They need to know what their responsibilities are not only as individuals but also as team members and corporate employees. David cites an excerpt from a corporate security document that illustrates his point: "A security policy serves many functions. It is a central document that describes in detail acceptable network activity and penalties for misuse. A security policy also provides a forum for identifying and clarifying security goals and objectives to the organization as a whole. A good security policy shows each employee how he or she is responsible for helping to maintain a secure environment (as cited in David, 2002)."
Therefore it is clear that companies have got to create security policies and educate their employees so that they are fully aware of not only the dangers that surround them but also respond to those dangers in an appropriate manner should any crisis unfold. This study aims at assessing the planning, development and implementation of a multi-functional security system that will allow Agip KCO to build up an integrated Telecommunication, Security, HSE-ER (Emergency Response), POB (People on Board) and relevant it infrastructure, at each location covering the following aspects:
Automated Tracking System
Vessel Tracking Systems
Integrated AgipKCO-wide Access Control System and Video-surveillance
It is noteworthy that Agip Kazakhstan North Caspian Operating Company N.V. (Agip KCO) is the single operator of the North Caspian Sea Production Sharing Agreement (PSA), which controls the development of 11 blocks in the Kazakhstan sector of the Caspian Sea. Preceding research studies in the area of corporate security and crisis management ignored Central Asia as a whole. Therefore this study will fill this vital gap and assess the planning, development and implementation of a multi-functional security system
1.5 the Methodology
Prior to developing this analysis, the current status of the technology services development for the security division has been understood. Based on review of existing documentation and on interviews, an as-Is document has been created to describe the current development status, including already developed and planned solutions. Together with the security current and planned capabilities, the as-is document includes information about the HSE and Operations technical development and plans, in order to better understand how those could be leveraged to support security needs.
The to-Be document provides an application blueprint and a technical blueprint presenting a high-level global view of a potential future AKCO technical security solution. The to-be blueprint has been developed leveraging the technology vision from AKCO security management department, and relevant industry benchmarks. It is based on the requirements expressed during the interviews with the AKCO staff.
The analysis will provide information on the relative benefits that the as-Is solution and the to-Be solution can bring to AKCO. The Analysis followed four options:
1.6 Delimitations of scope and key assumptions
The limitation of population, industries chosen, the locations chosen, environmental factors and variables that could not be controlled are briefly mentioned as followed. The population is about (Please insert the number of people interviewed), which is limited as it is on AKCO employees. The location chosen is Kazakhstan as the thesis is measuring the multi-functional security system being planned and developed for AKCO. The environmental factor that may affect the result is that AKCO may either change its plans or other companies in the oil business may adapt the same security protocols. Other limitation is that the data will be obtained at multiple points in time.
This chapter laid the foundation for the report. It introduced the research problem and research questions and hypotheses. Then the research was justified definitions outlined, and the limitations were given. On these foundations, the report can proceed with detailed description of the research, which is covered in chapter two.
The key achievement of this chapter is that it introduced the topic being studied and explained why the need to study it. Then it indicated the research gap and the purpose of the research. In addition, the chapter also looks into the overview of the research questions and issues, and how the problem is solved in a systematic way. Finally, the chapter looks into the justification of the research and the overview of the methodology. Next, the review of the previous research is being looked at.
Chapter 2: Literature Review
Jasu (2001) in his study point out that the 21st century economy has been revolutionized primarily by the digital revolution. However, this revolution has brought with it, enhanced corporate and organizational security risks. He explains, "The Digital revolution of the 21st Century has not been achieved without its consequences. Real time business requirements and economic drivers have forced rapid changes to the methods used to conduct business-to-business and business to client communication. The Internet has now become a convenient and economic deployment medium for global business (Jasu, 2001)."
He asserts that company security policy should be all-encompassing, and include not just digital information but also physical assets and its people. He writes, "Security policies govern the steps and procedures taken to protect business assets and confidential information from intrusion via the use of technology or physical intervention. When considering the possibility of transacting business over public networks, the goal should be how best to protect corporate ass etc., data integrity and confidentiality. Business assets can be considered to be and include items such as valuable and sensitive data that needs to be kept secure and confidential. For example financial data, client information or employee contract details. Business critical hardware such as routers, switches, network cables, firewalls, file servers, desktops, laptops, modems and backup systems are equally important to protect (Jasu, 2001)."
Similarly, Mike (2007) in his study reveals the various ways an organizations can face a security breach. He believes that companies need to not only secure their assets and people from external attacks but also from internal ones. In fact, the greatest threat, he believes, organizations face are from internal sources. He writes, "In order to secure and organization against internal incidents, it is important to understand what one is. An internal incident occurs when a resource inside of the organization is used in the attack. Examples could be anything from a resource accessed internally, an attack executed by an employee using the anonymity of the Internet to cover their tracks, to an outside entity that unknowingly factors into the execution of a security incident. It can even be an employee, contractor, or third party support technician who runs software or makes a change that has a negative impact on the organization. There are so many examples that many security administrators neglect to even consider when securing an organization (Mike, 2007)."
Sorcha and Sorcha (2007) in their study offer a number of suggestions and proposals for companies that are looking for a comprehensive security policy. They write, "It should be noted that there is no single method for developing a security policy or policies. Many factors must be taken into account, including audience type and company business and size, all of which are discussed in this paper. One other factor is the maturity of the policy development process currently in place. A company which currently has no security policy or only a very basic one may initially use a different strategy to a company which already has a substantial policy framework in place, but wants to tighten it up and start to use policy for more complex purposes such as to track compliance with legislation. When starting out it is a good idea to use a phased approach, starting with a basic policy framework, hitting the major policies that are needed and then subsequently developing a larger number of policies, revising those that are already in place and adding to this through the development of accompanying guidelines and job aids documents which will help support policy. The varying levels of maturity in policy development are discussed later in this paper in more detail (Sorcha and Sorcha, 2007)."
Chia Maynard and Ruighaver (2002) in their study point out that organizational security has become increasingly complex. The threats that companies face are interconnected and asymmetric in nature. Therefore, the response needed to tackle security issues should be interconnected and asymmetric in nature as well. They point out three common factors in all security policies. They assert that a comprehensive policy should:
Delay professional attackers and frustrate amateurs ones;
Include sensitive alarm systems;
Include security guard patrol;
Include security lightening;
Include close-circuit television;
Include a comprehensive security response or crisis management plan of action.
They assert that in a well thought out security plan; these indicators compliment one another to secure the organization from any security issue. Their model in addition, includes at least four levels of organizational security:
Electronic and mechanical control
Gonzalez-Herrero and Pratt (1995) in their study provide a crisis management model that illustrates the significance of managing the crisis before it occurs. Their model includes four variables: