https://ebookmass.com/product/physical-security-principles/
Instant digital products (PDF, ePub, MOBI) ready for you
Download now and discover formats that fit your needs...
Principles of Information Security 6th Edition Whitman
https://ebookmass.com/product/principles-of-information-security-6thedition-whitman/
ebookmass.com
Principles of Computer Security: CompTIA Security+ and Beyond 2nd edition Edition Conklin
https://ebookmass.com/product/principles-of-computer-security-comptiasecurity-and-beyond-2nd-edition-edition-conklin/
ebookmass.com
eTextbook 978-1133599692 Principles and Labs for Physical Fitness
https://ebookmass.com/product/etextbook-978-1133599692-principles-andlabs-for-physical-fitness/
ebookmass.com
Losing Our Minds: The Challenge of Defining Mental Illness
Dr. Lucy Foulkes
https://ebookmass.com/product/losing-our-minds-the-challenge-ofdefining-mental-illness-dr-lucy-foulkes/
ebookmass.com
Bookworm: Rugged Mountain Ink (Filthy, Dirty, Small-Town Love) (Rugged Mountain Ink (Filthy, Dirty, Small-Town Sweetness) Book 10) Khloe Summers
https://ebookmass.com/product/bookworm-rugged-mountain-ink-filthydirty-small-town-love-rugged-mountain-ink-filthy-dirty-small-townsweetness-book-10-khloe-summers/ ebookmass.com
Quantum-like Networks: An Approach to Neural Behavior through their Mathematics and Logic 1st Edition Stephen A. Selesnick
https://ebookmass.com/product/quantum-like-networks-an-approach-toneural-behavior-through-their-mathematics-and-logic-1st-editionstephen-a-selesnick/ ebookmass.com
Post-Brexit Europe and UK: Policy Challenges Towards Iran and the GCC States (Contemporary Gulf Studies) 1st ed. 2022 Edition
https://ebookmass.com/product/post-brexit-europe-and-uk-policychallenges-towards-iran-and-the-gcc-states-contemporary-gulfstudies-1st-ed-2022-edition/ ebookmass.com
Summoning Knowledge in Plato's Republic Nicholas D. Smith
https://ebookmass.com/product/summoning-knowledge-in-platos-republicnicholas-d-smith/
ebookmass.com
(eTextbook PDF) for Private Security Today 1st Edition by Frank Schmalleger
https://ebookmass.com/product/etextbook-pdf-for-private-securitytoday-1st-edition-by-frank-schmalleger/ ebookmass.com
Back to the ‘30s? : Recurring Crises of Capitalism, Liberalism, and Democracy 1st ed. Edition Jeremy Rayner
https://ebookmass.com/product/back-to-the-30s-recurring-crises-ofcapitalism-liberalism-and-democracy-1st-ed-edition-jeremy-rayner/
ebookmass.com
CONTRIBUTORS Thesuccessofthispublicationisdirectlyrelatedtothepeer review processrecognized bymostprofessions.Securityprofessionals,membersofacademia,andother subject matter expertscontributedcurrentinformation,conductedresearch,reviewed submissions,andprovidedconstructivecomments.
