Security Architecture and Engineering
Describe a model project to upgrade security at your facility (or a fictional facility) using the process identified in the three-part Security Architecture and Engineering series. In whatever order seems most logical to you, address total system design including barriers, site hardening, access control, lighting, Intrusion Detection Systems, CCTV, patrols, etc.
TECHNICAL GUIDANCE:
Students will follow the APA 6 Style as the sole citation and reference style used in written work submitted as part of coursework. See http://www.apus.edu/content/dam/online-library/resources-services/Fuson_2012_APA
I’ve attached a couple things to help as well.
APUS Assignment Rubric Lower Level
Undergraduate 300-400 Courses
Updated: June 2017
Full Rubric for Classroom Publication
School of Security and Global Studies Rubric Features
· Rubric categories are evenly distributed – 20 points per category.
· Assignment settings equal 100 points for each assignment.
· Grade book is set for weighted categories (not points).
· Separate rubrics in 100-200, 300-400, 500-600 level courses for assignments.
· Standard forum discussion rubric for all levels.
Quick Table for Insertion in Assignments (within Word document)
Criteria
Exemplary
16-20
Accomplished
11-15
Developing 6-10
Beginning
0-5
Total
Focus/Thesis
Content/Subject Knowledge
Critical Thinking Skills
Organization of Ideas/Format
Writing Conventions
Total
Focus/Thesis – 20 points
Beginning
Exhibits a limited understanding of the assignment. Reader is unable to follow the logic used for the thesis and development of key themes. Introduction of thesis is not clearly evident, and reader must look deeper to discover the focus of the writer. Student’s writing is weak in the inclusion of supporting facts or statements.
Developing
Student exhibits a basic understanding of the intended assignment, but the thesis is not fully supported throughout the assignment. While thesis helps to guide the development of the assignment, the reader may have some difficulty in seeing linkages between thoughts. While student has included a few supporting facts and statements, this has limited the quality of the assignment.
Accomplished
Establishes a good comprehension of topic and in the building of the thesis. Student demonstrates an effective presentation of thesis, with most support statements helping to support the key focus of assignment.
Exemplary
Student exhibits a defined and clear understanding of the assignment. Thesis is clearly defined and well-constructed to help guide the reader throughout the assignment. Student builds upon the thesis of the assignment with well-documented and exceptional supporting facts, figures, and/or statements.
______________________________________________________________________________
Content/Subject Knowledge – 20 points
Beginning
Student tries to explain some concepts, but overlooks critical details. Assignment appears vague or incomplete in various segments. Student presents concepts in isolation, and does not perceive to have a logical sequencing of ideas.
Developing
The assignment reveals that the student has a general, fundamental understanding of the course material. There are areas of some concerning in the linkages provided between facts and supporting statements. Student generally explains concepts, but only meets the minimum requirements in this area.
Accomplished
Student exhibits above average usage of subject matter in assignment. Student provides above average ability in relating course content in examples given. Details and facts presented provide an adequate presentation of student’s current level of subject matter knowledge.
Exemplary
Student demonstrates proficient command of the subject matter in the assignment. Assignment shows an impressive level of depth of student’s ability to relate course content to practical examples and applications. Student provides comprehensive analysis of details, facts, and concepts in a logical sequence.
______________________________________________________________________________
Critical Thinking Skills – 20 points
Beginning
Student demonstrates beginning understanding of key concepts, but overlooks critical details. Learner is unable to apply information in a problem-solving fashion. Student presents confusing statements and facts in assignment. No evidence or little semblance of critical thinking skills.
Developing
Student takes a common, conventional approach in guiding the reader through various linkages and connections presented in assignment. However, student presents a limited perspective on key concepts throughout assignment. Student appears to have problems applying information in a problem-solving manner.
Accomplished
Student exhibits a good command of critical thinking skills in the presentation of material and supporting statements. Assignment demonstrates the student’s above average use of relating concepts by using a variety of factors. Overall, student provides adequate conclusions, with two or fewer errors.
Exemplary
Student demonstrates a higher-level of critical thinking necessary for 300-400 level work. Learner provides a strategic approach in presenting examples of problem solving or critical thinking, while drawing logical conclusions which are not immediately obvious. Student provides well-supported ideas and reflection with a variety of current and/or world views in the assignment. Student presents a genuine intellectual development of ideas throughout assignment.
______________________________________________________________________________
Organization of Ideas/Format – 20 points
Beginning
Assignment reveals formatting errors and a lack of organization. Student presents an incomplete attempt to provide linkages or explanation of key terms. The lack of appropriate references or source materials demonstrates the student’s need for additional help or training in this area. Student needs to review and revise the assignment.
Developing
Learner applies some points and concepts incorrectly. Student uses a variety of formatting styles, with some inconsistencies throughout the paper. Assignment does not have a continuous pattern of logical sequencing. Student uses fewer sources or references than required by assignment. Academic sources are lacking.
Accomplished
Student explains the majority of points and concepts in the assignment. Learner demonstrates a good skill level in formatting and organizing material in assignment. Student presents an above average level of preparedness, with a few formatting errors. Assignment contains number of academic sources required in assignment.
Exemplary
Student thoroughly understands and excels in explaining all major points. An original, unique, and/or imaginative approach to overall ideas, concepts, and findings is presented. Overall format of assignment includes an appropriate introduction (or abstract), well- developed paragraphs, and conclusion. Finished assignment demonstrates student’s ability to plan and organize research in a logical sequence. Student uses required number of academic sources or beyond.
______________________________________________________________________________
Writing Conventions (Grammar and Mechanics) – 20 points
Beginning
Topics, concepts, and ideas are not coherently discussed or expressed in assignments. Student’s writing style is weak and needs improvement, along with numerous proofreading errors. Assignment lacks clarity, consistency, and correctness. Student needs to review and revise assignment.
Developing
Assignment reflects basic writing and grammar, but more than five errors. Key terms and concepts are somewhat vague and not completely explained by student. Student uses a basic vocabulary in assignment. Student’s writing ability is average, but demonstrates a basic understanding of the subject matter.
Accomplished
Student provides an effective display of good writing and grammar. Assignment reflects student’s ability to select appropriate word usage and present an above average presentation of a given topic or issue. Assignment appears to be well written with no more than three-five errors. Student provides a final written product that covers the above-minimal requirements.
Exemplary
Student demonstrates an excellent command of grammar, as well as presents research in a clear and concise writing style. Presents a thorough and extensive understanding of word usage. Student excels in the selection and development of a well-planned research assignment. Assignment is error-free and reflects student’s ability to prepare a high-quality academic assignment.
1
Session #46, Mon., Sept. 15, 2008, 4:30-5:30
SECURITY ARCHITECTURE &
ENGINEERING
Part III – SYSTEM
IMPLEMENTATION
Sponsored by the ASIS Standing Council
on Security Architecture & Engineering
Presented by
David G. Aggleton, CPP,CSC
AGGLETON&
ASSOCIATES
2008 ASIS INTERNATIONAL
1
2
THE PROCESS
PART I – Basis of Security Design
– Define Assets
– Identify Threats and Associated Risk
– Determine Vulnerability
– Develop Security Requirements
PART II – Systems Design & Engineering
– Document Design Criteria
– Prepare Construction Documents
– Estimate Implementation Costs
PART III – System Implementation
3
PART III TOPICS
SYSTEM PROCUREMENT
CONSTRUCTION MANAGEMENT
SHOP DRAWINGS
PROJECT MEETINGS
TRAINING
COMMISSIONING
ACCEPTANCE TESTING
FINAL DOCUMENTATION
4
SYSTEM PROCUREMENT
SOLE SOURCE
– Trusted Contractor
Negotiated Lump Sum
Itemized Pricing
Open Book
or
COMPETITIVE BID
– RFP to Prequalified Contractors
– IFB for Public Bids
2
5
SYSTEM PROCUREMENT
WHO AS PRIME CONTRACTOR?
– General Contractor
– Electrical Contractor
– Security Contractor
6
SYSTEM PROCUREMENT
TYPICAL SCHEDULE
– DAY 1 – Issue Contract Documents
(Construction Documents + Contractual Conditions)
– DAY 7 – Pre-bid Meeting/Walk-through
– DAY 20 – Last Requests for Information (RFIs)
– DAY 30 – Receive Bids
– DAY 45 – Analysis & Leveling
– DAY 50 – Interviews
– DAY 60 – BAFO and Selection
7
CONSTRUCTION
MANAGEMENT
WHO DOES IT?
– In-House
– Construction Mgmt. Firm
– Security Design Consultant
ADMINISTRATION
– Contractual Aspects
FIELD MANAGEMENT
– Technical Aspects
3
8
CONSTRUCTION
ADMINISTRATION
BONDING & INSURANCE
PREPARING & EXCECUTING CONTRACT
PROCESSING INTERIM PAYMENTS
MAINTAINING PROJECT DOCUMENTATION
(Submittals, Sign-offs, Meeting Minutes, etc.)
PROJECT BOOKKEEPING
CHANGE ORDER PROCESSING
CERTIFICATE OF ACCEPTANCE
FINAL PAYMENT
9
FIELD MANAGEMENT
REVIEW OF TECHNICAL SUBMITTALS
SCHEDULE TRADES
INTERIM INSPECTIONS
WORK MEASUREMENT
CHAIRING JOB MEETINGS
INITIATING/REVIEWING CHANGE
ORDERS
WITNESSING TESTING & TRAINING
ACCEPTANCE TESTING
10
SHOP DRAWINGS
REVIEW BY:
CM, Architect, Engineer, Consultant
EQUIPMENT CUTS
SAMPLES (Exposed equipment, cable)
DEVICE LOCATION PLANS
CABLE/CONDUIT PLANS
RISERS (Power & Signal)
TERMINATION SCHEDULES
FABRICATION & MOUNTING DETAILS
4
11
PROJECT MEETINGS
FREQUENCY
ATTENDEES – Need to Know, with Input
AGENDA – Issue before meeting, Follow it!
CHAIRPERSON – Focused, Control
MINUTES – Issue within 48 hours
– Highlight & Date Action Items
12
TRAINING
WHO NEEDS IT?
– Console Operators
– Security Supervisors
– Maintenance Personnel
– Employees (Awareness/ User Interface)
13
Training (cont.)
PLANNING FACTORS
– Location – Factory or Site
– Curriculum – Overview, Focused
– Scheduling – Many Courses
– Certification – Mgmt. needs to know
5
14
COMMISSIONING
DATA INPUT
– Employee Database (Name, Access, Ph. #)
– Zone Descriptors – Time Zones
– Standard Reports – Graphic Maps
– Video System Programming
– Output Control – Watch Tour Sequences
WHO INPUTS?
– Contractor – Operator – Supervisor
15
ACCEPTANCE TESTING
TESTING METHODOLOGY
– Contract Documents, Contractor Supplied
COVERAGE
– Floor-by-Floor
– System-by-System
– Random Sample
TOOLS
– Plans, Test Forms (Punch List)
– 2 – Way Radios
– System Logs, Reports
16
ACCEPTANCE TESTING
(cont.)
TESTS TO REMEMBER
– Line Supervision – Fire Alarm Interface
– Power Failure Mode – Battery Operation
– Communications Failure – Forced Entry
– Invalid Card – Off-Hours Operation
PUNCHLIST – RETEST – PUNCHLIST –
RETEST………………………ACCEPTANCE
6
17
FINAL DOCUMENTATION
AS-BUILT/RECORD DRAWINGS
– Device Location Plans
– Cable/Conduit Plans
– Risers – Terminations
– Installation Details
– Equipment Cuts
18
Final Documentation (cont.)
OTHER DOCUMENTS
– Test Documentation
– Operations Manuals/Guides
– Maintenance Manuals
– Software Documentation
– Certifications : UL, FM
19
SUMMARY
THE QUALITY OF THE IMPLEMENTATION &
THE DOCUMENTATION DETERMINES:
– Reliability – Maintainability – Expandability –
Acceptance
IDENTIFY IN-HOUSE RESOURCES – or BID
OUT
PLAN IMPLEMENTATION AT START OF
PROJECT
PREPARE REALISTIC SCHEDULE
IDENTIFY TRAINING NEEDS EARLY
Facilities
Physical
Security
Measures
G U I D E L I N E
DRAFT
ASIS GDL FPSM DRAFT ii
ASIS INTERNATIONAL
COMMISSION ON STANDARDS AND GUIDELINES
The Commission on Standards and Guidelines was established in early 2001
by ASIS International (ASIS) in response to a concerted need for guidelines
regarding security issues in the United States. As the preeminent
organization for security professionals worldwide, ASIS has an important
role to play in helping the private sector secure its business and critical
infrastructure, whether from natural disaster, accidents, or planned actions,
such as terrorist attacks, vandalism, etc. ASIS had previously chosen not to
promulgate guidelines and standards, but world events have brought to the
forefront the need for a professional security organization to spearhead an
initiative to create security advisory provisions. By addressing specific
concerns and issues inherent to the security industry, security guidelines will
better serve the needs of security professionals by increasing the
effectiveness and productivity of security practices and solutions, as well as
enhancing the professionalism of the industry.
Mission Statement
To advance the practice of security through the development of guidelines
within a voluntary, non-proprietary, and consensus-based process utilizing to
the fullest extent possible the knowledge, experience, and expertise of ASIS
membership and the security industry.
Goals and Objectives
• Assemble and categorize a database of existing security-related
guidelines
• Develop methodology for identifying new guideline development
projects
• Involve ASIS Councils, interested members, and other participants
to support guideline development
• Identify and establish methodology for development,
documentation, and acceptance of guidelines thus promulgated
• Build and sustain alliances with related organizations to
benchmark, participate in, and support ASIS guideline
development
• Produce international consensus-based documents in cooperation
with other industries and the Security Industry Standards Council
Functions
• Establish guideline projects
• Determine guidelines for development and assign scope
• Assign participating Council(s), where appropriate
• Approve membership on guideline committees
• Act as a governing body to manage and integrate guidelines from
various Councils and security disciplines
• Review and monitor projects and guideline development
• Approve Final Draft Guideline and Final Guideline
• Select guidelines for submission to the Security Industry
• Standards Council and the American National Standards Institute
(ANSI)
ASIS GDL FPSM DRAFT iii
FACILITIES PHYSICAL SECURITY MEASURES
GUIDELINE
Safety Act Designation
In April 2005, the U.S. Department of Homeland Security (DHS) awarded ASIS
International a Designation for its Guidelines Program under the SAFETY Act (Support
Anti-Terrorism by Fostering Effective Technology Act of 2002). This Designation is
significant in three ways: (1) it establishes that ASIS standards and guidelines are
qualified to be a “technology” that could reduce the risks or effects of terrorism, (2) it
limits ASIS’ liability for acts arising out of the use of the standards and guidelines in
connection with an act of terrorism, and (3) it precludes claims of third party damages
against organizations using the standards and guidelines as a means to prevent or limit the
scope of terrorist acts.
ASIS GDL FPSM DRAFT iv
Copyright © 2008 by ASIS International
ISBN nnn
ASIS International (ASIS) disclaims liability for any personal injury, property, or other
damages of any nature whatsoever, whether special, indirect, consequential, or
compensatory, directly or indirectly resulting from the publication, use of, or reliance on
this document. In issuing and making this document available, ASIS is not undertaking to
render professional or other services for or on behalf of any person or entity. Nor is ASIS
undertaking to perform any duty owed by any person or entity to someone else. Anyone
using this document should rely on his or her own independent judgment or, as
appropriate, seek the advice of a competent professional in determining the exercise of
reasonable care in any given circumstance.
