Module 2: Physical Security Assessment
In conducting security surveys, the interrelationships of three basic elements of the security program will be analyzed:
1) Architectural security elements. 2) Organization, security staff, and policy and procedure elements. 3) Security systems elements.
Components of a Physical Security Survey
1) Risk Analysis and determination of required levels of protection, and 2) Systemic deficiencies in architecture, security systems, and operations.
Premises Liability
A plaintiff tries to hold a landlord or property manager liable for injuries inflicted during a violent criminal attack committed at the landlord or manager's property.
1) Deter 2) Detect 3) Delay 4) Facilitate rapid assessment 5) Facilitate rapid response
A security strategy should be developed to accomplish what 5 goals?
Negligent Tort
A wrong committed through failure to exercise sufficient care in what is otherwise permissible.
Intentional Tort
A wrong committed with intent to cause harm.
Vicarious Liability
Ability to control another party's actions in a relationship or contract.
Physical Security Survey
An in-depth analysis of the physical security program at a facility or group of facilities. The analysis looks at the security measures a site has implemented for protecting personnel, property, and information.
asset protection
Appropriate security levels are contingent upon the value of company assets, potential threats to these assets, and the cost associated with
1) A physical security survey for each facility 2) A continuous scheduled/unscheduled survey of facilities 3) A comprehensive and continuous security education and awareness effort 4) An established process of emergency procedures 5) An appropriate set of security policies and procedures
At minimum, a physical security program should include
Security systems elements
Automated access control, intrusion alarms, closed circuit television, intercom and wireless communications, and monitoring systems.
security
Behavior modifications of personnel through security surveys and audits, policies and procedures, training, and awareness are the least expensive, yet most effective elements in achieving
1) Risk Analysis 2) Security Program Design 3) Implementation 4) Maintenance
Developing a security plan involves four distinct phases:
Security Survey
Evaluates: 1) Required levels of protection for personnel, property, and information 2) Systemic deficiencies in architecture, security, and operations.
Security Audit
Evaluates: 1) The implementation of standards 2 The security awareness of employees 3) Security administration 4) Existing internal management controls
Negligence
Failure to exercise the degree of care considered reasonable under the circumstances, resulting in an unintended injury to another party.
Tort
French for wrong. Civil causes where one person sues another because of harmful action and seeks monetary compensation.
all critical assets
Generally speaking, low-cost security elements should be in place for
It's contingent upon the value of assets, the potential threats to those assets, and the cost associated with protecting those assets.
How do you determine the appropriate level of physical security?
1) Build and broaden awareness among senior management. 2) Establish against a baseline to gauge the improvement or deterioration of an organization's security posture. 3) Categorize critical assets and drive the risk management process. 4) Develop and build internal skills and expertise. 5) Promote action by gaining executive buy-in and identifying key players. 6) Kick off an ongoing security effort.
Identify 6 direct benefits of performing security surveys.
1) Conducting research 2) Collecting data 3) Making a site visit 4) Conducting interviews 5) Assembling and analyzing drawings and schematics 6) Analyzing data
Identify 6 main components of the security survey procedure
1) Introduction 2) Background 3) Executive Summary 4) Detailed Report 5) Conclusion 6) Rating
Identify 6 possible sections in a security survey report.
1) Implementation cost and implementation time 2) Change in operating cost associated with implementing each recommendation 3) Attractiveness of the asset 4) Level of consequence 5) Likelihood of preventing an aggressor attempt 6) Likelihood of preventing an aggressor's success 7) Technical and cultural difficulty 8) Dependency on other infrastructures
Identify 8 design criterion a practitioner may use when selecting mitigation measures.
1) Outside-In 2) Inside-Out
Identify two approaches to the physical security survey.
cost-benefit approach
Implementation of more stringent security elements, such as access control points, cameras, alarms, and guard forces require a
Change in operating cost associated with implementing each recommendation.
Includes maintenance cost, consumables, and staff time to monitor or supervise.
1) Assets 2) Threats 3) Security strengths 4) Observations and recommendations
Name 4 key elements which should be listed in a security survey.
might happen
Negligence is evaluated in light of what has happened as opposed to what
Implementation cost and implementation time
One-time costs, such as equipment cost, labor cost to install, changes to existing structures, and time in weeks
Architectural security elements
Perimeter protection, exterior lighting, critical building services, lobby control, parking operations, dock facilities, egress stairs, space adjacencies.
Outcomes of a Physical Security Survey
Recommendations of physical security measures needed to safeguard personnel, prevent unauthorized access to material and equipment, and protect against sabotage, damage, and theft.
risk management approach
Reviewing a company's physical security program allows you to identify appropriate levels of security for protecting assets, the
modifying facilities
Security planning is an integral part of selecting, constructing, or
Non-delegable duty
Some obligations cannot be fully transferred.
Liability
Something for which one is legally obliged; an obligation, responsibility, or debt.
Attractiveness of the asset
Takes into account the combined impact of the economic, health, and psychological damage that would result if the aggressors succeeded in exploiting the asset.
concentric layers (or circles) of protection
The Outside-In approach to the Physical Security Survey may also be referred to as "protection in depth" or
1) CPTED Strategies 2) Concentric rings of protection
The concept of defense in depth includes:
Risk Analysis
The detailed examination that includes risk assessment, vulnerability evaluation, and risk management alternatives. The analysis is performed to understand the nature of unwanted, negative consequences to human life, health, property, or the environment.
personnel
The most expensive, yet most important, element in a security program is
Maintenance
The ongoing process of ensuring solution effectiveness.
Implementation
The putting into practice of cost-effective designs.
Security Program Design
The selection of countermeasures to mitigate risks.
Intervention zones
These zones offer an opportunity for response, evaluation, and control of intruders or unauthorized individuals by channeling all personnel through specified areas.
Imputed Negligence
To attribute fault or responsibility to a party because of responsibility for another.
security measures
Under premises liability, the plaintiff must show that the landlord breached his duty of care by failing to provide reasonable
CPTED
Using planned resources such as architectural barriers, lines of sight, landscaping, and lighting in conjunction with traditional security elements to reduce vulnerability to crime.
Concentric circles of protection
Varying levels of protection originating at the site perimeter, building perimeter, lobby areas, and interior specialty controlled areas. It becomes increasingly more stringent as one proceeds through each level to reach the most critical areas.
Organization, security staff, and policy and procedure elements.
Visitor control, security guard staffing, post order assignment and execution, monitoring and administration of security systems, delivery processing.
To identify the appropriate levels of security, as determined through a risk management approach, and to give management information about existing security expenditures, possible low-cost improvements, and potential risk reduction with cost-beneficial security upgrades.
Why review a company's physical security program?
1) To better understand threats and vulnerabilities 2) Determine acceptable levels of risk 3) Stimulate action to mitigate identified vulnerabilities 4) Identify weaknesses in program implementation
Why routinely perform security surveys?