Security Vulnerability Assessment - (SVA) – Project35 Security

PHYSICAL SECURITY VULNERABILITY ASSESSMENT

Conducted on 5TH MARCH 2023.

Site Name / Location

CHAHINE CONSTRUCTION AND CONSULTING COMPANY Ltd. (MTN SITE GRAPPHIC ROAD)

Prepared by

Ops: AHMED SHALIL HAMID +233593224476

Personnel supporting audit.

Document No.

THE INFORMATION CONTAINED IN THIS DOCUMENT IS CONFIDENTIAL AND IS NOT TO

BE COMMUNICATED TO ANY PERSON OTHER THAN AUTHORISED EMPLOYEES.

Executive Summary

The purpose of this report is to communicate the findings of a vulnerability assessment conducted on
the construction site security of CHAHINE CONSTRUCTION AND CONSULTING SECURITY
COMPANY Ltd (MTN SITE GRAPHIC ROAD).: The assessment was conducted to identify
vulnerabilities in the site's physical security measures and operational procedures that could be
exploited by attackers.

Methodology:

The vulnerability assessment was conducted by a team of experienced security professionals who
Project35 Security Group - security-vulnerability-assessment-sva-2023v1 1/14
 Security Vulnerability Assessment - (SVA) – Project35 Security
observed the construction site security measures in place and conducted interviews with the site
security personnel. The assessment included testing of physical security measures, reviewing security
policies and procedures, and evaluating the security culture of the site.

Findings:

The vulnerability assessment identified the following vulnerabilities in the construction site security:

Perimeter Security: The perimeter security measures of the construction site were found to be
inadequate, with some areas of being unsecured, which can lead to unauthorized access to the site.
The site is having three entrance gates two of which is being manned by a third-party company. This
gives foreign agents direct access into the site of operations.

Access Control: The access control procedures were found lacking, some personnel allowing
unauthorized individuals to enter the site without proper identification or authorization. Staffs don’t seem
to follow simple security instructions.

Equipment Security: Equipment used in construction was left unsecured, which can result in theft or
damage.
Air conditions where also discovered un caged. Thus, can leads to the possibility of its being carried
away.

Security Policy and Procedure: There was a lack of defined and implemented security policies and
procedures, leading to confusion amongst personnel and a lack of a standardized approach to security.
Security emergency assembly points where not seen throughout the premises.

Recommendations:

Based on the findings of the vulnerability assessment, the following recommendations are made:

Perimeter Security: The construction site management should improve the perimeter security measures
to prevent unauthorized access and ensure that all entry points are secured. Barbed or electric wires
should also be provided around the perimeter fence.

Access Control: The construction site management should implement and enforce stricter access
control procedures to ensure that only authorized personnel are allowed on site. This should also be
communicated to staffs. That strict security measures should be observed.

Equipment Security: All construction equipment should be secured and stored properly when not in use.

Security Policy and Procedure: A comprehensive security policy and procedure manual should be
developed and implemented, and all personnel should be trained on it.

Conclusion:

In conclusion, the vulnerability assessment identified several vulnerabilities in the construction site
security measures that could be exploited by attackers. By implementing the recommended security
measures and providing training to personnel, the construction site management can improve its
physical security posture and reduce the risk of security incidents.

Project35 Security Group - security-vulnerability-assessment-sva-2023v1 2/14

 Security Vulnerability Assessment - (SVA) – Project35 Security

A physical site security risk assessment was conducted using a Comparative Risk
Assessments process. The Risk Assessment looks at the facility’s attractiveness, known
threats, and vulnerabilities to enable recommendations to be implemented to mitigate
risk. The Security Vulnerability Assessment highlighted areas of risk that are likely to
affect the overall security of the site; based on these findings the current vulnerability of
this site to known threats is classified as: -

Low - Resistant and Medium - High - Very High -

robust to identified Resistant to Limited Little or no
threat(s) but requires threats but with resistance to resistance to the
awareness. some weakness the threats threats

Consideration should be made to the vulnerability findings listed in this report to help
improve the overall security of the site to known threats.

This Security Vulnerability Assessment [SVA] forms a vital part of identifying any
potential vulnerabilities in physical security measures, security systems, policies,
processes, procedures, and personnel that may cause risk to the business.

