The document discusses MassBiz LLC, a consultancy that provides physical security, risk management, loss prevention, and compliance services. It summarizes their key service offerings which include physical security management, security architecture strategy, physical security assessments, loss prevention assessments, operational risk management assessments, supplier security assessments, and physical security project management. The document emphasizes MassBiz's objective and unbiased approach to assessing clients' needs and providing strategic recommendations and solutions.
2. Page 2 To Learn More Call: (877) 214-2900
Experience Certainty
At MASSBIZ, LLCâCONSULTANCY SERVICES it means achieving real business results that allow you to transform and
not just maintain your security and operations. We offer superior consulting services to assist Fortune 500
and other enterprise clients in providing safe and secure environments for their people, property and other
assets. Our expertise is in the areas of Physical Security, Risk Management, Loss Prevention and Compliance.
We actively seek and apply the best possible solutions and methodologies today, making sure to holistically
factor in people, processes and business issues.
Our services are designed to protect clients âBrandâ and pinpoint fraud & loss prediction and prevention pro-
gram strengths and weaknesses, cure or reduce operational deficiencies and at the same time maximize ex-
isting resources. We do not provide any security services nor sell security products and is therefore unbiased
and objective when assessing critical requirements and recommendations on behalf of their clients. We pro-
vide impartial balanced thought and advice helping our clients make the right solution decision. With a di-
verse background our team can deliver a comprehensive range of security, fraud deterrence, loss prevention,
operational risk management consulting services
to multi-sector clients. Our aim is to exceed the T V
HREATS X ULNERABILITIES
client's expectations on each and every project,
no matter how large or small the objectives. RISK = { C
OUNTERMEASURES } x Assets
The primary purpose of all of our assessments is
vulnerability identification or threat (exposure) determination and to make the task of analysis of the existing
risk more manageable by establishing a base from which to proceed. We believe in the premise that vulner-
ability threats that occur, whether the source is fraud based, physical security, logical security or a general
liability issue, are not random occurrences, they occur when the conditions are right for them to occur. Our
assessments attack the root causes and enablers of these vulnerabilities. Our thesis is that improving organ-
izational policies and procedures to eliminate threats, improve awareness that protect assets, minimize expo-
sure and reduce losses is the single best defense. Then we follow up with the latest technology countermea-
sures that reinforce your polices and procedures to act as an overwhelming deterrence and insure compliance
and evolve as changes require over time.
4. Page 4 To Learn More Call: (877) 214-2900
Physical Security Management Service (PSMS)
With reduced budgets in todayâs economy, many organizations may not be able to afford a
designated security individual who has the time or expertise to manage a physical security
program.
Our SolutionâInnovation Drives Everything We Do
There are many regulatory agencies that require safe working environments for employees or
anyone else on your property. You also have an obligation to protect your company assets. In
addition to the initial process of a Physical Security Survey and project management, the
requirement of a security management plan enters into the factor. A security management plan
can be described as how you manage all projects related to security issues whether it is
technology, policies and procedures or general interactions with people under normal and
emergency situations or an unplanned security incident. Compliance requirements and
accepted standards make it imperative that your security management plan be:
⢠Inclusive â Provide a review of client security management plan which includes physical
security assessment, mechanical security technology, security personnel and policies and
procedures.
⢠Current â Provide current security standards and accepted security practices in the industry.
⢠Effective âEstablish what is the most cost effective security program both in dollars and
sufficient security coverage and programs.
⢠Documented âEnsure proper training is documented to protect client in reducing claims that
security personnel were not properly selected or trained and that all security mechanical
equipment is functioning as specified and regular tests made on the equipment and
properly documented.
We will manage your security plan to keep you abreast of all the latest changes in technology,
regulations and review your policies and procedures relevant to security. We will also work with
you to maintain necessary training or equipment inspection documentation.
5. Consultancy Services Page 5
Security Architecture Strategy (SAS)
Many organizations have ad hoc security measures in place or have implemented security pro-
cedures and technology as needed without a system wide review of what is necessary from all
departments. Unplanned security architecture can leave holes in the environment that are not
readily apparent or security spending can be on the wrong technologies without a full under-
standing of where the risk truly lies in the architecture. A robust integrated security architecture
strategy is an end-to-end analysis of potential risk based on client business requirements.
Our SolutionâBusiness Focus Beyond the Technical Domain
Your overall security and loss prevention is the focus of implementing good solutions over time.
