BG Med Tech - Why All the Hush-Hush on the Lab...
Post# of 5949
Posted On: 04/26/2014 9:58:59 AM
BG Med Tech - Why All the Hush-Hush on the Lab...
It's time for more review. Let's compare more notes to what I recall Angel saying in the meeting, and what Angel stated recently in an email regarding his opinion on lab security and why the need for lab secrecy:.
First, the notes on the visit, specifically "the lab:"
http://investorshangout.com/post/view?id=1448951
http://investorshangout.com/post/view?id=1448971
Second, how the visit (and "my recollection"
line up with Angel's in-depth email:
http://investorshangout.com/post/view?id=1455052
Third, for a breakdown of costs and equipment associated with providing top security, I pulled this in from "the other spot" posted before the coolness of IHang:
" Before purporting about the whereabouts of the Budgenius lab, consider the high costs associated with security. I spoke at length with Angel regarding why he chose to keep the lab's location a secret, here's a partial list of associated costs ($$$) vs. keeping a lab secret (free - $0):
The Risk Assessment:
Start by conducting an initial risk assessment that identifies those people, places, and things that represent either direct threats or opportunities for compromise to your institution's security. In terms of facilities, physical security issues focus upon the locations that your institution either owns, rents, manages or controls. Then establish risk assessment priorities based upon safety, security, business practices, and policies.
Next -- develop a methodology that capitalizes upon your initial assessment process to make this an easy-to-manage and continuing process. Using the priorities already described, the examples below will help you focus upon the most important facets of physical security.
Employees and Customers -- examples of personal safety enhancements include:
Providing two "safe" rooms, one room to isolate employees from attack and another room for receiving, opening, and distributing items from a delivery service;
Placing cameras in all sensitive areas, including your executive offices, delivery platform, information systems area and any employee parking lot, and make certain that the recorded images are stored in a secure place; and If it's appropriate, hiring specially trained security guards to work at sensitive
locations.
Employees and customers -- examples of methods for reducing the potential for compromise include:
If you still use metal keys (conventional lock sets), upgrading to electronic access devices such as "swipe cards" or proximity devices; and Using electronic access devices, restricting access to secure locations based upon a demonstrated need.
Third party vendors -- examples of methods for reducing your exposure to potential compromise include:
Conducting initial and continuing background investigations, particularly on those persons who have unrestricted access (janitors) or who work as temporary employees (data entry clerks) on contract;
Properly securing data, negotiable documents and physical records in restricted areas within a facility; and
Properly securing all equipment and computer programs to prevent sabotage.
Offenders -- examples of the ways that they can hurt you:
Installing enhanced lighting to prevent the kidnapping of an employee from the institution's parking lot;
Upgrading alarm systems to prevent a "morning-glory robbery" because of improper opening procedures;
Placing motion sensors in ceiling crawl spaces;
Putting both heat and motion sensors in and on each vault or safe;
Securing all publicly-accessible containers (trash receptacle) within the facility to prevent a bomb from being placed; and
Checking any area that is open to the public (such as ATM kiosks attached to a cash handling facility or restrooms open to the public) for ceiling access into sensitive areas.
Assets and records -- examples of tangible and intangible security issues include:
Inviting in experts to review your facilities and processes, including security architects and professionals skilled in the CPTED (Crime Prevention Through Environmental Design) process;
Checking accesses to all terminal connections and power boxes -- internal and external -- and ensure that they are locked appropriately; and
Removing employees from all ATM re-filling duties, replacing them with armored carriers.
Data Security: Special Considerations:
Mary Beth and Michael Guard's recent article, "Physical And Digital Threats To Financial Institutions In The Wake Of The Terrorist Attacks" articulates the potential threats -- and proposed solutions to those threats -- to a financial institution's information capabilities. When it comes to the security procedures for buildings that contain paper and electronic documents and records, we can do any of the following things:
Restricting access to the building and the data;
Paying attention to the "invisible people" (people that are there with our permission but that we don't pay any attention to, because they're where they're supposed to be, doing what they're supposed to be doing);
Securing the actual documents, using appropriate means (such as securing paper documents in a simple lockable filing cabinet, and securing electronic documents using encryption technology); and
Considering the delivery mechanisms for electronic documents (, the location of the fax that receives wire transfer instructions).
The Crisis Management Plan:
Take the results that you develop from your risk assessment exercise and turn them into a simple, workable Crisis Management Plan (CMP). The object of a Crisis Management Plan is to have brief guidelines for ensuring safety and security that may be used in any kind of an emergency. This Crisis Management Plan should also ensure the coordination between your institution's disaster recovery plan and security program.
