Regulations, standards and company security policies are highlighting the need to monitor physical access to facilities, systems and critical assets. Enduring security requires conducting instantaneous risk analysis including criminal checks, background checks and validation against do-not-admit lists. Enforcing physical access policies based on the classification of the type of visitor is the key to securing facilities and eliminating the risk of an incident.

The generally accepted paper-based method of receiving visitors into the lobby or guest registration area does not allow for any pre-arrival risk analysis, automatic checking of credentials or validation against a "do not admit" list.

AlertEnterprise delivers the ability to conduct real-time risk analysis based on the multiple information sources including criminal history sources including enterprise applications, identity databases, identity and access management systems, Physical Access Control Systems (PACS) and other security applications controlling access to facilities and critical assets.

Features

	Automated Visitor Access Approval
	Real-time risk analysis
	Validation against Do- Not-Admit list
	Automated, policy-driven background check
	Pre-authorization with sponsor approval workflow
	Self-service requests for visitor pre-enrollment

Benefits

	Fast and easy visitor check-in for individuals and groups
	Access Control and PACS Integration
	Manage multiple visitor types
	Visitor Activity Logs and audit report
	System generated picture insert and One-Click Badge Printing
	Automatic compliance enforcement with visitor audits/reporting

Premise: The US media has been reporting on a new intelligence report from the Department of Homeland Security that was issued on July 19, 2011. This report highlights the silent risk that operators of critical infrastructure have been living with – Insider Threat. A new intelligence report from the Department of Homeland Security issued Tuesday, titled Insider Threat to Utilities, warns "violent extremists have, in fact, obtained insider positions," and that "outsiders have attempted to solicit utility-sector employees" for damaging physical and cyber-attacks. Postings on the ABC News blog site Blotter go on to report, "Sabotage by an insider at a major utility facility, including a chemical or oil refinery, could provide al Qaeda with its best opportunity for the kind of massive Sept. 11 anniversary attack Osama bin Laden was planning, according to U.S. officials." The report goes on to say, "The only way you can actually kill the large scale number of Americans that [bin Laden] literally was calculating was through the use of this critical infrastructure," Chad Sweet, former DHS chief of staff and co-founder of the Chertoff Group, told ABC News. The ability for violent activists to pose as an insider, or compromise an insider can increase the adverse impact of the attack, making it harder to detect and thus, increasing the likelihood of success.

The Outlook: Insider threat must be considered an Advanced Persistent Threat (APT), requiring all organizations to have a mitigation plan in place. Larger organizations with multiple locations and operating assets that are geographically dispersed, as is the case with Supervisory, Control and Data Acquisition (SCADA) systems, will have a much harder time completing the steps required for threat mitigation due to the complexities involved and the number of underlying systems that contain all the information needed. The danger is that these organizations may just resign themselves to living with the risk.

Threat Mitigation: Traditional mitigation strategies can be complex, laborious and time consuming. AlertEnterprise recommends using technology now available to:

1.	Centralize on-boarding / off-boarding for employees and contractors and enable background checks, certifications and references to be automated. Checks can be done more frequently and changes in conditions can be alerted on.
2.	Automate the identity validation of all contractors and employees entering a secured facility by seamlessly integrating with the Physical Access Control Systems (PACS), as well as the enterprise IT applications.
3.	Monitor access to remote and on-site access of facilities, critical systems, assets and information.
4.	Actively enforce an access authorization model that extends beyond IT to include physical access and SCADA access.
5.	Validate contractor and employee physical access with actual service requests for that location by comparing in real-time with workforce management systems or ticketing systems.
6.	Ensure that both physical access and system access is removed immediately upon employee or contractor termination.

AlertEnterprise Readies for Phenomenal Growth in Asia-Pacific with the Opening of a Subsidiary in Singapore