A forward looking, detailed security architecture strategy can help you fix your current weak-
nesses, and anticipate or predict future risk and implement mitigation solutions. A solution will
be developed that is specific to the available resources and maps closely to the business goals
of the organization. Risk mitigating measures are developed with security technologies that fit
the corporate framework.
Business Driven Enabling Business Usability
A Holistic Approach Adding Value Inter-operability
Fit-for-Purpose Empowering Customers Supportability
Measurable Protecting Relationships Integration
Return on Investment Leveraging Trust Low Cost Development
Risk-based Cost / Benefit Assurance Scalability of Platforms
Managing Complexity Governance Scalability of Cost
Providing a Roadmap Compliance Scalability of Security
Simplicity & Clarity Fast Time to Market Re-usability
Lower Cost of Ownership Lower Operations Costs Lower Administration Cost
6. Page 6 To Learn More Call: (877) 214-2900
Physical Security Assessment Survey (PSAS)
Physical security is the most fundamental aspect of protection. It is the use of physical controls to protect the premises, build-
ings, site facilities, people and other assets belonging to your company. In this day and age, you cannot afford not to have a se-
curity evaluation performed on your property to protect yourself against intrusion into your company, frivolous lawsuits interrup-
tion of normal business operations or damage to your business reputation.
Our Solution
Our Physical Security Assessment Survey (PSAS) will be comprised of a comprehensive
overall security survey identifying risks and will target what can be considered high risk
areas. You have a due diligence responsibility to have your property assessed to prevent
security incidents such as physical assaults of people, thefts against your company as-
sets and property damage caused by vandals. This Physical Security Survey will include
physical security vulnerability assessment concepts as well as homeland security and
CPTED (Crime Prevention Through Environmental Design) concepts. Access control onto
property, into buildings and into sensitive area that require specific access control. Re-
view of current security practices established by client to ensure security of personnel,
protection of property against vandalism or unlawful entry and protection of company
assets. Review surveillance/CCTV on property, any intrusion/panic alarms to determine
effectiveness. Determine effective security methods to prevent unlawful entry or remain-
ing of people on property by reviewing fencing, lighting, and cameras. Compliance with
accepted Crime Prevention Through Environmental Design (CPTED) in reviewing Natural
Surveillance, Natural Access and Territorial Reinforcement of your property. Infrastructure survey and threat assessment to
determine that your normal business operations may not be interrupted by loss of services such as utilities, telecommunica-
tions, parking restrictions too close to a building and redundancy of services. Review of current lighting on premises to reduce
âdarkâ areas and ensure lighting is doing what it was designed to do.
Review with management what they perceive as security concerns and possibly meet with selected employees to determine if
the perceptions correlate. We will deliver a report with pictures detailing both the current situation and any recommendations
necessary to correct deficiencies. The deficiencies will be noted with practical steps and recommendations to correct the situa-
tion. The action plan would be the Project Management Plan that can be used to implement the solution to fix the problem. We
interface with vendors, work with the client to purchase equipment and we work with the installer for installation and training.
7. Consultancy Services Page 7
Loss Prevention Awareness Assessment (LPAA)
Many organizations, among their other responsibilities, are tasked with quickly identifying, inves-
tigating, recovering, and preventing losses by employees, individuals, and organized retail crime
(ORC). At the same time, their loss prevention professionals are drowning under the reams of
data that may offer insight into ways to keep ahead of the criminals. A âtrustedâ employee can
gain access to your assets (proprietary data, goods, services, customer lists, etc.) in a way that
no other employee can. Our experience for over thirty years has taught us that the elimination
of opportunity and temptation is the key to controlling negative behaviors within your enterprise.
