Protect and Secure

A guide for UK bodyguards outlining the structure of close protection teams. This information will also be of use to anyone wishing to hire a bodyguard or indeed a full close protection team.

The following is a breakdown of the roles and responsibilities within the structure of a close protection team.

The Team Leader (TL): The Team Leader’s job is to ensure that everyone has all of the information that they need to enable them to carry out their function; he is usually the one that liaises with the Principal and the contracting security company if there is one. On most assignments, the Team Leader has the authority to hire and fire team personnel.

The TL on occasion may also be the Bodyguard, however, generally speaking, the TL will operate as part of the Personal Escort Section, as this allows him to more effectively organize his team.

The Residential Security Team (RST): The RST, as the name suggests, look after the physical security of anywhere that the Principal is resident. This could be a house, a hotel, or a yacht. The team provides protection for the principal and his family.

The RST will ensure that the principal’s residence only has access to authorized persons, will secure all means of entry, monitoring and checking all vehicles and visitors as they arrive and leave. They will also provide constant monitoring of all security alarms, fire alarms /systems and CCTV systems, including constant patrolling of the grounds with regular checks on parameter fencing, garages, outhouses etc.

The team is also responsible for preventing the introduction of electronic bugs, including listening and video devices and may also be required to screen phone calls to the main residence. Incoming mail will also be monitored and may be subject to X-ray scanning.

Key holding for the entire residence including vehicles is another duty of the RST with the team also responsible for adhering to vehicle maintenance schedules plus ensuring health and safety requirements are adhered to at the residence.

Ultimately the RST provides protection for the principal and his family. It should be noted that in most cases the Bodyguard will still be available if required.

Security Advance Party (SAP’s): Basically, the function of the SAP is to ensure that there are no surprises for the Principal while he is out and about on his social and business schedule. The SAP will travel in advance of the Principal, checking that routes and venues are OK. They may do this months in advance and it may include for example, the planning of an overseas trip, or one which they may do minutes in advance (it may be that the Principal wants an impromptu trip to a local restaurant with which the team are not familiar).

The SAP carries out an extremely important function; it needs to have excellent communication skills and be trained in all aspects of search.

Personal Escort Section (PES): The PES can have different functions depending on the situation in which they find themselves. Generally speaking, they provide an outer cordon of defence when on foot, ensuring a full 360 degree circle around the main party, as opposed to the BG’s inner cordon. In some situations their function may be the same as the BG’s, that is, give body cover and get away from the danger. In other situations, their function may be to attack the threat and give the Bodyguard time to get the Principal away from the danger.

Again, depending upon the situation, the PES may be as close to the Principal as the Bodyguard; in others, they may be much further away. For instance, outside a venue in a car ready to be called upon if needed. The PES play a vital role in providing cover and all round observation during Embus/Debus.

The Bodyguard (BG): There is only one BG per principal. There may be a day BG and a night BG but generally there is only one BG on one principal at any one time. The BG is the person that will be in close contact with the Principal at all times. His job is to shield the Principal from any danger, i.e. to give body cover. The BG forms the inner cordon of defence and is responsible for seeing that no threat gets past him and to the Principal. When working alongside the PES, the BG is the one that never stands and fights. He makes good his escape (with the Principal of course), giving body cover as he does so. This role can be (dependant upon the situation) in complete contrast to that of the PES.

The BG is also a problem solver for the Principal when out and about and may be called upon to provide information regarding many diverse subjects. e.g. where to get a haircut or a good steak! If the BG does not possess the relevant information then generally a quick phone call to his support team will resolve the issue.

The Bodyguard is the one with the ultimate responsibility for the welfare of his charge. He is the last piece of protection and his main role is to put himself between every conceivable threat and the Principal.

Close Protection Driver: While all members of the team should be able to drive, often the role of driver is a dedicated one. Advanced, Defensive, Offensive and Anti-Ambush Driving Techniques are a specialized discipline all of their own and require extensive training in order to be able to perform correctly under highly stressed situations. The Close Protection Driver therefore is a very important and unique member of the team, and when his skills are ultimately called upon, it may well be during life or death situations.

The more mundane duties of the Close Protection Driver include making sure that vehicles in his charge are properly maintained to schedule and are clean at all times. Access to up to date maps, relevant route intel and emergency strategies are all part of his job spec.