All rights reserved. Permission is hereby granted to individual users to download this
document for their own personal use, with acknowledgment of ASIS International as the
source. However, this document may not be downloaded for further copying or
reproduction nor may it be sold, offered for sale, or otherwise sold commercially.
Printed in the United States of America
10 9 8 7 6 5 4 3 2 1
ASIS GDL FPSM DRAFT v
Facilities Physical Security Measures Guideline
1.0 Title ……………………………………………………………………………………………… 1
2.0 Revision History …………………………………………………………………………… 1
3.0 Commission Members ………………………………………………………………….. 1
4.0 Committee Members …………………………………………………………………….. 1
5.0 Guideline Designation …………………………………………………………………… 2
6.0 Scope …………………………………………………………………………………………… 2
7.0 Summary ……………………………………………………………………………………… 2
8.0 Purpose ……………………………………………………………………………………….. 3
9.0 Keywords …………………………………………………………………………………….. 3
10.0 Terms and Definitions …………………………………………………………………… 4
11.0 Recommended Practice Advisory………………………………………………….. 9
11.1 Crime Prevention Through Environmental Design (CPTED)… 10
11.1.1 Background……………………………………………………………………. 10
11.1.2 Strategies………………………………………………………………………. 10
11.1.3 Risk Assessment Process ……………………………………………….. 14
11.2 Physical Barriers and Site Hardening ………………………………… 16
11.2.1 Physical Barriers …………………………………………………………….. 16
11.2.2 Site Hardening ……………………………………………………………….. 21
11.3 Physical Entry and Access Control……………………………………. 22
11.3.1 Access Control Barriers …………………………………………………… 23
11.3.2 Electronic Access Control Systems …………………………………… 23
11.3.3 Personnel Access Control………………………………………………… 23
11.3.4 Locks…………………………………………………………………………….. 23
11.3.5 Contraband Detection ……………………………………………………… 25
11.3.6 Vehicle Access Control ……………………………………………………. 25
11.3.7 Procedures and Controls …………………………………………………. 26
11.4 Security Lighting………………………………………………………………. 27
11.4.1 Applications……………………………………………………………………. 27
11.4.2 Intensity…………………………………………………………………………. 28
11.4.3 Equipment……………………………………………………………………… 28
11.5 Intrusion Detection Systems……………………………………………… 31
11.5.1 Intrusion Detection System Devices ………………………………….. 32
11.5.2 Alarm Transmission, Monitoring, and Notification………………… 33
11.5.3 Installation, Maintenance, and Repair………………………………… 33
11.6 Closed-Circuit Television …………………………………………………….. 34
11.6.1 Functional Requirements …………………………………………………. 34
11.6.2 Cameras ……………………………………………………………………….. 36
11.6.3 Transport Medium …………………………………………………………… 38
ASIS GDL FPSM DRAFT vi
11.6.4 Command Center……………………………………………………………. 38
11.6.5 Recording………………………………………………………………………. 38
11.6.6 Maintenance ………………………………………………………………….. 39
11.7 Security Personnel……………………………………………………………. 40
11.7.1 Security Managers ………………………………………………………….. 40
11.7.2 Security Officers……………………………………………………………… 40
11.7.3 Other Employees ……………………………………………………………. 43
11.8 Security Policies and Procedures ……………………………………… 44
11.8.1 Policies………………………………………………………………………….. 44
11.8.2 Procedures…………………………………………………………………….. 45
Bibliography………………………………………………………………………………………… 47
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 1
1.0 Title
The title of this guideline is the Facilities Physical Security Measures Guideline.
2.0 Revision History
Baseline document.
3.0 Commission Members
Jason L. Brown, Thales Australia
Steven K. Bucklin, Glenbrook Security Services, Inc.
John C. Cholewa III, CPP, Embarq Corporation
Cynthia P. Conlon, CPP, Conlon Consulting Corporation
Michael A. Crane, CPP, IPC International Corporation
Eugene F. Ferraro, CPP, PCI, CFE, Business Controls Inc.
F. Mark Geraci, CPP, Bristol-Myers Squibb Co., Chair
Robert W. Jones, Kraft Foods, Inc.
Michael E. Knoke, CPP, Express Scripts, Inc., Vice Chair
John F. Mallon, CPP, SC Johnson & Son, Inc.
Marc H. Siegel, Ph.D., ASIS Security Management System Consultant
Roger D. Warwick, CPP, Pyramid International
4.0 Committee Members
Geoffrey T. Craighead, CPP, Securitas Security Services USA Inc., Committee Chair
Robert W. Jones, Kraft Foods, Inc.
Sean A. Ahrens, CPP, Schirmer Engineering
Randy Atlas, PhD, AIA, CPP, Counter Terror Design Inc.
Daniel E. Bierman, CPP, PSP, Whitman, Requardt & Associates, LLP
Elliot Boxerbaum, CPP, Security/Risk Management Consultants, Inc.
John T. Brady (deceased), ConocoPhillips Company
Ross D. Bulla, CPP, PSP, The Treadstone Group, Inc.
Nick Catrantzos, CPP, Metropolitan Water District of Southern California
BG (Ret.) Jonathan H. Cofer, Defense Information Systems Agency
Thomas G. Connolly, Red Hawk/UTC Fire/Security Co.
Frederick J. Coppell, CPP, SAIC
Joe DiDona, The Reader’s Digest Association, Inc.
Jack F. Dowling, CPP, PSP, JD Security Consultants, LLC
David R. Duda, PE, CPP, PSP, Newcomb & Boyd
Alan F. Farley, CPP, CNI Utilities
Mary Lynn Garcia, CPP, Sandia National Laboratories
William J. Moore, PSP, ABCP, CAS, Jacobs Facilities Inc.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 2
Patrick M. Murphy, CPP, PSP, CLSD, Marriott International Inc.
Robert Pearson, PE, Raytheon Co.
Thomas J. Rohr Sr., CPP, Eastman Kodak Company
Gregory L. Sanders, CPP, United Nations Development Programme
Terry Wood, PE, CPP, Wackenhut Consulting and Investigations
Paul Yung, PhD, Deloitte Touche Tohmatsu
Guideline editor: Peter Ohlhausen, Ohlhausen Research, Inc.
5.0 Guideline Designation
This guideline is designated as ASIS GDL FPSM nn 2008.
6.0 Scope
This guideline assists in the identification of physical security measures that can be
applied at facilities to safeguard or protect an organization’s assets—people, property,
and information. It is not aimed at a specific occupancy, but facilities and buildings in
general.
7.0 Summary
The guideline outlines eight main categories of physical security measures used to protect
facilities. These categories are:
Crime Prevention Through Environmental Design (CPTED),
Physical Barriers and Site Hardening,
Physical Entry and Access Control,
Security Lighting,
Intrusion Detection Systems (Alarms),
Closed-Circuit Television (CCTV),
Security Personnel, and Security Policies and Procedures.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 3
8.0 Purpose
The purpose of this guideline is to introduce readers, who may or may not have a security
background, to the main types of physical security measures that can be applied to
minimize the security risks at a facility.
To choose the right physical security measures and apply them appropriately, it is
important to first conduct a risk assessment, such as described in the ASIS General
Security Risk Assessment Guideline. The risk assessment, accompanied by a basic
understanding of physical security measures provided by this guideline, makes it
possible, either alone or with the help of security consultants or vendors, to select and
implement appropriate physical security measures to reduce the assessed risks and
accomplish the protective task.
9.0 Keywords
Access Control, Alarm System, Asset, Barrier, Camera, Closed-Circuit Television
(CCTV), Crime Prevention Through Environmental Design (CPTED), Facility, Intrusion
Detection, Lighting, Lock, Perimeter Protection, Physical Security, Physical Security
Measure, Policy, Procedure, Security Manager, Security Officer, Site Hardening.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 4
10.0 Terms and Definitions
10.1
access control
the control of persons, vehicles, and materials through the implementation of security
measures for a protected area
10.2
alarm system
combination of sensors, controls, and annunciators (devices that announce an alarm via
sound, light, or other means) arranged to detect and report an intrusion or other
emergency
10.3
asset
any tangible or intangible value (people, property, information) to the organization
10.4
barrier
a natural or man-made obstacle to the movement/direction of persons, animals, vehicles,
or materials
10.5
camera
device for capturing visual images, whether still or moving; in security, often part of a
closed-circuit television system (see closed-circuit television)
10.6
closed-circuit television (CCTV)
video surveillance system; a television installation in which a signal is transmitted to
monitors, recording and control equipment.
10.7
contract security service
a business that provides security services, typically the services of security officers, to
another entity for compensation.
10.8
crime
an act or omission which is in violation of a law forbidding or commanding it for which
the possible penalties for an adult upon conviction include incarceration, for which a
corporation can be penalized by a fine or forfeit, or for which a juvenile can be adjudged
delinquent or transferred to criminal court for prosecution. The basic legal definition of
crime is all punishable acts, whatever the nature of the penalty.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 5
10.9
crime prevention through environmental design (CPTED, pronounced sep-ted)
an approach to reducing crime or security incidents through the strategic design of the
built environment, typically employing organizational, mechanical, and natural methods
to control access, enhance natural surveillance and territoriality, and support legitimate
activity.
10.10
denial
frustration of an adversary’s failed attempt to engage in behavior that would constitute a
security incident (see security incident)
10.11
detection
the act of discovering an attempt (successful or unsuccessful) to breach a secured
perimeter (such as scaling a fence, opening a locked window, or entering an area without
authorization)
10.12
event
a noteworthy happening; typically, a security incident (see security incident), alarm,
medical emergency, or similar occurrence
10.13
facility
one or more buildings or structures that are related by function and location, and form an
operating entity
10.14
lighting
degree of illumination; also, equipment, used indoors and outdoors, for increasing
illumination
10.15
lock
a piece of equipment used to prevent undesired opening, typically of an aperture (gate,
window, building door, vault door, etc.), while still allowing opening by authorized users
10.16
perimeter protection
safeguarding of a boundary or limit
10.17
physical security
that part of security concerned with physical measures designed to safeguard people, to
prevent unauthorized access to equipment, facilities, material, and documents, and to
safeguard them against a security incident (see security incident).
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 6
10.18
physical security measure
a device, system, or practice of a tangible nature designed to protect people and prevent
damage to, loss of, or unauthorized access to assets (see assets)
10.19
policy
a general statement of a principle according to which an organization performs business
functions
10.20
private security
the nongovernmental, private-sector practice of protecting people, property, and
information, conducting investigations, and otherwise safeguarding an organization’s
assets; may be performed for an organization by an internal department (usually called
proprietary security) or by an external, hired firm (usually called contract security)
10.21
private security officer
an individual, in uniform or plain clothes, employed by a nongovernmental organization
to protect assets (see assets)
10.22
procedure
detailed implementation instructions for carrying out security policies; often presented as
forms or as lists of steps to be taken prior to or during a security incident (see security
incident)
10.23
proprietary information
valuable information, owned by a company or entrusted to it, which has not been
disclosed publicly; specifically, information that is not readily accessible to others, that
was created or collected by the owner at considerable cost, and that the owner seeks to
keep confidential
10.24
proprietary security organization
typically a department within a company that provides security services for that company
10.25
protection-in-depth
the strategy of forming layers of protection for an asset (see assets)
10.26
protective task
the goal of the security program for a facility. It may be to keep aggressors out, keep
valuable goods in, protect employees and visitors, safeguard information, or satisfy some
other requirement
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 7
10.27
risk
the likelihood of loss resulting from a threat, security incident, or event
10.28
risk assessment
The process of assessing security-related risks from internal and external threats to an
entity, its assets, or personnel
10.29
risk management
a business discipline consisting of three major functions: loss prevention, loss control,
and loss indemnification
10.30
security incident
an occurrence or action likely to impact assets
10.31
security manager
an employee or contractor with management-level responsibility for the security program
of an organization or facility
10.32
security measure
a practice or device designed to protect people and prevent damage to, loss of, or
unauthorized access to equipment, facilities, material, and information
10.33
security officer
an individual, in uniform or plain clothes, employed to protect assets
10.34
security survey
a thorough physical examination of a facility and its systems and procedures, conducted
to assess the current level of security, locate deficiencies, and gauge the degree of
protection needed. Sometimes called a security audit.
10.35
security vulnerability
an exploitable security weakness
10.36
site hardening
implementation of enhancement measures to make a site more difficult to penetrate
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 8
10.37
stand-off distance / set-back
the distance between the asset and the threat, typically regarding an explosive threat
10.38
surveillance
observation of a location, activity, or person
10.39
tailgating
to follow closely. In access control, the attempt by more than one individual to enter a
controlled area by immediately following an individual with proper access. Also called
piggybacking.
10.40
threat
an action or event that could result in a loss; an indication that such an action or event
might take place
10.41
token
a device, typically a card or key-fob, that contains coded information capable of being
read by electronic devices placed within or at the entry and exit points of a protected
facility
10.42
uninterruptible power supply (UPS)
a system that provides continuous power to an alternating current line within prescribed
tolerances; protects against over-voltage conditions, loss of primary power and
intermittent brownouts. Usually utilized in conjunction with an emergency generator.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 9
11.0 Recommended Practice Advisory
Practice advisories provide the reader with guidance regarding various physical security
measures and their functions. This guideline addresses the following topics:
• 11.1 Crime Prevention Through Environmental Design (CPTED)
•
11.2 Physical Barriers and Site Hardening
• 11.3 Physical Entry and Access Control
• 11.4 Security Lighting
• 11.5 Intrusion Detection Systems (Alarms)
• 11.6 Closed-Circuit Television
• 11.7 Security Personnel
• 11.8 Security Policies and Procedures
A bibliography is provided at the end of this document.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 10
11.1 Crime Prevention Through Environmental Design
(CPTED)
11.1.1 Background
Crime prevention through environmental design (see 10.0, Terms and Definitions, crime
prevention through environmental design (CPTED), is a concept that seeks to use
architectural design and the physical environment as protection against opportunities for
crime.* To provide maximum control, an environment is divided into a smaller, more
clearly defined area or zones, or what is known as a “defensible space” (Newman,1972).
Crime prevention design solutions should be integrated into the function of the buildings,
or at least the location where they are being implemented.
CPTED relies on an awareness of how people use space for legitimate and illegitimate
purposes. The approach uses design to discourage those who may be contemplating
criminal acts and to encourage activity and witness potential by legitimate users. CPTED
concepts and applications can be applied to existing facilities as well as new buildings
and renovations.
Underlying CPTED is the understanding that all human space
• has some designated purpose,
• has social, cultural, legal, or physical definitions (such as expectations or
regulations) that prescribe the desired and acceptable behaviors, and
• is designed to support and control the desired and acceptable behaviors.
The CPTED approach focuses on
• manipulating the physical environment to produce behavioral effects that reduce
the fear and incidence of certain types of criminal acts,
• understanding and modifying people’s behavior in relation to their physical
environment, and
• redesigning space or using it differently to encourage desirable behaviors and
discourage illegitimate activities.
11.1.2 Strategies
In general, there are three primary controls that can be implemented that will supplement
or support the strategies mentioned above. As the diagram suggests these controls,
overlap or compliment the overall security program and cannot stand alone as a singular
method of mitigating a criminal incident.
In general, there are three classifications to CPTED strategies:
* The term crime prevention through environmental design was first used by C. Ray Jeffrey in 1971 in a
book by that name.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 11
1. Mechanical measures— this approach emphasizes the use of hardware and
technology systems such as locks, security screens on windows, fencing and
gating, key control systems, CCTV, electronic access control, including
biometrics and electronic visitor management systems. Mechanical measures
must not be relied upon solely to create a secure environment, but rather be
used in context with people and design strategies.