Our SolutionâThe Perception of Detection
The most widely accepted theory for explaining why people steal was postulated in the early
1950âs by Dr. Donald R. Cressey, while working on his doctoral dissertation on the factors that
lead people to steal from their employers. He called them âTrust Violatorsâ, he was especially
interested in the circumstances that lead otherwise honest people to become overcome by
temptation. To serve as a basis of his work he conducted about 200 interviews with inmates at
Midwest prisons at the time were incarcerated for embezzlement. Today this work still remains
the classic model for the occupational thief. Over the years his original hypothesis has become
known as the Fraud Triangle. The key is that all three of these elements must exist for the trust
violation to occur. Our motivation has always been to attack the opportunity leg to create the
perception that if you try you will be detected. "Crede Sed Proba" or âTrust but Verifyâ is the key,
your people will only do what you expect, if they know that you are going to inspect.â
Our service provides a detailed assessment of all processes, policies and procedures such as:
purchasing, cash handling, work flow management, information technology, client intake, hu-
man resources, marketing, billing, etc. Review security business goals, objectives, and require-
ments; Align business and technology strategies for protecting assets by consolidating external
compliance and security best practice requirements into a common control framework. Then we
review the existing policies and security architecture against the controls necessary to achieve
compliance requirements, review the effectiveness of policies and procedures, conduct an au-
dit and track and document actual data. We prioritize gaps, vulnerabilities, and possible loss
scenarios according to risk, present findings and prioritized recommendations for addressing
discovered weaknesses.
8. Page 8 To Learn More Call: (877) 214-2900
Operational Risk Management Assessment (ORMA)
Minimizing losses, maximizing organizational efficiencies and reducing earnings volatility have
always been high priorities for executive management and boards of directors. Increasing trans-
action volumes, growth-driven acquisitions and the globalization of business, coupled with a lar-
ger reliance on technology, have introduced higher degrees of complexity and uncertainty to or-
ganizations. In order to maintain a competitive advantage and to improve overall performance,
organizations are seeking a way to understand and proactively manage the risks that can impact
the business.
Our Solution
Todayâs technologies, used properly, can offer powerful benefits to any organization to minimize
potential risks. With increasing concern for employee safety, and data and asset theft, enter-
prises recognize the need to develop a more comprehensive approach to protecting and manag-
ing their resources - equipment, inventory, data, and people. Although a simple concept, the real-
ity of securing an enterprise is quite complex. With hundreds if not thousands of video devices,
motion detectors, fire alarms, access control systems, and other data feeds, obtaining a com-
plete view of a potential physical security incident, coordinating personnel and reacting in real
time is extremely difficult. Let us help you protect your brand with proven tools that get results.
Our Process
We will first do an analysis of your organization and provide baseline security guidance and re-
quirements. We will review all projects and business functions and provide steps toward a more
secure posture. We will go onsite and interview your staff both operational, security and IT, at-
tend key business strategy sessions and review key technologies, policies and procedures to un-
derstand the current environment. We will review all policies and documented procedures and
compare them against industry best practices. We will gain insight into future development and
business goals. Strategic and technical recommendations will be made to ensure that your secu-
rity environment is compliant with best practices and anticipated future threats and can be miti-
gated and controlled. Weekly or monthly status reports can be generated and key performance
indicators can be used to track the progress of the overall security environment.
9. Consultancy Services Page 9
Supplier Security Assessment (SSA)
Most if not all companies do not have a complete understanding of the weaknesses posed by sup-
pliers or the threats their suppliers pose to their organizations. Many suppliers have very unhin-
dered access into the company environment and can pose a great danger if they are not moni-
tored, tracked and reported.
Our Solution
Our end-to-end Supplier Security Assessment process can be developed in conjunction with the
companyâs operational, loss prevention and security staff and vendor management teams to en-
sure all vendor access is appropriate and tracked. This involves but is not limited to ensuring that
any technical system and connectivity security issues associated with the supplier is controlled but
we also look at the business functions of your partners such as having proper Service Level Agree-
ments (SLAâs) in place. We develop measures to improve supplier security management.
⢠Develop Supplier assessment process for all suppliers, with specific tailored mechanisms for
categories of suppliers, conduct testing of Supplier networks where allowed
⢠Assess the strengths and weaknesses of the current countermeasures, examining the threats
to the availability and integrity of the assets managed by supplier Review SLAs
⢠Work with necessary vendors, write detailed steps and conduct key supplier assessments in
critical areas once new process is in place, develop controls matrix for Supplier Assessment
⢠Develop Policy for Supplier Assessments, conduct follow-up 1 day review of Supplier process 4
months after completion of Supplier Assessment project
We will go onsite and interview your staff and review key policies and procedures regarding how
suppliers are managed and how access and data are handled. We will develop new procedures
around different risk levels posed by categories of suppliers. You will have a detailed plan to con-
duct tests of suppliers, deliver security questionnaires and procedures to fix weak supplier secu-
rity technology. A detailed process along will all appropriate procedures and policies will be in
place at the conclusion of this project. This Supplier Assessment framework can then be used to
ensure the security of all vendor activity.
