only be realized when it fails, in the event of an intrusion and subsequent business disruption or theft. Only in this case, security's financial benefits can be quantified. Even impact associated with business disruption in AKCO's current construction phase is difficult to quantify since there is no production revenue being delivered. However, there are numerous intangible benefits that can be realized by enhancing security operations. These benefits are discussed in this section.
The first step in the benefits analysis was to understand what the security department's strategic objectives were and determine if the proposed solutions helped AKCO meet these objectives. Through this analysis, it was discovered that the main goals of the security study were to improve site and asset awareness, facilitate effective and efficient incident response, and enable centralized control capabilities.
Upon evaluation of these strategic objectives, it was clear that centralizing operations through a SOCC would be essential to realizing the remaining objectives. From a highly integrated SOCC, security operations could have the necessary information to perform risk analysis and facilitate effective incident response with enhanced communication capabilities and universal visibility of all AKCO sites. In addition, the SOCC may bring remote control tools to improve the monitoring of security contractors, while a centralized operating model could also help streamline business processes, another security objective. Additionally, the security department sought to realize secondary benefits from a business strategy. Some of these secondary benefits included improving operations efficiency and allowing informed decision making. Beyond the benefits specifically pursued by the security department, it was discovered that some indirect benefits could be realized through implementation of some added functionalities.
The figure below provides a list of these benefits.
Figure 3 - Security Benefits
Some of the benefits were also discovered to be AKCO strategic objectives. Among these was the objective to improve collaboration between AKCO departments. It was discovered that the improvement of security operations and enhancement of communication capabilities would allow the security department to support other functional areas such as HSE in emergency response situations, maintenance by helping ensure the correct personnel are working in their assigned areas.
6. Different Options scenarios
Option 1
As previously described, Option 1 provides the baseline for this study. This option is comprised of the capabilities already in place and those planned for by AKCO or in the process of implementation. The Option 1 strategy utilizes some advanced security for all sites, while helping to empower Kazakh economies by outsourcing some site operations to local contractors.
The following diagram is a schematic view of the un-integrated silo applications that compose the as-is application
Unfortunately the security strategy up until this point has been a point source strategy that developed a separate strategy for each site, with minimal centralized control. With this strategy it is difficult to perform essential risk management processes. It is also difficult to monitor contractors and time consuming to reconcile the momentary status of security across the company since data, where available, is stored separately for each site. There is also minimal integration or collaboration with other AKCO departments, which hinders security's ability to provide support to other departments, such as HSE in incidents of emergency response.
Option 2
Fundamental to the capabilities proposed in Option 2 is the centralization of security operations infrastructure and integration with other departments. This option would represent a first autonomous implementation step of the SOCC at the security level. In this option, the centralization is based on access to other departments' applications (e.g. POB, vehicle tracking, etc.). The integration of data from other departments into a central application will only be provided if additional dedicated processing for security is required (e.g. vessel tracking, RADAR). This approach therefore leverages all other departments' developments, and limits the duplication of data and functionality. It should be noted that although central security administrative staff would be able to navigate to different departments' applications, these applications were not necessarily built with the security needs in mind. Modifications may be necessary to make information relevant to security.
The SOCC would allow security to monitor all KCO sites throughout Kazakhstan, providing instantaneous visibility of all personnel, and camera video streams. One key capability of the SOCC will be the ability to have a centralized control (management and configuration) of both the Access Control System and the Intrusion Detection System. Therefore, the management of personnel credentials and site security configuration can be done centrally (granted or denied). This will enable Agip KCO to enforce consistent security policies across all sites, and limit the risks associated to a local administration by local contractors. It will also speed up the registration process for new personnel, therefore potentially reduce or identify unnecessary alerts and subsequent incident response.
Through enablement of the SOCC, a security KPI (Key Performance Indicator) application will also be built to allow KCO security management to improve the risk management process and to monitor its contractors. This application can draw important site information from those KPIs: the number of issues at entry points, the number of false alarms, or the number of trespassing in red zones can be critical information for site management and security improvements.
Option 2 will also improve security response through the automation of security processes. The centralization and sharing of data with HSE will ensure that each department is presented with complete and not-conflicting information, in a timely manner (near real-time). Analytical capabilities combined with enhanced communication allow security to provide necessary support during emergencies, as efficiently as possible.
Collaboration between the local and the central security control rooms will be enhanced through the use of video conferencing capabilities, helping create a "team" environment, rather than the standard client vs. contractor dynamic. In this type of environment, local security operators (contractors) can quickly be informed of centralized information, for instance, in case of emergency. Additionally, the local teams will be able to report incidents electronically. This will enable better reporting, access and centralization of information.
Option 2 will also ensure the basis for future technical development (e.g. elements from Option 3) is in place. The architecture will be designed to be open in order to easily implement additional systems. The separation of different layers of presentation, business logic, integration and data, will ensure flexibility to enable access of information from disparate data sources. It will also enable AKCO to distribute security information through a normalized approach (SOA). Additionally, it will facilitate the extension of the system to cover operator requirements.