ItiswithsincereappreciationthatIwishtothankthefollowingindividualswho contributedto Physical Security Principles:
MichaelE.Knoke,CPP ManagingEditor
KevinE.Peterson,CPP Co-Editor
EvaGiercuszkiewicz ASISProjectManager
DanaW.Adams,CPP
JamesE.Beadel,PSP
JohnBekisz,Jr.,PSP
HowardJ.Belfor,CPP
DennisR.Blass,CPP,PSP
GeoffreyT.Craighead,CPP
EricDavidson,PSP
AnthonyV.DiSalvatore,CPP,PCI,PSP
LisaDolan,CPP
ColinDoniger,CPP,PSP
SeanT.Doyle,PSP
RichardL.Edmond,PSP
PeterE.Ohlhausen Technical Editor
Evangeline Pappas ASISProductionManager
HeinrichF.Eisenberg,CPP
JamesW.Ellis,CPP,PSP
ChrisFreeman,CPP,PSP
Michael A.Franke,CPP,PSP
JeffreyR.Geiger,PSP
LeoP.Gonnering,PSP
DawnV.Gregory,CPP
DonaldR.Green,CPP
RichardA.Hawkins,CPP,PSP
EdwardC.Heisler,CPP,PSP
ScottJ.Hogan,PSP
Jennifer L.Holcomb,PE,PSP
GregoryL.Hurd,CPP
JeffreyC.Insdahl,PSP
RichardW.Jackson,PSP
GregoryW.Jarpey,PSP
KeithL.Kambic,CPP
StevenT.Kerley,CPP
MyrahL.Kirkwood,CPP
GlenW.Kitteringham,CPP
PatrickW.Klaassen,PSP
Daniel H.Kropp,CPP
RobertF.Leahy,CPP,PSP
Karl F.Langhorst,CPP
JeffreyS.Leonard,CPP,PSP
Jennifer McLamb,CPP,PCI,PSP
DanteI.Moriconi,CPP,PSP
RichardA.Michau,CPP
BonnieS.Michelman,CPP
MonsieC.Mintz,CPP
OwenJ.Monaghan,CPP
WilliamJ.Moore,PSP
LuisH.Morales,CPP
ThomasL.Norman,CPP,PSP
JaimeP.Owens,CPP
KevinE.Peterson,CPP
DougPowell,CPP,PSP
RobertRowe,CPP,PSP
LarryW.Simmons,CPP
RodneyJ.Taylor,CPP
FranciscoTranchesi,CPP,PSP
AnnTrinca,JD,CPP,PCI,PSP
MikeA.vanDrongelen,CPP,PCI,PSP
INTRODUCTION Physical Security Principles ismeanttoservethreepurposes.First,theauthors, reviewers,andother contributorshopethatsecurityprofessionalsworldwidewill find ittobeavaluabledeskreferenceonaspectsofthepracticeofphysical security. Second,thebookmaybeanappropriatetextfor collegeandCTE(career andtechnical education) coursesrelatedtophysical security.Third,itisagreatreferenceasit containsthebreadthanddepthnecessaryfor everyoneinterestedinobtaininga certificationinphysical security.
Our intentthroughoutistopresent,discuss,andcontrastprinciplesandpracticesina complementaryfashionanddemonstratetheir interrelatednessineveryorganizationand everysettingonaglobal scale.Theobjectivefor thesecurityprofessional istoleverage longstanding,widelyacceptedconceptsandtailor themtotheparticular situationat handtobestmeettheidentifiedprotectionobjectives.All thismustbedonewithinthe constraintsofcost,time,space,culture,regulation,andoperational needs.Itisa challengeindeed,andthisbookismeantasaresourcetohelplaythegroundworkfor successful physical securityprojectsineverysituation.
Althoughphysical securityisonlyoneelementofacomprehensiveprotectionstrategy,it isgenerallythefirstthingthatcomestomindfor mostpeople.Itisadisciplinethathas alwaysexistedandmostprobablyalwayswill.AsBobMcCrie,CPP,writesin The Handbook of Security byProfessor MartinGill:1
From the earliest known evidence, security became necessary for human existence A fundamental strategy was to use physical implementation wherever possible to protect from external incursions Often,geographic locationcouldbe significantfor protection While geographyeasedthe vulnerability for some communities, others required additional means of protection An encompassing wall or physicalbarriers for protection [were often employed] Posts,thick enclosures,heavy doors with stout closures, animals and traps all served to protect [communities] Thus, a variety of physical and animate securityresources emerged
Today,withtheconfluenceofphysical threats,humanthreats,andcyber threats in additiontotheever presentnatural andinadvertentthreat weliveinanasymmetric worldwithrespecttotherisksweface.Still,physical securityremainsakeydriver in assetprotectionprogramsinabsolutelyeverysetting,everywhereintheworld.Physical andanimatesecurityresourcescontinuetoemerge.Thetechniquesandtoolsofthis disciplineareappliedinour homesandvehiclesaswell asinmultinational corporationsandgovernmentagencies.Fromthelocal conveniencestoretomilitary installations,andfromwarehousestodatacenters physical securityplaysanessential role.
