Full Download Physical security principles PDF DOCX

Page 1


https://ebookmass.com/product/physical-security-principles/

Instant digital products (PDF, ePub, MOBI) ready for you

Download now and discover formats that fit your needs...

Principles of Information Security 6th Edition Whitman

https://ebookmass.com/product/principles-of-information-security-6thedition-whitman/

ebookmass.com

Principles of Computer Security: CompTIA Security+ and Beyond 2nd edition Edition Conklin

https://ebookmass.com/product/principles-of-computer-security-comptiasecurity-and-beyond-2nd-edition-edition-conklin/

ebookmass.com

eTextbook 978-1133599692 Principles and Labs for Physical Fitness

https://ebookmass.com/product/etextbook-978-1133599692-principles-andlabs-for-physical-fitness/

ebookmass.com

Losing Our Minds: The Challenge of Defining Mental Illness

https://ebookmass.com/product/losing-our-minds-the-challenge-ofdefining-mental-illness-dr-lucy-foulkes/

ebookmass.com

Bookworm: Rugged Mountain Ink (Filthy, Dirty, Small-Town Love) (Rugged Mountain Ink (Filthy, Dirty, Small-Town Sweetness) Book 10) Khloe Summers

https://ebookmass.com/product/bookworm-rugged-mountain-ink-filthydirty-small-town-love-rugged-mountain-ink-filthy-dirty-small-townsweetness-book-10-khloe-summers/ ebookmass.com

Quantum-like Networks: An Approach to Neural Behavior through their Mathematics and Logic 1st Edition Stephen A. Selesnick

https://ebookmass.com/product/quantum-like-networks-an-approach-toneural-behavior-through-their-mathematics-and-logic-1st-editionstephen-a-selesnick/ ebookmass.com

Post-Brexit Europe and UK: Policy Challenges Towards Iran and the GCC States (Contemporary Gulf Studies) 1st ed. 2022 Edition

https://ebookmass.com/product/post-brexit-europe-and-uk-policychallenges-towards-iran-and-the-gcc-states-contemporary-gulfstudies-1st-ed-2022-edition/ ebookmass.com

Summoning Knowledge in Plato's Republic Nicholas D. Smith

https://ebookmass.com/product/summoning-knowledge-in-platos-republicnicholas-d-smith/

ebookmass.com

(eTextbook PDF) for Private Security Today 1st Edition by Frank Schmalleger

https://ebookmass.com/product/etextbook-pdf-for-private-securitytoday-1st-edition-by-frank-schmalleger/ ebookmass.com

Back to the ‘30s? : Recurring Crises of Capitalism, Liberalism, and Democracy 1st ed. Edition Jeremy Rayner

https://ebookmass.com/product/back-to-the-30s-recurring-crises-ofcapitalism-liberalism-and-democracy-1st-ed-edition-jeremy-rayner/

ebookmass.com

CONTRIBUTORS

Thesuccessofthispublicationisdirectlyrelatedtothepeer review processrecognized bymostprofessions.Securityprofessionals,membersofacademia,andother subject matter expertscontributedcurrentinformation,conductedresearch,reviewed submissions,andprovidedconstructivecomments.

ItiswithsincereappreciationthatIwishtothankthefollowingindividualswho contributedto Physical Security Principles:

KevinE.Peterson,CPP Co-Editor

EvaGiercuszkiewicz ASISProjectManager

DanaW.Adams,CPP

JamesE.Beadel,PSP

JohnBekisz,Jr.,PSP

HowardJ.Belfor,CPP

DennisR.Blass,CPP,PSP

GeoffreyT.Craighead,CPP

EricDavidson,PSP

AnthonyV.DiSalvatore,CPP,PCI,PSP

LisaDolan,CPP

ColinDoniger,CPP,PSP

SeanT.Doyle,PSP

RichardL.Edmond,PSP

PeterE.Ohlhausen Technical Editor

Evangeline Pappas ASISProductionManager

HeinrichF.Eisenberg,CPP

JamesW.Ellis,CPP,PSP

ChrisFreeman,CPP,PSP

Michael A.Franke,CPP,PSP

JeffreyR.Geiger,PSP

LeoP.Gonnering,PSP

DawnV.Gregory,CPP

DonaldR.Green,CPP

RichardA.Hawkins,CPP,PSP

EdwardC.Heisler,CPP,PSP

ScottJ.Hogan,PSP

Jennifer L.Holcomb,PE,PSP

GregoryL.Hurd,CPP

JeffreyC.Insdahl,PSP

RichardW.Jackson,PSP

GregoryW.Jarpey,PSP

KeithL.Kambic,CPP

StevenT.Kerley,CPP

MyrahL.Kirkwood,CPP

GlenW.Kitteringham,CPP

PatrickW.Klaassen,PSP

Daniel H.Kropp,CPP

RobertF.Leahy,CPP,PSP

Karl F.Langhorst,CPP

JeffreyS.Leonard,CPP,PSP

Jennifer McLamb,CPP,PCI,PSP

DanteI.Moriconi,CPP,PSP

RichardA.Michau,CPP

BonnieS.Michelman,CPP

MonsieC.Mintz,CPP

OwenJ.Monaghan,CPP

WilliamJ.Moore,PSP

LuisH.Morales,CPP

ThomasL.Norman,CPP,PSP

JaimeP.Owens,CPP

KevinE.Peterson,CPP

DougPowell,CPP,PSP

RobertRowe,CPP,PSP

LarryW.Simmons,CPP

RodneyJ.Taylor,CPP

FranciscoTranchesi,CPP,PSP

AnnTrinca,JD,CPP,PCI,PSP

MikeA.vanDrongelen,CPP,PCI,PSP

INTRODUCTION

Physical Security Principles ismeanttoservethreepurposes.First,theauthors, reviewers,andother contributorshopethatsecurityprofessionalsworldwidewill find ittobeavaluabledeskreferenceonaspectsofthepracticeofphysical security. Second,thebookmaybeanappropriatetextfor collegeandCTE(career andtechnical education) coursesrelatedtophysical security.Third,itisagreatreferenceasit containsthebreadthanddepthnecessaryfor everyoneinterestedinobtaininga certificationinphysical security.

Our intentthroughoutistopresent,discuss,andcontrastprinciplesandpracticesina complementaryfashionanddemonstratetheir interrelatednessineveryorganizationand everysettingonaglobal scale.Theobjectivefor thesecurityprofessional istoleverage longstanding,widelyacceptedconceptsandtailor themtotheparticular situationat handtobestmeettheidentifiedprotectionobjectives.All thismustbedonewithinthe constraintsofcost,time,space,culture,regulation,andoperational needs.Itisa challengeindeed,andthisbookismeantasaresourcetohelplaythegroundworkfor successful physical securityprojectsineverysituation.

Althoughphysical securityisonlyoneelementofacomprehensiveprotectionstrategy,it isgenerallythefirstthingthatcomestomindfor mostpeople.Itisadisciplinethathas alwaysexistedandmostprobablyalwayswill.AsBobMcCrie,CPP,writesin The Handbook of Security byProfessor MartinGill:1

From the earliest known evidence, security became necessary for human existence A fundamental strategy was to use physical implementation wherever possible to protect from external incursions Often,geographic locationcouldbe significantfor protection While geographyeasedthe vulnerability for some communities, others required additional means of protection An encompassing wall or physicalbarriers for protection [were often employed] Posts,thick enclosures,heavy doors with stout closures, animals and traps all served to protect [communities] Thus, a variety of physical and animate securityresources emerged

Today,withtheconfluenceofphysical threats,humanthreats,andcyber threats in additiontotheever presentnatural andinadvertentthreat weliveinanasymmetric worldwithrespecttotherisksweface.Still,physical securityremainsakeydriver in assetprotectionprogramsinabsolutelyeverysetting,everywhereintheworld.Physical andanimatesecurityresourcescontinuetoemerge.Thetechniquesandtoolsofthis disciplineareappliedinour homesandvehiclesaswell asinmultinational corporationsandgovernmentagencies.Fromthelocal conveniencestoretomilitary installations,andfromwarehousestodatacenters physical securityplaysanessential role.

