Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Physical Security_&_Risk_Management_book


Published on

  • Be the first to comment

The Physical Security_&_Risk_Management_book

  2. 2. Introduction Table of Contents Today, integrated electronic and IP security systems can do many things. They can provideTable of Contents 2 better security detection and confirmation, withIntroduction 2 less labor than ever before; they can work seamlessly with other systems running withinRisk Management & Physical Security 4 the organization to alert and investigateCritical Infrastructure Monitoring 8 activities, detect threats and automaticallyImplementation 9 initiate a threat response. Over the last decade the integration and use of physical securityPolicy Basics 11 solutions as a Risk Management and AssetNon-Compliance 11 Management tool has reduced theft, fraud andIdentification Procedures 12 violence by huge numbers. In most cases the return on investment (ROI) of these systems,Summary 12 used correctly, has been in months and weeksAppendix A: Understanding Physical not in years. My goal here is to discuss how my associates and I have been successful inAccess Control Solutions 14 multiple industries providing these solutions andSite Survey for Access Systems 18 at the same time improving the overall security,Physical Security Data or Key Facility productivity and profits of our clients.Assessment Checklist 20 For thousands of years man has developedContact Information 46 systems and countermeasures to protect assets, whether buildings, people, food supplies, etc. What we do in the security industry is to constantly improve andDisclaimer update those countermeasures to keep pace with those whoReference to any specific commercial product, would do you harm physically,process or service by trade name, trademark financially or emotionally for theirmanufacturer, or otherwise, does not constituteor imply its endorsement, recommendation, or own personal or organizationalfavoring by American Alarm and gain. Where 2,000 years aCommunications, Inc. or INFRAGARD. The Roman Centurion may have protected theviews and opinions of author expressed within assets of the time, todaythis document shall not be used for advertisingor product endorsement purposes. we can use wireless camera systems andTo the fullest extent permitted by law, the author audio, which is monitoredaccepts no liability for any loss or damage(whether direct, indirect or consequential and 24/7/365 days per yearincluding, but not limited to, loss of profits or through a centralanticipated profits, loss of data, business or command center togoodwill) incurred by any person and howsoevercaused arising from or connected with any error protect any asset at anyor omission in this document or from any person time, almost anywhere.acting, omitting to act or refraining from actingupon, or otherwise using, the information Since 911, to address the threat posed by thosecontained in this document or its references.You should make your own judgment as regards who wish to harm the United States or their ownuse of this document and seek independent employees, critical infrastructure owners andprofessional advice on your particular operators today are continually assessing theircircumstances. © 2012 by James E. McDonald policies, procedures, vulnerabilities and increasing their investment in security. State2|Page
  3. 3. and municipal governments across the Homeland Security Presidential Directives 7country continue to take important steps and 8 are putting pressure on public andto identify and assure the protection of private locations, and managed serviceskey assets and services within their entities to comply with a myriad amount ofjurisdictions. security and privacy issues. Within the broad concept of the United States national andFederal departments and agencies are homeland security policies are several specificworking closely with industry to take policies which focus on a specific aspect ofstock of key assets and facilitate national or homeland security. These policiesprotective actions, while improving the include: the National Security Strategy, thetimely exchange of important security National Infrastructure Protection Plan, therelated information. The Office of National Health Security Strategy, theHomeland Security is working closely National Strategy for Physical Protection ofwith key public- and private-sector Critical Infrastructure and Key Assets, theentities to implement the Homeland National Strategy for Homeland Security, theSecurity Advisory System across all National Counterintelligence Strategy of thelevels of government and the critical United States, the National Strategy tosectors. Secure Cyberspace, and the National Military Strategy of the United States of America.As a proud member if INFRAGARD, and Each of these strategies form a part of thetheir goal to promote ongoing dialogue overall national and homeland security policiesand timely communication between of the United States, and in combination definesmembers and the FBI. My team and I how the United States acts to protect itself fromwork hard every day to help those in key enemies, both foreign and domestic.sectors protect their facilities,employees and visitors from internal and Homeland Security Presidential Directive 7external threats. In todays ever- (HSPD-7) & Physical Protection of Criticalgrowing regulatory compliance Infrastructure and Key Assets identified 18landscape, organization can greatly critical infrastructure and key resources (CIKR)benefit from implementing viable and sectors. Each sector is responsible forproven physical security best practices developing and implementing a Sector-Specificfor their organization. Plan (SSP) and providing sector-level performance feedback to the Department ofThere are plenty of complicated Homeland Security (DHS) to enable gapdocuments that can guide companies assessments of national cross-sector CIKRthrough the process of designing a protection programs. SSAs are responsible forsecure facility from the gold-standard collaborating with public and private sectorspecs used by the federal government security partners and encouraging theto build sensitive facilities like development of appropriate information-sharingembassies, to infrastructure standards and analysis mechanisms within the sector.published by industry groups like theTelecommunications Industry These Industry Sectors are broken down asAssociation, to safety requirements from follows:the likes of the National Fire Protection  Agriculture and FoodAssociation.  Banking and Finance  ChemicalRecent federal legislation, ranging from  Commercial Facilitiesthe Gramm-Leach Bliley Act (GLBA),  Communicationsthe Health Insurance Portability and  Critical ManufacturingAccountability Act (HIPAA) and The  DamsSarbanes Oxley Act of 2002 (SOX) 3|Page
