Orange County NC Website
Browse       Search
<br /> <br />P a g e 30 <br /> <br /> <br />Orange County <br />Facilities Security Assessment <br />RFP#: 367-OC 5403 <br />CTCH Security Business Consulting – www.ctchconsulting.com <br /> <br />business that each site conducts and based on temporal and spatial analysis of foot <br />traffic associated with each site. By publishing and comparing these security risk levels, <br />the team can help OC prioritize security mitigation efforts in order to correct security <br />vulnerabilities in the form of a mitigation matrix (Critical, High Priority, Moderate <br />Priority, Low Priority or Administrative in Nature). A chart ranking all sites by Final FSL <br />ratings and security risk ratings will be published within this section of the Master Plan <br />in an effort to enable OC to prioritize security funding and create a future assessment <br />schedule. <br /> <br />Administrative Vulnerabilities: Based on past assessments, the team <br />understands that each site could have different security requirements and that <br />administrative polices/procedures are the back bone of all security programs. These <br />policies/procedures help publish security roles, security role competencies, security <br />response procedures, incident reporting processes and outline administrative review <br />processes. Within this section, the team will publish administrative vulnerabilities based <br />on priority and will publish mitigative recommendations (to include cost) that will help <br />reduce security risk associated with administrative vulnerabilities. The team will <br />recommend administrative plans and training that would be applied through the use of <br />‘Leverage’ in an effort to reduce security administrative risks across each areas operating <br />environment; and will then focus on ‘Phased Mitigation’ strategies (to include cost) <br />which would reduce security risks to even lower levels. <br /> <br />Physical Security Vulnerabilities: The team realizes that as it completes the on- <br />site assessments different physical security vulnerabilities will be identified. These <br />physical security vulnerabilities will more than likely be the result of original site design <br />flaws, changing industry CPTED guidelines, changing site requirements, the <br />identification of new threats and/or due to degradation of physical/electronic security <br />components. The team would publish a physical security mitigation priority matrix that <br />would be based on the overall security risks ratings. Physical/Electronic Security <br />recommendations would be addressed through ‘Leverage’ methods and through the <br />use ‘Phased Mitigation’ practices; and would also outline cost estimations associated <br />with recommendations. <br /> <br />3 Year (36 Month) Schedule: The 3 Year (36 Month) Schedule would be <br />used to implement and monitor security vulnerability mitigation efforts. The first 1 to 3 <br />months of the schedule would outline all ‘no cost’ Administrative Recommendations <br />that should be implemented. Within a parallel timeline of 1 – 6 months all <br />Administrative Recommendations that have a cost association that should be <br />DocuSign Envelope ID: CCAAE303-70FA-49DE-B23A-944301EA0EEB