Excaliber Security Services LLC

Overview

Excaliber Security Services LLC’S consulting methodology follows industry leading best practices to:

The direction and scope of each individual engagement is determined in partnership with the client. The process is focused on answering the following questions:

1. What Do We Need to Protect?

Asset identification defines the people, facilities, financial assets, goods, intellectual property, information, and intangibles such as business reputation and employee perceptions of a safe working environment that comprise the set of valuables the organization has a business need to protect.

2. What Should We Protect Against?

Threat assessment identifies the full range of reasonably foreseeable threats to those assets. This phase includes an analysis of the client’s business and its unique risks and loss statistics from the immediate and surrounding areas, as well as an examination of nearby facilities that could impact the client’s organization if certain types of emergencies occur. Examples of such facilities would be chemical production and storage facilities, nuclear power plants, airports and railroads. This process often reveals issues not previously considered by the organization.

Risk assessment evaluates the likelihood, severity and impact of potential adverse events and identifies the subset of events that present the greatest exposure for unacceptable losses. These may take the form of direct financial costs, loss of personnel, facilities, goods, or information, production down time, or loss of confidence or reputation.

This part of the process includes an evaluation of what losses can be tolerated if they should occur, and what levels of loss would cause unacceptable damage to the business and are therefore worth expending resources to prevent. This step forms the basis for determining what needs to be addressed, and how those needs should be prioritized.

3. How Well Are We Protected Today?

Vulnerability analysis examines the personnel, facilities, policies, procedures, physical and electronic security devices, response capabilities, mitigation measures and external support currently in place. Its purpose is to identify gaps where existing protective measures are insufficient to prevent losses at levels established as unacceptable to the organization during the risk assessment process. Our deep understanding of exposure elements and how they are likely to be viewed and exploited by potential adversaries is critical to the success of this phase.

A key part of this analysis is the 6D examination. Many organizations falsely assume that their assets are protected because an attack against them will be recorded by cameras or reported to a security command center or a law enforcement agency. However, reporting alone does not protect assets from compromise. In order for a protective strategy to succeed, the entire sequence of:

must be executed in a time frame shorter than the time it takes for someone to compromise the asset. A professional examination often reveals major gaps and risks to the organization.

4. What Can We Do to Protect Ourselves Better?

Prevention and mitigation strategy development identifies effective methods for avoiding or reducing loss exposure to acceptable levels and accurately defines the costs associated with those measures. This process yields a range of options and costs for consideration by the leadership of the organization. A small sampling of some of the areas where productive mitigation strategies are often identified include:

5. What Should We Do?

Recommendations cut through an often bewildering range of options by creating a suggested road map for reducing the organization’s risk exposure to acceptable levels on a planned timetable and budget. A solid plan is based on a “defense in depth” that places multiple layers of appropriate protection around the organization’s most valuable assets. Each layer presents obstacles of deterrence, denial, detection, delay and defense (response) to an adversary and provides the organization and its public safety support services with adequate opportunities to intervene and mitigate harmful events before they significantly affect critical assets. The end product is a clearly defined set of mutually reinforcing preventive and mitigation measures selected for optimal alignment with the organization’s needs, priorities and resources.

6. What Will We Do?

Decisions are made by the organization’s leadership in partnership with our consultant to select and prioritize recommendations for action. In many cases, this produces a multi year plan for progressively reducing risk over time.

7. How Should We Do It?

Implementation moves the selected recommendations from planning to completion. This phase includes the development of designs, specifications, requests for proposal, bid packages, vendor selection, construction oversight, and inspection and commissioning of completed work.

8. What Did We Achieve?

Measurement provides a quantifiable look at the effects of the changes to see if the desired results have occurred. These may be measured by reductions in direct losses, reported incidents, employee or client complaints, equipment or production down time, or other appropriate metrics.

9. Where Do We Go From Here?

Preplanned reassessment over time recognizes the fact that the only real constants are an always changing threat environment and ever present limitations on resources. It examines internal and external changes that may alter threats, risks or vulnerabilities on a preplanned schedule and considers what adjustments should be made to the security program to keep it current.

It helps determine if existing efforts should be increased or scaled back, or if new strategies and tactics are called for to keep risks within acceptable parameters under the post 9/11 world’s ever changing security and economic conditions. This process keeps the security program aligned with the organization’s strategic direction and ensures that business needs continue to be met through optimal use of available resources.