We have now taken on our 10th client on the Vale Park Trading Estate, Evesham. Due to our success with existing clients and recommendations from them we have now engaged Freshlinc as our 10th client.
We provide a variety of security services to our clients on the Vale Park, Evesham, from key holding and alarm response, to mobile patrols, to manned guarding and reception duties.
We are hugely proud of our services to our clients there and the presence of many customers on one site mean that they often get security delivered over and above their requirements as we are constantly on the estate servicing one or another of our customers. We have a permanent 24/7 presence on the Vale Park, 365 days a year.
We can arrange group discounts for estates that co-ordinate their security requirements ie if 5 customers engage us at once and we can tailor each service to suit each client.
For independent customers prices start from just £5 per hit for mobile visits and from £1 a day for keyholding and alarm response.
Contact us for more information on how we can help your business.
Tuesday, 24 January 2012
Monday, 21 November 2011
Evesham Firework's Display, Event Security
We have recently carried out security services for Evesham Council's yearly firework display.
Read the Event security case study here.
Contact us for more information on how we can help your business.
Read the Event security case study here.
Contact us for more information on how we can help your business.
Friday, 4 November 2011
Door Supervisor Positions Available
We are currently looking for SIA registered Door Supervisors to cover the Cheltenham Area.
We are welcome to newly trained or experienced applicants who enjoy the roles and responsibilities that door supervising entails.
We have various locations in the Cheltenham area available and can offer various hours throughout the week at a competitive rate of pay.
If you are interested in being considered for this position please call us on 0845 603 7994 or email your details to Kayley@impactsecurity.co.uk
Wednesday, 22 June 2011
Original source mountain mayhem
Impact Security have provided the security for the competitors and organsiers again for the 4th year running., very successful event again. Was 17 to 19 june (last weekend) at eastnor castle
- Began as UK’s first 24-hour mountain bike endurance event in 1998 at Trentham Gardens, created for Red Bull, with 132 riders (not teams, riders) and no soloists
- In 1999 Mountain Mayhem moved to Sandwell Valley Park Farm, just three miles from Birmingham city centre and the Elite Womens category was created – plus a 24 minute unicycle off road course!
- In 2000 Mountan Mayhem introduced the solo category for the first time. There were 3 entrants and Roy Hunt won with 23 laps of the 9 miles course, beating experienced endurance athletes Matt Ohran and Isaac Wilson who had flown in from the States to take part. Isaac was on his stag weekend…
- 2003 saw new sponsors, Saab Salomon come on board for the last year at Sandwell
- In 2004 Mountain Mayhem got too big for Sandwell and moved to the prestigious location of Eastnor Catle Deer Park in Herefordshire where it still is today
- 2007 saw new sponsors, Giant & T-Mobile take the headline
- 2008 Giant saved Mayhem from the brink by staying on board as headline sponsors when T-mobile pulled out of cycling sponsorship worldwide due to naughty goings-on in their Tour D’France team
- In 2009 Original Source Mountain Mayhem was borne when the fragrant shower gel company took on the mantle of headline sponsor and gave Mayhem a fresh new look and we all smelled lovely… and still do!
- In 2010, Mountain Mayhem had 2650 competitors and over 15,000 spectators with 45 football pitches of camping
- Today, Mountain Mayhem is the largest and the most prestigious 24-hour mountain bike event in the world which has been the inspiration for 24-hour events around the globe
Tuesday, 27 April 2010
Vehicles for Security Purposes
All Mobile Patrol Security vehicles should comply with therecommendations in BS 7499:2007 Static Site Guarding andMobile Patrol Service.
Unless they are involved in covert operations or otherwise excepted under contract, operational vehicles will clearly display theorganisation’s name, badge or logo and telephone number.