Eachofthisbook’sfour sectionshelpstodefinethatroleandofferspractical,realworldtoolsfor planningandimplementingphysical securityincontemporarysociety. PartIdealswiththeunderlyingconceptsofsecurityriskmanagementandhow they translateintoeffectiveandefficientsecuritypractices.Anoverview ofdesign principlesandpracticesispresentedinPartIIofthebook.PartIIIaddressesthe specifictoolsandtechniqueswithintheframeworkofstructural,electronic,andhuman meanscollaboratingtosatisfyprotectionobjectives.Finally,PartIVaddressesthe projectmanagementaspectsofsecurityinbothprincipleandpractice.Appendices definekeysecuritytermsandaddressspecial considerationsfor high-risebuildings.

Overall,wehopethatthisbookwill finduseamongpractitionersaswell asanyone involvedor interestedintheprinciplesandpracticesofcontemporaryphysical security. Incraftingthisbook,bothintermsofcontentandformat,weattemptedtoproducea pertinentandvaluableresourcefor membersofall threeofthoseaudiences.We sincerelyhopewehaveachievedthatobjective.

CONTENTS

Preface

Contributors

Introduction

PART I

RISKMANAGEMENT: THEBASISFORPHYSICALSECURITY

Chapter 1.CONCEPTSINSECURITYRISKMANAGEMENT

1.1 TakingaStrategicRiskManagementApproach

1.2 TheSecurityRiskManagementProcess

1.2.1 ConsideringAssets

1.2.2 AComprehensiveView oftheThreat

1.2.3 LookingatVulnerabilities

1.2.4 AnalyzingtheRisk

1.2.5 ProtectiveMeasures

1.3 RiskMitigation

1.3.1 TheFour Ds

1.3.2 TheFiveAvenuestoAddressRisk

1.3.3 LayeredSecurity

1.4 MitigationMeasures

References

Chapter 2.FUNCTIONSOFPHYSICALSECURITY

2.1 DefinitionandPurposeofPhysical Security

2.2 FunctionsVersusComponentsofPhysical Security

2.2.1 Structural Components

2.2.2 ElectronicComponents

2.2.3 HumanComponents

2.3 Peripheral SystemsandInterfaces

References

Chapter 3.PLANNING ANDCONDUCTING PHYSICALSECURITY ASSESSMENTS

3.1 General RiskAssessmentModelsandConsiderations

3.2 QualitativeandQuantitativeMethods

3.2.1 Assets

3.2.2 EvaluatingThreats

3.2.3 Vulnerabilities

3.2.4 RiskAnalysis

3.2.5 RiskMitigation

3.2.6 LeveragingOutsideExpertise

3.3 Physical SecurityAssessments

3.3.1 FramingtheSecuritySurveyandPuttingItinContext

3.3.2 ApproachestoPhysical SecurityAssessments

3.4 General Guidelines AreastoAssess

3.4.1 Typical AreasandItemstoAssess

3.4.2 Tests

3.5 ApplyingAssessmentResults

3.6 AutomatedAssessmentTools

References

Chapter 4.MEASURING EFFECTIVENESS: CONCEPTSINPHYSICAL SECURITYMETRICS

4.1 UnderstandingMetrics

4.1.1 BenefitsofaSecurityMetricsProgram

4.1.2 DesigningaMetricsProgram

4.2 Physical SecurityMetrics

4.2.1 Physical SecuritySystemsMetrics

4.2.2 Physical SecurityPersonnel Metrics

4.2.3 Physical SecurityComplianceMetricsinthePublicSector

4.2.4 PresentingAggregateStatusfor Physical SecurityMetrics

4.3 Additional RecommendedMetrics

4.4 ApplicationofMetricsThroughoutThisBook

References

DESIGNPRINCIPLESANDPRACTICES

Chapter 5.BASICDESIGNCONCEPTS

5.1 DesignPrinciples

5.1.1 PointVersusAreaSecurity

5.1.2 ConflictAvoidance

5.1.3 Balance

5.1.4 Additional DesignElements

5.2 ExamplesofDesignPractices: GoodandNotSoGood

References

Chapter 6.INFLUENCING FACTORSINPHYSICALSECURITYDESIGN

6.1 CharacteristicsoftheAssetsunder Protection

6.2 CharacteristicsoftheBuildingor Facility