Option 2 is limited to the minimum requirements to ensure that AKCO have the security capability necessary to operate at First Oil. The security division will need at this stage to interface with non-integrated applications. Some of those applications have been designed for other departments and might not be optimized for the needs of the security operators. Additionally, some potentially useful advanced technology solutions (provided in Option 3) are not included in this solution.
These capabilities will have the additional benefit of improving AKCO employees' perception of personal security.
Option 3
Option 3 presents an additional level of integration for SOCC applications and more advanced solutions in the proposed technology solution. In option 3, the final enterprise-level SOCC applications would directly be implemented at an enterprise-level without starting with a security division level SOCC. The final SOCC solution leverages the latest technology innovation capabilities to deliver additional benefits to Agip KCO security operations. In this option, security personnel will have access to all security related information, whatever their source, within a single location based application. This will enable him to better correlate various sources of information based on location searches, and therefore enable even quicker reaction to incidents.
The integration of additional external data will enable security operations to benefit from a more in-depth incident reporting capability. The addition of a simulation engine will enable a better incident investigation replay capability or "what-if" simulation. This will therefore facilitate and quicken incident analysis, as well as enable improvement of security processes where necessary as shown in the following diagram:
Option 3 also includes the addition of advanced data and video analytic services. These advanced capabilities can help the operator focus on only those incidents and videos where suspect behaviors are detected. More than motion detection, this could help detect intrusion attempts, vandalism or aggressions through analysis of behavior patterns. The combination of the video streams with other security data (e.g. ACS, IDS) can support early incident identification. For instance, it can raise issues if there are discrepancies between what is expected, such as the number of people in an area, versus what is seen on the video. This would improve the efficiency of the security operators by automatically drawing their attention to the most important video feeds.
Additional layer of access security for highly sensitive areas will also be enhanced in Option 3. For instance, the addition of biometrics checks before granting access will help ensure that access badges can not be exchanged to gain access. Advanced security gates can also add an additional security layer to better control access to sensitive areas.
Option 3 will also add an asset tracking capability to the security application. Asset tracking will be presented based on the location of assets, through use of track and trace solutions, based either on RFID or sensors. The tracking of hazardous or precious material is important for AKCO, and it is the responsibility of the security department to avoid theft, deterioration or misuse of this material. Advanced analytical capabilities proposed for use in the SOCC would enhance security's ability to investigate incidents. The SOCC would also allow security to monitor all KCO sites throughout Kazakhstan, providing instantaneous visibility of all assets.
Option 4
Option 4 has the same security capability as Option 3, and therefore the same benefits. The difference is in the development approach. While Option 3 is based on a phased approach, Option 4 is going to develop the complete solution in a single step.
By utilizing the Option 4 approach, Agip KCO could reach the benefits of a fully integrated solution sooner. This SOCC application would be used not only as a security application but also by other divisions (Emergency Response, Pipe Maintenance, Oil Spill).
The corresponding application blueprint is represented in the following diagram:
This enterprise-level SOCC solution includes data from Emergency Response, Security, HSE and others divisions. Its main purpose is to be used as a common Strategic Operation Control Centre across Agip KCO divisions.
In parallel, the security efficiency may be increased with the use of innovative technologies (eg. advanced analytics) and a specialized Asset Security application. Those additional recommendations aim at further improving the security results. They are suggested to the Security division as optional features.
The implementation of each such additional security feature should be the object specific cost/benefit analysis. This analysis should take in consideration the risk level of the security incident they are looking to prevent. For this purpose, the use of the central incident reporting application, as implemented in earlier phases, may provide quantitative risk measures.
7. SOCC Portal
The Strategic Operations Control Centre portal application is used as the central access point to strategic information.
The Strategic Operations Control Centre application provides:
way to manage incidents with advanced situation awareness strategic view for crisis management synthetic live view of all the strategic data for the Security Division synthetic view of incidents details simplified view to access other security applications
The SOCC should additionally enable the replay of existing data in order to investigate previous situations or re-use past experiences to train SOCC users. Eventually, the SOCC application should enable the simulation of situations created to study "what-if" scenarios.
Asset Security specific Track & Trace solution will be put in place for highly sensitive assets. On the application side, this system should enable to access detailed information regarding the asset, like its history, status, and location.
Advanced Analytics
Advanced analytics tools will be provided in this phase to the central Security operators.. This additional data processing will enable to exploit further the data available to derive additional business understanding. The end goal is to improve security decision-making.
Incidents Management Applications
Incident Report Input Form When a security alert is triggered, the incident report input form will be automatically filled in with the security applications data at each local sites. The guard will then only complete the remaining information. Local and central snapshot information may also be automatically attached to the incident report.
Incidents Processing the incidents management application will automatically support the communications required to inform an employee that he has been assigned an action linked to an incident. For example, the maintenance team should automatically receive a message if a security officer identifies an issue with a CCTV camera.
Incidents Reporting the view of statistical security data should be improved based on the feedback from the users of the Option 3 tool. The initial application aimed at providing the mean to access reports and KPI, additional automation or advanced presentation features will be integrated to improve the application efficiency (e.g. additional links, shortcuts, automation of repetitive steps).
IDS Administration
The IDS administration application could further evolve to reduce time required for day-to-day activities (3D zones definitions, on-demand system check). This evolution will be based on expressed requirements of the Option 3 users.
You’re 80% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.