OPERATIONAL VEHICLES NEED TO BE:
1. Appropriate for intended use; if there is a requirement for specified or particular vehicles e.g. 4 wheel drive.
THE ALTERNATIVE ROUTE
a) Liquefied Petroleum Gas (LPG) vehicles use a fuel whichis both cheaper and cleaner than petrol and some manufacturers.The LPG-converted Smart car is one of the leaders in thisparticular class and certainly a vehicle to be considered.
b) Compressed Natural Gas (CNG) is another alternative fueland even cleaner than LPG, Volvo offer most of their range withthis option, however there are fewer than 50 filling stationsaround the country, therefore it is unlikely to be a serious contenderat the moment.
c) Electric cars have been available for some time. However,their short range still dictates that they remain largely restrictedto the role of internal perimeter run-around, but with zero directemissions at street level, they make a significant contribution to reducing pollution. However, the electricity they use demandsthem to be regularly plugged into the grid to recharge – so theycannot be regarded as entirely “green” as they are sometimesseen. Never-the-less, the electric G-Wiz – is probably the “greenestcar available” – with its 40mph top speed and a range of 40miles, is well worth considering.
HYBRIDS
Although there are not many types of hybrid car currently on salein the UK, they are probably the most practical option available– combining a small conventional petrol or diesel engine with anelectric generator/motor unit. This replaces both the traditionalstarter motor and the alternator, allowing the engine to generateelectricity to power the motor. When the motor is not being driven– when the car is going downhill or when braking heavily, forinstance – the electricity generated is diverted to top up the batterypack instead. Most of today’s production models have boththe engine and the motor connected to the car’s transmissionsystem, allowing the vehicle to run as much as possible just onelectric power and only using its internal combustion engine togive extra power when needed. Generally hybrids carry a 10 –20 per cent higher price tag than similar conventional vehicles,but they do benefit from low road tax and they do have significantlylower CO2 level emissions. Vehicles such as the HondaCivic IMA, the Lexus 400h SUV and the Toyota Prius are certainlyworth considering about.
2. Carrying a two way communications device, mobilephone or radio.
3. Inspected by the organisation Operations Managerat least once per month, and daily by the driver, toensure that they are roadworthy; checking:
• Fuel.• Engine Oil.• Coolant.• Lights, head, side, reverse, fog, instrument panel, indicators,and 4 way hazard indicators.• Windscreen Wipers and Washers.• Brakes.• Tyres including spare wheel, condition and inflation.• Jack and wheel-brace.• Tax disc.• Serviced regularly; in accordance with manufacturer’sinstructions; service history is to be kept in control room,copies of servicing, repairs, insurance and MOT documentsheld in vehicle.• Repaired as soon as possible, when damage is found;• Kept clean and tidy, by the driver.
VEHICLES CARRYING KEYS
Where required an appropriate safe should be installed as perBS 7499.OTHER EQUIPMENT
The equipment listed below will be considered in line with theuse, manning and deployment of the vehicle and where requiredwill be provided.
• An appropriately stocked First aid kit.
• Tow rope 2500kg, 4.27m in length manufactured to BSAU 187.
• Warning Triangle – heavy-duty folding reflective triangle toEuropean specification.
• Tyre pressure gauge.
• Tyre tread depth gauge.
• High Visibility Vest – conforming to EN 471.
• Safety Hammer – Cuts through seat belts and shatters car windows.
• Shovel; small or folding.
• Light sticks – Snap-light Safety Light sticks.
• Disposable Camera - 24 exposures with built in flash.
• Notebook with pencil.
• Survival Blanket – compact emergency foil thermal blanket CE marked.
• Whistle – Plastic orange emergency whistle; CE marked.
• Work gloves – general purpose work gloves.
• LED Wind-up torch or torch and spare batteries.
• Ice Scraper - with rubber handle.
• Fire Extinguisher – BC powder extinguisher for liquid andelectric fires.
• Holdall, for equipment.
• Large thermos flask, for tea, coffee or soup.
• Maps for the operational area.
Also consider for winter operations:
• Full size fleece blanket.
• De-mister pad.
• Self-heating meal with spoon.
• De-icer spray for your windscreen.
• Winter screen wash for your car.
• Emergency glow stick for 12 hours of light.
• 25kg bag of rock salt.
EQUIPMENT RECORDS
Records should be kept of all equipment issued. Employeesshould be required to sign for equipment and uniforms received,and to give an undertaking to return equipment on terminationof their employment.