  4. 4.  Defense Industrial Base  Emergency Services  Energy  Government Facilities  Healthcare and Public Health  Information Technology  National Monuments  Nuclear Reactors, Materials, and Waste  Postal and Shipping  Transportation  WaterAs a Physical Security Professional the The Risk Assessment or Physical Securitytools we use may be the same or similar Assessmentin each sector, however the integration,policies, goals and solution may differ.This document is dedicated to give youa basic overview of the differenttechnologies we us and some examples Assess Identifyof how they have been used. If you Vulnerabilities Threatshave specific needs, questions andconcerns, please contact the author or asecurity professional to learn moreabout your needs. Risk & PhysicalRisk Management & Physical Security ManagementSecurity CycleThe use of appropriate physical securitytechnology measures can prevent or Implement Evaluatedeter a wide variety of insider and Countermeasures Countermeasuresexternal attacks, from staff fraud throughto the facilitation or conduct of a terroristattack. However, these counter-measures can also be costly, so it isimportant that they are implemented in away that reflects the severity of the risk.Risk Management provides a systematic The Risk Assessment & Physical Securitybasis for proportionate and efficient Assessment is the first step in the process tosecurity. From the moment an protect any facility or location and justify theindividual arrives on the grounds and investment in that protection. The Riskwalks through the doors, the following Assessment or Physical Security Assessmentitems should be part of a physical process is the same they incorporate identifyingsecurity best practices program for any threats and assessing vulnerabilities thenfacility. evaluating and implementing countermeasures. In this context, risk is usually understood to be the product of two factors: the likelihood of an event occurring, and the impact that the event4|Page
  5. 5. would have. When each of these has Opportunity is a combination of the access thatbeen evaluated, they are combined to an insider has to an organization’s assets (byprovide an overall measure of risk. virtue of their role or position), together with theThen we use our security technology vulnerability of the environment (for example,countermeasures to further reduce the an environment that is constantly supervised oropportunity and risk. monitored by CCTV cameras is less vulnerable to some insider threats than an environmentLikelihood can be further broken down which is not subject to these controls). Impactinto three factors: intent, capability and should be considered in terms of the value ofopportunity. Intent is a measure of the the assets affected and any widerinsider’s determination to carry out the consequences. For example, insider fraud canattack, while capability is the degree to have both financial and reputational impacts.which the insider possesses the skills,knowledge and resources to be Levels of risk assessmentsuccessful in the attempt. I my study offraud as a member of the Association of There are three levels at which personnelCertified Fraud Examiners (ACFE) I security risk assessments can be conducted:learned that according to Donald R.Cressey (April 27, 1919 – July 21, 1987) 1. Organizationwho was an American penologist, 2. Groupsociologist, and criminologist who made 3. Individualinnovative contributions to the study oforganized crime, prisons, criminology, The first examines and prioritizes the types ofthe sociology of criminal law, white- insider threats that are of concern to thecollar crime. He is also known as the organization as a whole, the second focuses onfarther of the Fraud Triangle which groups of employees with differing levels ofstates that there are three factors that opportunity to commit the threats, while theneed to exist for someone to commit third deals with each employee on an individualfraud. They are Motive or Financial basis.Pressure, Rationalization andOpportunity. Some things we can Most risk practitioners will find it helpful to startcontrol and others we cannot, I have with the simplest and highest level approach,always focused on eliminating the the organization level risk assessment, whichOpportunity. My goal is to create the provides a useful overview of the threats facingPerception of Detection with the the organization and an opportunity to reviewsecurity technology to stop fraud and countermeasures in general. The group levelother crimes. Besides a terrorist who is assessment will require a greater commitmentwilling to die for their cause, most of time and effort, but can yield significantpeople, in my experience will think twice insight into the groups of employees that giveor find another target if they feel they will most cause for concern and the proportionatebe unsuccessful or caught. application of countermeasures within the organization. The individual level assessment is the most labor intensive of all, looking at every employee in turn to determine their combined opportunity and insider potential (i.e. threat and susceptibility). The levels of risk assessment that you use will depend on the threats faced by your organization and the nature of the workforce. It 5|Page
  6. 6. is important that you understand the Design Solution Check Listway in which the three approaches The following are some key examples of pointssupport different types of decision. For to consider when building a new data center. Iexample, if the organizational risk use this as an example because Physical andassessment reveals that there is a Cyber Strategies share common underlyingnegligible threat to the organization from policy objectives and principles. The firstan insider bringing a bomb into the objective of this Strategy is to identify andbuilding, this may rule out the need for assure the protection of those assets, systems,baggage checks on entry to the site. and functions that are deemed most “critical” toAlternatively, the group level the organization. Almost every facility todayassessment could reveal that certain has data access or data storage and in manyemployees, due to their role in the cases the “Data Room or Closet” is one of theorganization, have regular access to least secured locations in the facility and is thehighly confidential or sensitive most vulnerable. The liability of data loss forinformation, and they may therefore almost every organization is astronomical. Therequire higher levels of supervision in customer or personal data, organizationalthe office. If, at the individual level, a confidential information or trade secrets couldparticular employee is considered to destroy an organization without firing a shot.have high insider potential and a high Most MDF rooms or main equipment room islevel of opportunity, then an individually where inside and outside cables and conduittailored risk management plan might be terminate. It is usually referred to as the MDFrequired. (Main Distribution Frame) are accessible by everyone in the organization from theThe remaining two stages are receptionist to the janitor.implementation, which involves puttingthe new countermeasures identified by So, as you read through this next section, applythe risk or security assessment into the principles to your facility and think of howoperation, and evaluation, during which you could enhance you security to reduce yourthe effectiveness of the counter- risk of loss.measures is reviewed. The lists ofassumptions made during the risk Build on the Right Spotassessment will prove