6.2.1 OwnershipandOccupancy

6.2.2 PurposeoftheFacility

6.2.3 Access

6.3 CharacteristicsoftheSurroundings

6.4 CharacteristicsoftheLocation

6.5 Additional InfluencingFactors

6.5.1 SelectingMitigationOptionsBasedonInfluencingFactors

References

Chapter 7.SECURITYARCHITECTUREANDENGINEERING

7.1 DesignOverview

7.2 CodesandRegulations

7.3 ProjectRequirements

7.4 TypeofConstruction

7.5 SiteLayout

7.5.1 Perimeter

7.5.2 Lighting

7.5.3 BuildingDesignAgainstBlast

7.5.4 BuildingAccess

7.6 Material Selection

7.6.1 BuildingStructure

7.6.2 Facades

7.6.3 Interior Layout

7.6.4 Glazing

7.7 SiteUtilities

7.7.1 HVAC

7.7.2 EmergencyPower

7.7.3 Other Utilities

7.8 LifeSafetySystems

7.8.1 Evacuation

7.8.2 Shelter-in-Place

7.9 PublicationsRelevanttoSecurityArchitectureandEngineering

References

Chapter 8.INTEGRATEDSECURITYANDPROTECTIONSTRATEGIES

8.1 IntegratedElectronicSecuritySystems

8.2 IntegratedPhysical SecurityElements

8.3 IntegratedSecurityPrograms

8.4 IntegrationinEnterpriseRiskManagement

References

PHYSICALSECURITYANDPROTECTIONSTRATEGIES

Chapter 9.STRUCTURALSECURITYMEASURES

9.1 Barriers

9.1.1 Walls

9.1.2 Doors

9.1.3 WindowsandOther Openings

9.1.4 RoofsandFloors

9.1.5 FencingandPerimeter Walls

9.1.6 BlockingBarriers

9.1.7 SymbolicandNatural Barriers

9.2 ContainersandVaults

9.2.1 Safes

9.2.2 Vaults

9.3 LocksandLockingMechanisms

9.3.1 Mechanical Locks

9.3.2 ElectrifiedLockingMechanisms

9.3.3 DesigningSecurityLockingSystems

9.4 LightingandSecurityApplications

9.4.1 TypesofLightingEquipmentandLamps

9.4.2 LightingChallenges

9.4.3 CharacteristicsofLightandLighting

9.4.4 Overview ofLightingSystems

9.4.5 EconomicConsiderations

9.4.6 StartingandRestrike

9.4.7 SecurityLightingfor SelectedApplications

9.4.8 LightingConsiderationsfor ElectronicSurveillanceSystems

9.4.9 Standardsfor SecurityLightingLevels References

Chapter 10.CRIMEPREVENTIONTHROUGHENVIROMENTALDESIGN

10.1 PrinciplesofCPTED

10.1.1 Criminal BehaviorsandPatterns

10.1.2 Later DevelopmentsinCPTED

10.2 ToolsofCPTED

10.2.1 ToolsThatAddresstheThreeElementsofCPTED

10.2.2 ReducingCrimeThroughArchitectural Design

10.2.3 AccessControl,Surveillance,andTerritorial Reinforcement

10.3 CPTEDApplicationsinVariousSettings

10.3.1 Commercial OfficeBuildings

10.3.2 Industrial BuildingsandFacilities

10.3.3 ParkingFacilities

10.3.4 Schools

10.3.5 AutomatedTeller Machines(ATMS)

10.3.6 U.S.Federal Buildings

10.4 IntegrationofCPTEDandTraditional Security

10.5 OneExampleofaCPTEDSurveyTemplate

References

Chapter 11.ELECTRONICSECURITYSYSTEMS

11.1 AccessControl Systems

11.1.1 Personnel AccessControl

11.1.2 Locks

11.2 ContrabandDetection

11.2.1 Metal Detectors

11.2.2 PackageSearch

11.2.3 ExplosivesDetection

11.2.4 Chemical andBiological AgentDetection

11.3 Physical IntrusionDetectionSystems

11.3.1 PerformanceCharacteristics

11.3.2 Standards

11.3.3 Exterior Sensors

11.3.4 Interior Sensors

11.4 VideoSurveillance

11.4.1 Functional Requirements

11.4.2 TheoryofVisual Security

11.4.3 UsesofVideoSubsystemsinSecurity

11.4.4 AnalogSystemComponents

11.4.5 Digital SystemComponents

11.4.6 SystemDesign

11.4.7 EquipmentSelection

11.4.8 Additional DesignConsiderationsfor VideoAssessment