Protective Surveillance Team (PST): Due to the high cost of implementing a PST, their use is rare except in extremely high risk scenarios and obviously where the budget allows. Their role is basically self explanatory within the title; to provide protective surveillance for the Principal in the form of intel provided to the PES, SAP’s, BG, TL etc.

This metric offers simple risk reduction by sifting out bad passwords and making them harder to break, and finding potential weak spots where key systems use default passwords. Password cracking can also be a powerful demonstration tool with executives who themselves have weak passwords. By demonstrating to them in person how quickly you can break their password, you will improve your lines of communication with them and their understanding of your role.

How to get it: Using commonly available password cracking programs, attempt to break into systems with weak passwords. Go about this methodically, first attacking desktops, then servers or admin systems. Or go by business unit. You should classify your devices and spend more time attempting to break the passwords to the more important systems. “If it’s a game of capture the flag,” Jaquith says, “the flag is with the domain controller, so you want stronger access control there, obviously.”

Expressed as: Length of time or average length of time required to break passwords. (For example, admin systems averaged 12 hours to crack.) Can be combined with a percentage for a workgroup view (for example, 20 percent of accounts in business unit cracked in less than 10 minutes). Is your password subject to a lunchtime attack? That is, can it be cracked in the 45 minutes you are away from your desk to nosh?

Not good for: User admonishment, judgment. The point of this exercise is not to punish offending users, but to improve your security. Skip the public floggings and just quietly make sure employees stop using their mother’s maiden name for access.

Try this: Use password cracking as an awareness-program audit tool. Set up two groups (maybe business units). Give one group password training. The other group is a control; it doesn’t get training. After several months and password resets, try to crack the passwords in both groups to see if the training led to better passwords.

One possible visualization: Both YAH and small multiples graphics could work with this metric.

This is the top security executive in the company. He or she will report directly to a senior functional executive (CEO, COO, CFO, chief administration officer, head of legal counsel). The CSO will oversee and coordinate security efforts across the company, including information technology, human resources, communications, legal, facilities management and other groups, and will identify security initiatives and standards. The candidate’s direct reports will include the chief information security officer and the director of corporate security and safety.

Responsibilities:

• Oversee a network of security directors and vendors who safeguard the company’s assets, intellectual property and computer systems, as well as the physical safety of employees and visitors.
• Identify protection goals, objectives and metrics consistent with corporate strategic plan.
• Manage the development and implementation of global security policy, standards, guidelines and procedures to ensure ongoing maintenance of security. Physical protection responsibilities will include asset protection, workplace violence prevention, access control systems, video surveillance, and more. Information protection responsibilities will include network security architecture, network access and monitoring policies, employee education and awareness, and more.
• Work with other executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology.
• Maintain relationships with local, state and federal law enforcement and other related government agencies.
• Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.
• Work with outside consultants as appropriate for independent security audits.

Qualifications:

• Must be an intelligent, articulate and persuasive leader who can serve as an effective member of the senior management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff.
• Should have experience with business continuity planning, auditing, and risk management, as well as contract and vendor negotiation.
• Must have strong working knowledge of pertinent law and the law enforcement community.
• Must have a solid understanding of information technology and information security.

The title Chief Security Officer (CSO) was first used principally inside the information technology function to designate the person responsible for IT security. At many companies, the term CSO is still used in this way. CISO, for Chief Information Security Officer, is perhaps a more accurate description of this position, and today the CISO title is becoming more prevalent for leaders with an exclusive infosecurity focus.

The CSO title is also used at some companies to describe the leader of the “corporate security” function, which includes the physical security and safety of employees, facilities and assets. More commonly, this person holds a title such as Vice President or Director of Corporate Security. Historically, corporate security and information security have been handled by separate (and sometimes feuding) departments.

Increasingly, Chief Security Officer means what it sounds like: The CSO is the executive responsible for the organization’s entire security posture, both physical and digital. CSOs also frequently own or participate closely in related areas such as business continuity planning, loss prevention and fraud prevention, and privacy.

Several forces are driving this trend to combine all forms of security under a single organizational umbrella. At a tactical level, technology is being infused into physical security tools, which are increasingly database-driven and network-delivered. At a strategic level, CEOs and corporate boards, motivated in part by regulations such as the Sarbanes-Oxley Act, desire an enterprise-wide view of operational risk. And at a practical level, CSOs say a holistically managed security function can deliver better security at lower cost.