2. Organizational measures — focus on teaching individuals and groups steps
they can take to protect themselves or the space they occupy. Methods include
security and law enforcement patrols, police officer patrols, or other strategies
that use people to observe, report and intervene. Routine activity theory
suggests that the presence of capable guardians may deter crime. Criminals
generally avoid targets or victims who are perceived to be armed, capable of
resistance or potentially dangerous. Criminals generally stay away from areas
they feel are aggressively patrolled by police, security guards or nosy
neighbors. Likewise, they avoid passive barriers such as alarm systems,
fences, locks or related physical barriers.
3. Natural or Architectural Measures — designing of space to ensure the overall
environment works more effectively for the intended users, while at the same
time deterring crime.
A CPTED design recognizes the use of a space, assumes the crime problem or threats in
the space, formulates a solution compatible with the designated use of the space, and
incorporates an appropriate crime prevention strategy that enhances the effective use of
the space. CPTED employs these strategies to make a site less desirable for illegitimate
activity to develop or occur:
• Natural access control: employing real and symbolic barriers (including doors,
fences, shrubbery, and other obstacles) to limit access to a building or other
defined space and that prevent the criminal from committing a crime and having
access to a target.
For example, to deter intruders from entering lower-story windows, a choice can
be made between planting dense, thorny bushes near the windows and installing
locking devices or an alarm system. The decision should rest on the
calculated/assumed risks associated with the particular facility.
• Natural surveillance: increasing visibility by occupants and observers (such as
security officers, law enforcement and pedestrians) to increase witness potential
of trespassing, misconduct, or criminal behavior within a facility or its grounds.
Natural Surveillance increases the residents’ or building users’ awareness of who
leaves and enters the property or buildings. Criminal choice is often influenced by
the perception of target availability and vulnerability. Criminals often choose
certain neighborhoods for crimes because they are familiar and well traveled,
because they appear more open and vulnerable, and because they offer more
potential escape routes. Thus, the more suitable and accessible the target, the
more likely the crime will occur. The ability to see how persons come and go off
a property becomes a deterrent factor for criminal behavior.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 12
For instance, if a loading dock is enclosed with a high, concrete wall, thieves may
be attracted to the concealment. Conversely, the use of chain-link fencing that
allows an unobstructed view of the area by workers or passersby may discourage
thieves and aggressors.
• Natural territorial reinforcement/boundary definition: establishing a sense of
ownership by facility owners or building occupants to define territory to potential
aggressors and to assist legitimate occupants or users to increase vigilance in
identifying who belongs on the property and who doesn’t. This sends the message
that would-be-offenders can be identified. In addition, the theory holds that
people will pay more attention to and defend a particular space or territory from
trespass if they feel a form of “psychological ownership” in the area. Thus, it is
possible, through real or symbolic markers, to encourage tenants or employees to
defend property from incursion.
An example might be low edging shrubbery along pedestrian walkways in an
apartment complex marks the territory of individual buildings and discourages
trespassers from cutting through the area. In addition, people are more likely to
defend a particular space against trespassing if they feel a psychological
ownership of the area.
• Management and maintenance: maintaining spaces to look well tended and
crime free.
The “broken windows” theory (Wilson & Kelling, 1982) suggests that an
abandoned building or car can remain unmolested indefinitely, but once the first
window is broken, the building or car is quickly vandalized. Maintenance of a
building and its physical elements (such as lighting, landscaping, paint, signage,
fencing, and walkways) is critical for defining territoriality.
• Legitimate activity support: engaging legitimate occupants, residents,
customers, or visitors in the desired or intended uses of the space.
Criminal activity thrives in spaces that occupants and desired users do not claim
and that offer no legitimate activities that can undermine or replace the criminal
activities. CPTED suggests adding enticements to draw legitimate users to a
space, where they may in effect crowd out undesirable illegitimate users of the
space.
• Compartmentalization: One of the basic CPTED strategies is to design multiple
layers or concentric layers of security measures so that highly protected assets are
behind multiple barriers. These layers of security strategies or elements start from
the outer perimeter and move inward to the area of the building with the greatest
need for protection. Each layer is designed to delay an attacker as much as
possible. This strategy is known as protection-in-depth (Fay, 1993, p. 672). If
properly planned, the delay should either discourage a penetration or assist in
controlling it by providing time for an adequate response.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 13
The illustration below shows a model of layered security.
Layers of Security
In some facilities, such as urban multi-story buildings, structures may cover the entire
property area up to the property line. In those cases, it may be impossible to establish a
separate outer protective layer. The building’s envelope may need to be considered as the
outer layer, elevator lobby security as the middle layer, and tenant space security as the
inner layer.
Outer Layer
Physical controls at the outer protective layer or perimeter may consist of fencing or other
barriers, protective lighting, signs, and intrusion detection systems. It is the outermost
point at which physical security measures are used to deter, delay detect, delay, and
respond (or defend) to illegitimate and unauthorized activities. Controls at this layer are
generally designed to define the property line and channel people and vehicles through
designated and defined access points. Intruders or casual trespassers will notice these
property definitions and may decide not to proceed to avoid trespassing charges or
merely just being noticed.
If early detection and identification are vital, intrusion detection and audio and video
assessment technology can be applied at the perimeter.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 14
Middle Layer
The middle layer, at the exterior of buildings on the site, may consist of protective
lighting, intrusion detection systems, locks, bars on doors and windows, signs, and
barriers such as fencing and the façade of the building itself. Protection of skylights and
ventilation ducts can discourage penetration from the roof.
Locations under a structure, like manholes and sewers, are also vulnerable to penetration.
Floors, too, must be protected, particularly in a multi-story building where an intruder
may be able to enter from lower levels. Walls and openings (such as air intake vents) on
the sides of buildings should also be examined for vulnerability to penetration.
Inner Layers
Usually, several inner layers are established. Their placement is designed to address an
intruder who penetrates the outer and middle protective layers. The following physical
controls are normal at this layer: window and door bars, locks, barriers, signs, intrusion
detection systems, and protective lighting.
The value of an asset being protected affects the amount of protection required. A high
value asset being housed in an inner area might require signs defining access
requirements for the area, specially reinforced walls, a structurally reinforced door with a
biometric lock, intrusion detection systems, closed circuit television (CCTV) to monitor
access, and safes and vaults to house the asset itself.
In general, there are three primary controls that can be implemented that will supplement
or support the strategies mentioned above. As the diagram suggests, these controls
overlap or compliment the overall security program and cannot stand alone as a singular
method of mitigating a criminal incident.
11.1.3 Risk Assessment Process
The key to success with risk assessment, the process of assessing security-related risks
from internal and external threats to an entity, its assets, or personnel, is problem seeking
before problem solving. The right questions should be asked and the facility surveyed
before developing security recommendations or implementing security enhancements.
The ASIS International General Security Risk Assessment Guideline uses a systematic
and comprehensive approach to do the following:
• Understand the risk.
• Specify loss risk events and vulnerabilities.
• Establish the probability of loss risk and the frequency of events.
• Determine the impact of the events.
• Develop options to mitigate risks.
• Study the feasibility of implementing various measures or controls.
• Perform a cost-benefit analysis.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 15
In problem seeking, the following tasks should be carried out:
• Assess crime reporting data.
• Gather demographic data.
• Gather land use information.
• Conduct site inspections.
• Observe and note user behavior patterns.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 16
11.2 Physical Barriers and Site Hardening
11.2.1 Physical Barriers
Barriers may be natural or structural (man-made). Natural barriers include fields, creeks,
rivers, lakes, mountains, cliffs, marshes, deserts, or other terrain difficult to traverse.
Structural (man-made) barriers include berms, ditches, artificial ponds, canals, planted
trees and shrubs, fences, walls, doors, roofs, and glazing materials. Natural and structural
barriers physically and psychologically deter the undetermined, delay the determined, and
channel authorized traffic through specified entrances.
Where possible and practical, a clear zone, whose width will depend on the threat that is
being protected against, should separate a perimeter barrier from structures inside the
protected area, except when a building wall constitutes part of the perimeter barrier.
Barriers are commonly used to discourage unauthorized access that takes place by
accident, by force, or by stealth. In general, a barrier should explicitly or implicitly
describe territory. Barriers should not provide concealment for surprise attacks, enable
intruders to gain access to upper levels, or obstruct lighting, video surveillance, or
intrusion detection systems. However, barriers may be used to prevent views of the
facility and the introduction of clandestine listening devices.
Since barriers can be breached, they should be accompanied where practical and
appropriate by a means of determining when a breach has occurred or is occurring.
Barriers also keep people and property within a given area. For example, a barrier could
prevent people inside a facility from conveniently throwing materials outside the facility
for later retrieval.
Barriers are also used to direct pedestrian or vehicle traffic in predictable patterns that can
be anticipated, which present opportunities to detect abnormal and potentially illegitimate
activities. The barriers should be designed to address the threat they are designed to
protect against.
Fences
The most common perimeter barrier is fencing. A fence defines an area, may stop a
casual trespasser, and tells people they are at a protected property line. However, fences
usually only deter or delay entry—they do not prevent it entirely. Over time, fences must
be maintained if they are to retain their deterrent value.
A fence can do the following:
• Give notice of the legal boundary of the premises.
• Help channel entry through a secured area by deterring entry elsewhere along the
boundary.
• Provide a zone for installing intrusion detection equipment and closed-circuit
television (CCTV).
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 17
• Deter casual intruders from penetrating a secured area.
• Force an intruder to demonstrate his or her intent to enter the property.
• Cause a delay in access, thereby increasing the possibility of detection.
• Create a psychological deterrent.
• Reduce the number of security officers required.
• Demonstrate a facility’s concern for security.
Chain-Link Fences
Chain-link fences are quick to install; can be effective against pedestrian trespassers and
animals; and provide visibility to both sides of the fence.
Chain-link fence fabric is made from steel or aluminum wire, which may be coated and
which is wound and interwoven to provide a continuous mesh (Chain Link Fence
Manufacturers Institute, 2004). It can be breached easily with a blanket, wire cutter, or
bolt cutter.
To be effective, chain-link fencing must avoid overly large mesh fabric, undersized wire,
lightweight posts and rails, and shallow post holes. The following are some design
features that enhance security (Chain Link Fence Manufacturers Institute,♦ 1997):
• Height. The higher the barrier, the more difficult and time-consuming it is to
breach. For low security requirements, a 5-6 ft. (1.5-1.8 meter) fence may be
sufficient; for medium security, a 7 ft. (2.1 meter) fence may be appropriate; and
for high security (such as a prison), an 18-20 ft. (5.4-6.0 meter) fence may be
required.
• Barbed wire. Using three or six strands at the top of a fence further delays an
intruder. A site using a three- or six-strand, 45-degree arm should angle the arm
outward from the secured area to keep people out and inward to keep people in.
• Bottom rail. Properly anchored, this prevents an intruder from forcing the mesh
up to crawl under it.
• Top rail. A horizontal member of a fence top to which fabric is attached with ties
or clips at intervals not exceeding two feet. A top rail generally improves the
appearance of a fence, but it also offers a handhold to those attempting to climb
over. A top tension wire should be provided if a top rail is not installed.
• Burying /Mow strip. Burying or installing a mow strip (concrete) in addition to a
chain-link fabric 1 ft. (0.3 meters) or more prevents an intruder from forcing the
mesh up.
• Color fabric. Color polymer-coated chain-link fabric enhances visibility,
especially at night.
♦ In the United States, the Chain Link Fence Manufacturers Institute and the American Society for Testing
and Materials, among others, have published useful specifications for fencing. Equivalent organizations do
the same in other countries.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 18
• Double fence. An additional line of security fencing a minimum of 10 ft. to 20 ft.
(3 meters to 6 meters) inside the perimeter fence creates a controlled area and
room for sensors or a perimeter patrol road between the fences.
Chain -link fencing can also be used indoors to secure a compartment that merits special
protection.
Expanded Metal and Welded Wire Fabric Fences
These fences are generally more expensive than chain-link but less expensive than
perforated metal or iron grillwork. They look somewhat like netting.
Expanded metal does not unravel and is tough and extremely difficult to cut. It is
available in uncoated, painted, or galvanized steel, as well as aluminum and stainless
steel. Expanded metal comes in four basic types: standard or regular, grating, flattened,
and architectural or decorative.
Welded wire fabric, cheaper than expanded metal, is generally used for lower-risk
applications.
Ornamental Fences
Ornamental fences made of wrought-iron, steel, or aluminum can be effective barriers.
The application for which the fence is being used will determine its type, style, height,
spacing between vertical bars or rods, and the type of fence top (either a top rail covering
the tops of the vertical bars or rods, or bars or rods located above the top rail).
Barbed Wire
Barbed wire varies in grade, coating weight, number of barbs, and spacing of barbs. If
they are intended to discourage human trespassing, fences constructed entirely of barbed
wire, should be at least 7 ft. (2.1 meters) tall, not counting the top guard. The strands
should be tightly stretched and attached firmly to posts spaced less than 6 ft. (1.8 meters)
apart.
Barbed wire may also be formed into concertina coils, which may be used for top guards
on barriers or as fencing in itself. Temporary or tactical barriers of barbed concertina wire
can be laid quickly. Local building codes may address the use of this type of application
with barbed wire.
Concrete Fences
Concrete block fences are less expensive than cast-in-place concrete but offer poor to
moderate protection against penetration as they can be scaled easily. Adding deterrents at
the top, such as a top guard, barbed wire or razor ribbon, or metal spikes, can make
concrete fences more effective barriers. It should be noted, that concrete fences can
enhance concealment.
Wooden Fences
Generally, wooden fences are used for low-security applications. They must be difficult
to climb and have sufficient strength for the desired level of protection. A wooden
fence’s effectiveness can be enhanced by adding barbed wire, razor ribbon, or metal
spikes. When utilizing a wooden fence to delay entry, the vertical picket sections must be
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 19
no wider that 1-3/4” with and the horizontal sections should be 50” apart; located on the
protected side of the building.
Planters, Bollards, Concrete Barriers, and Steel Barricades
Large, heavy planters—made of concrete reinforced with glass-fiber, strengthened with
steel bars, and spaced about 3 ft. (0.9 meters) apart (and sometimes anchored to the
ground)—can be effective vehicle barriers.
Bollards are waist-high cylindrical posts, usually made of steel or concrete, which are
anchored to the ground. They may be fixed position, removable posts for emergency
access, or can be raised or lowered as needed.
Concrete barriers may be cast in place and anchored into the ground so that removal
would be difficult. Reinforced park benches and large concrete blocks can also serve as
concrete barriers. Another form is the concrete highway median barrier, also known as
the Jersey Barrier or T-rail. These barriers are more effective in stopping a vehicle when
they are joined together and bolted to the ground.
Standard highway metal guard rails may also be used as vehicle barriers apart from
motorcycles.
Premises Openings
Most building intrusions are effected through doors and windows. Where practical,
openings should be made as difficult to penetrate as the building surfaces themselves.
Gates
The number of pedestrian and vehicular gates should be kept to the minimum consistent
with efficient operation and safety. The size and means of opening the gates must comply
with local codes. All gates should be provided with locks.
Gates come in many types: single-swing gates for walkways, double-swing gates for
driveways, multifold gates for any opening up to 60 ft. (18.2 meters), and overhead
single- and double-slide gates for use where there is insufficient room for gates to swing.
Cantilever slide gates, both single and double, are available for driveways where an
overhead track would be in the way. Vertical-lift gates are made for special purposes
such as loading docks.