Records of equipment calibrated and/or repaired are kept andmaintained in the office for at least 12 months.Records of vehicle maintenance and repair will be kept in theoffice for the period of ownership of the vehicle.
Unless they are involved in covert operations or otherwise excepted under contract, operational vehicles will clearly display theorganisation’s name, badge or logo and telephone number.
OPERATIONAL VEHICLES NEED TO BE:
1. Appropriate for intended use; if there is a requirement for specified or particular vehicles e.g. 4 wheel drive.
THE ALTERNATIVE ROUTE
a) Liquefied Petroleum Gas (LPG) vehicles use a fuel whichis both cheaper and cleaner than petrol and some manufacturers.The LPG-converted Smart car is one of the leaders in thisparticular class and certainly a vehicle to be considered.
b) Compressed Natural Gas (CNG) is another alternative fueland even cleaner than LPG, Volvo offer most of their range withthis option, however there are fewer than 50 filling stationsaround the country, therefore it is unlikely to be a serious contenderat the moment.
c) Electric cars have been available for some time. However,their short range still dictates that they remain largely restrictedto the role of internal perimeter run-around, but with zero directemissions at street level, they make a significant contribution to reducing pollution. However, the electricity they use demandsthem to be regularly plugged into the grid to recharge – so theycannot be regarded as entirely “green” as they are sometimesseen. Never-the-less, the electric G-Wiz – is probably the “greenestcar available” – with its 40mph top speed and a range of 40miles, is well worth considering.
HYBRIDS
Although there are not many types of hybrid car currently on salein the UK, they are probably the most practical option available– combining a small conventional petrol or diesel engine with anelectric generator/motor unit. This replaces both the traditionalstarter motor and the alternator, allowing the engine to generateelectricity to power the motor. When the motor is not being driven– when the car is going downhill or when braking heavily, forinstance – the electricity generated is diverted to top up the batterypack instead. Most of today’s production models have boththe engine and the motor connected to the car’s transmissionsystem, allowing the vehicle to run as much as possible just onelectric power and only using its internal combustion engine togive extra power when needed. Generally hybrids carry a 10 –20 per cent higher price tag than similar conventional vehicles,but they do benefit from low road tax and they do have significantlylower CO2 level emissions. Vehicles such as the HondaCivic IMA, the Lexus 400h SUV and the Toyota Prius are certainlyworth considering about.
2. Carrying a two way communications device, mobilephone or radio.
3. Inspected by the organisation Operations Managerat least once per month, and daily by the driver, toensure that they are roadworthy; checking:
• Fuel.• Engine Oil.• Coolant.• Lights, head, side, reverse, fog, instrument panel, indicators,and 4 way hazard indicators.• Windscreen Wipers and Washers.• Brakes.• Tyres including spare wheel, condition and inflation.• Jack and wheel-brace.• Tax disc.• Serviced regularly; in accordance with manufacturer’sinstructions; service history is to be kept in control room,copies of servicing, repairs, insurance and MOT documentsheld in vehicle.• Repaired as soon as possible, when damage is found;• Kept clean and tidy, by the driver.
VEHICLES CARRYING KEYS
Where required an appropriate safe should be installed as perBS 7499.OTHER EQUIPMENT
The equipment listed below will be considered in line with theuse, manning and deployment of the vehicle and where requiredwill be provided.
• An appropriately stocked First aid kit.
• Tow rope 2500kg, 4.27m in length manufactured to BSAU 187.
• Warning Triangle – heavy-duty folding reflective triangle toEuropean specification.
• Tyre pressure gauge.
• Tyre tread depth gauge.
• High Visibility Vest – conforming to EN 471.
• Safety Hammer – Cuts through seat belts and shatters car windows.
• Shovel; small or folding.
• Light sticks – Snap-light Safety Light sticks.
• Disposable Camera - 24 exposures with built in flash.
• Notebook with pencil.
• Survival Blanket – compact emergency foil thermal blanket CE marked.
• Whistle – Plastic orange emergency whistle; CE marked.
• Work gloves – general purpose work gloves.