In terms of any new changes or procedures you decide to implement, the next thing to consider is whether these measures should be permanent (policy -- with no expiration date) or temporary (alert memos with expiration dates). You will have to make business decisions about these issues and constantly monitor both real and potential threats.
The Training Program:
Having policies, procedures, strategies and tactics that address physical security issues is ABSOLUTELY WORTHLESS without training appropriate people about when -- and how -- to use them. Failing to train employees regarding safety and security procedures is a common fault. Institutions seem to think that: you train someone once and he/she is trained for life. If you've ever thought this thought, please read this next line carefully and think again:
Nobody ever gets it right the first time. It's the repeated exposure to the same information -- over and over again -- that causes a human being to learn!
So -- develop an initial and continuing training program for all of your employees, directors, and third-party service providers that addresses your solutions to identify physical security issues. This training program should be delivered during the (4) four stages of an employee's relationship with your institution:
At the time of orientation, to develop a firm security foundation and attitude;
When the employee is transferred to a new location and has to be re-oriented to his/her surroundings;
When an employee is promoted or changes job assignment and takes on new duties and/or responsibilities; and
When there is a significant change in the security environment. This may be the result of a permanent policy change (the installation of electronic access devices) or a temporary "fix" (altered mail opening procedures to deal with a specific short-term threat). The permanent policy reflects a board decision. The temporary solution, on the other hand, may be issued in memo form by any officer.
Cost Factors:
The list and table below contain common cost factors. It is important to estimate both the magnitude and timing of costs to be incurred. These should be captured on an integrated system basis, if that is the means in which the equipment will be procured and deployed.
List 1. Typical Cost Factors for Physical Security Systems
Video
• Cameras
• Encoders
• Fiber transceivers
• Monitors
• VCR-DVR-NVR
• Mass Storage
Access control
• Panels
• Doors (including locks)
• Readers
• Gates
• Other sensors
Communications
• LAN
• WAN
• Leased line costs
• Cost associated with interoperability of systems
Cabling and power supplies
Employee, visitor, and contractor management
• Receptionist
• Credentialing
• Contractor administration
• Lock and key management
• Package and vehicle inspection
Monitoring and control rooms
• Alarm and video monitoring personnel
• Operations support personnel
• Physical security information management systems
• Awareness and response systems
General system-related costs
• Engineering and design
• Infrastructure and maintenance
• Software and licensing
• System deployment
• Application integration
• Administration and troubleshooting
• User training"
BIG BUCKS $$$ > BIG HASSLES >>> BIG HEADACHES "
It's time for more review. Let's compare more notes to what I recall Angel saying in the meeting, and what Angel stated recently in an email regarding his opinion on lab security and why the need for lab secrecy:.
First, the notes on the visit, specifically "the lab:"
http://investorshangout.com/post/view?id=1448951
http://investorshangout.com/post/view?id=1448971
Second, how the visit (and "my recollection"
line up with Angel's in-depth email: http://investorshangout.com/post/view?id=1455052
Third, for a breakdown of costs and equipment associated with providing top security, I pulled this in from "the other spot" posted before the coolness of IHang:
" Before purporting about the whereabouts of the Budgenius lab, consider the high costs associated with security. I spoke at length with Angel regarding why he chose to keep the lab's location a secret, here's a partial list of associated costs ($$$) vs. keeping a lab secret (free - $0):
The Risk Assessment:
Start by conducting an initial risk assessment that identifies those people, places, and things that represent either direct threats or opportunities for compromise to your institution's security. In terms of facilities, physical security issues focus upon the locations that your institution either owns, rents, manages or controls. Then establish risk assessment priorities based upon safety, security, business practices, and policies.
Next -- develop a methodology that capitalizes upon your initial assessment process to make this an easy-to-manage and continuing process. Using the priorities already described, the examples below will help you focus upon the most important facets of physical security.
Employees and Customers -- examples of personal safety enhancements include:
Providing two "safe" rooms, one room to isolate employees from attack and another room for receiving, opening, and distributing items from a delivery service;
Placing cameras in all sensitive areas, including your executive offices, delivery platform, information systems area and any employee parking lot, and make certain that the recorded images are stored in a secure place; and If it's appropriate, hiring specially trained security guards to work at sensitive
locations.
Employees and customers -- examples of methods for reducing the potential for compromise include:
If you still use metal keys (conventional lock sets), upgrading to electronic access devices such as "swipe cards" or proximity devices; and Using electronic access devices, restricting access to secure locations based upon a demonstrated need.
Third party vendors -- examples of methods for reducing your exposure to potential compromise include:
Conducting initial and continuing background investigations, particularly on those persons who have unrestricted access (janitors) or who work as temporary employees (data entry clerks) on contract;
Properly securing data, negotiable documents and physical records in restricted areas within a facility; and
Properly securing all equipment and computer programs to prevent sabotage.