11.4.9 EvaluationofVideoAssessmentSystems

11.4.10 Maintenance

11.4.11 FutureofVideoSurveillanceSystems

11.5 CommunicationsandAnnunciationSystems

11.5.1 AC&DAttributes

11.5.2 AlarmCommunicationSubsystem

11.5.3 SecurityCommunications

11.5.4 AlarmControl andDisplay

11.6 TrendsandIssuesinElectronicSystemsIntegration

References

Chapter 12.SECURITYOFFICERSANDTHEHUMANELEMENT

12.1 SecurityOfficer UtilizationGrowth

12.2 ContemporaryChallenges

12.3 DeterminingtheNeedfor aSecurityForce

12.4 SecurityForceModels

12.5 BasicSecurityOfficer Functions

12.5.1 AccessControl

12.5.2 Patrol

12.5.3 Inspection

12.5.4 Monitoring

12.5.5 EmergencyResponse

12.5.6 TrafficControl

12.5.7 DealingwithDisturbedPeople

12.5.8 Escort

12.5.9 Special Assignments

12.5.10 RecordKeeping

12.6 SecurityOfficer Roles

12.6.1 PublicRelations/ManagementRepresentative

12.6.2 IntelligenceAgent

12.6.3 Enforcement/ComplianceAgent

12.6.4 Legal Consultant

12.6.5 Physical SecuritySpecialist

12.7 UniformsandEquipment

12.7.1 Weapons

12.8 SecurityOfficer Selection

12.8.1 ASISGuidelinePSO-2010

12.8.2 CanadianGeneral StandardsBoardCAN/CGSB-133.1-99

12.8.3 Personal Attributes

12.9 SecurityOfficer Training

12.9.1 KeyTrainingConcepts

12.9.2 BenefitsofTraining

12.9.3 IdentifyingTrainingRequirements

12.9.4 MethodsofTraining

12.9.5 TheTrainingProcess

12.9.6 ObstaclestoProvidingTraining

12.9.7 TrainingStrategies

12.10 ManagingtheSecurityOfficer Force

12.10.1 Personnel Requirements

12.10.2 General,Post,andSpecial Orders

12.10.3 Scheduling

12.10.4 Supervision

12.10.5 QualityAssuranceandQualityControl

12.10.6 QualityControl Inspections

12.10.7 ManagementUseofData

12.10.8 EnhancingJobPerformance

12.11 LeveragingtheHumanElement

References

14.1 SystemDesignPrinciples

14.2 Initial Phases

14.3 DesignPhases

14.3.1 DevelopmentofDesignCriteria

14.3.2 BasisofDesign

14.3.3 Conceptual Design

14.3.4 DesignandDocumentation

14.3.5 Specifications

14.3.6 Drawings

14.3.7 DesignCoordination

14.4 Contracting

14.4.1 Initial Budget

14.4.2 EstimationConsiderations

14.4.3 TypesofCostEstimates

14.4.4 Life-CycleCost

14.4.5 SampleEstimate

14.5 TheRoleofConsultants

14.6 VideoSystems

14.6.1 TheFirstEvolution: AnalogtoDigital

14.6.2 TheSecondEvolution: StandardResolutiontoMegapixel

14.6.3 ProcessedVideo,VideoAnalytics,andIntelligentVideo

14.6.4 VideoSystemsIntegration

14.7 MergingLegacySystems

14.7.1 AccessControl Systems

14.7.2 LegacyVideoSystems

14.7.3 LegacyIntercomSystems

14.7.4 SecurityNetworksandLegacyIntegration

14.8 Procurement

14.8.1 ProcurementForms

14.8.2 ProcurementProcess

Chapter 15.PROJECTIMPLEMENTATION

15.1 SitePreparation

15.2 Contractor Coordination

15.3 Installation

15.3.1 InstallationandOperation

15.3.2 ComponentInstallation

15.3.3 Other FeaturesandConsiderations

15.3.4 TuningtheSystem

15.3.5 MaintainingtheOperatingProcedures

15.4 TestingandWarrantyIssues

15.4.1 Predeliveryor FactoryAcceptanceTesting

15.4.2 SiteAcceptanceTesting

15.4.3 Reliabilityor AvailabilityTesting

15.4.4 Post-ImplementationTesting

15.4.5 WarrantyIssues

15.5 Training

15.5.1 General TrainingRequirements

15.5.2 TrainingTopics

References

Chapter 16.FOLLOW-ONANDSUPPORTACTIVITIES

16.1 Maintenance

16.1.1 Remedial Maintenance