particularly useful Be sure the building is some distance fromduring this evaluation. headquarters (20 miles is typical) and at least 100 feet from the main road. Bad neighbors:Depending on how much time has airports, chemical facilities, power plants. Badpassed since the risk assessment, the news: earthquake fault lines and (as weve seenevaluation stage should also show that all too clearly this year) areas prone tothe threats identified either have or have hurricanes and floods. And scrap the "datanot been reduced by the counter- center" sign.measures you have introduced. It isworth bearing in mind, however, those Restrict Area Perimeterfactors outside your control, such as the Secure and monitor the perimeter of the facility.current threat level, or economic,political and social issues, may also Have Redundant Utilitieshave an influence. These same factorsare likely to introduce new threats to be Data centers need two sources for utilities, suchaddressed in future assessments. as electricity, water, voice and data. Trace electricity sources back to two separate substations and water back to two different main lines. Lines should be underground and should come into different areas of the building,6|Page
  7. 7. with water separate from other utilities. default, and lowered only when someone hasUse the data centers anticipated power permission to pass through.usage as leverage for getting theelectric company to accommodate the Plan for Bomb Detectionbuildings special needs. For data facilities that are especially sensitive or likely targets, have guards use mirrors to checkDeter, Detect, and Delay underneath vehicles for explosives, or provideDeter, detect, and delay an attack, portable bomb-sniffing devices. You cancreating sufficient time between respond to a raised threat by increasing thedetection of an attack and the point at number of vehicles you check, perhaps bywhich the attack becomes successful. checking employee vehicles as well as visitors and delivery trucks.Pay Attention to WallsFoot-thick concrete is a cheap and Limit Entry Pointseffective barrier against the elements Control access to the building by establishingand explosive devices. For extra one main entrance, plus a back one for thesecurity, use walls lined with Kevlar. loading dock. This keeps costs down too.Avoid Windows Make Fire Doors Exit OnlyThink warehouse and not an office For exits required by fire codes, install doorsbuilding. If you must have windows, that dont have handles on the outside. Whenlimit them to the break room or any of these doors is opened, a loud alarmadministrative area, and use bomb- should sound and trigger a response from theresistant laminated glass. security command center.Use Landscaping for Protection Use Plenty of CamerasTrees, boulders and gulleys can hide Surveillance cameras should be installedthe building from passing cars, obscure around the perimeter of the building, at allsecurity devices (like fences), and also entrances and exits, and at every access pointhelp keep vehicles from getting too throughout the building. A combination ofclose. Oh, and they look nice too. motion-detection devices, low-light cameras, pan-tilt-zoom cameras and standard fixedKeep a 100-foot Buffer Zone around the cameras is ideal. Footage should be digitallySite recorded and stored offsite.Where landscaping does not protect thebuilding from vehicles, use crash-proof Protect the Buildings Machinerybarriers instead. Bollard planters are Keep the mechanical area of the building, whichless conspicuous and more attractive houses environmental systems andthan other devices. uninterruptible power supplies, strictly off limits. If generators are outside, use concrete walls toUse Retractable Crash Barriers at Vehicle secure the area. For both areas, make sure allEntry Points contractors and repair crews are accompaniedControl access to the parking lot and by an employee at all times.loading dock with a staffed guard stationthat operates the retractable bollards. Personnel SuretyUse a raised gate and a green light as Perform appropriate background checks on andvisual cues that the bollards are down ensure appropriate credentials for facilityand the driver can go forward. In personnel, and, as appropriate, for unescortedsituations when extra security is visitors with access to restricted areas or criticalneeded, have the barriers left up by assets. 7|Page
  8. 8. Plan for Secure Air Handling If someone tries to sneak in behind anMake sure the heating, ventilating and authenticated user, the door gently revolves inair-conditioning systems can be set to the reverse direction. (In case of a fire, the wallsrecirculate air rather than drawing in air of the turnstile flatten to allow quick egress.)from the outside. This could help protectpeople and equipment if there were A "mantrap"some kind of biological or chemical Provides alternate access for equipment and forattack or heavy smoke spreading from a persons with disabilities. This consists of twonearby fire. For added security, put separate doors with an airlock in between. Onlydevices in place to monitor the air for one door can be opened at a time, andchemical, biological or radiological authentication is needed for both doors.contaminant. At the Door to an Individual ComputerEnsure nothing can hide in the walls and Processing Roomceilings This is for the room where actual servers,In secure areas of the data center, make mainframes or other critical IT equipment issure internal walls run from the slab located. Provide access only on an as-neededceiling all the way to subflooring where basis, and segment these rooms as much aswiring is typically housed. Also make possible in order to control and track access.sure drop-down ceilings dont providehidden access points. Watch the Exits Too Monitor entrance and exit—not only for theUse two-factor Authentication main facility but for more sensitive areas of theBiometric identification is becoming facility as well. Itll help you keep track of whostandard for access control to sensitive was where, when. It also helps with buildingareas of data centers, with hand evacuation if theres a fire..geometry or fingerprint scanners usuallyconsidered less invasive than retinal Prohibit Food in the Computer Roomsscanning. In other areas, you may be Provide a common area where people can eatable to get away with less-expensive without getting food on computer equipment.access cards. Install Visitor Rest RoomsHarden the Core with Security Layers Make sure to include rest rooms for use byAnyone entering the most secure part of visitors and delivery people who dont havethe data center will have been access to the secure parts of the building.authenticated at least three times,including at the outer door. Dont forget Critical Infrastructure Monitoringyoull need a way for visitors to buzz the "Critical infrastructure" is defined by federal lawfront desk (IP Intercom works well for as "systems and assets, whether physical orthis). At the entrance to the "data" part virtual, so vital to the United States that theof the data center. At the inner door incapacity or destruction of such systems andseparates visitor area from general assets would have a debilitating impact onemployee area. Typically, this is the security, national economic security, nationallayer that has the strictest "positive public health or safety, or any combination ofcontrol," meaning no piggybacking those matters.allowed. For implementation, you havetwo options: The Information Technology (IT) Sector is central to the nations security, economy, and-A floor-to-ceiling turnstile public health and safety. Businesses, governments, academia, and private citizens8|Page