The title Chief Security Officer (CSO) was first used principally inside the information technology function to designate the person responsible for IT security. At many companies, the term CSO is still used in this way. CISO, for Chief Information Security Officer, is perhaps a more accurate description of this position, and today the CISO title is becoming more prevalent for leaders with an exclusive infosecurity focus.

The CSO title is also used at some companies to describe the leader of the “corporate security” function, which includes the physical security and safety of employees, facilities and assets. More commonly, this person holds a title such as Vice President or Director of Corporate Security. Historically, corporate security and information security have been handled by separate (and sometimes feuding) departments.

Increasingly, Chief Security Officer means what it sounds like: The CSO is the executive responsible for the organization’s entire security posture, both physical and digital. CSOs also frequently own or participate closely in related areas such as business continuity planning, loss prevention and fraud prevention, and privacy.

Several forces are driving this trend to combine all forms of security under a single organizational umbrella. At a tactical level, technology is being infused into physical security tools, which are increasingly database-driven and network-delivered. At a strategic level, CEOs and corporate boards, motivated in part by regulations such as the Sarbanes-Oxley Act, desire an enterprise-wide view of operational risk. And at a practical level, CSOs say a holistically managed security function can deliver better security at lower cost.

This is a measurement of how well you are protecting your enterprise against the most basic information security threats. Your coverage of devices by these security tools should be in the range of 94 percent to 98 percent. Less than 90 percent coverage may be cause for concern. You can repeat the network scan at regular intervals to see if coverage is slipping or holding steady. If in one quarter you’ve got 96 percent antivirus coverage, and it’s 91 percent two quarters later, you may need more formalized protocols for introducing devices to the network or a better way to introduce defenses to devices. In some cases, a drop may stir you to think about working with IT to centralize and unify the process by which devices and security software are introduced to the network. An added benefit: By looking at security coverage, you’re also auditing your network and most likely discovering devices the network doesn’t know about. “At any given time, your network management software doesn’t know about 30 percent of the IP addresses on your network,” says Jaquith, because either they were brought online ad hoc or they’re transient.

How to get it: Run network scans and canvass departments to find as many devices and their network IP addresses as you can. Then check those devices’ IP addresses against the IP addresses in the log files of your antivirus, antispyware, IDS, firewall and other security products to find out how many IP addresses aren’t covered by your basic defenses.

Expressed as: Usually a percentage. (For example, 88 percent coverage of devices by antivirus software, 71 percent coverage of devices by antispyware and so forth.)

Not good for: Shouldn’t be used for answering the question “How secure am I?” Maximum coverage, while an important baseline, is too narrow in scope to give any sort of overall idea of your security profile. Also, probably not yet ready to include cell phones, BlackBerrys and other personal devices, because those devices are often transient and not always the property of the company, even if they connect to the company.

Try these advanced versions: You can parse coverage percentages according to several secondary variables. For example, percentage coverage by class of device (for instance, 98 percent antivirus coverage of desktops, 87 percent of servers) or by business unit or geography (for instance, 92 percent antispyware coverage of desktops in operations, 83 percent of desktops in marketing) will help uncover tendencies of certain types of infrastructure, people or offices to miss security coverage. In addition, it’s a good idea to add a time variable: Average age of antivirus definitions (or antispyware or firewall rules and so on). That is, 98 percent antivirus coverage of manufacturing servers is useless if the average age of the virus definitions on manufacturing’s servers is 335 days. A star company, Jaquith says, will have 95 percent of their desktops covered by antivirus software with virus definitions less than three days old.

One possible visualization: Baseline defenses can be effectively presented with a “you are here” (YAH) graphic. A YAH needs a benchmark—in this case it’s the company’s overall coverage. After that, a business unit, geography or other variable can be plotted against the benchmark. This creates an easy-to-see graph of who or what is close to “normal” and will suggest where most attention needs to go. YAHs are an essential benchmarking tool. The word “you” should appear many times on one graphic. Remember, executives aren’t scared of complexity as long as it’s clear. Here’s an example: plotting the percentages of five business units’ antivirus and antispyware coverage and the time of their last update against a companywide benchmark.