The information gained to compile this security vulnerability assessment was gathered
through conducting an in-depth site inspection of current existing and/or natural
mitigation security measures.

RISK TOLERANCE - Currently the risk tolerance is purely for example only. Tolerances to
be decided when risk appetite is agreed.

Very High - Business feels most concerned about this risk. Disastrous impact on
business activities and clients. Comprehensive and immediate action is required.

High - Business feels concerned about carrying this risk. The consequences of the risk
materializing would be severe but not disastrous. Some immediate action is required
plus the development of a comprehensive action plan.

Medium - Business is uneasy about this risk. The consequences of the risk on the
business are not severe and can be managed via contingency plans. Action plans
developed later, and budget bids mobilized. The status of risk should be monitored
regularly.
Project35 Security Group - security-vulnerability-assessment-sva-2023v1 3/14
 Security Vulnerability Assessment - (SVA) – Project35 Security

Risk Tolerance Level:

the organization is willing to accept a certain level of risk in pursuit of its objectives but will not tolerate
risks that exceed this level. The organization has identified the following factors that influence its risk
tolerance level:

Business Objectives: The organization's risk tolerance level is influenced by its business objectives. The
more critical an objective is to the organization's success, the lower the risk tolerance level.

Industry Standards: The organization's risk tolerance level is also influenced by industry standards and
best practices. The organization is committed to meeting or exceeding these standards to maintain its
reputation and competitiveness in the market.

Regulatory Requirements: The organization's risk tolerance level is also influenced by regulatory
requirements. The organization is committed to complying with all applicable laws and regulations to
avoid legal and financial penalties.

Risk Management:

To manage risk within the organization's risk tolerance level, the following steps should be taken:

Risk Assessment: The organization should conduct regular risk assessments to identify potential risks
and their impact on the organization's objectives.

Risk Mitigation: The organization should implement measures to mitigate identified risks and reduce
their impact on the organization's objectives. This may include physical, personnel, or information
security measures.

Risk Monitoring: The organization should monitor identified risks and the effectiveness of risk mitigation
measures on an ongoing basis.

Risk Reporting: The organization should report on identified risks and risk mitigation measures to senior
management and other stakeholders on a regular basis.

Conclusion:

In conclusion, the organization has defined its risk tolerance level as MEDIUM and provided guidance
on how to manage risk within this level. By conducting regular risk assessments, implementing risk
mitigation measures, monitoring risks, and reporting on risk management activities, the organization can
effectively manage risk and achieve its objectives within its risk tolerance level

Project35 Security Group - security-vulnerability-assessment-sva-2023v1 4/14

 Security Vulnerability Assessment - (SVA) – Project35 Security

Low - Business is content to accept this risk. Consequences of risk relatively unimportant
to the business. The status of risk should be reviewed periodically.

Project35 Security Group - security-vulnerability-assessment-sva-2023v1 5/14

 Security Vulnerability Assessment - (SVA) – Project35 Security

Key Assets / Locations

Key Assets

Staff, Visitors, Contractors & other individuals present on the site.

Intellectual property inclusive of high value, sensitive information

and data concerning client’s business interests either on
computer, servers or files.

Intangibles; client’s image, reputation, financial strength and

future profitability

Site property inclusive of the buildings, technical and IT

equipment

Controlled Drugs

Products

Manufacturing Equipment / Plant

Key Locations

Select Key Asset Locations

Warehouse Office Production Data High Controlled Goods

Centre Value Drug In /
Store Store Out

Project35 Security Group - security-vulnerability-assessment-sva-2023v1 6/14

 Security Vulnerability Assessment - (SVA) – Project35 Security

Rationale

The assessment team identified the following Key assets and Key Locations for CHAHINE
CONSTRUCTION AND CONSULTING SECURITY COMPANY Ltd (MTN SITE GRAPHIC ROAD).:

Intellectual Property: The organization's proprietary, signage, reputation and patents are critical to the
organization's success and competitiveness in the market.