16.1.2 PreventiveMaintenance

16.2 Evaluation

16.3 Replacement

APPENDICES

A. KeyTermsandDefinitions

B. Physical SecurityandLifeSafetyConsiderationsinHigh-RiseBuildings

INDEX

1-1 RiskManagement

1-2 TheFour Ds

TABLEOFFIGURES

3-2 SWOTAnalysisDiagram

4-1 EnterprisePerformanceFramework

4-2 Total ForcedDoorsbyWeek

4-3 Total ForcedDoorsandTurnstilesbyWeek

4-4 ForcedDoor DetailsbyLocationandWeek

7-2 Castel Nuovo,Naples,Italy

7-3 HämeCastle,Hämeenlinna,Finland

7-4 ConsiderationsinNew ConstructionversusRetrofit/Renovation

7-5 BlastPressureEffectsonaStructure

7-6 EffectsofBuildingShapeonAir BlastLoadingPressureEffectsonaStructure

7-7 SecurityZones

7-8 EffectsofProgressiveCollapseonKhobar Towers

7-9 PerformanceConditionsfor Window SystemResponse

7-10 ProtectingIntakesfor HVACSystems

8-1 SurveyResponsesonSecurityInvolvementinNonsecurityRisks

9-1 Typical ChainLinkSecurityFenceInstallation

9-2 Typical SizesofWireandMesh

9-3 DecorativeFencinginConcertwithaMasonryWall andLandscaping

9-4 DecorativeFencingwithTopBarbs

9-5 LayoutofCableFencingUsedinConjunctionwithPlanting

9-6 Cross-SectionView ofTypical Bollard

9-7 Cross-SectionView ofaRetractableBollard

9-8 DecorativeSecurityFencingwithSupportingBollardsSpaced1.5-3ft.(0.5to 0.9m) Apart

9-9 Barrier ProtectionRatings

9-10 WedgeBarriers

9-11 InstallationofaRisingWedgeBarrier

9-12 Typical RotatingEdgeBarrier

9-13 CustomSecurityPlanter BarriersInstalledinanUrbanProfessional Area

9-14 Planter BarriersInstalledinaSportsArenaSettingwithLogos

9-15 CutawayofaPlanter withanInterior Highway-TypeBarrier

9-16 JerseyBarriers

9-17 EquivalentPre-1972andCurrentClassificationLabelsfor Fire-ResistantSafes

9-18 SummaryofULDesignationsandLabelsfor Fire-ResistantContainers

9-19 LightingStraightDown

9-20 AppropriateOverlapVersusCoverageGapfor Pole-MountedOutdoor Lighting

9-21 Natural andVisual LightLevels

9-22 ReflectanceMeasurements

9-23 Color Temperature

9-24 Color RenditionIndexfor VariousLampTypes

9-25 LampStartingandRestrikeTimes

9-26 Guidelinesfor MinimumLightingLevels

10-1 Tool for EvaluatingCPTED3-DFactors

10-2 SignagetoClarifyProcedures 10-3 Typical Elevator Lobby

10-4 BermandTreeLinefor Perimeter Control andPrivacy

AccessandHours

LayoutstoAvoid

BistaticMicrowaveSensors

GlassBreakSensor

PART I RISKMANAGEMENT: THEBASIS

FORPHYSICAL SECURITY

CHAPTER1

CONCEPTSINSECURITY RISKMANAGEMENT

Whether inthepublicor privatesector,andwhether dealingwithtraditional or cyber security(or both),assetsprotectionisincreasinglybasedontheprincipleofrisk management.2 Theterm risk management hasbeenincommonuseinother fields(such asinsurance,business,researchanddevelopment,andengineering) for manyyears. However ithasmorerecentlybeenappliedinsecuritymanagementandassets protection.Theconceptisaperfectfitsincesecurity’sprimaryobjectiveistomanage risksbybalancingthecostofprotectionmeasures(includingphysical security) with their benefit.Tomanageriskeffectively,asecurityprofessional wouldeliminateor reducethetotal number ofincidentsleadingtoloss.Agoal ofriskmanagementisto managelosseffectivelyattheleastcost.Infact,manyprofessionalsbelievethat“riskis themostsignificantfactor thatdrivesthedeploymentofsecurity”(Vellani,2007,p. 234).