Eachofthisbook’sfour sectionshelpstodefinethatroleandofferspractical,realworldtoolsfor planningandimplementingphysical securityincontemporarysociety. PartIdealswiththeunderlyingconceptsofsecurityriskmanagementandhow they translateintoeffectiveandefficientsecuritypractices.Anoverview ofdesign principlesandpracticesispresentedinPartIIofthebook.PartIIIaddressesthe specifictoolsandtechniqueswithintheframeworkofstructural,electronic,andhuman meanscollaboratingtosatisfyprotectionobjectives.Finally,PartIVaddressesthe projectmanagementaspectsofsecurityinbothprincipleandpractice.Appendices definekeysecuritytermsandaddressspecial considerationsfor high-risebuildings.
Overall,wehopethatthisbookwill finduseamongpractitionersaswell asanyone involvedor interestedintheprinciplesandpracticesofcontemporaryphysical security. Incraftingthisbook,bothintermsofcontentandformat,weattemptedtoproducea pertinentandvaluableresourcefor membersofall threeofthoseaudiences.We sincerelyhopewehaveachievedthatobjective.
CONTENTS Preface
Contributors
Introduction
PART I RISKMANAGEMENT: THEBASISFORPHYSICALSECURITY
Chapter 1.CONCEPTSINSECURITYRISKMANAGEMENT 1.1 TakingaStrategicRiskManagementApproach
1.2 TheSecurityRiskManagementProcess
1.2.1 ConsideringAssets
1.2.2 AComprehensiveView oftheThreat
1.2.3 LookingatVulnerabilities
1.2.4 AnalyzingtheRisk
1.2.5 ProtectiveMeasures
1.3 RiskMitigation
1.3.1 TheFour Ds
1.3.2 TheFiveAvenuestoAddressRisk
1.3.3 LayeredSecurity
1.4 MitigationMeasures
References
Chapter 2.FUNCTIONSOFPHYSICALSECURITY 2.1 DefinitionandPurposeofPhysical Security
2.2 FunctionsVersusComponentsofPhysical Security
2.2.1 Structural Components
2.2.2 ElectronicComponents
2.2.3 HumanComponents
2.3 Peripheral SystemsandInterfaces
References
Chapter 3.PLANNING ANDCONDUCTING PHYSICALSECURITY ASSESSMENTS 3.1 General RiskAssessmentModelsandConsiderations
3.2 QualitativeandQuantitativeMethods
3.2.1 Assets
3.2.2 EvaluatingThreats
3.2.3 Vulnerabilities
3.2.4 RiskAnalysis
3.2.5 RiskMitigation
3.2.6 LeveragingOutsideExpertise
3.3 Physical SecurityAssessments
3.3.1 FramingtheSecuritySurveyandPuttingItinContext
3.3.2 ApproachestoPhysical SecurityAssessments
3.4 General Guidelines AreastoAssess
3.4.1 Typical AreasandItemstoAssess
3.4.2 Tests
3.5 ApplyingAssessmentResults
3.6 AutomatedAssessmentTools
References
Chapter 4.MEASURING EFFECTIVENESS: CONCEPTSINPHYSICAL SECURITYMETRICS
4.1 UnderstandingMetrics
4.1.1 BenefitsofaSecurityMetricsProgram
4.1.2 DesigningaMetricsProgram
4.2 Physical SecurityMetrics
4.2.1 Physical SecuritySystemsMetrics
4.2.2 Physical SecurityPersonnel Metrics
4.2.3 Physical SecurityComplianceMetricsinthePublicSector
4.2.4 PresentingAggregateStatusfor Physical SecurityMetrics
4.3 Additional RecommendedMetrics
4.4 ApplicationofMetricsThroughoutThisBook
References
DESIGNPRINCIPLESANDPRACTICES Chapter 5.BASICDESIGNCONCEPTS 5.1 DesignPrinciples
5.1.1 PointVersusAreaSecurity
5.1.2 ConflictAvoidance
5.1.3 Balance
5.1.4 Additional DesignElements
5.2 ExamplesofDesignPractices: GoodandNotSoGood
References
Chapter 6.INFLUENCING FACTORSINPHYSICALSECURITYDESIGN 6.1 CharacteristicsoftheAssetsunder Protection
6.2 CharacteristicsoftheBuildingor Facility
