assignment-462

*

Copyright © 2013, Elsevier Inc. All rights reserved.

Chapter 4

Approaches to Physical Security

Effective Physical Security

Fourth Edition

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2013, Elsevier Inc. All rights reserved.

Physical Security

• No system is 100% defeat-proof
• Can be designed to eliminate most threats
• At a minimum should offer enough protection to delay threat until system can be upgraded to where threat can be defeated (arrival of police or on-site guards)
• Maximum security a concept:
• Parts of system cannot work unless combined in correct proportions.

4 Approaches to Physical Security

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer

*

Levels of Physical Security

• Levels:
• 1: Minimum security
• 2. Low-level security
• 3. Medium security
• 4. High-level security
• 5. Maximum security

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Levels of Physical Security

• <Insert Figure 4-1 here>

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Levels—Minimum Security

• Designed to impede some unauthorized external activity
• Originating outside the scope of security system
• Consists of:
• Simple physical barriers (regular doors and locks)

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Levels—Low-Level Security

• System designed to impede and detect some unauthorized external activity
• Simple barriers supplemented with other barriers:
• Reinforced doors and window bars
• High-security locks
• Simple lighting system
• Basic alarm system

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Levels—Medium Security

• Designed to impede, detect, and assess:
• Most unauthorized external access
• Some unauthorized internal activity
• Ranging from simple shoplifting to conspiracy to commit sabotage

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Levels—Medium Security

• In addition to lower-level security, necessary to:
• Incorporate advanced intrusion alarm
• Establish perimeter beyond area confines
• High-security physical barriers or guard dogs
• Unarmed guard with basic communication to offsite agencies

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Levels—High-Level Security

• Designed to impede, detect, and assess most unauthorized external/internal activity
• Add to previous levels of security:
• State-of-art equipment
• Closed-circuit television (CCTV)
• Perimeter alarm system
• High-security lighting

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Levels—High-Level Security

• Add to previous levels of security (con’t):
• Highly trained armed guards
• Controls that restrict access to unauthorized personnel
• Formal plans, with police cooperation, for response and assistance
• Coordination with local law enforcement
• Annual assessment or security audits

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Levels—Maximum Security

• Designed to impede, detect, assess, and neutralize all unauthorized external and internal activity
• Sophisticated, state-of-the-art alarm system, remote monitor, with backup power source
• On-site, trained response force

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Levels—Maximum Security

• Will be found at:
• Nuclear facilities
• Some prisons
• Certain military bases and gov’t research sites
• Some foreign embassies

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Levels—Maximum Security

• Maximum security—high level of physical security offered by total system
• Designed with diversity and redundancy
• One component’s strength offsets another’s weakness
• The more layers, the more difficult to defeat

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Psychology of Maximum Security

• Can capitalize on psychological aspects
• Creates appearance of impenetrability
• Deters some lesser adversaries
• Concept will not necessarily turn aside those up to the challenge
• System effectiveness—eliminates opportunity
• Psychology of system—eliminates desire

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Psychology of Maximum Security

• Desire to commit a crime can be eliminated or reduced:
• Threat of getting caught
• Convince them the odds of getting caught are high
• Announce capabilities, without giving away proprietary information

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Psychology of Maximum Security

• Some disagree with value of advertising security system capabilities
• Believe maintaining low profile contributes to overall effectiveness—criminals will not know an attractive target exists (ostrich syndrome)
• Criminal likely to find information about target on mass/multimedia

Copyright © 2013, Elsevier Inc. All rights reserved.

*

The Value of Planning

• Two basic questions:
• What assets are being protected
• How important is it:
• Political/economic impact
• Commitment to protection
• Third question—do costs of protection outweigh the value

Copyright © 2013, Elsevier Inc. All rights reserved.

*

The Value of Planning

• List prerequisites of security system, along with components to accomplish tasks
• Example: Capability to neutralize:
• Security force
• Response force
• Coordination with LLEA

Copyright © 2013, Elsevier Inc. All rights reserved.

*

The Value of Planning

• Decide components used to:
• Impede
• Detect
• Assess
• Neutralize

• <Insert Table 4-1>

Copyright © 2013, Elsevier Inc. All rights reserved.