1.1 TAKINGASTRATEGIC RISKMANAGEMENTAPPROACH

Toooftenorganizationleaderslooktothequickfixtosatisfytheir security needs.Theybuyapopular securitysystemor areconvincedbyasales representativethataparticular productor serviceistheall-encompassing answer totheir protectionneeds.Theyareconvincedthattheir critical assetsare thencompletelysafewithoutever askingwhatthoseassetsareor whattypesof threatstheyface.Vellani (2010,p.3) observes:

[T]oo often recommendations...are presented with little or no thought as to why certain procedures or security equipment should be used.... Often, a security measure is deployed because other companies are doingit...[or] without[a] complete understandingof the problem.

Similarly,Gardner (1995) writes:

One critical area where outside professional advice is [too] seldom sought is security and loss prevention Too often, [assets protection] measures, if they exist at all, are implemented as a hurriedreactiontoa badexperience These are frequentlyemotionalrather thanlogicaldecisions Little or no research is done Little effort is made to distinguish between real and perceived problems No consideration is given to alternatives The end result is a collection of independently operating procedures that, in some cases, may actually make matters worse The benefits of a thoughtfully designed and coordinated system are lost The patchwork approach to problem solvingworks nobetter inloss preventionthanitdoes inthe restof the business world

Thesolutionistodevelopacomprehensiveassetsprotectionstrategybasedona strategicriskmanagementapproach.Takingastrategicapproachmeansbasing theenterprise’sassetsprotectionpracticeonsoundplanning,management,and evaluation,andtakingintoconsiderationboththeorganization’smissionandthe environmentinwhichitoperates.Astrategyshouldarticulate toall involved whatisbeingprotected,whyitisbeingprotected,andhow itisbeing protected(Peterson,2009).

TheNational InfrastructureProtectionCenter (2002) definesriskmanagementas “asystematicandanalytical processbywhichanorganizationidentifies, reducesandcontrolsitspotential risksandlosses.”Itfurther statesthatrisk management

• offersarational anddefendablemethodfor makingdecisionsabout expenditureofscarceresourcesandtheselectionofcost-effective countermeasurestoprotectvaluableassets,

• improvesthesuccessrateofanorganization’ssecurityefforts,and

• helpssecurityprofessionalsandkeydecisionmakersanswer thequestion “how muchsecurityisenough?”

Riskmanagementshouldbeastrongunderlyingconsideration,regardlessof whether asecurityprofessional isconductinganassessment,craftingasecurity programfor anorganization,buildingsecurityintoafacility,or drawingupa physical securitysystemdesign.Likeacomputer’soperatingsystem,itshould alwaysberunninginthebackground,influencingdecisionsandguidingactions.

ThecomponentsofariskmanagementprocessareshowninFigure1-1.The

processbeginsbyestablishingthecontextoftheriskthroughcommunicationand consultationwithstakeholdersandthenconductingacomprehensiverisk assessment(describedfurther inChapter 3,PlanningandConductingPhysical SecurityAssessments).Theassessmentresultsindecisionsonthesuiteof protectivemeasuresthatwill formthecomprehensiveassetsprotectionstrategy for anorganization,facility,or other asset.

1.2.1 CONSIDERING ASSETS

Thefirststepinriskassessmentisidentificationandvaluationofassets.As Gardner (1995) asserts,“Thefirststepinestablishing[any] effective[assets protection] programinvolvesidentifyingthebusiness’sassets.”Althoughthis stepisfrequentlyoverlooked,noeffectivesecurityprogramcanbeimplemented withoutathoroughunderstanding(onthepartofboththeassetowner andthe securityprofessional) ofwhatisbeingprotected or shouldbeprotected.All typesofassets tangible,intangible,andmixed shouldbeconsideredand incorporatedintotheriskassessmentprocess.Toooften,assetownersand securityprofessionalsfocusexclusivelyontangibleassetsor onthosethat appear ontheaccountant’sbalancesheet.Thisisparticularlytrueinthecaseof

physical securitydecisions.Securityprofessionalsandplannersmust incorporatetheprotectionofintangibleassetsintotheir facilityandsecurity systemsdesigns.