6.2.1 OwnershipandOccupancy
6.2.2 PurposeoftheFacility
6.2.3 Access
6.3 CharacteristicsoftheSurroundings
6.4 CharacteristicsoftheLocation
6.5 Additional InfluencingFactors
6.5.1 SelectingMitigationOptionsBasedonInfluencingFactors
References
Chapter 7.SECURITYARCHITECTUREANDENGINEERING 7.1 DesignOverview
7.2 CodesandRegulations
7.3 ProjectRequirements
7.4 TypeofConstruction
7.5 SiteLayout
7.5.1 Perimeter
7.5.2 Lighting
7.5.3 BuildingDesignAgainstBlast
7.5.4 BuildingAccess
7.6 Material Selection
7.6.1 BuildingStructure
7.6.2 Facades
7.6.3 Interior Layout
7.6.4 Glazing
7.7 SiteUtilities
7.7.1 HVAC
7.7.2 EmergencyPower
7.7.3 Other Utilities
7.8 LifeSafetySystems
7.8.1 Evacuation
7.8.2 Shelter-in-Place
7.9 PublicationsRelevanttoSecurityArchitectureandEngineering
References
Chapter 8.INTEGRATEDSECURITYANDPROTECTIONSTRATEGIES
8.1 IntegratedElectronicSecuritySystems
8.2 IntegratedPhysical SecurityElements
8.3 IntegratedSecurityPrograms
8.4 IntegrationinEnterpriseRiskManagement
References
PHYSICALSECURITYANDPROTECTIONSTRATEGIES
Chapter 9.STRUCTURALSECURITYMEASURES
9.1 Barriers
9.1.1 Walls
9.1.2 Doors
9.1.3 WindowsandOther Openings
9.1.4 RoofsandFloors
9.1.5 FencingandPerimeter Walls
9.1.6 BlockingBarriers
9.1.7 SymbolicandNatural Barriers
9.2 ContainersandVaults
9.2.1 Safes
9.2.2 Vaults
9.3 LocksandLockingMechanisms
9.3.1 Mechanical Locks
9.3.2 ElectrifiedLockingMechanisms
9.3.3 DesigningSecurityLockingSystems
9.4 LightingandSecurityApplications
9.4.1 TypesofLightingEquipmentandLamps
9.4.2 LightingChallenges
9.4.3 CharacteristicsofLightandLighting
9.4.4 Overview ofLightingSystems
9.4.5 EconomicConsiderations
9.4.6 StartingandRestrike
9.4.7 SecurityLightingfor SelectedApplications
9.4.8 LightingConsiderationsfor ElectronicSurveillanceSystems
9.4.9 Standardsfor SecurityLightingLevels References
Chapter 10.CRIMEPREVENTIONTHROUGHENVIROMENTALDESIGN
10.1 PrinciplesofCPTED
10.1.1 Criminal BehaviorsandPatterns
10.1.2 Later DevelopmentsinCPTED
10.2 ToolsofCPTED
10.2.1 ToolsThatAddresstheThreeElementsofCPTED
10.2.2 ReducingCrimeThroughArchitectural Design
10.2.3 AccessControl,Surveillance,andTerritorial Reinforcement
10.3 CPTEDApplicationsinVariousSettings
10.3.1 Commercial OfficeBuildings
10.3.2 Industrial BuildingsandFacilities
10.3.3 ParkingFacilities
10.3.4 Schools
10.3.5 AutomatedTeller Machines(ATMS)
10.3.6 U.S.Federal Buildings
10.4 IntegrationofCPTEDandTraditional Security
10.5 OneExampleofaCPTEDSurveyTemplate
References
Chapter 11.ELECTRONICSECURITYSYSTEMS 11.1 AccessControl Systems
11.1.1 Personnel AccessControl
11.1.2 Locks
11.2 ContrabandDetection
11.2.1 Metal Detectors
11.2.2 PackageSearch
11.2.3 ExplosivesDetection
11.2.4 Chemical andBiological AgentDetection
11.3 Physical IntrusionDetectionSystems
11.3.1 PerformanceCharacteristics
11.3.2 Standards
11.3.3 Exterior Sensors
11.3.4 Interior Sensors
11.4 VideoSurveillance
11.4.1 Functional Requirements
11.4.2 TheoryofVisual Security
11.4.3 UsesofVideoSubsystemsinSecurity
11.4.4 AnalogSystemComponents
11.4.5 Digital SystemComponents
11.4.6 SystemDesign
11.4.7 EquipmentSelection
11.4.8 Additional DesignConsiderationsfor VideoAssessment