*

The Value of Planning

• <Insert Table 4-2>
• <Insert Table 4-3>

• <Insert Table 4-4>

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Value of Planning—Design-Reference Threat

• Develop after deciding on components to make up the maximum-security system.
• Defines level of threat the physical protection system could defeat
• Essential for cost-effective planning

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Value of Planning—Design-Reference Threat

• Security director lists all possible threats
• Example: hospital
• Emergency room and pharmacy coverage
• Disorderly conduct
• Internal theft/diversion
• Assault on employees or visitors
• Infant kidnapping

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Value of Planning—Design-Reference Threat

• Next, evaluate threats in descending order of credibility; in hospital example:
• Internal theft or diversion
• Auto theft from parking lot
• Disorderly conduct
• Assaults on employees/visitors
• Burglary and robbery
• Hostage incident

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Value of Planning—Design-Reference Threat

• Low-credibility threats less of a concern than high-credibility threats, which should be given higher priority
• Use info do develop design-reference threat

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Value of Planning—Design-Reference Threat

• Generic categories of adversaries
• Terrorist groups
• Organized sophisticated criminal groups
• Extremist protest groups
• Disoriented persons
• Disgruntled employees
• Miscellanous criminals

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Value of Planning—Design-Reference Threat

• Security director assesses potential threats by likelihood of encounter; in example:
• Miscellaneous criminals
• Disgruntled employees/workplace violence
• Disoriented persons
• Organized sophisticated criminal groups
• Extremist protest groups
• Terrorist groups

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Value of Planning—Design-Reference Threat

• Likelihood of threat from a group influenced by:
• Time
• Location
• Circumstance (example: labor disputes)

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Value of Planning—Design-Reference Threat

• Begin process by comparing:
• Most credible threats
• Most likely adversaries
• Example: Hospital:
• 1. Internal theft
• Miscellaneous criminals
• Disgruntled employee
• Organized criminals

• 2. Auto theft
• Miscellaneous criminals
• Organized criminals
• 3. Disorderly conduct
• Disoriented persons
• Misc. criminals
• 4. Assaults
• Misc. criminals
• Disoriented persons
• Organized criminal
• Etc.

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Value of Planning—Design-Reference Threat

• Overlap—keep in mind when preparing threat-versus-adversary analysis
• In example:
• Primary threat is internal threat or diversion

• Most likely adversaries misc. criminals or disgruntled employees
• Protection must be designed/upgraded to counter most real threat
• Most worthy adversary is organized sophisticated criminal
• System must be designed to defeat them

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Value of Planning—Design-Reference Threat

• Determine adversary most capable of carrying out most credible threats; in example:
• 1. Internal threat—organized sophisticated criminals
• 2. Auto theft—organized sophisticated criminals
• Etc. down the list

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Value of Planning—Design-Reference Threat

• Establishing threat contingent on determining groups; in example:
• Internal theft (crimes against property)
• Auto and burglary
• Violent conduct (crimes against persons)
• Robbery, disorderly conduct, assaults, hostage incidents, kidnapping, armed attack

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Value of Planning—Design-Reference Threat

• Determines where to channel resources and to what degree; in example:
• Design system to counter internal threat/diversion, then to counter auto theft
• At end of scale—armed attack on facility a remote chance.
• Attention and resources minimal in this area

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Layering for Protection

• Principle of security in dpeth
• Layer protection to provide diversity, redundancy
• Layer components
• Do a walk-through of facility and likely threat routes

• <Insert Figure 4-2>

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Physical Barriers

• Check physical barriers at most sensitive areas—the objective:
• Vault
• Cell block
• Tool crib
• Shipping department

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Physical Barriers

• To protect objective:
• Provide high-security barrier around it
• Enclose it with another high-security barrier
• Surround with penetration-resistant fence
• Establish isolation zones on either side
• Add another penetration-resistant fence surrounding the outer isolation zone
• Establish another isolation zone outside this

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Physical Barriers

• Identify entry and exit points; determine which ones are vital
• Install high-security doors and windows
• Evaluate structural components:
• Walls, ceilings, floors

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Physical Barriers

• Locks:
• Decide which openings require locks
• Determine types of locks
• Grand Master combination for mechanical locking system not sound security