Data: The organization’s network infrastructure, computers, operational data is either partly or fully
stored on site

Infrastructure: aside of the main three (3) story building currently under construction, the organization's
offices is made up three (3) old shipping containers converted into a temporal office space, a store, and
a carpentry area is also visible these are critical to the organization's operations and ability to provide
services to its client.

Machinery/Equipment’s and Vehicles: two (2) polytanks (water storage tanks) with water pumps is
seen on site. Four (4) pieces of uncaged air conditioners. Other equipment’s where un accounted for
since it was being used by an ongoing work.

Project35 Security Group - security-vulnerability-assessment-sva-2023v1 7/14

Proje
Security Vulnerability Assessment - (SVA) - 2023v1 – Project35
dSddddSecurity

Threat Assessment

Assessment of the threat against the following categories will be based on and
supported by credible intelligence sources or events that have taken place in the past 5
years.

Theft - Internal

Rare Unlikely Possible Likely Almost Certain

Rationale

According to my investigations and internal information gathered there has been numerous thefts
involving number of the construction company staffs or staffs the former hired security service
provider.

Theft - External

Rare Unlikely Possible Likely Almost Certain

Rationale

Nothing of this sort is reported but it seems highly likely. Since there are entrances that are being
controlled by some other security service provider.

Public Order Protest

Rare Unlikely Possible Likely Almost Certain

Rationale

The chance of this happening is unlikely. nevertheless, guards are being trained on crowd control
measures.

Site Penetration

Rare Unlikely Possible Likely Almost Certain

Project35 Security Group - security-vulnerability-assessment-sva-2023v1 8/14

Proje
Security Vulnerability Assessment - (SVA) - 2023v1 – Project35
dSddddSecurity

Rationale

Perimeter fence ca be possibly penetrated either by a long leather or breakage if barbed wired or
electric fencing is not installed.

Major Disaster

Rare Unlikely Possible Likely Almost Certain

Rationale

Possibility of this happening rare.

Direct Protest Activity

Rare Unlikely Possible Likely Almost Certain

Rationale

This is said to happen only when staffs are failed to be paid on time. Or long over due salary
arrears.

Workplace Violence

Rare Unlikely Possible Likely Almost Certain

Rationale

It’s said to happen seldomly but sanctioned measures should be implemented to prevent this from
happening.

Low-Level Crime

Rare Unlikely Possible Likely Almost Certain

Rationale

Smoking on site, by some unruly employes is reported and should be discouraged.

Project35 Security Group - security-vulnerability-assessment-sva-2023v1 9/14

 Security Vulnerability Assessment - (SVA) - 2023v1 – Project35

Violation of Policy

Rare Unlikely Possible Likely Almost Certain

Rationale

Unlikely

Terrorism

Rare Unlikely Possible Likely Almost Certain

Rationale

This has never been reported but can’t be ruled out.

Inside Threats

Rare Unlikely Possible Likely Almost Certain

Rationale

Unlikely.

Project35 Security Group - security-vulnerability-assessment-sva-2023v1 10/14

 Security Vulnerability Assessment - (SVA) - 2023v1 – Project35

Vulnerability Findings / Recommendations

Vulnerabilities are then assessed against resistance to perceived threats that have been
highlighted and given a severity/risk level rating according to the following
vulnerability criteria to enable an informed decision on highlighted findings /
recommendations to be made.

Finding #

Location

Primary Fence Open Space Transition Space Internal Space

Specific Asset Protection

Severity / Risk Level

Observation / None - Minor / Low - Major / Critical /

Resistant and robust to Resistant to Medium High - High- Little or
identified threat(s) but threats but with Limited no resistance
requires awareness. some weakness resistance to the to the threat(s)
threat(s)

Project35 Security Group - security-vulnerability-assessment-sva-2023v1 11/14

 Security Vulnerability Assessment - (SVA) - 2023v1 – Project35

Summary / Comments

This security vulnerability assesses and identify potential security risks and vulnerabilities within
CHAHINE CONSTRUCTION AND CONSULTING SECURITY COMPANY Ltd.:
The assessment team evaluated physical security measures, personnel security, information security,
and emergency preparedness. Overall, the assessment team identified several areas of concern and
made recommendations for improvements to mitigate potential security risks and vulnerabilities.