11.4.9 EvaluationofVideoAssessmentSystems
11.4.10 Maintenance
11.4.11 FutureofVideoSurveillanceSystems
11.5 CommunicationsandAnnunciationSystems
11.5.1 AC&DAttributes
11.5.2 AlarmCommunicationSubsystem
11.5.3 SecurityCommunications
11.5.4 AlarmControl andDisplay
11.6 TrendsandIssuesinElectronicSystemsIntegration
References
Chapter 12.SECURITYOFFICERSANDTHEHUMANELEMENT 12.1 SecurityOfficer UtilizationGrowth
12.2 ContemporaryChallenges
12.3 DeterminingtheNeedfor aSecurityForce
12.4 SecurityForceModels
12.5 BasicSecurityOfficer Functions
12.5.1 AccessControl
12.5.2 Patrol
12.5.3 Inspection
12.5.4 Monitoring
12.5.5 EmergencyResponse
12.5.6 TrafficControl
12.5.7 DealingwithDisturbedPeople
12.5.8 Escort
12.5.9 Special Assignments
12.5.10 RecordKeeping
12.6 SecurityOfficer Roles
12.6.1 PublicRelations/ManagementRepresentative
12.6.2 IntelligenceAgent
12.6.3 Enforcement/ComplianceAgent
12.6.4 Legal Consultant
12.6.5 Physical SecuritySpecialist
12.7 UniformsandEquipment
12.7.1 Weapons
12.8 SecurityOfficer Selection
12.8.1 ASISGuidelinePSO-2010
12.8.2 CanadianGeneral StandardsBoardCAN/CGSB-133.1-99
12.8.3 Personal Attributes
12.9 SecurityOfficer Training
12.9.1 KeyTrainingConcepts
12.9.2 BenefitsofTraining
12.9.3 IdentifyingTrainingRequirements
12.9.4 MethodsofTraining
12.9.5 TheTrainingProcess
12.9.6 ObstaclestoProvidingTraining
12.9.7 TrainingStrategies
12.10 ManagingtheSecurityOfficer Force
12.10.1 Personnel Requirements
12.10.2 General,Post,andSpecial Orders
12.10.3 Scheduling
12.10.4 Supervision
12.10.5 QualityAssuranceandQualityControl
12.10.6 QualityControl Inspections
12.10.7 ManagementUseofData
12.10.8 EnhancingJobPerformance
12.11 LeveragingtheHumanElement
References
14.1 SystemDesignPrinciples
14.2 Initial Phases
14.3 DesignPhases
14.3.1 DevelopmentofDesignCriteria
14.3.2 BasisofDesign
14.3.3 Conceptual Design
14.3.4 DesignandDocumentation
14.3.5 Specifications
14.3.6 Drawings
14.3.7 DesignCoordination
14.4 Contracting
14.4.1 Initial Budget
14.4.2 EstimationConsiderations
14.4.3 TypesofCostEstimates
14.4.4 Life-CycleCost
14.4.5 SampleEstimate
14.5 TheRoleofConsultants
14.6 VideoSystems
14.6.1 TheFirstEvolution: AnalogtoDigital
14.6.2 TheSecondEvolution: StandardResolutiontoMegapixel
14.6.3 ProcessedVideo,VideoAnalytics,andIntelligentVideo
14.6.4 VideoSystemsIntegration
14.7 MergingLegacySystems
14.7.1 AccessControl Systems
14.7.2 LegacyVideoSystems
14.7.3 LegacyIntercomSystems
14.7.4 SecurityNetworksandLegacyIntegration
14.8 Procurement
14.8.1 ProcurementForms
14.8.2 ProcurementProcess
Chapter 15.PROJECTIMPLEMENTATION 15.1 SitePreparation
15.2 Contractor Coordination
15.3 Installation
15.3.1 InstallationandOperation
15.3.2 ComponentInstallation
15.3.3 Other FeaturesandConsiderations
15.3.4 TuningtheSystem
15.3.5 MaintainingtheOperatingProcedures
15.4 TestingandWarrantyIssues
15.4.1 Predeliveryor FactoryAcceptanceTesting
15.4.2 SiteAcceptanceTesting
15.4.3 Reliabilityor AvailabilityTesting
15.4.4 Post-ImplementationTesting
15.4.5 WarrantyIssues
15.5 Training
15.5.1 General TrainingRequirements
15.5.2 TrainingTopics
References
Chapter 16.FOLLOW-ONANDSUPPORTACTIVITIES 16.1 Maintenance
16.1.1 Remedial Maintenance