  9. 9. are increasingly dependent upon IT ImplementationSector functions. These virtual and Use a proven integrator who can utilize anddistributed functions produce and integrate mutable solutions to create a physicalprovide hardware, software, and IT security compliance and risk managementsystems and services, and—in solution that can automate and enforce physicalcollaboration with the Communications security policies, from restricting area perimeterSector —the Internet. and securing site assets to personnel surety and reporting of significant security incidents;Communication between your business this helps to ensure both governance andalarm system and our Monitoring Center compliance utilizing an organization’s existingis a critical part of your protective physical security and IT infrastructure.system. Require an Underwriters’Laboratories (U.L.) Listed Monitoring This can centrally manage all regulations andCenter with sophisticated associated controls and automate assessment,communications operation. remediation and reporting as per defined review cycles. Automatically trigger compliance-basedIn the event of an alarm, the actions, such as rule-based generation ofCPU in your security system sends an actions/penalties, based on physical accessalarm signal to the monitoring facility events. Correlate alarms and identities to betterthrough the phone lines, or thru the manage situations and responses across thenetwork with AES radio or cellular back- security infrastructure. Incorporate real-timeup communications. The signal is then monitoring and detailed risk analysis tools toretrieved by the monitoring center, and instantly enforce, maintain and report onthe operators quickly notify the compliance initiativesappropriate authorities, as well as thedesignated responder, of the Key External Technology Measuresemergency. Entry PointMonitoring Capabilities Data centers are generally designed with a  Fire central access point that’s used to filter  Hold-Up employees and visitors into the data center.  Intrusion All requests are vetted by a security guard with  Halon/Ansul an intercom link to ensure that they have a  Panic/Ambush legitimate reason for entering the premises.  Man Down Automatic Bollards  Elevator Phones  Off-Premises Video As an alternative to a guard-controlled gate,  HVAC/Refrigeration automatic bollards can be used at entry points.  Sprinkler/Tamper/Flow These short vertical posts pop out of the ground to prevent unauthorized vehicles from driving  Power Loss/Low Battery onto the site. When a vehicle’s occupants are  Gas/Hazardous Chemicals verified by a guard, an access card or other  Water Flow/Flood Alarms secure process, the bollards are quickly  Environmental Devices lowered to allow the vehicle to enter. When in (CO2/CO/ETC.) the lowered position, the top of each bollard is  Radio/Cellular Back-Up flush with the pavement or asphalt and Communications completely hidden. The bollards move quickly and are designed to prevent more than one vehicle from passing through at any one time. 9|Page
  10. 10. Closed-Circuit TV or IP Video the second one opens. In a typical mantrap, theExternal video cameras, positioned in visitor needs to first “badge-in” and then oncestrategic locations, including along inside must pass a biometric screening in theperimeter fencing, provide efficient and form of an iris scan.continuous visual surveillance. Thecameras can detect and follow the Access Control Listactivities of people in both authorized Defined by the data center customer, an accessand “off limits” locations. In the event control list includes the names of individualssomeone performs an unauthorized who are authorized to enter the data centeraction or commits a crime, the digitally environment. Anyone not on the list will not bestored video can supply valuable granted access to operational areas.evidence to supervisors, lawenforcement officials and judicial Badges and Cardsauthorities. For added protection, the Visually distinctive badges and identificationvideo should be stored off-site on a cards, combined with automated entry points,digital video recorder (DVR). ensure that only authorized people can access specific data center areas. The most commonKey Internal Technology Measures identification technologies are magnetic stripe, proximity, barcode, smart cards and variousLobby Area biometric devices.With proper software and surveillanceand communications tools, a staffed Guard Staffreception desk, with one or more A well-trained staff that monitors site facilitiessecurity guards checking visitors’ and security technologies is an essentialcredentials, creates an invaluable first element in any access control plan.line of access control. Loading and ReceivingSurveillance For full premises security, mantraps, cardLike their external counterparts, internal readers and other access controls located incameras provide constant surveillance public-facing facilities also need to beand offer documented proof of any duplicated at the data center’s loading docksobserved wrongdoing. and storage areas.Biometric Screening Operational AreasOnce the stuff of science fiction and spy The final line of physical protection falls in frontmovies, biometric identification now of the data center’s IT resources. Private cagesplays a key role in premises security. and suites need to be equipped with dedicatedBiometric systems authorize users on access control systems while cabinets shouldthe basis of a physical characteristic that have locking front and rear doors for additionaldoesn’t change during a lifetime, such a fingerprint, hand or face geometry,retina or iris features. Humans are the weakest link in any security scheme. Security professionals can do theirMantrap best to protect systems with layers of anti-Typically located at the gateway malware, personal and network firewalls,between the lobby and the rest of the biometric login authentication, and even datadata center, mantrap technology encryption, but give a good hacker (or computerconsists of two interlocking doors forensics expert) enough time with physicalpositioned on either side of an enclosed access to the hardware, and there’s a goodspace. The first door must close before chance they’ll break in. Thus, robust physical10 | P a g e
