|
Developing a Technical Security Program
Once a client has gone through the process of locating a legitimate professional TSCM service provider, the next step is to develop a technical security program that addresses the requirements of the individual or organization.
Many customers will contract TSCM services as a one time event due to a particular issue or circumstance that has arisen. While it is important to have an inspection performed if any possibility of compromise exists, it is performed as a reaction to a situation rather than trying to prevent it before it happens. Other clients will contract TSCM services during high risk events such as confidential meetings, during times of labour negotiations, legal matters, personal circumstances or business deals and acquisitions. Still, others will conduct periodic inspections as a matter of due diligence. Businesses should also consider TSCM inspections after building modifications, new construction or any activity that provides relatively unsupervised access to a target location.
The most beneficial strategy is to develop an ongoing program as a preventative measure combined with inspections during higher risk events or situations. This allows information to be compared from each inspection, which will better enable the operator to detect changes or differences in both the electronic and physical environment that may indicate possible compromise. It also places an organization in a better position to intercept an attempt by an eavesdropper or someone trying to acquire confidential information.
Of course more frequent inspections will provide better protection, but even bi-annual or annual inspections as part of an overall technical security program will go a long way in helping protect a customer's privacy and information. It is the responsibility of businesses and organizations of all sizes to take reasonable steps, including TSCM inspections, to protect their information and in certain cases may even be required for reasons related to liability.
When scheduling TSCM inspections, many if not most are organized to be performed at night. While this is more covert and enables the work to be completed without employees or other individuals being aware and provides better access to all areas, it is not usually the best time to be performing a TSCM inspection. Considering that the majority of business is done during the day, it stands to reason that any surveillance attempts or electronic devices that may be utilized are more likely to be active during the daytime hours.
While it is not always practical to perform TSCM inspections during the daytime, it should be done whenever possible, or at least a daytime silent walk through combined with in-place monitoring should be performed periodically with the more intrusive testing being performed in the evening.
TSCM sweeps performed during the evening hours require extra attention to the physical portion of the inspection due to the greater possibility of devices being inoperable during this time as well as providing more complete non-disruptive access to all areas.
For larger businesses, corporations and organizations that have several offices or locations, depending on the distance between these locations, they may require more than one service provider. In this case, each inspection can be scheduled independently. If a single TSCM company is to be used for all locations then a schedule will have to be developed according to both company needs and operator availability. The ability for a TSCM service provider to perform the required or normal scope of work when traveling, along with the added expense must also be considered. For international locations, legal issues and equipment restrictions are also important factors.
Remember that TSCM inspections provide customers with a snapshot of conditions at a particular time and their effectiveness is directly related to the successful implementation of other security measures. While there can be considerable value in a one time inspection, TSCM services should be implemented as part of an ongoing security program to provide the best level of protection.
"Specialized Information and Privacy Protection"
© 2010 - Waypoint Counter Surveillance |