16.1.2 PreventiveMaintenance
16.2 Evaluation
16.3 Replacement
APPENDICES
A. KeyTermsandDefinitions
B. Physical SecurityandLifeSafetyConsiderationsinHigh-RiseBuildings
INDEX
1-1 RiskManagement
1-2 TheFour Ds
TABLEOFFIGURES 3-2 SWOTAnalysisDiagram
4-1 EnterprisePerformanceFramework
4-2 Total ForcedDoorsbyWeek
4-3 Total ForcedDoorsandTurnstilesbyWeek
4-4 ForcedDoor DetailsbyLocationandWeek
7-2 Castel Nuovo,Naples,Italy
7-3 HämeCastle,Hämeenlinna,Finland
7-4 ConsiderationsinNew ConstructionversusRetrofit/Renovation
7-5 BlastPressureEffectsonaStructure
7-6 EffectsofBuildingShapeonAir BlastLoadingPressureEffectsonaStructure
7-7 SecurityZones
7-8 EffectsofProgressiveCollapseonKhobar Towers
7-9 PerformanceConditionsfor Window SystemResponse
7-10 ProtectingIntakesfor HVACSystems
8-1 SurveyResponsesonSecurityInvolvementinNonsecurityRisks
9-1 Typical ChainLinkSecurityFenceInstallation
9-2 Typical SizesofWireandMesh
9-3 DecorativeFencinginConcertwithaMasonryWall andLandscaping
9-4 DecorativeFencingwithTopBarbs
9-5 LayoutofCableFencingUsedinConjunctionwithPlanting
9-6 Cross-SectionView ofTypical Bollard
9-7 Cross-SectionView ofaRetractableBollard
9-8 DecorativeSecurityFencingwithSupportingBollardsSpaced1.5-3ft.(0.5to 0.9m) Apart
9-9 Barrier ProtectionRatings
9-10 WedgeBarriers
9-11 InstallationofaRisingWedgeBarrier
9-12 Typical RotatingEdgeBarrier
9-13 CustomSecurityPlanter BarriersInstalledinanUrbanProfessional Area
9-14 Planter BarriersInstalledinaSportsArenaSettingwithLogos
9-15 CutawayofaPlanter withanInterior Highway-TypeBarrier
9-16 JerseyBarriers
9-17 EquivalentPre-1972andCurrentClassificationLabelsfor Fire-ResistantSafes
9-18 SummaryofULDesignationsandLabelsfor Fire-ResistantContainers
9-19 LightingStraightDown
9-20 AppropriateOverlapVersusCoverageGapfor Pole-MountedOutdoor Lighting
9-21 Natural andVisual LightLevels
9-22 ReflectanceMeasurements
9-23 Color Temperature
9-24 Color RenditionIndexfor VariousLampTypes
9-25 LampStartingandRestrikeTimes
9-26 Guidelinesfor MinimumLightingLevels
10-1 Tool for EvaluatingCPTED3-DFactors
10-2 SignagetoClarifyProcedures 10-3 Typical Elevator Lobby
10-4 BermandTreeLinefor Perimeter Control andPrivacy
AccessandHours
LayoutstoAvoid
BistaticMicrowaveSensors
GlassBreakSensor
PART I RISKMANAGEMENT: THEBASIS FORPHYSICAL SECURITY CHAPTER1 CONCEPTSINSECURITY RISKMANAGEMENT Whether inthepublicor privatesector,andwhether dealingwithtraditional or cyber security(or both),assetsprotectionisincreasinglybasedontheprincipleofrisk management.2 Theterm risk management hasbeenincommonuseinother fields(such asinsurance,business,researchanddevelopment,andengineering) for manyyears. However ithasmorerecentlybeenappliedinsecuritymanagementandassets protection.Theconceptisaperfectfitsincesecurity’sprimaryobjectiveistomanage risksbybalancingthecostofprotectionmeasures(includingphysical security) with their benefit.Tomanageriskeffectively,asecurityprofessional wouldeliminateor reducethetotal number ofincidentsleadingtoloss.Agoal ofriskmanagementisto managelosseffectivelyattheleastcost.Infact,manyprofessionalsbelievethat“riskis themostsignificantfactor thatdrivesthedeploymentofsecurity”(Vellani,2007,p. 234).