• LED Wind-up torch or torch and spare batteries.
• Ice Scraper - with rubber handle.
• Fire Extinguisher – BC powder extinguisher for liquid andelectric fires.
• Holdall, for equipment.
• Large thermos flask, for tea, coffee or soup.
• Maps for the operational area.
Also consider for winter operations:
• Full size fleece blanket.
• De-mister pad.
• Self-heating meal with spoon.
• De-icer spray for your windscreen.
• Winter screen wash for your car.
• Emergency glow stick for 12 hours of light.
• 25kg bag of rock salt.
EQUIPMENT RECORDS
Records should be kept of all equipment issued. Employeesshould be required to sign for equipment and uniforms received,and to give an undertaking to return equipment on terminationof their employment.
Records of equipment calibrated and/or repaired are kept andmaintained in the office for at least 12 months.Records of vehicle maintenance and repair will be kept in theoffice for the period of ownership of the vehicle.
Risk Assessment at Work
Protecting your employees from possible dangers at work is thelaw and the most effective way of doing so is by performing arisk assessment.
DON’T LET THE RISKS GO UNNOTICED
It is very easy for potential health risks to go unnoticed in dayto-day working life, carrying out your job role. A work riskassessment highlights clear-cut measures that can effectivelycontrol risks within the workplace. The assessment does so byexamining where and what in your business could cause harm,helping you weigh up whether or not you have taken sufficientsafety precautions.
Carrying out a work risk assessment not only protects your workforcebut also the welfare of your business. Accidents at workcan ruin lives, result in less work output, damage machinery andincrease insurance costs. By implementing a plan to control therisks means that you are adhering to the law and protecting yourworkforce as well as your business.
IDENTIFY THE HAZARDS
Recognising the hazards is the ideal place to start when assessingthe risks in your workplace. If you are a small company thenyou are more than likely able to identify the hazards and carryout the risk assessment yourself. If your company consists ofmany people with varying job roles then it is recommended thata health and safety expert is called on. If you work in a largecompany then it is advised that you involve your staff or theirrepresentatives to ensure your work risk assessment is carriedeffectively. Recognising the hazards doesn’t need to be a complicatedprocess and the obvious risks will be easy to identify andprevention methods simple to implement. Start by taking a walkaround the workplace identifying possible hazards. Ask youremployees or representatives for their perspective. Consult manufacturersinstructions and accident records to help discover lessobvious hazards.
Once potential hazards are identified, matching them to their relevantjob role is key. This will identify the most efficient way tomange the risks. After evaluating the risks in the workplace, theprecautions should be finalised with the law stating the need todo everything reasonably practicable to protect your workforcefrom harm. It is advised that you carry out research on risk control good practice and compare this to the precaution solutionthat you have drawn up. This should bring you up to speedwith current standards and help to implement your plan ofaction. Remember that the precautions put in place do not needto be expensive. A small cost implementing your plan could saveyour business a lot of money in long term insurance costs.
RECORD YOUR FINDINGS
It is recommended that you record your work risk assessmentfindings for future reference share these with your employees.These will help with future updates and comparisons. Reviewingyour work risk assessment should take place when updates toprocedures or machinery occur within the company. This willkeep your control plans up to date and minimise the risk of accidentsand injuries in the workplace.
Physical Penetration of a Company
PHYSICAL PENETRATION TESTING (PPT)
Why?
• To identify any weaknesses in the physical securityof a company.
• To prove the current systems.
What is it that needs protecting?
• Information
• Product
• Systems
• Staff
WHAT IS A PENETRATION TEST?
A PPT is a simulated attack against your company’s securitydefences. It is designed to replicate an attack to see if your securitycan be compromised. The primary aim is to identify securityweaknesses before real attackers have the chance to. Oncesecurity weaknesses have been identified, your organisation canstart treating the associated risks.
An example attack may be to target a specific service, processor operation within your business, site or plant by using ‘socialengineering’, or ‘deception’ e.g. an employee holds a secure dooropen for visitor or someone they do not know, but that personlooks like they should be there, inspector, auditor etc, so what isthe harm? ‘Tailgating’ as it is known, is a simple method ofbypassing building security systems or following employees tolunch, eating near them, and taking notes.
