Physical Penetration Testing and the Benefits to Enterprise Security Risk Management
Keyword(s)
Risk, ESRM, Physical security
Learn how to design and implement a comprehensive Physical Penetration Test program that assesses and improves an organization's overall security posture by simulating realistic threat scenarios and integrating with existing security frameworks.
Tuesday, 17 December 2024 | 12:30-1:30pm EST
Credit
CPE:1.0
Description
A well-structured Physical Penetration Test can provide a realistic test of how effective an organization’s holistic security risk mitigation program is against the threats they face. The methods used will reflect the tactics, techniques and procedures applied by threat actors that the organization faces. This could be competitors, single issue activists, organized crime gangs or opportunistic criminals.
This presentation will describe the life cycle of a planned test including initial client engagement, intelligence gathering, reconnaissance, infiltration tests, debriefing and the client report. It will also discuss the ethics aspect of this type of testing.
Finally, we will look at the benefits to be gained for organizations and internal risk owners to understand how effective their security stance really is.
Mike O'Neill, CPP CPP CSyP FSyI
Managing Director
Optimal Risk Group
After a period trying to support a motor racing habit with mixed results, Mike joined the British Army and in 1981 was commissioned into The Parachute Regiment. He saw active service in the Falklands and Northern Island before leaving as a Major in 1990. After a period consulting for several risk and security companies he started his own business. In 2010 he merged his company with another well-known consultancy to create Optimal Risk Group. He has operated in various parts of the World on risk and threat assessments; crisis planning & response; contingency planning; and security planning assignments. He is a recognized specialist in the physical penetration testing of an organization’s physical security effectiveness.
*Note: Speakers and content are subject to change without notice.
This presentation will describe the life cycle of a planned test including initial client engagement, intelligence gathering, reconnaissance, infiltration tests, debriefing and the client report. It will also discuss the ethics aspect of this type of testing.
Finally, we will look at the benefits to be gained for organizations and internal risk owners to understand how effective their security stance really is.
Upon completion, participants will be able to:
- Understand the stages of a good Physical Penetration Test (PPT) program
- Recognize the value of a PPT program to validate the effectiveness of existing physical security
- 3. Learn how to weave a PPT program into ESRM4. Understand how PPT can work with IT penetration testing programs for a holistic test
Mike O'Neill, CPP CPP CSyP FSyI
Managing Director
Optimal Risk Group
After a period trying to support a motor racing habit with mixed results, Mike joined the British Army and in 1981 was commissioned into The Parachute Regiment. He saw active service in the Falklands and Northern Island before leaving as a Major in 1990. After a period consulting for several risk and security companies he started his own business. In 2010 he merged his company with another well-known consultancy to create Optimal Risk Group. He has operated in various parts of the World on risk and threat assessments; crisis planning & response; contingency planning; and security planning assignments. He is a recognized specialist in the physical penetration testing of an organization’s physical security effectiveness.
*Note: Speakers and content are subject to change without notice.
Credit Information
Completion of this webinar is eligible for 1 CPE credit. CPE credits for ASIS-sponsored webinars will be updated in your user profile within 48 hours of completion. Self-reporting of CPE credits is not required.
Completion of this webinar is eligible for 1 CPE credit. CPE credits for ASIS-sponsored webinars will be updated in your user profile within 48 hours of completion. Self-reporting of CPE credits is not required.