1.1 TAKINGASTRATEGIC RISKMANAGEMENTAPPROACH Toooftenorganizationleaderslooktothequickfixtosatisfytheir security needs.Theybuyapopular securitysystemor areconvincedbyasales representativethataparticular productor serviceistheall-encompassing answer totheir protectionneeds.Theyareconvincedthattheir critical assetsare thencompletelysafewithoutever askingwhatthoseassetsareor whattypesof threatstheyface.Vellani (2010,p.3) observes:
[T]oo often recommendations...are presented with little or no thought as to why certain procedures or security equipment should be used.... Often, a security measure is deployed because other companies are doingit...[or] without[a] complete understandingof the problem.
Similarly,Gardner (1995) writes:
One critical area where outside professional advice is [too] seldom sought is security and loss prevention Too often, [assets protection] measures, if they exist at all, are implemented as a hurriedreactiontoa badexperience These are frequentlyemotionalrather thanlogicaldecisions Little or no research is done Little effort is made to distinguish between real and perceived problems No consideration is given to alternatives The end result is a collection of independently operating procedures that, in some cases, may actually make matters worse The benefits of a thoughtfully designed and coordinated system are lost The patchwork approach to problem solvingworks nobetter inloss preventionthanitdoes inthe restof the business world
Thesolutionistodevelopacomprehensiveassetsprotectionstrategybasedona strategicriskmanagementapproach.Takingastrategicapproachmeansbasing theenterprise’sassetsprotectionpracticeonsoundplanning,management,and evaluation,andtakingintoconsiderationboththeorganization’smissionandthe environmentinwhichitoperates.Astrategyshouldarticulate toall involved whatisbeingprotected,whyitisbeingprotected,andhow itisbeing protected(Peterson,2009).
TheNational InfrastructureProtectionCenter (2002) definesriskmanagementas “asystematicandanalytical processbywhichanorganizationidentifies, reducesandcontrolsitspotential risksandlosses.”Itfurther statesthatrisk management
• offersarational anddefendablemethodfor makingdecisionsabout expenditureofscarceresourcesandtheselectionofcost-effective countermeasurestoprotectvaluableassets,
• improvesthesuccessrateofanorganization’ssecurityefforts,and
• helpssecurityprofessionalsandkeydecisionmakersanswer thequestion “how muchsecurityisenough?”
Riskmanagementshouldbeastrongunderlyingconsideration,regardlessof whether asecurityprofessional isconductinganassessment,craftingasecurity programfor anorganization,buildingsecurityintoafacility,or drawingupa physical securitysystemdesign.Likeacomputer’soperatingsystem,itshould alwaysberunninginthebackground,influencingdecisionsandguidingactions.
ThecomponentsofariskmanagementprocessareshowninFigure1-1.The
processbeginsbyestablishingthecontextoftheriskthroughcommunicationand consultationwithstakeholdersandthenconductingacomprehensiverisk assessment(describedfurther inChapter 3,PlanningandConductingPhysical SecurityAssessments).Theassessmentresultsindecisionsonthesuiteof protectivemeasuresthatwill formthecomprehensiveassetsprotectionstrategy for anorganization,facility,or other asset.
1.2.1 CONSIDERING ASSETS Thefirststepinriskassessmentisidentificationandvaluationofassets.As Gardner (1995) asserts,“Thefirststepinestablishing[any] effective[assets protection] programinvolvesidentifyingthebusiness’sassets.”Althoughthis stepisfrequentlyoverlooked,noeffectivesecurityprogramcanbeimplemented withoutathoroughunderstanding(onthepartofboththeassetowner andthe securityprofessional) ofwhatisbeingprotected or shouldbeprotected.All typesofassets tangible,intangible,andmixed shouldbeconsideredand incorporatedintotheriskassessmentprocess.Toooften,assetownersand securityprofessionalsfocusexclusivelyontangibleassetsor onthosethat appear ontheaccountant’sbalancesheet.Thisisparticularlytrueinthecaseof
physical securitydecisions.Securityprofessionalsandplannersmust incorporatetheprotectionofintangibleassetsintotheir facilityandsecurity systemsdesigns.