Turnstiles
Turnstiles are designed to control pedestrian traffic and minimize tailgating
(piggybacking). They are made in various heights—low, waist high (about 3 ft. or 0.9
meters), and full height (about 7 ft. or 2.1 meters). Low turnstiles, are easy to hurdle,
offer little protection unless attended. Security officers and video surveillance with
motion sensing may be used to detect when a person hurdles a turnstile. Turnstiles can be
automated using a card access control system. In deploying circular turnstiles, it is
important to remember that when a turnstile is added to a fence, the turnstile itself may
provide a means for an intruder to climb over and enter the fenced area.
Doors
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 20
Personnel doors, in both outer and inner building walls, may be single, double, revolving,
sliding, or folding. In normal security settings, their function is to provide a barrier at a
point of entry or exit. In high security settings, a door must offer the maximum delay time
before penetration by extraordinary means (i.e., by the use of cutting tools, hard-carried
tools, and some explosives)” (Giglotti & Jason, 2004, p. 149). Solid wood or sturdy
hollow metal doors can be covered with metal to strengthen them against a tool attack.
Doors create several vulnerabilities. A door is sometimes weaker or stronger. than the
surface into which it is set, including the door frame. Moreover, hinges may be defeated.
Vehicular doors may be single, double, hanging, rolling, or folding. They can usually be
penetrated with hand tools or vehicles. They can also serve secondarily as passageways
for personnel. Their existence creates a vulnerability to unrestricted pedestrian access.
Windows
The following are some different types of glass:
• Tempered glass is treated to resist breakage. Building codes require tempered
glass for safety reasons as when the glass breaks it fragments into small pieces
rather than shards.
• Wired glass provides resistance against large objects but may still shatter.
• Laminated glass is composed of two sheets of ordinary glass bonded to a middle
layer or layers of plastic sheeting material. When laminated glass is stressed or
struck, it may crack and break but the pieces of glass tend to adhere to the plastic
material. It should be noted that for laminated glass to be effective, it should be
secured to the frame of the window. It is also the preferred glass type for
mitigating blast forces. It will aid in the protection of building occupants from
glass shattering in the event of an explosion.
• Bullet-resistant glass provides stronger resistance to attack. It is laminated and
consists of multiple plies of glass, polycarbonate, and other plastic films to
provide many levels of ballistic resistance.
Other window-related security materials include the following:
• Window bars. Steel bars, where permitted by building and fire codes, can add to
the protection of windows.
• Security window film (sometimes called safety window film) adheres to the
interior surface of glass and holds broken glass in place to minimize lethal
projectiles. Security window film does not protect a facility from intrusion but is a
safety measure.
• Blast curtains are made of reinforced fabrics that provide protection from flying
materials in an explosion. Blast curtains do not protect a facility from intrusion
but are a safety measure.
• Security Shutters can add to the protection of windows. They can be either the
roll-up type, with horizontal interlocking slats (usually made of aluminum or
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 21
polyvinyl chloride) which roll up into a box located at the top of the window; or
the accordion type, with vertical interlocking slats which slide to the sides of the
window. These shutters can be operated manually, or electrically using remote
controls, weather sensors, or timers.2
Other Openings
Other openings include shafts, vents, ducts, or fans; utility tunnels; channels for heat, gas,
water, electric power, and telephone; and sewers and other drains. Such openings can be
fortified with steel bars or grills, wire mesh, expanded metal, and fencing (and/or
possibly protected with intrusion detection devices).
Locks
(See Section 11.3.4, Locks, in Section 11.3, Physical Entry and Access Control.)
11.2.2 Site Hardening
Key factors in hardening a facility include the following:
• stand-off distance, which is the distance between a critical asset and the nearest
point of attack (usually using an explosive device)
• structural integrity of the premises against attacks (such as forced entry, ballistic
attack, or bomb blast) and natural disasters (such as earthquakes, hurricanes or
tornadoes)
• redundancy of operating systems, such as power, heating, ventilating, and air-
conditioning (HVAC) systems and communications systems
Consideration should be given to protecting HVAC systems to prevent the introduction of
harmful materials into exterior air intakes. Many buildings place air intakes high above
ground or on the roof. Other premises use physical barriers to prevent unauthorized
access to air intakes. It may also be appropriate to use intrusion detection devices, video
surveillance, and security officers to monitor access to air intakes and to HVAC and
mechanical rooms.
Measures to manage power generation and distribution systems include the use of
redundant power feeds, emergency generators, and uninterruptible power supplies.
Security command centers and control stations may warrant special protection, such as
wall hardening, installation of bullet-resistant windows, protection of HVAC systems
serving the center, and provision of emergency power and backup communications.
There is also the need to protect utilities such as water, gas services, and
telecommunications.
2 Abacus Construction Index “About security shutters”
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 22
11.3 Physical Entry and Access Control
Before discussing physical entry and access control, it is important to realize that there
are certain issues that to be considered in designing such a system. There are as follows:
• Will the access control system be integrated with other systems, such as alarms
and CCTV, and elevator systems?
• Will the various components of the access control system operate together
effectively?
• Is the likely throughput rate at each controlled access point acceptable?
• Should people’s entries and exits be viewed and recorded by a CCTV system?
• Does the access control system comply with all applicable building and fire
codes?
A comprehensive access control system is designed to:
• permit only authorized persons and vehicles to enter and exit,
• detect and prevent the entry of contraband material,
• detect and prevent the unauthorized removal of valuable assets, and
• provide information to security officers to facilitate assessment and response.
Included in an access control system are the technologies, procedures, databases, and
personnel used to monitor the movement of people, vehicles, and materials into and out
of a facility. Access control elements may be found at a facility boundary or perimeter,
such as personnel and vehicle portals, at building entry points, in elevators, or at doors
into rooms or other special areas within a building. Certain items may be of particular
interest upon entry (e.g., drugs, weapons, or explosives) or exit (e.g., precious metals,
manufactured product, or laptop computers).
Different access control technologies and procedures have different strengths. Metal
detectors are appropriate when the defined threat involves metal objects, such as weapons
or tools, but are not effective against explosives.
An adversary may use several types of attacks to defeat an access control point:
• Deceit. The adversary employs false pretenses in an attempt to convince security
personnel or an employee to permit entry.
• Direct physical attack. The adversary uses tools to force entry into an area.
• Technical attack. The adversary forges a credential, guesses a personal
identification number, or obtains another persons credential.
Access control systems may be manual, machine-aided manual, or automated. Manual
systems use personnel to control who or what may enter. Machine-aided manual systems
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 23
use tools (such as metal detectors) to help a security officer make the access decision.
Automated access control systems use technology to control the entire access process,
potentially eliminating the need for personnel to authenticate manual access.
11.3.1 Access Control Barriers
Section 11.2, Physical Barriers, and Site Hardening, focuses on keeping unwanted parties
out. This section (11.3, Physical Entry and Access Control) emphasizes the means of
allowing some people in and keeping others out. Access control barriers include doors,
gates, turnstiles, and elevators. Locks and security personnel secure the movable portions
of barriers. Like perimeter protection barriers, access control barriers are often applied in
multiple layers.
11.3.2 Electronic Access Control Systems
Electronic access control systems have several main parts: credentials in the form of
something you know, something that is inherent to you and something you carry. Other
essential parts of the access control system include the credential reader, communication
cabling, distributed processor, central database, software and supplementary interfaces to
alarm monitoring and request-to exit for associated access controlled doors.
It is possible for a business that has several sites to use a single electronic access control
system to control access to all the sites, even if they are widely separated.
11.3.3 Personnel Access Control
To decide whom to let into a facility and whom to keep out, it is necessary to consider
measures such as:
• tokens or other items in the person’s possession (such as a metal key, a proximity,
insertion or swipe card, or a photo identification card)
• private information known by the individual (such as a password or personal
identification number)
• biometric features of the person (such as fingerprint, hand geometry, iris and
retinal patterns, signature, or speech patterns)
The most secure systems use several of these methods to authenticate and validate access.
Using too many, however, could significantly decrease throughput and slow down access
through an access control portal.
11.3.4 Locks
Locks vary by physical type, application, and mode of opening.
Mechanical Locks
Mechanical locks, such as door locks, cabinet locks, and padlocks, use an arrangement of
physical parts to prevent the opening of the bolt or latch. The two major components in
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 24
most mechanical locks are the coded mechanism and the fastening device. The coded
mechanism may be a key cylinder in a key lock or a wheel pack in a mechanical
combination lock.
The fastening device is usually a latch or bolt assembly. A latch automatically retracts as
the door is closed, whereas a bolt stays in the same position unless it is intentionally
moved. Latches are more convenient but more vulnerable than bolts.
Electrified Locks
Electrified locks allow doors to be locked and unlocked by a remote device. That device
may be an electric push button, a motion sensor, a card reader, a digital keypad or a
biometric device. Electrified locks may be mechanical or electromagnetic.
Electromagnetic Locks
An electromagnetic lock consists of an electromagnet (attached to the door frame) and an
armature plate (attached to the door). A current passing through the electromagnet
attracts the armature plate and thereby holds the door shut. Electromagnetic locks are
useful on doors that are architecturally significant, and where mechanical latching
otherwise could not be achieved. Electromagnetic locks should be coordinated with life-
safety code as there are specific and additional requirements with these doors that must
be provided.
Card-Operated Locks
Card-operated locks rely on a unique card or credential being presented to a card reader
at a location where the access is being controlled. The system electronically checks the
information (including the identification of the cardholder and the time period when
access is permitted) on the card and compares it with that already stored in the system,
and either activates the lock to permit entry or denies access.
Combination Locks
A combination lock operates either mechanically or electrically. An alphanumeric
keypad, part of the locking mechanism, is used to select a series of numbers or letters in a
predetermined sequence to release the locking mechanism. Sometimes these locks are
combined with a key that only will work when the correct sequence of numbers or letters
has been selected, a card reader, or a biometric feature.
Biometric Locks
Biometric operated locks function by verifying a person’s specific physical characteristic,
such as fingerprint, hand geometry, face, and iris and retina characteristics. If the specific
characteristic is verified, the locking device is activated to permit access.
Rapid Entry Systems
Rapid entry systems enable emergency responders to enter a facility when no one is
available to provide access. A rapid entry key vault is a specially designed, weatherproof,
fixed box containing essential keys to the facility. A key to the box should be supplied to
emergency responders ahead of time.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 25
Key System
In a master key system, a single key operates a series of mechanical locks, and each of
those locks is also operated with another key specific to that lock. Since the compromise
of a master key can compromise an entire facility, the use of any master key must be
strictly controlled.
Key management systems help managers control and account for keys. Typically,
managers conduct initial and periodic inventories of keys, maintain records of who has
which keys, and maintain a secure key storage facility.
Because locks can be compromised, they should be complemented with other measures,
such as intrusion detection sensors, video surveillance, and periodic checks by security
officers. The time required to defeat the lock should approximate the penetration delay
time of the rest of the secured barrier. In other words, it does not make sense to put a
strong lock on a weak door or vice versa.
11.3.5 Contraband Detection
Contraband consists of prohibited items, such as weapons, explosives, drugs, audio
recording devices, cameras, or even tools. Where these items are a part of the threat
definition, all personnel, materials, and vehicles should be examined for contraband
before entry is allowed. In addition to physical searches by security officers or trained
canines, methods of contraband detection include metal detectors, X-ray machines, and
explosive detectors. Contraband detection is time-consuming and can reduce throughput
significantly.
In some higher-security facilities, vehicles might be searched before they are allowed to
enter a controlled area. Vehicle searches should be conducted in a portal or monitoring
station by trained security officers. The search location should include a way to detain the
vehicle, such as using vehicle gates or barriers, until searches are completed.
11.3.6 Vehicle Access Control
Vehicles can be identified by devices such as cardboard placards, stickers, radio
frequency identification (RFID) tags, bar codes, special license plates, and electronic
tags.
Vehicle access control may be manual (for example, using a security officer to decide
whether to allow the vehicle in or out) or electronic (for example, allowing the driver to
use a proximity card to open a gate).
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 26
11.3.7 Procedures and Controls
The following are some of the important access issues that should be addressed though
procedures and controls:
wearing of badges
sharing of personal identification
numbers (PINs)
sharing of access cards
tailgating or piggybacking
challenging of unbadged persons
number of access attempts allowed
searching of packages, briefcases,
and purses
calibration of metal detectors
use of explosives detectors
list of prohibited materials
access hours and levels of access
credential tampering and replacement
accommodation of disabled or
handicapped persons
preventive maintenance of equipment
For example, all but the smallest or simplest facilities need a procedure to provide for
authorized visitor access. A security officer or trained employee should request access
permission for the visitor and specify the date and time of the visit, the point of contact,
and the purpose of the visit. It is common to issue visitor badges (sometimes bearing the
visitor’s photograph and usually showing the date to prevent reuse). Access control
procedures will also be needed for couriers, contractors, and other non-employees who
regularly visit a site.
Likewise, access database management requires special consideration. The database
should be continually updated—by authorized persons only—to reflect employee
separations, leaves of absence, or suspensions. In addition, the database may track visitor
access passes and assign a time period for their use. It may be useful, as well, to
periodically check the access history for unusual access hours or attempts to gain entry to
areas where the access card holder is not authorized to go. Access to the database should
be strictly limited.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 27
11.4 Security Lighting
Security lighting can augment other security measures such as physical barriers, intrusion
detection systems, CCTV, and security personnel activities.
Security lighting can provide several advantages such as:
• possible deterrence of adversaries and suspicious activities
• improved surveillance and security response
• reduced liability
• witness potential
The disadvantages are as follows:
• cost of installation and maintenance
• light pollution and light trespass, which could result in neighbor complaints
• lighting fixtures that are not aesthetically pleasing
The purposes of security lighting—discouraging unauthorized entry and detecting
intruders—are served both outdoors and indoors. Outdoors, security lighting can be
applied to the perimeter of a site, private roadways, parking areas, building entrances and
exits, equipment yards, loading docks, storage spaces, large open work areas, piers,
docks, utility control points, and other sensitive and critical areas. Indoors, security
lighting is also beneficial.
11.4.1 Applications
Basic exterior security lighting consists of the following application types (United States
Department of the Army, 2001):
• Continuous. In this application, illumination devices in a series maintain uniform
lighting during hours of darkness.
• Glare projection. This deters potential intruders by making it difficult to see into
an area. It also illuminates the intruders themselves.
• Standby. Lights are not on continuously but are either automatically or manually
turned on randomly or when suspicious activity is detected or suspected by
security personnel or an intrusion detection system.
• Controlled. This lighting illuminates a limited space (such as a road) with little
spillover into other areas.
• Portable (movable). This consists of manually operated, movable searchlights
that may be lit during darkness or as needed.
• Emergency. This system of lighting may duplicate any of the systems above. Its
use is limited to times of power failure or other emergencies that render the
normal system inoperative. It depends on an alternative source of power.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 28
Where practical, security lighting during the hours of darkness should be continuous and
equipped with an alternative power source. In addition, the system’s wiring and controls
should be protected against tampering or vandalism.
11.4.2 Intensity
The right level or intensity of lighting depends on a site’s overall security requirements.
Lighting intensity♦ can be measured with instruments, but for a rule of thumb, “at night,
outside of a building or at a parking lot, one should be able to read a driver’s license or
newspaper with some eyestrain” (Purpura, 1998). In addition, lighting levels must meet
local codes or standards. A CCTV system’s needs may also dictate the proper level of
lighting and Kelvin rating.
11.4.3 Equipment
General security lighting equipment falls into the following categories:
• Streetlight. This uses various sources of illumination.
• Searchlight. This uses a very narrow high-intensity beam of light to concentrate
on a specific area. It is used in correctional, construction, and industrial settings to
supplement other types of lighting.
• Floodlight. This projects a medium to wide beam on a larger area. It is used in a
variety of settings, including the perimeters of commercial, industrial, and
residential areas.