1.2.2 ACOMPREHENSIVEVIEWOFTHETHREAT

Enterprisesfaceawidevarietyofthreats,whichfall intothreecategories: intentional,natural,andinadvertent.Acomprehensive,andhencemore meaningful,threatandvulnerabilityanalysis,whichisthefirststep,will consider all threecategories.SinceSeptember 11,2001,itiscommontofocus heavily(sometimesalmostexclusively) ontheterroristthreatwhenconducting corporateor organizational riskanalyses.However,terrorismisonlyoneaspect ofonecategoryofthreats(intentional).Thetendencytofocusononethreatisnot new.Inthemid-1980s,for example,therewasanoveremphasisonthetheftof advancedtechnology.Atother times,thesecuritycommunityhasfocusedtoo heavilyonwhite-collar crime,cyberattacks,natural disasters,or other calamities.

Physical securityplanningshouldadoptan all hazards perspective inother words,abalancedapproachthatlooksatthebigpictureandidentifiesthatinthe contextofrisk,ahazardisacontributingfactor toaperil.Sometypesofthreats aremoreprevalentatcertaintimesandincertainplaces.Long-termassets protectionstrategies,however,mustbebasedonarealistic,full scopeand balancedthreatassessment.AccordingtoWinkler (1997,p.37):

Accurate assessment of the level of threat against your organization is critical to the success of your security plan Threat is an essential factor in your risk reduction formula, and you must consider it carefully If you don’t, you’ll simply be flying blind when it comes to prioritizing countermeasures

1.2.3 LOOKING

ATVULNERABILITIES

Vulnerabilityiscommonlyviewedasasecurityweakness,gapsinanasset’s protectionor problem.However,somevulnerabilitiesaresimplyexisting conditionsor businesspracticesthatsupportmissionaccomplishment.For example,engaginginsalesbye-commercecanbeviewedasavulnerability,but itmayalsobeanessential wayofconductingbusinessfor aparticular company. Onedefinitionof vulnerability is“aweaknessor organizational practicethat mayfacilitateor allow athreattobeimplementedor increasethemagnitudeofa

lossevent”(ASISInternational,2007,p.8).

Animportantdifferencebetweenathreatandavulnerabilityisthata vulnerabilityisacharacteristicoftheorganizationor facility.Assuch,itis generallysomethingover whichtheorganizationcanexerciseatleastsome degreeofcontrol.Threats,ontheother hand,areusuallyoutsidethecontrol of theorganization.

124 ANALYZING THERISK

Thisstepofthesecurityriskmanagementprocesshastwoimportantroles.First, itintroducestheconceptoftheimpact3 ofalossevent.Whilethethreatand vulnerabilityconsiderationsareincludedinthefirststepandaddressthe likelihoodandnatureofapotential losseventor undesirableaction,theimpact factor dealswiththeseverityofthesituationifsomethingdoesoccur.Thisis importantbecausenotall incidentshavethesameeffectonthesafetyor security postureofanorganization’sfacilityor mission(i.e.,strategicbusinessgoals).

Thesecondrolefor riskanalysisistoplacetheidentifiedrisksinsomesortof priorityor sequenceofimportance.Thispriorityassistsdecisionmakersin determiningwhichriskstoaddressfirstor wheretoallocateresourcesinthe mosteffectivemanner.Theprioritymaybeorganizedbycategory(e.g.,riskof physical damage,riskstopeople,missionor operational risk,infrastructurerisk, etc.) or inother ways(suchasbylevel ofprojectedmitigationcost,monetary valueor suggestedtimeframetoaddress).Riskanalysisistheprocessof identifyingpotential areasofloss,andimplementingcountermeasurestomitigate theprobabilityoftheloss.

Manycorporateexecutivesonlywanttohear aboutlikelyrisks,butitisalso importanttoconsider low-probability/high-consequencerisks(Garcia,2000). Examplesofsuchrisksareterroristattacks,catastrophicworkplaceviolence incidents,andmajor natural disasters.Again,theobjectiveofacomprehensive assetsprotectionstrategyistofindtherightbalancebetweenafocusonhighprobabilityrisksandlow-probability(buthigh-consequence) risks.

1.2.5

Thenextstepistorecommendasuiteofprotectivemeasurestoeffectively

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.