1.2.2 ACOMPREHENSIVEVIEWOFTHETHREAT Enterprisesfaceawidevarietyofthreats,whichfall intothreecategories: intentional,natural,andinadvertent.Acomprehensive,andhencemore meaningful,threatandvulnerabilityanalysis,whichisthefirststep,will consider all threecategories.SinceSeptember 11,2001,itiscommontofocus heavily(sometimesalmostexclusively) ontheterroristthreatwhenconducting corporateor organizational riskanalyses.However,terrorismisonlyoneaspect ofonecategoryofthreats(intentional).Thetendencytofocusononethreatisnot new.Inthemid-1980s,for example,therewasanoveremphasisonthetheftof advancedtechnology.Atother times,thesecuritycommunityhasfocusedtoo heavilyonwhite-collar crime,cyberattacks,natural disasters,or other calamities.
Physical securityplanningshouldadoptan all hazards perspective inother words,abalancedapproachthatlooksatthebigpictureandidentifiesthatinthe contextofrisk,ahazardisacontributingfactor toaperil.Sometypesofthreats aremoreprevalentatcertaintimesandincertainplaces.Long-termassets protectionstrategies,however,mustbebasedonarealistic,full scopeand balancedthreatassessment.AccordingtoWinkler (1997,p.37):
Accurate assessment of the level of threat against your organization is critical to the success of your security plan Threat is an essential factor in your risk reduction formula, and you must consider it carefully If you don’t, you’ll simply be flying blind when it comes to prioritizing countermeasures
1.2.3 LOOKING
ATVULNERABILITIES Vulnerabilityiscommonlyviewedasasecurityweakness,gapsinanasset’s protectionor problem.However,somevulnerabilitiesaresimplyexisting conditionsor businesspracticesthatsupportmissionaccomplishment.For example,engaginginsalesbye-commercecanbeviewedasavulnerability,but itmayalsobeanessential wayofconductingbusinessfor aparticular company. Onedefinitionof vulnerability is“aweaknessor organizational practicethat mayfacilitateor allow athreattobeimplementedor increasethemagnitudeofa
lossevent”(ASISInternational,2007,p.8).
Animportantdifferencebetweenathreatandavulnerabilityisthata vulnerabilityisacharacteristicoftheorganizationor facility.Assuch,itis generallysomethingover whichtheorganizationcanexerciseatleastsome degreeofcontrol.Threats,ontheother hand,areusuallyoutsidethecontrol of theorganization.
124 ANALYZING THERISK Thisstepofthesecurityriskmanagementprocesshastwoimportantroles.First, itintroducestheconceptoftheimpact3 ofalossevent.Whilethethreatand vulnerabilityconsiderationsareincludedinthefirststepandaddressthe likelihoodandnatureofapotential losseventor undesirableaction,theimpact factor dealswiththeseverityofthesituationifsomethingdoesoccur.Thisis importantbecausenotall incidentshavethesameeffectonthesafetyor security postureofanorganization’sfacilityor mission(i.e.,strategicbusinessgoals).
Thesecondrolefor riskanalysisistoplacetheidentifiedrisksinsomesortof priorityor sequenceofimportance.Thispriorityassistsdecisionmakersin determiningwhichriskstoaddressfirstor wheretoallocateresourcesinthe mosteffectivemanner.Theprioritymaybeorganizedbycategory(e.g.,riskof physical damage,riskstopeople,missionor operational risk,infrastructurerisk, etc.) or inother ways(suchasbylevel ofprojectedmitigationcost,monetary valueor suggestedtimeframetoaddress).Riskanalysisistheprocessof identifyingpotential areasofloss,andimplementingcountermeasurestomitigate theprobabilityoftheloss.
Manycorporateexecutivesonlywanttohear aboutlikelyrisks,butitisalso importanttoconsider low-probability/high-consequencerisks(Garcia,2000). Examplesofsuchrisksareterroristattacks,catastrophicworkplaceviolence incidents,andmajor natural disasters.Again,theobjectiveofacomprehensive assetsprotectionstrategyistofindtherightbalancebetweenafocusonhighprobabilityrisksandlow-probability(buthigh-consequence) risks.
1.2.5
Thenextstepistorecommendasuiteofprotectivemeasurestoeffectively