Offenders -- examples of the ways that they can hurt you:
Installing enhanced lighting to prevent the kidnapping of an employee from the institution's parking lot;
Upgrading alarm systems to prevent a "morning-glory robbery" because of improper opening procedures;
Placing motion sensors in ceiling crawl spaces;
Putting both heat and motion sensors in and on each vault or safe;
Securing all publicly-accessible containers (trash receptacle) within the facility to prevent a bomb from being placed; and
Checking any area that is open to the public (such as ATM kiosks attached to a cash handling facility or restrooms open to the public) for ceiling access into sensitive areas.
Assets and records -- examples of tangible and intangible security issues include:
Inviting in experts to review your facilities and processes, including security architects and professionals skilled in the CPTED (Crime Prevention Through Environmental Design) process;
Checking accesses to all terminal connections and power boxes -- internal and external -- and ensure that they are locked appropriately; and
Removing employees from all ATM re-filling duties, replacing them with armored carriers.
Data Security: Special Considerations:
Mary Beth and Michael Guard's recent article, "Physical And Digital Threats To Financial Institutions In The Wake Of The Terrorist Attacks" articulates the potential threats -- and proposed solutions to those threats -- to a financial institution's information capabilities. When it comes to the security procedures for buildings that contain paper and electronic documents and records, we can do any of the following things:
Restricting access to the building and the data;
Paying attention to the "invisible people" (people that are there with our permission but that we don't pay any attention to, because they're where they're supposed to be, doing what they're supposed to be doing);
Securing the actual documents, using appropriate means (such as securing paper documents in a simple lockable filing cabinet, and securing electronic documents using encryption technology); and
Considering the delivery mechanisms for electronic documents (, the location of the fax that receives wire transfer instructions).
The Crisis Management Plan:
Take the results that you develop from your risk assessment exercise and turn them into a simple, workable Crisis Management Plan (CMP). The object of a Crisis Management Plan is to have brief guidelines for ensuring safety and security that may be used in any kind of an emergency. This Crisis Management Plan should also ensure the coordination between your institution's disaster recovery plan and security program.
In terms of any new changes or procedures you decide to implement, the next thing to consider is whether these measures should be permanent (policy -- with no expiration date) or temporary (alert memos with expiration dates). You will have to make business decisions about these issues and constantly monitor both real and potential threats.
The Training Program:
Having policies, procedures, strategies and tactics that address physical security issues is ABSOLUTELY WORTHLESS without training appropriate people about when -- and how -- to use them. Failing to train employees regarding safety and security procedures is a common fault. Institutions seem to think that: you train someone once and he/she is trained for life. If you've ever thought this thought, please read this next line carefully and think again:
Nobody ever gets it right the first time. It's the repeated exposure to the same information -- over and over again -- that causes a human being to learn!
So -- develop an initial and continuing training program for all of your employees, directors, and third-party service providers that addresses your solutions to identify physical security issues. This training program should be delivered during the (4) four stages of an employee's relationship with your institution:
At the time of orientation, to develop a firm security foundation and attitude;
When the employee is transferred to a new location and has to be re-oriented to his/her surroundings;
When an employee is promoted or changes job assignment and takes on new duties and/or responsibilities; and
When there is a significant change in the security environment. This may be the result of a permanent policy change (the installation of electronic access devices) or a temporary "fix" (altered mail opening procedures to deal with a specific short-term threat). The permanent policy reflects a board decision. The temporary solution, on the other hand, may be issued in memo form by any officer.
Cost Factors:
The list and table below contain common cost factors. It is important to estimate both the magnitude and timing of costs to be incurred. These should be captured on an integrated system basis, if that is the means in which the equipment will be procured and deployed.
List 1. Typical Cost Factors for Physical Security Systems
Video
• Cameras
• Encoders
• Fiber transceivers
• Monitors
• VCR-DVR-NVR
• Mass Storage
Access control
• Panels
• Doors (including locks)
• Readers
• Gates
• Other sensors
Communications
• LAN
• WAN
• Leased line costs
• Cost associated with interoperability of systems
Cabling and power supplies
Employee, visitor, and contractor management
• Receptionist
• Credentialing
• Contractor administration
• Lock and key management
• Package and vehicle inspection
Monitoring and control rooms
• Alarm and video monitoring personnel
• Operations support personnel
• Physical security information management systems
• Awareness and response systems
General system-related costs
• Engineering and design
• Infrastructure and maintenance
• Software and licensing
• System deployment
• Application integration
• Administration and troubleshooting
• User training"
BIG BUCKS $$$ > BIG HASSLES >>> BIG HEADACHES "
(0)
(0)Rightsmile Inc. (RIGH) Stock Research Links
Scroll down for more posts ▼