♦ Details on appropriate lighting intensity can be found in publications written for various countries and
regions—for example, in the U.S., the Guideline for Security Lighting for People, Property, and Public
Spaces (Illuminating Engineering Society of North America, 2003).
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 29
• Fresnel. This lighting typically projects a narrow, horizontal beam. Unlike a
floodlight, which illuminates a large area, the fresnel can be used to illuminate
potential intruders while leaving security personnel concealed. It is often used at
the perimeters of industrial sites.
The main lighting sources (that is, fixtures or lamps) are as follows (Fennelly, 2004):
• Incandescent. These lamps are the least efficient and are the most expensive to
operate and have a short life span.
• Fluorescent. Fluorescent lamps are more efficient than incandescent lamps but
are not used extensively outdoors, except for underpasses, tunnels and signs.
• Halogen and quartz halogen. They provide about 25 percent better efficiency
and life then ordinary incandescent bulbs.
• Mercury vapor. The lamps take several minutes to produce full light output, but
they have a long life.
• Metal halide. They are often used at sports stadiums because they imitate
daylight; for the same reason, they work well with CCTV systems. They are
expensive to install and maintain.
• High-pressure sodium. These lamps are energy efficient and have a long life
span. They are often applied on streets and parking lots, and their particular
quality of light enables people to see more detail at greater distances in fog.
• Low-pressure sodium. These lamps are even more efficient than high-pressure
sodium but are expensive to maintain.
[LED (light-emitting diodes). These lamps are one of the newest lighting sources and
have the potential of furnishing a cost effective alternative that lasts longer without
sacrificing illumination.]
[Induction. Induction lamps have a long life and, similar to fluorescent lamps, are
utilized mainly indoors, except for parking structures, underpasses and tunnels.]
Each of the preceding illumination sources has specific characteristics related to color
rendition, life span, and startup times. In addition, some applications call for infrared
lighting, which is invisible to the naked eye but is useful for CCTV scene illumination.
Lighting equipment must be inspected and maintained regularly. In that process, one
should do the following:
• Check electrical circuits and test all connections.
• Ensure proper lamp functionality.
• Ensure that lamps are kept clean and maintain their proper lighting angle.
• Ensure that the lighting intensity continues to meet security requirements.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 30
• Ensure that batteries are charged for emergency lighting in compliance with
regulations.
Regarding placement, in outdoor applications “high-mast lighting is recommended,
because it gives a broader, more natural light distribution, requires fewer poles (less
hazardous to the driver), and is more aesthetically pleasing than standard lighting”
(FEMA, 2003).
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 31
11.5 Intrusion Detection Systems
Intrusion detection systems (IDSs), sometimes called alarm systems, employ various
sensors that trigger alarms, or notifications. These systems are integral factors in a
security program’s effort to:
• Deter. The presence of an IDS may deter intruders when signs are posted warning
that a site is protected by such a system.
• Detect. Most IDSs are designed to detect an impending or actual security breach.
• Delay. By activating other systems, such as locks, doors, gates, and other physical
barriers.
• Respond. IDSs facilitate security responses by pinpointing where an intrusion has
occurred and possibly where the intruder has moved within the site.
The quality of an IDS and its components greatly affects its usefulness. Deficiencies can
harm a security program by causing the system to:
• fail to detect an intruder,
• falsely report breaches which generate costly and repeated deployment of security
or law enforcement personnel, and
• create excessive false activations so that alarms are ignored or security and law
enforcement officers are called unnecessarily. (Many jurisdictions levy fines for
excessive numbers of false alarm calls to police.)
• provide a false sense of security
When considering IDSs, the security manager should ensure that the system (Fay, 2008,
p. 258)
• meets the security needs of the facility,
• operates in harmony with other systems,
• does not interfere with business operations, and
• is cost-effective (i.e., that the value of benefits derived from the system is at least
equal to the costs of the system).
The IDS should be installed according to any applicable codes and standards.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 32
11.5.1 Intrusion Detection System Devices
Several types of IDS devices are used to detect intrusions:
• Position detection devices. These devices, often magnetic, detect when one part
of the device is moved away from the other. They may be specially made to
permit different types of mounting and for use in different environments. An
example of this type of device would be a door position switch.
• Motion detectors. These devices create an alarm when the static conditions of the
protected area change. Different detectors are made for interior and exterior use,
long and short range use, and different types of movement by different types of
targets.
− Microwave detection relies on a constant reception level of its transmitted or
reflected energy. When the energy level changes due to reflection or
deflection, an alarm is transmitted.
− Infrared detectors, sometimes called passive infrared detectors (PIRs),
absorb invisible light energy and compare the energy absorbed to the
background energy . When the received energy fluctuates from ambient
levels, an alarm is transmitted.
− Dual-technology motion detectors typically employ both microwave and
infrared technologies in a single package. They require disturbances in both
technologies before an alarm is transmitted.
− Ultrasonic detectors transmit in the ultrasonic range. When the received
signal changes from its expected level (due to sound deflection or absorption),
an alarm is transmitted.
− Beam detectors operate similarly, transmitting an alarm when the beam is not
detected at the receiving unit or the beam’s energy falls below the threshold.
• Sound detectors. Sound detectors transmit an alarm when sounds outside a
selectable ambient range are received by the detector. They are normally used
where audible sounds are stable and quiet, such as in a vault.
• Vibration sensors. These react to motions such as shaking or physical shocks.
Typically these sensors are utilized to detect a tool attack.
• Heat sensors. These devices trigger alarms when the air or surface temperature
changes.
• Capacitance devices. Often used with safes and vaults, these devices detect
changes in electrical capacitance in protected items to which low voltage has been
applied. If an object or person approaches or touches the protected which alters
the , the sensor levels change and an alarm is transmitted.
• Impact sensors. These detect sudden changes in air pressure.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 33
• Glass break sensors. These sensors detect the frequency of breaking glass. To
limit false alarms, they have been combined with pressure sensors to avoid false
alarms.
Other security systems can also play the role of an IDS, and IDS devices can be
integrated into video and access control systems.
11.5.2 Alarm Transmission, Monitoring, and Notification
Alarms signals can be transmitted to alarm monitoring systems and personnel. They may
be transmitted via wire or wirelessly and by zone or by an individual alarm point. Being
able to identify a particular alarm point may reduce security officer’s response time and
make it easier to identify malfunctioning alarm points.
Alarm monitoring may be performed by the user organization or by an outside service,
such as an alarm monitoring company or a central station (high-end monitoring service).
With the right transmission method, the monitoring can take place over any distance.
Whether alarm monitoring is done in-house (proprietary) or on a contract basis, the user
can arrange to be notified by several methods, including telephone, e-mail, and pager,
and can develop a list of all persons to be notified.
11.5.3 Installation, Maintenance, and Repair
Several steps are involved in the installation, maintenance, and repair of alarm systems:
• Engineering and installation. These are essential for a properly functioning
alarm system. Even if all the devices, panels, and annunciators are of good
quality, the system will fail if those components are not installed properly or are
not the correct ones for the application.
• Commissioning. This is the process of testing every alarm point and each
automatic function of a new system.
• Auditing. This ongoing process tests and documents a security system’s
operations to ensure that all parts are functioning properly.
• Maintenance. Alarm systems require regular maintenance, which can be provided
by facility staff (such as an in-house security systems specialist) or system vendors.
• Repair. Repairs can be handled in the same way as maintenance issues.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 34
11.6 Closed-Circuit Television
Video surveillance can be a valuable component of a facility’s security program. The
systems that provide such surveillance are usually called closed-circuit television
(CCTV) systems. They are primarily used to:
• detect activities that call for a security response
• collect images of an incident for later review and use as evidence if needed
• assist in alarm analysis.
The main elements of a CCTV system are as follows:
• Field of View The area visible through the camera lens.
• Scene. This is the location or activity to be observed.
• Lens. The lens determines the clarity and size of the field of view.
• Camera. The camera converts the optical image produced by the lens to an
electronic signal for transmission. The camera requires mounting hardware and
sometimes a housing for protection against physical or environmental damage.
• Transmission medium. The signal generated from the camera must be
transmitted to equipment for viewing or recording, typically over coaxial cable,
twisted-pair wire, network cable, optical fiber, or a microwave signal.
• Monitor. The monitor can display one or more video images with the appropriate
equipment.
• Recording equipment. This includes recorders and equipment for selecting
which images to record, the speed at which the images will be recorded, the
resolution of the capture and the compression format for the capture. Recording
equipment is available in two formats. These include:
o analog, requiring the use of a cassette
o digital, which can either capture analog video or raw digital video.
• Control equipment. Items include switchers, quads, recorders, multiplexers,
signal processors, intelligent software, motion detectors, and devices for moving
cameras to view different parts of a scene (pan, tilt, and zoom).
11.6.1 Functional Requirements
Once the system’s purpose is determined (for example, by using the ASIS General
Security Risk Assessment Guideline), a functional requirement for each component of the
system should be written. A functional requirement is like a job description. A CCTV
system’s functional requirements can be discerned by asking these questions:
• What is the purpose of the system?
• What specifically is each camera supposed to view?
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 35
• What is the access for real-time or recorded video?
Camera Functional Requirements
Different functions require different fields of view. One must consider three factors:
• Target. This may consist of
− persons (individuals or groups)
− packages or objects
− vehicles (individual)
− traffic
• Activity. This could be
− assault
− vandalism
− trespassing
− robbery
− package or vehicle left unattended
• Purpose. This may be to identify an individual or show the direction a suspect
exited from a parking lot. The first purpose requires a defined focal view that
includes the person’s face, while the second purpose requires a wider focal length,
to include the parking lot view.
Monitoring Functional Requirements
If the purpose of the CCTV system is to generate a response to specific incidents, then a
trained person should monitor the system and respond accordingly. The average person
can only monitor a limited number of cameras simultaneously, and needs frequent breaks
to maintain comprehension of the scene. Certain technology can help with the human
factor:
• Motion detection. Digital recording systems may be programmed to alert
personnel by initiating an alarm and a full screen view if a person or object enters
the scene in question.
• Access control system integration. A CCTV system can be integrated with a
security alarm system so that, for example, a door alarm can trigger a nearby
pan/tilt/zoom (PTZ) camera to pre-position, aim at and zoom in on the person
walking through the door.
• Intelligent video analytics. Video analytics comes in many sizes, however, all
video analytics measure/monitor changes in a digitized video scene and compare
these changes internally utilizing an algorithm. Uses can include the recognition
of certain events and conditions, such as an unattended package or vehicle, or
movement by an animal versus a human being.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 36
One needs to be aware of liability/risk that may be assumed when cameras are not
monitored and persons being viewed by the cameras have an expectation of a security
response if they are attacked.
Recording Functional Requirements
If a video recording is to be useful as evidence, it must clearly show the incident, target,
or action it was meant to record, and, of course, the recording itself must be available.
When writing the functional requirements for a recording device, it is important to
consider these factors:
• Resolution. This is picture clarity, which must be sufficient on playback to
distinguish the scene’s key features.
• Length of storage. This is the length of time for which recorded video is kept
before being recorded over or destroyed.
• Frames Per Second (FPS). Recorders may discard image frames to save storage
space. If too many are discarded—that is, if the system records only one or two
frames per second—then fast-moving action may not be captured or items in the
scene may seem simply to appear or disappear.
• Compression type (codec). The video codec identifies the particular encoding
/decoding method utilized for digital video data compression. Choices affect
image quality and data storage space.
≈
When selecting CCTV system equipment, it is important to use a systems approach as
opposed to a components approach. A systems approach examines how equipment will
work with other elements of the CCTV system, with other workplace systems, and with
the environment in which it is needed. This approach results in a CCTV system that
operates effectively and satisfies a facility’s needs. By contrast, buying components
separately and without an integration plan often results in a system that does not perform
as expected, or to its fullest capacity.
11.6.2 Cameras
The following are key considerations in camera selection:
Lighting
CCTV manufacturers specify the amount of illumination needed for minimum function
and for maximum performance. Image quality is also affected by excessive shadows, lens
glare, and backlighting.
Lens Selection
The focal length of the lens determines the size (width and height) of the scene viewed.
The longer the focal length, the smaller the scene captured. Lens focal lengths are
typically measured in millimeters and are characterized as telephoto, standard, or wide
angle. These lenses have either a fixed or variofocal (adjustable) focal length. Variofocal
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 37
lenses are often used in applications that require a zoom capability. The lens’s iris, which
opens and closes to control the quantity of light that reaches the camera’s sensing
element, may be manual or automatic.
Camera Types
The following are the major types of CCTV cameras:
• Analog. These may be black-and-white or color. The most common type of
camera, they work well in all indoor and many outdoor applications. They are
analog based and may or may not have digital effects. Resolution ranges from 220
horizontal lines (very low) to 580 horizontal lines (very high). Light sensitivity
varies between .005 lux (.00046 foot-candles), which is very low, to 10 lux (.929
foot-candles), which is very high. Color cameras are the most restricted by low-
light situations. To compensate for that limitation, manufacturers have developed
hybrid analog cameras. Some use infrared sensitivity to capture more light. Others
combine color and black-and-white capability in one unit, capturing color images
during daylight hours and black-and-white images at night when the light is low.
Other cameras use an intensifier between the lens and the CCD (charge-coupled
device) to amplify the available light tens of thousands of times.
• IP (Internet protocol). These digital cameras come in black-and-white or color
and utilize the Transmission Control Protocol (TCP)/ Internet protocol (IP) for
signal transmission over a network. Like their analog counterparts, IP cameras
require visible light to create an image. These cameras are available in either
standard, or megapixel resolutions. All IP cameras measure their resolution as a
multiple of the common intermediate format (CIF), which is a resolution of 352 x
240. Standard IP cameras range from one-quarter CIF to four times CIF.
Megapixel cameras range from 16 to 32 times CIF or higher.
• Infrared (IR). These cameras require an IR light source to create an image. They
are used where visible light is not an option.
• Thermal. These require no visible or IR light to produce an image. Using special
filters and lenses, the cameras monitor the temperatures of the objects in their
field of view and use colors to represent temperatures. Cold objects are shown in
varying shades of blue, while hot objects are shown in varying shades of red.
Thermal cameras are often used in long-range surveillance, such as monitoring
ships in a harbor five miles out. Since these cameras require no light to create an
image, they are popular with police and border patrols.
• Internet Protocol (IP). IP cameras, utilize Transmission Control Protocol (TCP)/
Internet protocol (IP) or Ethernet cabling to send uncompressed, lossless images
via a computer Local Area network (LAN) / Wide Area Network (WAN) or
Global Area Network (GAN).
Power and Mounting
The availability of power can greatly affect a CCTV system budget. Typically, separate
power and video cables are pulled through conduit to a camera’s location. Some IP
cameras receive power over the same cable on which the digital video is transmitted.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 38
Interior cameras may require housings for physical protection or aesthetic reasons.
Specialized enclosures are also available to protect cameras used outdoors in extreme
weather or explosive environments.
11.6.3 Transport Medium
The video signal generated by the camera must be transmitted to equipment to be viewed
or recorded. Selection of the optimal transport medium may be difficult for a typical
security manager, who might prefer to leave it to the bidding contractor. Coaxial cable is
generally sufficient for analog cameras but does not work for IP-based systems. For
distances of 1,000 ft. or more between the camera and the control point, it may be best to
use fiber-optic cable, regardless of the type of camera. Many transmission methods are
available, and each has its advantages, disadvantages, and costs. Among those methods
are coaxial cable, fiber-optic cable, twisted pair (two-wire) cable, Category 5
(networking) cable, microwave and radio frequency technologies, infrared transmission,
and transmission over existing telephone lines, the Internet, or an intranet. A system
might use more than one method of video transmission. Encryption techniques can secure
both wired and wireless transmissions against hackers and unauthorized viewers,
however the speed of video can be affected.