  11. 11. access controls and policies are critical  Authenticate individuals with regular accesselements of any comprehensive IT requirements through the use of theirsecurity strategy. assigned permanent authenticator.  Authenticate individuals with occasionalAccording to a report by the SANS access requirements through the use of aInstitute, “IT security and physical personal identification mechanism thatsecurity are no longer security silos in includes name, signature and photograph.the IT environment; they are and mustbe considered one and the same or, as Step 2it should be called, overall security.” Verify that work to be performed has been pre- approved or meets emergency responseIt is the innermost layer—physical entry procedures:to computer rooms—over which IT  Verify against standard Change Controlmanagers typically have responsibility, procedures.and the means to have effective control  Verify against standard Maintenanceover human access focuses on a set of procedures.policies, procedures, and enforcementmechanisms. Step 3Policy Basics Make use of logs to document the coming and goings of people and equipment:Given their importance and ramificationson employees, access policies must  Assign the responsibility for thecome from the top leadership. After maintenance of an access log that recordssetting expectations and behavioral personnel access. Record the following:ground rules, actual data center access  Date and time of entry.policies have several common  Name of accessing individual andelements. The most essential are authentication mechanism.definitions of various access levels and  Name and title of authorizing individual.procedures for authenticating individuals  Reason for each group and their associated  Date and time of departure.privileges and responsibilities when inthe data center.  Assign the responsibility for the maintenance of a delivery and removal logStep 1 that records equipment that is delivered toAuthorize, identify and authenticate or removed from facilities; Record theindividuals that require physical access: following: Identify the roles that require both  Date and time of delivery/removal. regular as well as occasional  Name and type of equipment to be physical access and identify the delivered or removed. individuals that fill these roles.  Name and employer of the individual Provide standing authorization and a performing the delivery/removal and the permanent authenticator to authentication mechanism used. individuals that require regular  Name and title of authorizing individual. access.  Reason for delivery/removal. Require individuals that require occasional access to submit a Non-Compliance request that must be approved prior Violation of any of the constraints of these to access being attempted or policies or procedures should be considered a allowed. security breach and depending on the nature of the violation, various sanctions will be taken: 11 | P a g e
  12. 12.  A minor breach should result in cards. I also recommend using time-stamped written reprimand. video surveillance in conjunction with electronic  Multiple minor breaches or a access logs and a sign-in sheet to provide a major breach should result in paper trail. suspension.  Multiple major breaches should Access levels and controls, with identification, result in termination. monitoring, and logging, form the foundation of an access policy, but two other major policyAlthough older data centers typically just elements are standards of conduct andconsisted of a large, un-partitioned behaviors inside the data center such as:raised-floor area, newer enterprise prohibitions on food and beverages orfacilities have taken a page from ISP tampering with unauthorized equipment,designs by dividing the space into limitations and controls on the admission ofvarious zones—for example, a cage for personal electronics such as USB thumb drives,high-availability servers, another area laptops, Smartphones, or cameras are critical.for Tier 2 or 3 systems, a dedicatednetwork control room, and even Policies should also incorporate processes forseparate areas for facilities granting access or elevating restriction levels,infrastructure such as PDUs and an exception process for unusual situations,chillers. Such partitioned data centers sanctions for policy violations, and standardsprovide control points for denying for reviewing and auditing policy compliance.access to personnel with no Stahl cautions that penalties for noncomplianceresponsibility for equipment that’s in will vary from company to company becausethem. they must reflect each enterprise’s specific risk tolerance, corporate culture, local employmentIdentification Procedures laws, and union contracts.The next step in a physical securitypolicy is to set up controls and Summaryidentification procedures for It’s time to get physical—as in physicallyauthenticating data center users and protecting a data center and all of its assets.granting them physical access. Although The need for ironclad virtual security measures,biometric scanners look flashy in the such as managed firewalls, is well known. Yetmovies and certainly provide an added physical security is often placed on the backmeasure of security, a magnetic stripe burner, largely forgotten about until anbadge reader is still the most common unauthorized party manages to break into orentry technology, as it’s simple, cheap, sneak onto a site and steals or vandalizesand effective and allows automated systems.logging, which is a necessary audit trail.One problem with magnetic readers, Today’s security systems include:according is their susceptibility to  Intrusion and Monitoring Systemstailgating, or allowing unauthorized  Access Control Systemspersonnel to trail a colleague through an  Visitor Management Systemsentryway. That’s why we advise  Surveillance Systemssupplementing doors and locks with  Emergency Communications Systemsrecorded video surveillance.  PISM Software PlatformsI also like to add a form of two-factorauthentication to entry points by The newest of these is the PISM or Physicalcoupling a card reader (“something you Security Information Management system.have”) with a PIN pad (“something youknow”), which reduces the risks of lost12 | P a g e
  13. 13. Physical Security Information Geo-Location EngineManagement (PISM) The Geo Location Engine provides spatial recognition for geo-location of devices and supports situation mapping functionality. The physicalThe PSIM Platform enables the position of devices is stored in an internal knowledgeintegration and organization of any base as GIS/GPS positions or building coordinates.number and type of security devices or The engine uses the information to determinesystems and provides a common set of relevance, selects, and relate devices involved in aservices for analyzing and managing the given situation. The system uses the information toincoming information. It also serves as overlay graphical representations of security assetsthe common services platform for video and activities onto Google-type maps or buildingand situation management applications. layouts. Routing EngineEffectively maintaining security of criticalinfrastructure does not happen by The Routing Engine is an intelligent switch thataccident, it means giving your security connects any security device to PISM command interfaces or output device(s) and accommodatesprofessionals the best security/software any required transformation of formats and protocolstools available today. By unifying your between connected devices. In most cases, devicesexisting surveillance system and connect directly to each other and exchange dataproviding spatial context to your camera streams