Why conduct a PPT?
A PPT identifies the security weaknesses and strengths of a company’sphysical security. The goal of the test is to demonstratethe existence or absence of deficiencies concerning physicalsecurity. Penetration testing should be considered an important part of any ongoing security programme. These tests can be particularlyuseful in attracting the attention of senior management.The results of a penetration test can show the organisationalwide consequences of a breach and help to ensure buy-in fromall levels of the organisation.
Remember “an ounce of prevention is worth a pound of cure”Organisations typically conduct PPT with the aim of identifyingvulnerabilities which could result in some form of loss. Loss maybe specific to each business but there are some forms of lossthat can apply to all businesses.
Immediate financial loss is obvious in the case of an attack toremove money or stock from an organisation. However, therecan also be indirect costs associated with a security incident. Forexample, the cost associated with increased insurance premiumsor the costs of possible regulatory breaches which could run intotens, if not hundreds, of thousands of pounds.
Losses are not just financial. An organisation can suffer significantreputation damages particularly in the food, pharmaceuticalsand IT industries. A security breach could lead to a decreasein client trust which could then lead to a drop in sales.
PPT EXECUTION
PPT is typically conducted using a structured approach aroundthe following key phrases:
• Discovery
• Enumeration (listing of findings one by one)
• Vulnerability Mapping
• Exploitation
Each phase feeds into the next making it an integrated process.
Discovery
The discovery phase can be thought of as reconnaissance. Thediscovery process will aim to map out the attack for the test. Thediscovery phase will highlight possible attack vectors based onthe information gathered.
Enumeration
The enumeration phase will gather more detailed informationabout the information gathered in the discovery phase such asdetail of sensitive/vital information, product, systems and staffthat can directly and/or immediately affect the operations of anorganisation including access, information, product, systems andstaff.
Vulnerability Mapping
The vulnerability mapping phase will attempt to identify weaknessesin the services/systems/procedures/facilities enumeratedin the previous phase.
Once sufficient detail has been obtained, the tester can identifyweaknesses in the service/system/procedure/facility being testedThis information can then be fed into the final test phase,exploitation.
Exploitation
The exploitation phase is designed to demonstrate that a securityweakness exists and can be used by an attacker. The testeraims to compromise the system using a weakness identified inthe previous phases, i.e. the testing officer could obtain unauthorisedphysical access to a facility using non technical means.
POST PPT
The final and most important deliverable to an organisation whohas commissioned a penetration test is the final report. The finalreport is so significant because it conveys and documents thesecurity risks identified during the test in a way that is meaningfulto the organisation.
A PPT report is likely to be read by senior management downthrough to junior managers who are responsible for remedialchanges. A good PPT report will provide information for all theintended audience types.
WHAT TO CONSIDER WHEN BEING PPT?
When an organisation decides to conduct a PPT there are severalkey points to consider prior to the commencement of the test:
• Use an independent security provider. They will be immunefrom internal distractions and are focussed on the key issuesof your security.
• Seek demonstration of providers’ experience. Provenexperience will help to understand the providers’ capabilitiesand will provide confidence in the providers’ abilities.
• Ensure the testing provider utilises proven stingmethodologies. Proven testing methodologies ensure thatthe tests being conducted will produce consistent and reliableresults.
• Never utilise penetration tests as a substitute for an holisticsecurity programme. A penetration test is an important partof your security programme, not a substitute for one.
A well planned PPT can help an organisation identify their securityvulnerabilities. This pro-active approach can help identifyrisks before malicious attacks occur and protect an organisationfrom post attack fall-out.
Why?
• To identify any weaknesses in the physical securityof a company.
• To prove the current systems.
What is it that needs protecting?
• Information
• Product
• Systems
• Staff
WHAT IS A PENETRATION TEST?
A PPT is a simulated attack against your company’s securitydefences. It is designed to replicate an attack to see if your securitycan be compromised. The primary aim is to identify securityweaknesses before real attackers have the chance to. Oncesecurity weaknesses have been identified, your organisation canstart treating the associated risks.