11.6.4 Command Center
A command center is a central location from which staff can view, record, retrieve, or
respond to video from one or more surveillance cameras. It may be a closet that serves a
single camera watching a cash register at a convenience store, solely for after-the-fact
investigations. Alternatively, a command center might collect images from hundreds, or
even thousands, of cameras and be housed in a facility that integrates CCTV with other
systems, such as access control and intrusion detection.
11.6.5 Recording
Basic types of recorders include:
• Time-lapse (analog). These recorders are designed to make a two-hour cassette
record up to 900 hours by allowing time to lapse between recorded images. The
chosen duration dictates how much information is recorded. Instead of a full 25
frames (PAL) or 30 frames (NTSC) of video information being recorded each
second, a time-lapse recorder may capture only a fraction as many frames. The
strongest market for the time-lapse machine is retail, industrial, and long-term
surveillance.
• Event (analog). Event recorders are designed to record triggered events and can
cost less than time-lapse recorders. They remain in standby mode, waiting for an
event to record. Since the number and duration of events recorded determines
how much videotape is used, the recorder may run out of tape if it is not closely
monitored. These units are most popular for covert surveillance, entrance
monitoring, and other applications where a particular event is the desired subject.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 39
• 24-hour/72-hour high-density (analog). These units capture a larger number of
recorded images over a 24- or 72-hour period than do time-lapse machines. By
changing the angle of the recording head and reducing the space between
recorded images, the units capture three times as much information on an inch of
video tape.
• Digital video recorders (DVRs) (digital). DVRs capture digital video signals,
not analog (unless the analog signal is first converted to digital format and
compressed). These recorders store video data on a hard drive, CD, DVD, or other
medium. The challenge is that the video data requires a great deal of storage
space. Therefore, DVRs compress the video image, using a particular codec (a
compression engine or command sequence that causes the unit to combine colors,
drop resolution, or both). Once compressed, however, the image quality may be
poor. It is important to test DVRs before purchase. A more popular means of
compression is to record fewer images per second. If the application is watching a
dealer with a deck of cards, the DVR should record 30 or more images per
second. If the application is watching people walk across a lobby, two or three
images per second may be sufficient. Most DVRs can be programmed to record a
different number of images per second from each camera input.
11.6.6 Maintenance
When a CCTV system (i.e., cameras, recording devices, monitors) is not operating as it
should, the organization may be vulnerable, incident response may be delayed, and
liability may be incurred. Camera maintenance must be considered before system
implementation. Having adequate spare parts available and trained staff or a service
agreement with a vendor or systems integrator is advisable
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 40
11.7 Security Personnel
The physical security measures in this guideline are typically implemented, monitored, or
maintained by security personnel. Those personnel range from security managers to
security officers, and—to varying degrees—all other personnel in the organization. This
section presents highlights of security personnel’s responsibilities. Two other ASIS
International guidelines address this topic in greater detail:
Chief Security Officer (CSO) Guideline
Private Security Officer (PSO) Selection and Training Guideline
11.7.1 Security Managers
Security managers—those who manage security systems, policies, procedures, and other
security personnel—are known by various names, including chief security officer (CSO),
vice president–security, security director, chief of security, account manger security
supervisor, and post commander and may be employees of or contractors to the organization.
A security manager’s responsibilities may include, but are not limited to any or all of the
following:
• physical security of the organization’s assets
• development and enforcement of security policy and procedures
• crisis management
• business continuity planning
• executive protection
• investigation of security incidents
• employee security awareness
• information protection
• workplace violence prevention
• security officer employment and supervision
• security systems management
When security managers are employees of an organization, it is preferable that they be
part of senior management. Such placement helps demonstrate that the organization
considers security an important function by involving the security manager in the
planning and the decision-making process.
11.7.2 Security Officers
Organizations use security officers to supplement or amend other controls/measures
where human presence and human decision making is needed.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 41
Organization
Security officers, sometimes called guards, may be proprietary/in-house (employed
directly by the organization) or contract (employed by a security services firm). The
choice of whether to use proprietary or contract security officers depends on many
factors, such as the type of organization to be protected, the nature of the organization’s
business, its location, and security personnel wages, benefits, training, and functional
responsibilities. Each organization must weigh the advantages and disadvantages of the
two approaches. Some organizations use both proprietary and contract officers, which is
described as a hybrid force.
Proprietary security officer programs tend to offer more direct control of personnel
selection, screening, training, and supervision. However, the proprietary approach is
usually more expensive than the contract approach.
Contract security programs shift the burden of hiring, training, and supervising from the
organization to the security services firm. They also provide greater flexibility in staffing
levels.
Local ordinances and state laws may solely regulate contract security officers, proprietary
security officers, both, or neither.
Responsibilities
Security officers may carry out various responsibilities including, but not limited to,
screening employees and visitors in reception areas; controlling access to the facility at
other points; monitoring security and life safety equipment; conducting patrols on foot or
using some type of vehicle; responding to security incidents; documenting incidents;
escorting visitors; assisting with parking issues; inspecting packages and vehicles; and
utilizing various security measures (doors, locks, alarms, CCTV cameras, lighting, etc.).
Legal Issues
Security managers should be aware of legal issues such as officer selection and screening,
authority to detain or arrest, and use of force.
Preemployment Screening
The ASIS Private Security Officer (PSO) Selection and Training Guideline recommends
that both proprietary and contract security guards meet the following criteria and
requirements:
• minimum age of 18 years for unarmed positions and 21 years for armed positions
• legal working status
• verified Social Security number (in the United States) and addresses and
telephone numbers for the preceding seven years
• high school diploma or equivalent
• criminal history check
• verified employment history for at least the preceding seven years
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 42
• verified license or certification to work as a security officer, if appropriate
• drug screening
Training
Security officers should be trained and tested on the following topics (among others), as
appropriate to the assignment:
• ethics and professionalism
• security policies and procedures
• investigation
• observation techniques
• challenging techniques
• crowd control
• relations with law enforcement
• legal authority
• human relations
• public relations
• patrol procedures
• report writing
• ingress and egress control
• emergency medical assistance and first aid
• terrorism issues
• workplace violence
• use of force
• criminal and civil law
• operation of security systems
• general fire prevention and safety
If security officers are to be equipped with any weapons (such as firearms, batons,
chemical sprays, or electrical weapons), they must be properly trained in their use.
Officers who will be equipped with firearms need extensive, ongoing training.
Security officers should be given regular training reviews, as well as periodic proficiency
testing.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 43
Post Orders
Post orders, which are sometimes called standard operating procedures, state the essential
elements of security officers’ work assignments. They should contain at least the
following minimum information:
• date of revision
• notice of confidentiality
• emergency contact information (internal and external), including after-hours
contact information
• description of the facility and its users (and floor plans if possible)
• discussion and review of subjects such as access control, keys and equipment
control, property removal, escort of facility users, mobile patrols, arrest policy
and other policies and procedures
• specific instructions on the handling of emergency situations
• security staffing levels, hours of coverage, and specific functions and duties
• proper operation of all emergency and non emergency communication equipment
• instructions on public relations
• code of ethics and standards of conduct
11.7.3 Other Employees
In a broad sense, every employee should be considered part of the security program.
Through a security awareness effort, employees should be taught to understand the
relationship between security and the organization’s success, learn their obligations under
the security program, understand how various security measures support security
program objectives, and become familiar with available resources to help with security
concerns.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 44
11.8 Security Policies and Procedures
The physical security measures described in this guideline are typically managed and
employed in accordance with policies and procedures.
Security policies establish strategic security objectives and priorities for the organization,
identify the organization representatives primarily accountable for physical security, and
set forth responsibilities and expectations for managers, employees, and others in the
organization. A policy is a general statement of a principle according to which an
organization performs business functions. Security procedures are detailed
implementation instructions for staff to carry out security policies. Procedures are often
presented as forms or as lists of steps to be taken.
Policies and procedures must be communicated effectively to staff members, who will
then be expected to perform accordingly. Policies and procedures can also form the basis
for corrective action in the event of inappropriate behavior or underperformance.
11.8.1 Policies
Policies are generally reviewed, approved, and issued at the executive level of an
organization. Once established, they tend to remain in place for an extended period.
Therefore, they should be aligned with the overall business objectives of the organization.
Policy documents may affect decision making throughout the organization, even beyond
the immediate subject of a policy. Moreover, the existence of a security policy tends to
emphasize top management’s commitment, thereby increasing the probability of
employees’ compliance with the policy.
An organization may increase its liability if it ignores the policy or applies it inconsistently.
However, a concerted effort to address security issues on a policy level shows due-
diligence and that management was aware of such issues and attempted to address them.
Subjects to Address
Organizations may choose to develop policies that address general issues, people,
property, and information. The following are some subjects that may be appropriate:
General
• organization’s general objectives in security matters
• accountability of top management in security matters
• general responsibilities of line management
• general responsibilities of all staff
• specific responsibilities relating to the development of subsidiary policies
• reporting, auditing, and review arrangements
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 45
People
• workplace violence
• emergency evacuation and shelter/defend-in-place
• use and display of badges
• workplace access control management
• prohibited items and substances
• staff security awareness education
• escorting staff and visitors
Property
• safeguarding employer property
• acceptable personal use of employer assets
• limitations on who can direct security staff
• investigations
• property control, marking, and disposal
• key control and accountability
• incoming goods and materials
• vehicle access control
• occupational safety and health
• environment (light pollution, etc.)
Information
• disclosure of proprietary information
• information handling, including marking, storage, transmission, disposal, and
destruction
• declassification schedule, process, or expiration of protection
11.8.2 Procedures
Procedures change more often than policies to meet the changing demands and conditions
that the overall organization or security department faces. Procedures can therefore be
changed without the high-level, time-consuming executive review process used for policy
approval. For example, a security policy may define access control as a corporate
objective. The procedure for implementing access control may at first be as simple as
relying on personal recognition, then progress to a card access control system, and then
later call for the use of biometric technology. The policy would remain the same, but the
procedure for carrying it out would be subject to change.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 46
Promulgating security procedures clarifies responsibility for particular security concerns ,
demonstrates to employees that security rules were thoughtfully developed, and aids in
the uniform enforcement of security rules.
Subjects to Address
Organizations may opt to develop procedures that address people, property, and
information. Each procedure should ultimately connect to a policy. The following are
some subjects that may be appropriate:
People
• responding to a threat of workplace violence
• activating the crisis management team after an executive kidnapping
• facility- or operation-specific checklist for evacuating an area in the event of an
emergency
• employee badging, including varying levels of access permission
• identifying and managing suspicious packages
• protection of employees working alone
• visitor management
Property
• marking of facility property
• securing of valuable property
• removal of property from the facility
• key issuance and management
• security officer duties (post orders)
• security incident reporting
Information
• marking, storage, transmission, disposal, and destruction of confidential
documents
• management of confidential meetings
• technical surveillance countermeasures (anti-eavesdropping)
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 47
Bibliography
American Society for Testing and Materials. (2008). Standard practice for installation of
chain-link fence. (F567-00). Available: http://www.astm.org [2008, March 15].
ASIS International. (2004). Private security officer selection and training guideline.
ASIS GDL PSO 11 2004. Alexandria, VA: ASIS International.
ASIS International. (2004). Protection of assets manual. Alexandria, VA: ASIS
International.
ASIS International. (2008). ASIS International glossary of security terms, [Online].
Available: http://www.asisonline.org/library/glossary/index.xml [2008, October 9].
Atlas, R. (1991, March). “The other side of CPTED.” Security Management.
Atlas, R. (2008). 21st Century Security and CPTED: Designing for Critical Infrastructure
Protection and Crime Prevention. New York, NY: Taylor and Francis.
Broder, J. F. (2006). Risk analysis and the security survey (3rd ed.). Burlington, MA:
Butterworth-Heinemann.
Canadian General Standards Board. (1999). Security guards and security guard
supervisors. CAN/CGB-133.1.99. Ottawa, Canada: Canadian General Standards
Board.
Chain Link Fence Manufacturers Institute (1997 & 2008). Standard guide for metallic-
coated steel chain link fence and fabric.
http://codewriters.com/asites/page.cfm?pageid=902&usr=clfma [2008, March 15].
Craighead, G. (2003). High-rise security and fire life safety (2nd ed.). Woburn, MA:
Butterworth-Heinemann.
Crowe, T. D. (1991). Crime prevention through environmental design: Applications of
architectural design and space management concepts. Woburn, MA: Butterworth-
Heinemann.
Cunningham, W. C., Strauchs, J. S., and Van Meter, C. W. (1990). Private security
trends 1970–2000: The Hallcrest report II. Boston, MA: Butterworth-Heinemann.
Department of the Army. (2001). Physical security training manual. FM 3-19.30.
Washington, DC: Department of the Army.
Fay, J. J. (1993 & 2008). Encyclopedia of security management (1st and 2nd eds.).
Burlington, MA: Butterworth-Heinemann.
FACILITIES PHYSICAL SECURITY MEASURES GUIDELINE
ASIS GDL FPSM DRAFT 48
Federal Emergency Management Agency (FEMA). (2003). Reference manual to mitigate
potential terrorist attacks against buildings. Washington, DC: Federal Emergency
Management Agency.
Fennelly, L. J. (Ed.). (2004). Handbook of loss prevention and crime prevention (4th ed.).
Burlington, MA: Elsevier Butterworth-Heinemann.
Fischer, R. J., & Green, G. (1998). Introduction to security (7th ed.). Boston, MA:
Butterworth-Heinemann.
Garcia, M. L. (2001). The design and evaluation of physical protections systems.
Burlington, MA: Butterworth-Heinemann.
Garcia, M. L. (2005). Vulnerability assessment of physical protection systems.
Burlington, MA: Butterworth-Heinemann.
Gigliotti, R., & Jason, R. (2004). Physical barriers. In L. J. Fennelly (Ed.), Handbook of
loss prevention and crime prevention (4th ed.), p. 156. Burlington, MA: Butterworth-
Heinemann.
Illuminating Engineering Society of North America. (2003.) Guideline for security
lighting for people, property, and public spaces. G-1-03. New York, NY:
Illuminating Engineering Society of North America.
Jeffrey, C. R. (1971). Crime prevention through environmental design. Thousand Oaks,
CA: Sage Publications.
Newman, O. (1972) Defensible Space Crime Prevention Through Urban Design. New
York, NY: Macmillan Publishing Company.
Purpura, P. Security and loss prevention: An introduction (4th ed.). Burlington, MA:
Butterworth-Heinemann.
Sennewald, C. A. (2003). Effective security management (4th ed.). Boston, MA:
Butterworth-Heinemann.
Wilson, J. Q., & Kelling, G. (1982, March). Broken windows. Atlantic Monthly.
*
SYSTEMS DESIGN and ENGINEERING
(SECURITY ARCHITECTURE & ENGINEERING – PART 2)
Presented by
Frank M. Carpency, P.E., CPP, PSP, CSC
Carpency and Associates, LLC
13425 Scottish Autumn Lane
Gaithersburg, MD 20878-3909
fmc@carpsecurity.com
www.carpsecurity.com
*
The Security Program
Policy
Procedures
People
Equipment
A security system without a security program is useless!
Document your security program and use the document as a sales tool!
*
The Security Triangle
Respond
Detect
Delay
The total time to Detect, Delay and Respond
must be less than the adversary’s task time!
*
Security Terms/Concepts/Philosophies
Protection of Assets – People, Facilities, Equipment, Information, Raw Materials, Finished Products.