directly, avoiding possible bottlenecks thatfeeds, PISM brings out the best of your would arise from routing all traffic through a singleequipment. centralized server. An internal knowledge base of all connected devices and their characteristics isTo investigate day-to-day incidents, as maintained by the Routing Engine, which uses thatwell as prepare for emergency information to ensure a viable communication path,situations, the security department compatibility of signal format and acceptable quality of service.makes use of a vast network of videocameras, access control points, Rules Engineintercoms, fire and other safety systems.PISM unifies all of these disparate The PSIM Platform contains a powerful Rulesfeeds, including systems from diverse Engine that analyzes event and policymanufacturers, into a single decision- information from multiple sources to correlateoriented Common Operating Picture. events, make decisions based upon eventWithin the PSIM Platform are five key variables and initiate activities.components: Dispatch EngineIntegration Services The Dispatch Engine integrates with communications infrastructure to initiateMultiple strategies are used for external applications or the transmission ofconnection, communication with, and messages, data and commands. Dispatchmanagement of installed devices and actions are automatically triggered by the rulessystems from multiple vendors. The engine as it executes recommendations forPSIM Platform offers complete support situation resolution. Operators can manuallyfor the industry’s most commonly-used initiate actions as well.device types – out of the box. Inaddition, it employs customizable The key benefits of today’s technology is“pipeline” architecture to receive device allowing system users to do more with less byevents. Network connectivity is achieved getting maximum benefits through integratedusing combinations of multiple technologies with each system (Both new andcommunications protocols. old) and with the goals of company policies and procedures like never before. 13 | P a g e
  14. 14. Appendix A: Understanding Physical Access Control SolutionsSOLUTION STRENGTHS WEAKNESSES COMMENTSKEYS •Most traditional form of • Impossible to track if • Several solutions are access control they are lost or stolen, currently available on • Easy to use which leaves facility the market to manage • Don’t require power for vulnerable keys and keep key operation • Potential for holders accountable. unauthorized sharing of keys • Difficult to audit their use during incident investigations • Difficult to manage on large campuses with multiple doors • Re-coring doors when a key is lost or stolen is expensiveLOCKS • Easy installation • Power always on (fail- • DC only • Economical safe) • Comes in different Maglock • Easy retrofit • Typically requires exit “pull” strengths • Quiet operation device to break circuit • Check extra features, Electric • Requires backup power such as built in door Strike supply for 24-hour service sensor • Can be either fail-secure or • Door/lock hardware • Requires more door fail-safe experience needed hardware experience • Does not need constant than Maglock power • Specify for life-safety • Door knob overrides for requirements safe exit • Can be both AC and DC (DC lasts longer) • Fail-safe must have power backup • Fail-secure most popularACCESS CARDS • Access rights can be • Prone to piggybacking / • Can incorporate a denied without the expense tailgating (when more than photo ID of re-coring a door and one individual enters a component issuing a new key secure area using one • Can be used for both • Can limit access to a access card or an physical and logical building to certain times of unauthorized person access control the day follows an authorized • Card readers should • Systems can provide person into a secure area have battery backup in audit trails for incident • Users can share cards the event of power investigations with unauthorized persons failure • Cards can be stolen and • Tailgate detection Magnetic used by unauthorized products, video Stripe individuals surveillance, analytics • Systems are more and security officers expensive to install than can address tailgating traditional locks issues • Require power to • Can integrate with operate video surveillance, Proximity • Inexpensive to issue or intercoms and intrusion replace detection systems for14 | P a g e
  15. 15. enhanced security • Not as secure as Smart proximity cards or smart Card cards • These are the most • Can be duplicated with commonly used access • Durable relative ease control cards by US • Convenient • Subject to wear and tear campuses and facilities • More difficult to compromise • Cost more than than magstripe cards magstripe cards • Less wear and tear issues • Easier to compromise • Are widely used for than smart cards access control • Multiple application (although not as widely functionality (access, as magstripe) cashless vending, library • Currently the most cards, events) expensive card access • Not as widely • Enhanced security option on the market adopted as magstripe through or proximity cards due encryption and mutual to cost authentication • Widely adopted in • Less wear and tear issues Europe• Can incorporate biometric and additional data such as Photo and ATMPIN NUMBERS • Easy to issue and change • Can be forgotten • Should be changed(Pass codes) • Inexpensive • Difficult to manage when frequently to ensure there are many passwords security for different systems • Often used in • Can be given to conjunction with other unauthorized users access control • Prone to tailgating/ solutions, such as piggybacking cards or biometricsDOOR ALARMS • Provide door intrusion, • Will not reach hearing • Appropriate for any door forced and propped impaired without monitored door door detection modifications application, such as • Reduce false alarms • Will not detect tailgaters emergency exits caused by unintentional • Door bounce can cause • Used in conjunction door propping false alarms with other access • Encourage staff and control solutions, such students to maintain as card readers or access control procedure keys • Can be integrated with video surveillance for enhanced securityTAILGATE/PIGGYBA • Monitor the entry point • Not intended for large • Appropriate for anyCK DETECTORS into secure areas utility cart and equipment monitored door • Detect tailgate violations passage (which could application where a (allow only one person cause the system to go higher degree of to enter) into false alarm) security is needed, • Detect when a door is • Not for outdoor use such as data centers, propped research laboratories, • Mount on the door frame etc • Easy to install • Used in conjunction with other access control solutions, such as card readers • Can be integrated with video surveillance for enhanced securityPUSHBUTTON • Many button options • Anyone can press the • Used to release door 15 | P a g e
