« Information Technology
  
Focus: Cybersecurity

Evaluating facility security vulnerabilities

Criminal activity requires opportunity


Just as every facility is unique, so are its security vulnerabilities. However, these are not static challenges. Those who would seek to gain unauthorized access to a facility and wreak havoc of one kind or another are constantly dreaming up ways to overcome whatever security measures a facility might already have in place, according to an article from Building Operating Management on the FacilitiesNet website.

In addition, complacency could create avoidable vulnerabilities that will be easy to exploit. It is important for facility managers to truly understand their facilities' potential vulnerabilities and the likelihood of an incident occurring.

Any criminal or malevolent activity requires three elements: desire, opportunity, and ability.

While desire paired with ability and opportunity describes the criminal cycle, there are two subsets of criminal activity that influence the success of an aggressor. These are opportunistic aggressor and a determined attacker. An opportunistic aggressor is one that will commit an act at a specific time without any pre-planning, making a rational choice of risk versus reward in seconds before committing the act. A determined attacker will have a greater impact and is more likely to be successful because the pre-planning/reconnaissance and tools will be more robust. Thus, the more prevalent the desire or tools, the more likely an event.

In addition, to understand the risk for occurrence, a facility manager needs to understand impact compared to the controls or defenses that are in place. This is the fundamental aspect of security that is so daunting, because many are of the "it won't happen to us" mind-set.

Impact in the broadest sense of the term is the measurement of the effects of an incident and the speed with which the organization can recover. For instance, a security incident at an individual facility will certainly have an impact/effect on that single company. However, if that company is a large telecommunications, electricity, or water provider, the impact would be greater. An analysis allows us to make a risk decision on what programs we will invest in to defend against a hypothetical threat.

Read the article.

 

 

 



September 18, 2018


Topic Area: Information Technology

Recent Posts

Why Identity Governance Is Becoming a Facilities Management Issue

As healthcare buildings grow more connected, weak identity controls can expose HVAC, security and other critical systems to serious risk.

Habitat Health Opens South Los Angeles PACE Center

The new center strengthens the local care infrastructure, delivering integrated medical, social and in-home care.

Denton County MHMR Center Suffers a Data Breach

The incident occurred on or around December 24, 2024.

What Every EVS Leader Needs To Know

Managers must demonstrate mastery of infection prevention standards, accountability through measurable outcomes and visible collaboration with clinical teams.

Blackbird Health Opens New Clinic in New Jersey

The new clinic is located in Mount Laurel.

 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.