Defense-in-Depth – Adversary must avoid or defeat a number of protective devices in sequence. Design approach using multiple barriers, technologies and/or controls.
Balanced Protection – No matter how an adversary attempts to accomplish the goal, effective elements of the security system will be encountered.
*
Security Terms/Concepts/Philosophies
Crime Prevention Through Environmental Design (CPTED) – A branch of situational crime prevention which has as its basic premise that the physical environment can be changed or managed to produce behavioral effects that will reduce the incidence and fear of crime, thereby improving in the quality of life, and enhancing profitability for business. CPTED has as one of its primary aims to reduce the opportunity for specific crimes to occur. Where CPTED differs from traditional target hardening strategies is that the techniques employed seek to use environmental factors to affect the perceptions of all users of a given space – addressing not only the opportunity for the crime but also perceptions of fear on the part of those who may otherwise be victims.
*
Project Stages
Basis of Design – Study and Report Phase (SAE – Part 1)
Preliminary Design (SAE – Part 2)
Design Development (SAE – Part 2)
Final Design (SAE – Part 2)
Bidding, Negotiation & Procurement (SAE – Part 3)
Construction (SAE – Part 3)
Operational (SAE – Part 3)
*
Study & Report Phase
Develop Functional Requirements
– What needs to be protected: people, information,
facility/equipment, raw materials, finished products
– Group assets into low, medium & high value
categories
– Tied to security policy and procedures
Determine Threat & Risk
– Analyze local crime statistics and FBI threat data
– Group threat & risk into low, medium & high
probability categories (use metrics if possible)
– Determine cost tradeoffs
– Transfer risk if possible
*
Study & Report Phase (cont’d)
Assess Vulnerabilities
– Think like a vandal, criminal, terrorist, etc.
Develop Risk Mitigation Strategies
– Recommend effective countermeasures
Prioritize Recommendations
Estimate Cost for Each Recommendation
*
Replace or Upgrade?
Determine age and condition of existing equipment
– What equipment can be reused and can it be integrated with
new equipment?
What are the current maintenance costs?
– How much time is now spent repairing system?
– Are spare parts available?
Determine the impact of code compliance
– ADA, NFPA and local codes
What other facility or organizational changes are planned for the near and long-term?
Share the cost
– Enroll other organizations
*
SAE Part 2 Project Stages
Preliminary Design (design requirements tied to recognized standards such as UL, IEEE, ANSI, IES, Federal Government Standards)
Design Development
Final Design
*
PRELIMINARY DESIGN
*
Getting Started
Assign Responsibilities
Gather Data – Site Walkdowns, Existing Facility Drawings, and Existing Security Documents
Communicate with Key People – Conduct Interviews
Establish Functional Requirements (measure against security policy & procedures)
Define Tasks & Develop Realistic Project Scheduling
Prepare Report with Recommendations, Alternatives Initial Cost Estimate, and Concept Drawings
Establish Design Requirements (formal document tied to recognized standards)
*
Getting the Facts
Note Grading & Ground Cover
Note Existing Equipment Types
Note Placement of Barriers, Fences, Access Points & Possible Breaches
Document Equipment Locations & Coverage
– Intrusion Detection
– CCTV
– Access Control
– Ancillary Systems (lighting, power, raceways, etc.)
Determine Condition of Existing Equipment
*
Getting the Facts (cont’d)
Conduct Light Level Readings
Note Type, Condition and Length of Wire & Cable
Confirm Electrical Raceway Location, Condition & Fill
Confirm Power Source Location, Type & Capacity
Consider Weather Conditions (Year Round)
Be Aware of Facility Operational Nuances
Obtain Existing Drawings & Documentation
*
Design Requirements
*
Poor Sensor Application
Mounted on non-protected side of door
Easily removable covers
*
Design Approach
Review Functional Requirements
Develop Design Requirements (design basis)
Develop Design Documentation
Preliminary Drawings (Site Plans & Floor Plan Backgrounds)
Outline Specifications (Select Type)
Design Analysis & Calculations
Total Project Cost Estimate
Present Design Concept to Client
Establish/Confirm Total Project Scope
*
Sample Design Requirements
Delay Time Required to Protect Asset (factor in time for communication and assessment, plus time to deploy and position responders)
Speed and Weight of Vehicle and Amount of Explosives
Wind Loading on Structures (i.e. fences, camera towers)
Minimum Lighting Levels (human and electronic)
Light-to-Dark Ratio (ideally 4:1)
Lighting Type (halogen, metal halide, HPS, etc.)
Minimum CCTV Resolution (at target)
IDS Probability of Detection (ideally 1.0)
IDS Level of Confidence (typically 90-95%)
Power Requirements (normal, emergency, UPS)
*
Design Requirements
IRE Units (video 1 volt p/p or 140 IRE Units)
IPS (images per second)
Real Time (30-60 IPS) vs. Real Motion (15-20 IPS)
Footcandles vs. Lux (1 fc = approximately 10 lux)
Full-video (100 IRE units) vs. Usable Video (20-50 IRE Units) 100 IRE is DVD quality
CIF (Common Intermediate Format; 1, 2, 3, or 4 CIF)
JPEG, Wavelet, MPEG-4
File Size (in Kb)
CRI (color rendering index)
SNR (signal-to-noise ratio)
f-stop (f 1.0 to f 16 to closed)
Sensitivity
Re-strike Time
Reflection Factor (camera test percentage used: 75% made in USA, 89.9% made overseas)
RG59/U, RG6/U, RG11/U, UTP, Cat -5e, multimode
RAID (redundant array of independent discs)
What the heck are these things and who cares?
*
Design Considerations
Incorporate CPTED Principles
Think Integration From the Start
Address Operational Issues
Incorporate Human Factors
– Hardware
– Software
– Transition Planning
– Maintenance
– Training
Anticipate Change
*
Human Factors & Ergonomics
*
Security Console Ergonomics
*
Door, Gate & Turnstile Control
*
Personnel Search Area
*
Engineered Sensor Application
*
Triple Stacked Microwave
*
Microwave Bounce Plate
*
Microwave Junction Box
*
Fixed & PTZ CCTV Cameras
*
COST ESTIMATING
*
The Rule of Ascending Cost
Procedures $
Passive Barriers $$
Active Barriers $$$
Electronics $$$$
Personnel $$$$$
The key to cost control is selecting the proper mix!
*
Why a Cost Estimate?
Project Evaluation/Approval
Choosing between multiple options
Estimating Return on Investment
Project Planning
Initiate accumulation of funds
Live within your means
Validation of Bids
Establish competitive range
Establish ceiling
Make sure your consultant knows your budget!
*
Cost Components
Engineering & Design
In-House
Outside Consultant
Hardware (bill of materials plus spares)
Software (including documentation and licenses)
Installation (labor, equipment rental, permits & miscellaneous materials)
Construction Supervision (inspection & testing)
Use a Work Breakdown Structure for Labor Costs!
*
Cost Components (cont’d)
Hidden Costs (security support, temporary operational changes)
Other Costs
taxes (state & local)
overhead (15%)
profit (10%)
bonding (1-2%)
contingency (5%)
inflation (AR 415-17, “Cost Growth Indices”)
Continuing Costs (warranty, maintenance, training & alarm monitoring)
*
Levels of Estimates
Concept/Planning Stage (35% Design)
Rule of thumb estimates
Vendor/supplier estimates
Large contingencies (20% to 30%)
Intermediate Stage (65% Design)
Drawing take-offs
Vendor estimates/quotes
Moderate contingency (10% to 15%)
Final Design (100%)
Refined drawing take-offs
Vendor quotations (equipment & labor)
Minimal contingency (5%)
*
Conceptual Estimates
Based on Unit Prices
“Ballpark” – Budgetary Estimates
“Means Electrical Cost Data” R.S. Means Company, Inc. 100 Construction Plaza P.O. Box 800 Kingston, MA 02364-0800
(Good for estimating conduit, cable and associated labor, not good for estimating security equipment and specialty applications, including labor)
*
Detailed Estimates
Identify & Group by Subsystems (stand-alone or supporting systems)
Develop a Bill of Materials (unit & quantity pricing)
Establish Material Prices (concrete, rebar, boxes)
Formulate Work Crews/Productivity/Rates
Identify Required Equipment and Rental Rates (trenching, scaffolds)
Combine with Bill of Materials (set up a spreadsheet and/or database)
Maintain contingency as a separate line item, do not build contingency into each item
*
Pitfalls
Incorrect or Improper Quantities
Not including all cost components (design, inflation, terminations, compensatory security measures)
Price Increases (especially from vendors)
Fixed Quantities (spools of cable)
Ongoing or Near Term Site Changes
Believing What You Hear Instead of Gathering Facts
*
Cost Estimating Summary
Use Current, Actual Cost Data/Quotes Wherever Possible
Industry Averages Are Useful at All Stages
Allow/Expect Differences at Bid Time
Use Spreadsheet Programs
Update Cost Estimate at all Design Submittal Stages (35%, 65%, 100%)
*
DESIGN DEVELOPMENT
*
Design Development
Prepare Equipment Location Drawings
Determine Generic Equipment Type
Based on:
Functional Requirements
Compatibility With Other Sub-Systems
Prepare Block or Riser Diagrams
Research Equipment Vendors
Select Final Equipment Type
Develop Preliminary Bill of Materials
Develop Equipment/System Specification(s)
Update the Cost Estimate
*
Equipment Location (Floor Plan)
*
Riser Diagram
*
Block Diagram
*
CCTV Location & Coverage
*
Console Layout
*
Design Development (cont’d)
Select Specific Equipment
– Based on Design Requirements
Prepare Specifications (CSI or other format)
Conduct Bid Evaluations
– Conformance to Specification
– Ease of Installation
– Maintainability
– MTTF & MTTR
– Vendor Experience, Documentation, Support & Warranty
– Cost
– Make Award Based on Best Value
*
MINIMIZING COST
*
Minimizing Cost
Let the security professionals do their jobs
Money spent in design will return many times over in installation cost savings (minimizes rework & change orders)
Consider life-cycle issues – design for maintenance
Implement Crime Prevention Through Environmental Design (CPTED) principles
Reuse conduit and cable and other equipment (such as CCTV lenses) where practicable
Use existing LAN where practicable (possible bandwidth issues)
*
Minimizing Cost (cont’d)
Use multi-technology, multi-function access cards
Pre-qualify bidders; consider weighted criteria
Prepare a specification with material takeoffs and requiring unit pricing for equipment, material and labor
Institute a design freeze at the 65% submittal (changes are a budget buster)
Establish a single-point of responsibility through the installer/contractor
*
Minimizing Cost (cont’d)
Conduct a thorough system burn-in and factory acceptance test
Resolve all software, firmware & hardware issues, and open items prior to shipment
Conduct thorough site acceptance testing
Obtain comprehensive operator, administrator, & maintenance training, and documentation
Develop realistic scheduling
Obtain thorough as-built documentation
Communicate, document and revalidate requirements!
*
FINAL DESIGN
*
Final Design
Review Vendor Submittals
Prepare Final Drawings
– Interconnection Wiring Diagrams
– Conduit & Cable Lists
– Installation Details
Finalize Bill of Materials
Prepare or Review Installation Specification
– Detailed Installation Instructions
– Acceptance Test Procedures
– Construction Schedule
*
Final Design (cont’d)
Revalidate Conformance to the Requirements
Prepare Final Cost Estimate
Issue Design for Client Review
Revise as Necessary
Issue for Construction
*
Fencing & Grading Details
*
Grading & Ground Cover
*
Equipment Mounting Details
*
Equipment Rack Arrangement
*
CCTV Junction Box Assembly
*
CCTV Junction Box Wiring Diagram
*
CCTV Field Wiring Diagram
*
CCTV Junction Box
*
Other Design Documentation
System Descriptions (how it works)
Transition Plan (existing system to new system)
Factory Acceptance Test Plan and Results
Site Equipment Test Baseline Data and Results
System Acceptance Test Plan and Results
*
Testing
Factory Acceptance Test
– Integrator to develop test plan, Engineer to review and
approve plan, Engineer and Owner to witness test.
– Test after system burn-in and do not ship until all
deficiencies have been corrected.
Site Equipment Test
– Installer to develop test data sheets (to record
settings) with signoffs for each piece of equipment.
System Acceptance Test
– Functional and performance test based on the FAT.
Engineer/Owner to witness and signoff on each test.
*
Training
Who Needs It?
– Console Operators
– System Administrators
– Security Supervisors
– Maintenance Personnel (hardware and software)
– Employees (awareness/user interface)
Planning
– Initial (hands-on instruction, hard copy, interactive
CD ROM)
– Follow-on (retraining, new employees, software
updates, equipment changes, operational changes)
*
SPECIFICATIONS
*
Specifications
Format
– Construction Specifications Institute (CSI) MasterFormat
– AIA MasterSpec
– Client/Industry Specific (Design Requirements as outline)
Content
– Functional
– Procurement
Evaluation Factors
– Weighted Percentage (split technical from cost evaluation)
– Includes: technical compliance to specification, past
experience, documentation, personnel, workload, project
management, warranty, follow-on support, etc.
*
CSI Format Specification Structure
Bidding Requirements (invitation, instructions, information, bid form, bid bond)
Contract Forms (agreement, performance bond, payment bond, certificates)
Contractor Conditions (general, supplementary)
Specification Drawings Addenda
Contract Modifications
*
GENERAL
Related Work
Description
Submittals (define exactly and use a formal
schedule)
Definitions
Standards
PRODUCTS or EQUIPMENT or SYSTEM
Functional Requirements
Performance Requirements
Recommended Suppliers
CSI Division Structure
*
EXECUTION
Installation
Coordination with Others
Testing (sometimes not well defined)
Training (often not well defined)
Maintenance (base year plus option years)
Warranty (2- years minimum, initiate at
system acceptance)
Spare Parts (often overlooked)
CSI Division Structure (cont’d)
*
CSI Facility Services Division 26 Electrical
26 05 00 Common Materials and Methods
Cables, Conductors, Raceways, Static UPS, Grounding, lightning and surge protection, etc.
26 50 00 Lighting
26 51 00 Interior Lighting
26 52 00 Emergency Lighting
26 55 00 Special Purpose Lighting
26 55 53 Security Lighting
26 56 00 Exterior Lighting
*
CSI Facility Services Division 27 Communications
27 40 00 Audio/Visual Communications
27 10 00 Structured Cabling
27 20 00 Data Communications
27 30 00 Voice Communications
27 40 00 Audio-Visual Communications
27 50 00 Distributed Communications and Monitoring Systems
*
CSI Facility Services Division 28 Electronic Safety and Security
28 00 00 Electronic Safety and Security
28 01 00 Operation and Maintenance of Electronic Safety and Security
28 05 00 Common Work Results for Electronic Safety and Security
28 06 00 Schedules for Electronic Safety and Security
28 08 00 Commissioning of Electronic Safety and Security
28 10 00 Electronic Access Control and Intrusion Detection
28 13 00 Access Control
28 16 00 Intrusion Detection
*
CSI Facility Services Division 28 Electronic Safety and Security (Cont’d)
28 20 00 Electronic Surveillance
28 23 00 Video Surveillance
28 26 00 Electronic Personal Protection Systems
28 30 00 Electronic Detection and Alarm
28 31 00 Fire Detection and Alarm
28 32 00 Radiation Detection and Alarm
28 33 00 Fuel-Gas Detection and Alarm
28 34 00 Fuel-Oil Detection and Alarm
28 35 00 Refrigerant Detection and Alarm
28 40 00 Electronic Monitoring and Control
28 46 00 Electronic Detention Monitoring and Control Systems
*
The Four Absolutes of Quality
Definition of Quality
– Conformance to Requirements
System of Quality
– Prevention of Defects
Personal Performance Standard
– Commitment to Excellence – Zero Defects
Measure of Quality
– Customer Satisfaction (make sure you know
who your customer is!)