  16. 16. CONTROLS available release button (unless and shunt alarm • Normally-open/Normally using a keyed button), so • Used for emergency closed momentary contacts button must be positioned exits when provide fail-safe manual in a secure location (for configured to fail-safe override access • May be used in • Time delay may be field control, not for life-safety) conjunction with adjusted for 1-60 seconds • Some can be defeated request to exit (REX) easily for door alarms and life • Can open door to safety stranger when • Still may require approaching from inside mechanical device exit button to meet life- safety code • With REX, careful positioning and selection requiredMULTI-ZONE • Display the status of • 12 VDC only special • Designed to monitorANNUNCIATORS doors order 24 VDC option multiple doors from and/or windows throughout • Door bounce can cause a single location a monitored facility false alarms • May be used in • Alert security when a door • Requires battery backup conjunction with door intrusion occurs in case of power alarms, tailgate • Many options available: failure detection systems and zone shunt, zone relay and optical turnstiles zone supervision • No annunciation at the door; only at the monitoring stationFULL HEIGHT • Provides a physical • Physical design ensures • Designed forTURNSTILES barrier to a reasonable degree indoor/outdoor at the entry location that only one authorized applications • Easy assembly person will enter, but it will • Used in parking lots, • Easy maintenance not detect tailgaters football fields and • Available in aluminum along fence lines and • Use with a galvanized steel conventional access control device like a card readerOPTICAL • Appropriate for areas with • Can be climbed over • Used in buildingTURNSTILES a lot of pedestrian traffic • Not for outdoor use lobby and elevator • Detects tailgating corridor applications • Aesthetically pleasing and • Use with a can be integrated into conventional access architectural designs control device like a • Doesn’t require separate card reader emergency exit • To ensure • Provides good visual and compliance, deploy audible cues to users security officers and video surveillanceBARRIER ARM • Appropriate for areas with • Units with metal-type • Used in buildingTURNSTILES a lot of pedestrian traffic arms can be climbed over lobby and elevator(Glass gate or • Provides a visual and or under corridor applicationsmetal arms) psychological barrier while • Not for outdoor use • Use with a communicating to • Most expensive of the conventional access pedestrians turnstile options control device like a that authorization is • Requires battery backup card reader required to gain access in case of power failure • To ensure • Detects tailgating compliance, deploy • Reliable security officers and video surveillance16 | P a g e
  17. 17. • Battery backup is recommendedBIOMETRICS • Difficult to replicate • Generally much more • Except for hand identity expensive than locks or geometry, facial and because they rely on card access solutions finger solutions, unique • If biometric data is biometric technology is physical attributes of a compromised, the issue is often appropriate for person (fingerprint, hand, very difficult to address high-risk areas face or retina) requiring enhanced • Users can’t forget, lose or security have stolen their biometric codes • Reduces need for password and card managementINTERCOMS • Allow personnel to • Will not reach hearing • Appropriate for visitor communicate with and impaired without management, identify visitors before modifications afterhours visits, allowing them to enter a • Not appropriate for loading docks, facility entrances requiring stairwells, etc. • Can be used for throughput of many • Use with conventional emergency and non- people in a small amount access control emergency of time solutions, such as keys communications or access cards • IP solutions today offer • Video surveillance powerful communications solutions can provide and backup systems with visual verification of a integration visitor 17 | P a g e
  18. 18. Sample Site Survey for Access Control Systems Date Customer Name Contact Name Email Address Street City State Zip Phone Y Time and / DVR Y/N Elevator Control Y/N Photo Badging Y/N Attendance N Access Control Number of Locations Communications Method Encryption Y/N Number of Reader Controlled Doors Number of Controlled Doors without Readers Number of Monitored only Doors Number of Egress Devices Type of Readers Type of Cards Type of Egress Devices Number of Outputs for other use Number of Inputs for other use Number of PCs Elevator Control Number of Elevators Cabs to be controlled Number of Floors to be controlled in each Cab Photo ID Badging Number of Badging workstations Type of Image Gathering File Import / Live Video Capture Number and Type of Printers Time and Attendance Number of Clock in Out Readers Number of Time Display Modules Digital Video Recorder Integration Type of Video System to Integrate with18 | P a g e
  19. 19. 19 | P a g e
  20. 20. Physical Security Data or Key Facility Assessment Checklist 1. Site 2. Architectural 3. Structural Systems 4. Building Envelope 5. Utility Systems 6. Mechanical Systems 7. Plumbing and Gas Systems 8. Electrical Systems 9. Fire Alarm Systems 10. Communications and Information Technology Systems 11. Equipment Operations and Maintenance 12. Security Systems 13. Security Master Plan20 | P a g e
  21. 21. Assessment Question Assessment Guidance Assessment CommentITEM 1 The Site1.1 What major structures surround the facility?1.2 What are the site access points to the facility?1.3 What are the existing types of anti-ram devices for the facility?1.4 What is the anti-ram buffer zone Anti-ram protection may be standoff distance from a building provided by adequately designed: to unscreened vehicles or bollards, street furniture, parking? sculpture, landscaping, walls and fences.1.5 Are perimeter barriers capable If the recommended distance is of stopping vehicles? not available consider structural hardening, perimeter barriers and parking restrictions; relocation of vulnerable functions within or away from the building; operational procedures, acceptance of higher risk.1.6 Does site circulation prevent high-speed approaches by vehicles?1.7 Are there offsetting vehicle entrances from the direction of a vehicle’s approach to force a reduction of speed?1.8 Is there space for inspection at Design features for the vehicular the curb line or outside the inspection point include: vehicle protected perimeter? What is the arrest devices that prevent minimum distance from the vehicles from leaving the inspection location to the vehicular inspection area and building? prevent tailgating. If screening space cannot be provided, other design features such as: hardening and alternative space for inspection.1.9 In dense, urban areas, does Where distance from the building curb lane parking place to the nearest curb provides uncontrolled parked vehicles insufficient setback, restrict unacceptably close to a facility parking in the curb lane. For in public rights-of-way? typical city streets this may require negotiating to close the curb lane.1.10 Is there a minimum setback Adjacent public parking should be distance between the building directed to more distant or better- and parked vehicles? protected areas, segregated from employee parking and away from the facility. Does adjacent surface parking Parking within ______feet of the1.11 maintain a minimum standoff building shall be restricted to distance? authorized vehicles. 21 | P a g e