An example attack may be to target a specific service, processor operation within your business, site or plant by using ‘socialengineering’, or ‘deception’ e.g. an employee holds a secure dooropen for visitor or someone they do not know, but that personlooks like they should be there, inspector, auditor etc, so what isthe harm? ‘Tailgating’ as it is known, is a simple method ofbypassing building security systems or following employees tolunch, eating near them, and taking notes.
Why conduct a PPT?
A PPT identifies the security weaknesses and strengths of a company’sphysical security. The goal of the test is to demonstratethe existence or absence of deficiencies concerning physicalsecurity. Penetration testing should be considered an important part of any ongoing security programme. These tests can be particularlyuseful in attracting the attention of senior management.The results of a penetration test can show the organisationalwide consequences of a breach and help to ensure buy-in fromall levels of the organisation.
Remember “an ounce of prevention is worth a pound of cure”Organisations typically conduct PPT with the aim of identifyingvulnerabilities which could result in some form of loss. Loss maybe specific to each business but there are some forms of lossthat can apply to all businesses.
Immediate financial loss is obvious in the case of an attack toremove money or stock from an organisation. However, therecan also be indirect costs associated with a security incident. Forexample, the cost associated with increased insurance premiumsor the costs of possible regulatory breaches which could run intotens, if not hundreds, of thousands of pounds.
Losses are not just financial. An organisation can suffer significantreputation damages particularly in the food, pharmaceuticalsand IT industries. A security breach could lead to a decreasein client trust which could then lead to a drop in sales.
PPT EXECUTION
PPT is typically conducted using a structured approach aroundthe following key phrases:
• Discovery
• Enumeration (listing of findings one by one)
• Vulnerability Mapping
• Exploitation
Each phase feeds into the next making it an integrated process.
Discovery
The discovery phase can be thought of as reconnaissance. Thediscovery process will aim to map out the attack for the test. Thediscovery phase will highlight possible attack vectors based onthe information gathered.
Enumeration
The enumeration phase will gather more detailed informationabout the information gathered in the discovery phase such asdetail of sensitive/vital information, product, systems and staffthat can directly and/or immediately affect the operations of anorganisation including access, information, product, systems andstaff.
Vulnerability Mapping
The vulnerability mapping phase will attempt to identify weaknessesin the services/systems/procedures/facilities enumeratedin the previous phase.
Once sufficient detail has been obtained, the tester can identifyweaknesses in the service/system/procedure/facility being testedThis information can then be fed into the final test phase,exploitation.
Exploitation
The exploitation phase is designed to demonstrate that a securityweakness exists and can be used by an attacker. The testeraims to compromise the system using a weakness identified inthe previous phases, i.e. the testing officer could obtain unauthorisedphysical access to a facility using non technical means.
POST PPT
The final and most important deliverable to an organisation whohas commissioned a penetration test is the final report. The finalreport is so significant because it conveys and documents thesecurity risks identified during the test in a way that is meaningfulto the organisation.
A PPT report is likely to be read by senior management downthrough to junior managers who are responsible for remedialchanges. A good PPT report will provide information for all theintended audience types.
WHAT TO CONSIDER WHEN BEING PPT?
When an organisation decides to conduct a PPT there are severalkey points to consider prior to the commencement of the test:
• Use an independent security provider. They will be immunefrom internal distractions and are focussed on the key issuesof your security.
• Seek demonstration of providers’ experience. Provenexperience will help to understand the providers’ capabilitiesand will provide confidence in the providers’ abilities.
• Ensure the testing provider utilises proven stingmethodologies. Proven testing methodologies ensure thatthe tests being conducted will produce consistent and reliableresults.
• Never utilise penetration tests as a substitute for an holisticsecurity programme. A penetration test is an important partof your security programme, not a substitute for one.
A well planned PPT can help an organisation identify their securityvulnerabilities. This pro-active approach can help identifyrisks before malicious attacks occur and protect an organisationfrom post attack fall-out.
Subscribe to:
Posts (Atom)
Impact Security 2011