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Physical Barriers

• Access Controls
• Decide who will be admitted to facility and who will have unrestricted access within
• Protected area—facility and outside area up to first penetration-resistant fence
• Vital areas—vault, alarm stations, generator

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Physical Barriers

• Alarm Systems:
• State-of-the-art perimeter alarms
• Vital areas should have alarms
• Alarm doors contributing to security system
• Supervise alarm circuits

• Lighting:
• Consider for impeding and assessing
• Avoid silhouetting security
• High-intensity glare lighting outside
• Inside to facilitate use of CCTV

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Physical Barriers

• Communications:
• Commercial telephone
• At least one dedicated hotline to LLEAs
• Two-way radio network with two-channel capability

• CCTV:
• Camera placed to ensure proper surveillance
• Can effectively monitor perimeter, and protected vital areas

Copyright © 2013, Elsevier Inc. All rights reserved.

*

Physical Barriers

• Response Force
• To neutralize threat
• Properly trained and equipped
• Sufficient personnel to counter design-reference threat

• LLEA Coordination
• Establish liaison early on
• Consult with LLEA on contingency planning
• Schedule joint training sessions and drills

Copyright © 2013, Elsevier Inc. All rights reserved.

*

The Security Plan

• Consultant and security director work together
• A necessary building document before implementation
• Plan should be proprietary, with restricted access

Copyright © 2013, Elsevier Inc. All rights reserved.

*

The Security Plan

• A description of the protection system
• As building document, should be detailed
• Details can be deleted after implementing
• Regulations may demand details—if so, document should be considered sensitive

Copyright © 2013, Elsevier Inc. All rights reserved.

*

The Security Plan

• Should describe (but not be limited to):
• Facility and organizational structure
• Facility security organization
• Physical barriers
• Access controls

• Security lighting
• Communications capability
• CCTV capability and use
• Breakdown of security force
• Outside resources
• Annual assessments

Copyright © 2013, Elsevier Inc. All rights reserved.

*

The Security Plan

• Justification
• Necessary evil syndrome—contributes nothing to production, BUT:
• Holds losses to minimum
• Keeps costs down
• Results in increased profits
• Many cut security costs before anything else.

Copyright © 2013, Elsevier Inc. All rights reserved.

*

The Security Plan

• Justification can be based on:
• Convincing oneself a propose is justified
• Convincing others
• Formulating the approach
• Presenting the approach

Copyright © 2013, Elsevier Inc. All rights reserved.

*

The Security Plan

• Convincing oneself:
• Define the issue—personnel, equipment, etc.
• Consider pros and cons
• Consider the benefit
• Consider the turnaround time to gain
• Go with your gut!

Copyright © 2013, Elsevier Inc. All rights reserved.

*

The Security Plan

• Convincing others:
• Research the issues
• Invest time and effort proportional to expense and importance
• Research based on:
• Company’s past experience
• Supporting documentation
• Others’ perceptions

Copyright © 2013, Elsevier Inc. All rights reserved.

*

The Security Plan

• Company’s experience:
• May have encountered security issues before
• Adverse publicity from implementing or not implementing approach
• Best to promote right after security problem has happened

Copyright © 2013, Elsevier Inc. All rights reserved.

*

The Security Plan

• Personal experience:
• Draw on previous experience with security issues
• Use to define and analyze short- and long-term ramifications, positive/negative results
• Capitalize on idiosyncrasies that provide direction

Copyright © 2013, Elsevier Inc. All rights reserved.

*

The Security Plan

• Formulate the approach:
• Use raw data to adopt a strategy for communicating arguments convincingly.
• Based on personal knowledge and experience
• Charts and transparencies if well received
• Concise approach
• Decide on written or verbal format
• Cover areas by priority

Copyright © 2013, Elsevier Inc. All rights reserved.

*

The Security Plan

• Basic information to communicate:
• Definition of problem
• Ramifications
• Alternatives
• Elimination of alternative except proposed one
• The solution
• Support for the solution

Copyright © 2013, Elsevier Inc. All rights reserved.

*

The Security Plan

• Presenting the approach:
• Approach should be presented as formulated
• Include basic information
• Concise and consistent
• Be prepared to answer questions
• AV aids may be effective if time permits
• Do not oversell.

Copyright © 2013, Elsevier Inc. All rights reserved.