*
The design process described can be characterized as:
An Engineering Process
A Quality Process
A Risk Management Process
A Business Process
The process assures that you get what you paid for!
*
Summary
Use a structured approach to design – implement “the process”
Define the requirements
Gather sufficient, meaningful data
Plan the project
Develop a realistic budget and schedule
Pay attention to detail
Revalidate the requirements at all submittal stages and at the system acceptance test
Communicate among all team members
*
Contact Information
Frank M. Carpency, P.E., CPP, PSP, CSC
Carpency and Associates, LLC
13425 Scottish Autumn Lane
Gaithersburg, MD 20878-3909
301-560-1069
fmc@carpsecurity.com
www.carpsecurity.com
Running Head: SECURITY ARCHITECTURE AND ENGINEERING 12
Title: Security Architecture and Engineering
Student’s Name:
Professor’s Name:
Date:
Security Architecture and Engineering describes essential consistent hardware, working framework, and program security components and how to utilize those components to plan, modeller, and assess secure computer frameworks (King, Dalton & Osmanoglu, 2018). Understanding these principal issues is necessary for a data security proficient. Security Design and Plan may be a three-part space. The primary portion covers the equipment and program required to have a secure computer framework, the moment portion includes the coherent models needed to keep the structure stable, and the third portion covers assessment models that evaluate how safe the frame truly is.
Security is based on three perspectives that are sanctioning preventive obstacles purposed at discouraging potential trespassers, utilizing reconnaissance measures to inform and strategies to be utilized in securing the interlopers. Updating of a security mechanism is fundamental within the sense that it turns away the plausibility of the occurrence of the hazard ensured against by making the security measures stern, thus lessening the rate of the peril. Typically, a gage takes a comprehensive think of the security framework to form any doubt whether the structure requires overhauling or a substitution on the defenselessness of the frame to be undermined. It is pointed at securing the resource from robbery or any other hazard that the proprietor of the support needs security.
Usually, a term paper that includes a portrayal of the show extends to update security at a Healthcare. The pursuer would be able to get it the significance of security update after going through this paper. A valid security concept for defending offices these days emphasizes a developing sharpness of innovative headways and emphasizes the consideration of building points of view, security frameworks and labour as well as methods so that they can be more productive. Wrongdoings comprising fear monger exercises are the artefact of eagerly other than implies.
Innovation helps organizations identify the implied intruder’s utilization but not their goals. The human portion of the security drive must set up the purposes and take activities to neutralize them. The critical expression portraying hazard control in today’s world is consolidation. Organizations require security update to guarantee the energetic risk sorts that are put at narrows at all time and frameworks overhauled to offset security measures. Computer security thoughts and structures are measures utilized in countering security dangers inside an office.
Organization administrators regularly discover on the gatekeepers of a company’s chequebooks that are a doubtful approximately demands for securing and controlling overhauls. It is because they aren’t pure in legitimizing the entirely money related forms (Jorgensen, Ball, Wort, LoForte & Knight, 2014). But passing on to administration precisely why an update ought to take place is of most extreme significance. As the office officials care, companies realize and take a toll of a securing framework update that may be legitimized through numerous methods.
The first thing is guaranteeing a secured environment for staff and patients. Numerous diseased individuals drive past a few clinics on their way towards the dedication of the Union. We require everybody to feel that they’re coming to a secure environment. In expansion, the health care workforce is, to a great extent lady, and because of the nature of 24/7 a healing centre, workers come and go in every hour of the night and day time. The administration needed to guarantee its security, as well.
Another reason for updating is that the passed innovation, a recorder of the time-lapsed that uses tape had been absolutely or troublesome to use. In an event where occurrence takes place, investigation of the recordings needed a security worker in surveying some records at different times to choose if the captured time-lapse recorder was s good picture. A poor tape quality made the surveying cumbersome in handling some of the issues. A new framework of the employments record through computerization method, retrieval of data will be as straightforward as keying in a date and time for a particular camera.
In expansion, a new venture is the interface of a new framework with the participation and time framework. Representative working shall use the identifications they have in entering the office; it can let the participation and time framework in knowing that they are presently working. Unused framework moreover permits an administrator found inside the office to screen the security frameworks introduced in other clinics inside the Medstar wellbeing organized and arranged seven members where Union depiction has a portion.
Safety First
More up to date technology nearly continuously upgrades the security of the office that can offer assistance pull in both workers and occupants (Hugel, 2018). Independence to the age of the recent and getting to controlling the framework, more up to date one may be more proficient to run and work, and more straightforward for representatives to utilize. In expansion, numerous more current frameworks give progressed review trails, ought to the happening of a safety. Be that as it may, officials regularly discover that beat administration is hesitant to financial security. Managers do more often than not having an honest to goodness crave to secure their representatives and clients. Still, office administrators regularly fall flat to successfully pass on to administration the confinements of the new framework and the securing reasons updates are vital.
In the point of beginning, choosing if to actualize a viable get to control framework isn’t a choice in a few organizations. The instep is ordered by any method of control. Government offices, for this case, had to comply with the country security directives; this traces the necessities for distinguishing certain representatives of the government and temporary employees who may get the data and workplaces frameworks of the government. Get to command place in company’s endeavours when complying with the directions. Improving security alongside getting a command framework overhaul may give promoting benefits. In a firm rental showcase, advertising a building form of the art get to rule framework may be a method to pick up a point with possible occupants.
The expansion of the occupants, the office security may impact the organization capacity in pulling the workers. To pull in best ability, a secure environment is essential. Representative comfort too may be in a play during consideration of an overhaul in getting control to the framework. A few more seasoned frames can need all representatives to enter and move out of a building via some rotating entryways. Activity frequently moderates down in the starting together with the conclusion of the daily job. They can become bottlenecks. It gets to be difficult for staff to go in and out as a result of line forms. In killing that, a few enterprises turned visual gates that do not have armour presence of a weapon which may be switched on and off. Distinguishing proof documents are filtered, and after the framework notices the representatives, they get the permission of entering.
Streamlining Safety
Innovation consolidated in more up to date get to control frameworks can boost the efficiency of security workers (Dowland, 2016). For occurrence, numerous of today’s structures permit the framework administrators or chairpersons to associate to the framework from an inaccessible area, through the Web as well as private arrange. It diminishes the times a professional has to be moved away to analyse occurrence which happens inside the inaccessible office. Additionally, a few more up to date frameworks permit office administrators to open all the entryways from one computer. Occupant’s consent’s forgetting to an office or sections of an office may be regularly being changed from one computer devices. In expanding, sparing time ensures capability, which makes the possibility that all focus in the passage has an upgrade when the representative’s transparent out a company and ought to now not have an entry in the corporate workplaces. The highlights may be utilized in case of workers altering the regular working hours as well as having to be in office in distinctive days or times.
Majority of those who get to rule frameworks have coordinates information making it simpler as well as quicker for safety representatives in searching for records used in examining occurrences since the job may be done by electronic means. Additionally, numerous unused get to control frameworks not as it was tracking the moments where people come into an office and record the moment they depart. By this data, it may help in the exploration of safety episodes. Majority of these currents gets to control frameworks may operate in the corporate data innovation and organization. By doing this, they will be utilizing similar throughway because it’s another return in the venture.
In differentiate, numerous frameworks introduced more than ten a long time back typically were stand-alone frameworks. At the side meddle with time, and participation application, numerous more current get to control structures can interface with the rest of the building frameworks, like the lift, HVAC or lighting frameworks. Once a representative slides a card to get in an office, the lights and cooling or warming frameworks emerge. Not as it were in the employee’s safety increment since it spares vitality through guaranteeing those structures are operating when needed. For possible ruling, structures may interface in the rest of the security frameworks like fire caution or safety camera framework.
In line with fire alerts going off, office officials will have the chances of deciding rapidly the tenants who are inside and need to be vacated. In instances where it is connected with safety cameras, this framework gives extra checking’s. It provides extraordinary data amount if a manager should be aware of the occasion, where every representative was in the office at any time the data may be rapidly obtained. When beginning with the look, it might appear that overhauling a get to control framework would diminish an organization’s legal obligation for any episodes that along these lines happen. Be that as it may, office officials ought to use caution in preventing exaggeration of the possible lessening of the obligation. Asset diminishment does not occur since a person sends safety controls (Kaur, 2018). It’s how you actualize them. In case office administrators obtain a set it and disregard its strategies, the company risk may not recoil. Instep, the framework ought to be reliably and appropriately observed, assessed and utilized.
Steps towards an Upgrade
In the portion of formulating the scenario for an overhaul in getting to rule framework office officials ought to total a hazard evaluation that traces a facilities regions of presentation. By utilizing the hazard evaluation like the establishment of making a decision, the office official has high chances of successfully arranging in utilizing assets (DIANE Publishing Company, 2019). In differentiate; investing exclusively in reaction to a safety tends to cause a scatter-shot purchase. Employing the chances of evaluation like an establishment for getting to rule the framework might offer assistance on the off chance that a lawful questioning is afterwards brought over the enterprise. The company can appear as if the structure obtained and executed was on the grounds of substantial investigations concerning the dangers confronting the company as well as the possible arrangement which might moderate the risks.
The engineering plan of a security framework is of a small down to earth esteem unless it is complemented by comprehensive and successful operational and innovative security hones. Among the foremost imperative Operational best-practice proposals are; Prepare and certify security officers as Uncommon Police Officers – outfitted with the specialist required to form captures; guarantee that the security staff is able to take part in crisis reaction plans and operations; keep up comprehensive security approaches and strategies, upgrading and changing them when and as fundamental; organized an yearly review-and-certification prepare for all composed security arrangements and procedures; minimize security staff turnover by giving worthy working conditions and requiring the coordinate contracting of representatives; advance proficient improvement and instruction in each way conceivable, counting the arrangement of money related help to counterbalanced the costs included in accomplishing higher levels of education; and guarantee staff familiarization with the particulars of both the National Occurrence Administration Framework (NIMS) and the person hospital’s possess incident-management group plan, counting particular subtle elements approximately the hospital’s claim security approaches structure.
Among the Mechanical security suggestions are; utilize closed-circuit TV (CCTV) reconnaissance frameworks to amplify security-force viability – and complement that capacity at whatever point conceivable with digital-recording innovation; introduce and utilize electronic access-control and alarm-monitoring structures; coordinated the CCTV reconnaissance and access-control frameworks to guarantee that security staff checking the frame are ideally successful and productive; introduce and utilize an electronic-security guard-tour framework to screen security officers’ execution of their checks and rounds; utilize two-way hand-held radios to guarantee that nonstop communication is accessible between and among security faculty, offices staff, and senior clinic administration staff; introduce infant-abduction anticipation frameworks when care is given to birthing and paediatric patients; and guarantee that a mass-notification capability is accessible in all healing centre offices to supply zoned and “all-call” capabilities.
Importance of Implementation
After the request to get the rule overhaul, appropriate usage is essential. It means altogether looking at the present framework in distinguishing insufficiencies. It is moreover imperative in considering any changes in the construction like the development of available divider that can require an alter in getting to rule the framework. Viable as well as intensive usage needs total perseverance. It is insufficient to rely on the appeal of safety arrangement suppliers since individuals will not be as learned around the construction of the tenants in the present framework. In choosing a frame, office officials ought to consider its possible utilization like the administration instruments having the information it will obtain. Make beyond any doubt that a person who is not under-powering data and the capacity in connecting it to the rest of the data.
It is, by and large, less demanding to coordinate with some apps when the framework is in the stage of the open stage together with design (Bouwman, Hooff, Wijngaert & Dijk, 2015). Suppose to get control frame is as of now input. In that case, office administrators will need to make consideration concerning the structures which work with the get to rule cards as of now to utilize together with one issued at future dates. This way, the company will not require giving available documents to tenants with them. Appropriately displayed, the scenario for safety updates frequently ought to get opened the gathering. There is no proprietor within the nation that does not take safety. Intrigued by security has as it was developed. “Security has gone from the toilet to the penthouse.”
Your security officers and administrators should have one framework that totals information from all of their past screens. The framework incorporates video reconnaissance; get to control, social media, cautions, and geo-location frameworks to get it where an occasion is taking put. Not as it were does security staff have way better data, they are more arranged with reaction conventions that are propelled when an opportunity is activated. Administration divisions work closely with security to construct a proactive association to create the hospital’s security and crisis reaction plans as the environment of care changes.
Clinic security has never been more essential than it is presently. To overhaul the security to the most remarkable degree conceivable building plan must be complemented by operational approaches that address such needs as staff determination, preparing, and certification support, in conjunction with their integration inside the health centre occurrence commanded framework. Reasonable innovation – counting but not restricted to CCTV surveillance, advanced recording, radio communications, and unmistakable as well as capable of being heard alert frameworks – must be accessible utilize in deliberately vital zones. As it were through successfully tending to its essential building, operational, and innovative needs can a healing centre meet today’s developing security challenges.
Conclusion
Need to bring your possess gadget controls: Clinics ought to ordinarily avoid patients or employees from interfacing their possess individuals gadgets to clinic frameworks counting through Wi-Fi, Ethernet, or VPN, and were usually not fitting in applying successfully specialized controls to secure the healing centre and the arrange structure from rouge or compromised gadgets. Due to the need of control on BYOD blended foundations, these apparatuses ought to be kept off the border of essential servers and administrations and organize get to of these gadgets ought to be controlled by person qualifications related to the device for the case, utilizing advanced certificates.
Wherever conceivable, these gadgets ought to work beneath an approach based framework whereas joining the aeroplane terminal IT space, giving a more confined environment for the case, and limitation of peripherals utilization using gathering arrangement. Require of robotized resources stock revelation apparatus: Clinics embracing the Internet of Things components have to screen how these sensors associated with restorative gadgets and systems, and if data collection prepare is continuously redressed.
To realize this robotized resource stock revelation instrument is required. The apparatus empowers frameworks supervisors to track of all resources and being able to utilize diverse disclosure strategies in case of a disturbance. The need for this makes healthcare frameworks more helpless to accessibility and astuteness assaults. Conduct hazard evaluation and helplessness appraisal: Security must be comprehensive; something else aggressors will necessarily misuse the weakest interface. Thus, vulnerabilities got to be distinguished, and endeavours can at that point be centred on these specific regions.
As a comprehensive update of the foundation with data security in intellect will not be reasonable in most cases, iterative enhancements over all pertinent zones, taking under consideration organizational as well as specialized measures, are more often than not most viable. Healing centres moreover require proper aptitudes to introduce, work and keep up data frameworks and gadgets legitimately. A coherent methodology is essential for progressing of the interoperability between frameworks and devices and, at the same time, disposes of potential shortcomings.
References
Bouwman, H., Hooff, B. V., Wijngaert, L. V., & Dijk, J. V. (2015). Information and communication technology in organizations: Adoption, implementation, use and effects. SAGE.
DIANE Publishing Company. (2019). Issue update on information security and privacy in network environments. DIANE Publishing.
Dowland, P. (2016). Advances in communications, computing, electronics, networks, robotics and security volume 12. Lulu.com.
Hugel, D. H. (2018). Exploring legal issues associated with the use of computerized driving records.
Jorgensen, A., Ball, B., Wort, S., LoForte, R., & Knight, B. (2014). . John Wiley & Sons.
Kaur, P. (2018). Nature-inspired algorithms for big data frameworks.
King, C. M., Dalton, C. E., & Osmanoglu, T. E. (2018). Security architecture: Design, deployment, and operations. McGraw-Hill/Osborne Media.