Plan Design Enable

Holistic Security – Capabilities and Experience

2

3Plan Design Enable

Why Atkins for security?

We have the unique combination of:

• a depth of understanding of the national security context• strength of relationships with key governmental bodies,

CESG, CPNI and others• the ability to bring together the industry expert, the security

specialist and a comprehensive management consultancy capability

• outstanding consultancy at a cost effective price.

4

Holistic security: Overview

Physical, cyber and personnel security generally remain separate in many organisations.

Our holistic security methodology enables you to get a better understanding of overall organisational security risks by applying converged governance and risk management across all assets.

In combination with our programme and security risk management expertise, this approach ensures better protection for assets, staff and information; your critical business enablers.

5Plan Design Enable

Holistic security: Benefits

The benefits of the holistic approach:

• Understand where gaps exist between security ‘layers’• Bridge the gap between the ‘hard’ side of security

(technical/physical) and the ‘soft’ (information/policy/processes/people)

• Identify where security measures are being duplicated and are therefore wasteful

• Ensure investment is in proportion to risk levels• Make security a strategic differentiator rather than a tax on

the business• Target resources where they deliver maximum benefit for

your organisation.

6

Lowering risks

Concept at a high level: lower risk by deterring the threat, lowering the vulnerability of assets and reducing the impact of compromise.

7Plan Design Enable

Concept at a working level: take an integrated view by applying physical, cyber, procedural, or people related mitigation to reduce the risk to your business.

Technical

PeoplePhysical

Procedural

8

Capabilities

Atkins has the experience and expertise to help its clients deliver strategic advantage through an holistic approach to security:

Working with others. Working with all the UK intelligence agencies in planning major programmes and projects. Understanding intelligence flows and working collaboratively with law enforcement.

Employing quality staff. Experience of devising pre-employment screening; on-going monitoring; creating a positive security culture.

Resilience of design. Very extensive experience in this area as one of the world’s leading design consultancies.

9Plan Design Enable

Planning and rehearsal. Expertise derives from planning and design heritage. Working towards the establishment of a crisis management strategy for a major Middle East Country.

Knowing what’s critical. Identifying and prioritising assets.

Protecting assets. Considerable experience of designing and implementing protective security regimes for physical and information assets. We have a depth of understanding of the approach to protecting clients’ assets including:

• networks • information• intellectual property• critical infrastructure; and • control systems.

10

Physical

• Security considered at the very start of all infrastructure design projects – ‘Secure by design’

• Leading role in the design and implementation of all the physical security measures for the London 2012 Olympic Games, covering the Olympic Park in London and all of the regional sites around the UK

• Designed and are implementing a re-build of the physical security regime at a major UK nuclear facility

• Design and implementation of security at numerous infrastructure sites in the UK, e.g., Birmingham New Street Railway Station, Crossrail, including Blast Mitigation and Hostile Vehicle Mitigation measures (HVM)

11Plan Design Enable

• Design of the physical security measures for transport infrastructure in the UAE including both road and rail

• Design of the physical security measures for military facilities throughout the Middle East region

• Designed the airside & landside physical security elements for an aviation development in KSA including the Concept of Operations and HVM

• Design of the Physical and Cyber security elements for a Conference and Exhibition Centre in Oman

• Security Master Planning for large industrial economic free zones in the UAE including interfacing with the Urban Planning Council.

IntegratedSecurity SystemsDesign

OperationalRequirements

PerformanceSpecification

Strategic Objectives

Process AnalysisStak

eho

lder

Req

uir

emen

ts

Tend

er Process

12

Cyber

Atkins has the knowledge, skills and methodologies essential for safeguarding valuable information assets. Our impact focused, risk based approach builds the appropriate cyber security controls into the fabric of organisations. We will ensure you can deter, defend and detect the inevitable attempts to compromise your operation.

Although it is impossible to prevent all compromises from internal and external threats, our methodology provides the tools necessary to create a resilient operation, respond to incidents effectively and if necessary, adapt your security posture.

Our team and their knowledge have been optimised through our extensive involvement with the UK’s intelligence agencies in cyber security, through information assurance and strategic programme delivery. We will ensure you can use information confidently and leverage the business advantages of cyberspace.

13Plan Design Enable

Personnel and behavioural

This is a new, particularly challenging area when dealing with a multicultural workforce.

Experience of establishing the UK government’s first programme of advice in personnel security issues.

Understanding the importance of creating a positive culture within an organisation where management and staff contribute effortlessly towards the shared protective security objectives.

Experience of data system integration to achieve an automated ‘accreditation’ scheme as part of a pre-employment screening process. Part of the ‘employing good people’ theme.

Running the biometric identification scheme at London’s Heathrow Airport. Positive identification of passengers to satisfy Civil Aviation Authority (CAA) strict standards.

14

Industrial Control Systems

We help clients to:

• Understand the security risks to their organisation and assess the critical operations

• Develop a holistic security strategy to address challenges across the organisation, whether technical, procedural, or personnel based

• Establish resiliency, through realising cyber security events are practically inevitable; Appropriate planning and incident response will minimise impacts and enable a rapid return to business as usual.

15Plan Design Enable

Regulation and compliance

• A consistent theme of all our work is to help a wide variety of UK companies achieve compliance with various standards and regulations

• Achieving new standards in aviation security through the use of biometrics at Heathrow

• Compliance with various cyber standards (e.g., ISO 27001)• We will work with you to achieve compliance with any

standards laid down by relevant regulatory authorities, and other government bodies. This work will include the training of staff to achieve various standards and levels of skill and competence

• We offer supporting guidance in achieving compliance with the PAS68 (specification for Vehicle Restraint Measures) and PAS69 (Guidance for the Selection, Installation and use of Vehicle Restraint Measures).

16

Business Continuity

Atkins services are designed to put in place clear planned responses to Business Continuity & Resilience (BC & R) challenges. Our services take a risk-based approach to evaluating the threats facing business activities or process by internal and external factors.

Our services include but are not limited to:

• Strategies and plans utilising industry best practice and standards

• Survey and audit services • Implementation of appropriate recovery plans • BC & R risk management and mitigation strategies • IT communication resilience design and engineering services.

17Plan Design Enable

Our services deliver the following business benefits to clients:

• Proactive identification of the impacts of an operational disruption

• Effective response to disruptions which minimises the impact on the client

• Managed business continuity risks • Knowledge transfer, management and collaboration • Confidence in business continuity responses through a

range of exercises and scenarios. Demonstrable ability to maintain delivery during unforeseen circumstances.

18

Crisis Management

All organisations need to have a well designed and rehearsed crisis or emergency response plan.

Atkins can help in the creation of a plan and in devising an exercise programme to test it on a regular basis.

Atkins helped with the emergency response to Hurricane ‘Katrina’ through our US office and with the follow-up to the Fukushima disaster (through our Energy business).

19Plan Design Enable

Contact

Andrew CookeDirector

AtkinsSecurity

Tel: +44 (0) 7803 259 666Email: andrew.cooke@atkinsglobal.com

© Atkins Limited except where stated otherwise. The Atkins logo, ‘Carbon Critical Design’ and the strapline ‘Plan Design Enable’ are trademarks of Atkins Limited.

AtkinsSecurity

Euston Tower286 Euston Road

LondonNW1 3AT

England

www.atkinsglobal.com/securitymailto: holistic@atkinsglobal.com

Cyber Supplier to UK Government