10. Page 10 To Learn More Call: (877) 214-2900
Physical Security Project Management (PSPM)
To assist the client in selection, review, purchase of security, loss prevention, risk management
or business intelligence equipment and/or security programs in bringing their security program
into acceptable security standards and practices. Many companies do not have the time or exper-
tise to review the inclusive security management plan and are lax in maintaining security stan-
dards which could result in theft, vandalism, fraud, loss of brand recognition, loss of service, busi-
ness continuity or general liability.
Our Solution
We are able to provide project management on your security, loss or risk vulnerabilities and li-
abilities that have been identified by our assessment (s). We work with your company to deter-
mine the most cost effective way to mitigate the concerns. We will team with vendors to deter-
mine which product is the most effective and efficient and obtain price quotes. Working with you,
equipment or solutions can be purchased, installed and proper training provided. Follow-up and
on-site inspections will be provided by MassBiz LLC; afterward the solution will be documented
and verified by us.
Our Project Management Areas of responsibility include:
⢠Product search for the right equipment to resolve your problem
⢠Determine with client which vendor is most cost effective and efficient
⢠Ensure equipment is installed to specifications of purchaser
⢠Ensure proper training is provided to end user of equipment
⢠Follow-up to ensure equipment is working properly and adjust accordingly if necessary
How the Process Works
Our Physical Security Consultant will work with the client to establish what particular project man-
agement services will be provided. The consultant will explore the most efficient and cost effec-
tive measure to mitigate the security concern. We will work with the client purchasing department
to determine which vendor should be selected varying on many factors. Follow-up will be pro-
vided by on-site inspections by us to ensure the correct product was purchased and installed.
Training by the vendor will be documented and verified by the MassBiz LLC consultant.
11. Consultancy Services Page 11
Temporary Chief Security Officer (TCSO)
Many organizations have IT handling the security function without dedicated security guidance. Or your company may
not need a full time Chief Security Officer or may not have the budget for it currently. A Chief Security Officer can be
very expensive to have in-house. Even a dedicated CSO often has other responsibilities thrust upon them, diluting their
security role. With an external CSO, you can have dedicated guidance at a fraction of the cost.
Our Solution
We can provide that gap coverage in our Temporary CSO offering. Key responsibilities we can provide with a Temporary
CSO include overseeing and coordinating security efforts across the company, including information technology, hu-
man resources, communications, legal, facilities management and other groups, and identifying security initiatives and
standards. We will be your trusted resource to manage your security organization, bringing real world experience on a
temporary basis until you are ready to hire a full time CSO. The CSO will define and communicate policies, procedures,
and standards throughout the organization, as well as determine the corporate vision for IT Security and Data Privacy
and provide leadership to accomplish the business goals.
This is a critical role with responsibilities and accountabilities that include:
⢠Protecting information assets against any potential threats and vulnerabilities that could impact the confidentiality
⢠Establish Information Security strategy, policies and architecture to facilitate business requirements and recom-
mendation of controls
⢠Develop and delivery of Information Security Awareness Program to Senior Management and gain commitment to
initiatives
⢠Program and Workforce management including employees, contractors and vendors
⢠Knowledge of technological trends and developments in the area of information security and risk management,
Strong knowledge and experience of risk management methodologies and tools
⢠Knowledge of information security audit guidelines
⢠Experience with establishing and managing large project RFPs, contracts and vendors
⢠High level of personal integrity and professionalism to handle confidential matters and execute the appropriate
level of judgment and maturity
⢠Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals
We will first do an analysis of your organization and provide baseline security guidance and requirements. Then we will
review all projects and business functions and provide steps to move towards a secure posture. We will attend all key
business strategy sessions and contribute to the overall business goals. Weekly or monthly status reports can be gen-
erated and key performance indicators can be used to track the progress of the security environment.
12. âOrganizations know that a proactive approach
to security is key to protecting critical assets and
reducing business liability risks, but too often
they overlook physical security factors.â
âJames Edward McDonald, Consultant, MassBiz, LLC
MASSBIZ LLCâCONSULTANCY SERVICES
109 Bay Path Road, East Brookfield, MA 01515 Phone/Fax: (877) 214-2900 â Blog: http://www.SecurityTalkingPoints.com/ â Twitter: http://twitter.com/PHYSECTECH