The assessment team recommends prioritizing security measures for these key assets and key
locations due to the potential impact of loss or damage to these resources. Loss or damage to these
resources could result in financial losses, damage to reputation, and loss of competitiveness in the
market. Security measures should include physical security measures such as access control systems,
security cameras, and alarm systems, as well as personnel security measures such as background
checks and security training for employees. Information security measures such as data backup and
recovery procedures and encryption should also be implemented to protect key assets and information.

Overall, the assessment team has identified key assets and key locations for CHAHINE
CONSTRUCTION AND CONSULTING SECURITY COMPANY Ltd (MTN SITE GRAPHIC ROAD).:
and provided a rationale for prioritizing security measures to protect these resources. By implementing
security measures to protect these key assets and locations, the organization can better mitigate the
impact of security incidents and ensure its continued success and competitiveness in the market.

In addition to implementing security measures, it is important to regularly review and update security
protocols and procedures to ensure that they remain effective in protecting key assets and locations. By
prioritizing security measures for key assets and key locations, organizations and individuals can better
protect their most valuable resources and mitigate the impact of security incidents on their operations
and success.

Physical Security Measures:

The assessment team evaluated the physical security measures in place at CHAHINE
CONSTRUCTION AND CONSULTING SECURITY COMPANY Ltd (MTN SITE GRAPHIC ROAD).:
The team found that the perimeter fencing was in good condition, but security wires need to be
installed. The team also found that the lighting in some areas was insufficient, and surveillance cameras
were not available. The team recommends fixing either barbed wires or electric fencing, improving
lighting in all areas, and repairing or replacing malfunctioning cameras.

Personnel Security:

The assessment team evaluated the level of personnel security at CHAHINE CONSTRUCTION AND
CONSULTING SECURITY COMPANY Ltd (MTN SITE GRAPHIC ROAD).: The team found that no
background checks were conducted for most if not all employees, there was no clear policy for handling
security incidents. The team recommends developing and implementing a security incident response
policy and training employees on its procedures.
Project35 Security Group - security-vulnerability-assessment-sva-2023v1 12/14
 Security Vulnerability Assessment - (SVA) - 2023v1 – Project35

Information Security:

The assessment team evaluated the information security policies and procedures at CHAHINE
CONSTRUCTION AND CONSULTING SECURITY COMPANY Ltd (MTN SITE GRAPHIC ROAD).: The
team found that access controls were in place for sensitive information, but some employees were not
following proper security procedures. The team recommends training all employees on information
security policies and procedures and implementing consequences for non-compliance.

Emergency Preparedness:

The assessment team evaluated the emergency preparedness of CHAHINE CONSTRUCTION AND
CONSULTING SECURITY COMPANY Ltd (MTN SITE GRAPHIC ROAD).: The team found that
emergency plans does not exist, Additionally, there were no plans in place for dealing with medical
emergencies. The team recommends updating emergency plans, implementing procedures for medical
emergencies, and conducting regular emergency drills.

Conclusion:

Overall, the assessment team identified several areas of concern within CHAHINE CONSTRUCTION
AND CONSULTING SECURITY COMPANY Ltd (MTN SITE GRAPHIC ROAD).: security measures.
The team recommends implementing the above recommendations and continuing to assess and update
security measures on a regular basis to ensure the safety and security of the company and its
employees.

Project35 Security Group - security-vulnerability-assessment-sva-2023v1 13/14

 Security Vulnerability Assessment - (SVA) - 2023v1 – Project35

Disclaimer

All information contained in this document is confidential and is not to be used for any
other purpose or disclosed wholly or in part to any other party without prior permission
in writing being granted by the author.

This restriction does not cover information published, or information that can be
demonstrated was publicly available on the date of this document.

Copyright and intellectual property rights in all documents and drawings supplied by
the author are vested in the author of the report. The recipient accepts this proposal on
the basis that this document may not be copied unless agreed in writing by the author.

Project35 Security reserves the right at any time to request that all copies of this
document be returned. The recipient agrees to return all copies of this document
forthwith upon receipt of such request.
All details were correct at the time of writing the report however, some of these items
may have been rectified.

Project35 Security Group - security-vulnerability-assessment-sva-2023v1 14/14