  22. 22. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT 1.12 Do stand-alone, above ground Pedestrian paths should be parking facilities provide planned to concentrate activity to adequate visibility across as the extent possible. Limiting well as into and out of the vehicular entry/exits to a minimum parking facility? number of locations is beneficial. Stair tower and elevator lobby design shall be as open as code permits. Stair and/or elevator waiting area should be as open to the exterior and/or the parking areas as possible. Potential hiding places below stairs should be closed off; nooks and crannies should be avoided. Elevator lobbies should be well-lighted and visible to both patrons in the parking areas and the public out on the street. Are garages or service area 1.13 entrances for government controlled or employee permitted vehicles that are not otherwise protected by site perimeter barriers protected by devices capable of arresting a vehicle of the designated threat size at the designated speed? 1.14 Does site landscaping provide hiding places? It is desirable to hold planting away from the facility to permit observation of intruders. 1.15 Is the site lighting adequate Security protection can be from a security perspective in successfully addressed through roadway access and parking adequate lighting. The type and areas? design of lighting including illumination levels is critical. IESNA guidelines can be used. 1.16 Is a perimeter fence or other types of barrier controls in place? 1.17 Do signs provide control of vehicles and people?22 | P a g e
  23. 23. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT 2 Architectural2.1 Does the site planning and The focus of CPTED is on architectural design incorporate creating defensible space by strategies from crime prevention employing natural access through environmental design controls, natural surveillance and (CPTED) perspective? territorial reinforcement to prevent crime and influence positive behavior, while enhancing the intended uses of space. Examples of CPTED attributes include spatial definition of space to control vehicle and pedestrian circulation patterns, placement of windows to reinforce surveillance, defining public space from private/restricted space through design of lobbies, corridors, door placement, pathway and roadway placements, walls, barriers, signage, lighting, landscaping, separation and access control of employee/ visitor parking areas, etc.2.2 Is it a mixed-tenant facility? High-risk tenants should not be housed with low-risk tenants. High-risk tenants should be separated from publicly accessible areas. Mixed uses may be accommodated through such means as separating entryways, controlling access, and hardening shared partitions, as well as through special security operational counter- measures.2.3 Are public toilets, service spaces or access to vertical circulation systems located in any non- secure areas, including the queuing area before screening at the public entrance?2.4 Are areas of refuge identified, with special consideration given to egress?2.5 Are loading docks and receiving Loading docks should be located and shipping areas separated in so that vehicles will not be driven any direction from utility rooms, into or parked under the building. utility mains, and service If loading docks are in close entrances including electrical, proximity to critical equipment, telephone/data, fire detection/ the service shall be hardened for alarm systems, fire suppression blast. water mains, cooling and heating mains, etc.? 23 | P a g e
  24. 24. ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT ITEM 2.6 Are mailrooms located away The mailroom should be located from facility main entrances, at the perimeter of the building areas containing critical with an outside wall or window services, utilities, distribution designed for pressure relief. systems, and important assets? Does the mailroom have adequate space for explosive disposal containers? Is the mailroom located near the loading dock? Is space available for equipment 2.7 to examine incoming packages Off-site screening stations may be and for special containers? cost effective, particularly if several buildings may share one mailroom. 2.8 Are critical building components Critical building components located close to any main include: Emergency generator entrance, vehicle circulation, including fuel systems, day tank, parking, maintenance area, fire sprinkler, and water supply; loading dock, interior parking? Normal fuel storage; Main switchgear; Telephone distribution and main switchgear; Fire pumps; Building control centers; UPS systems controlling critical functions; Main refrigeration systems if critical to building operation; Elevator machinery and controls; Shafts for stairs, elevators, and utilities; Critical distribution feeders for emergency power. Evacuation and rescue require emergency systems to remain operational during a disaster and they should be located away from attack locations. Primary and back-up systems should not be collocated. 2.9 Do doors and walls along the line of security screening meet requirements of UL752 “Standard for Safety: Bullet- Resisting Equipment”? 2.10 Do entrances avoid significant If queuing will occur within the queuing? building footprint, the area should be enclosed in blast-resistant construction. If queuing is expected outside the building, a rain cover should be provided. Do public and employee These include walk-through metal 2.11 entrances include space for detectors and x-ray devices, ID possible future installation of check, electronic access card, access control and screening and turnstiles. equipment?24 | P a g e
  25. 25. ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENTITEM2.12 Are there trash receptacles and The size of the trash receptacles mailboxes in close proximity to and mailbox openings should be the facility that can be used to restricted to prohibit insertion of hide explosive devices? packages.2.13 Is roof access limited to autho- rized personnel by means of locking mechanisms?2.14 Stairs should not discharge into Are stairwells required for lobbies, parking, or loading areas. emergency egress located as remotely as possible from high- risk areas where blast events might occur? Are enclosures for emergency2.15 egress hardened to limit the extent of debris that might otherwise impede safe passage and reduce the flow of evacuees?2.16 Is access control provided through main entrance points for employees and visitors (e.g. by lobby receptionist, sign-in, staff escorts, issue of visitor badges, checking forms of personal identification, electronic access control system’s)?2.17 Is access to private and public space or restricted area space clearly defined through the design of the space, signage, use of electronic security devices, etc.?2.18 Is access to elevators distin- guished as to those that are designated only for employees, patients and visitors?2.19 Are high value or critical assets located as far into the interior of the building as possible?2.20 Is high visitor activity away from assets?2.21 Are critical assets located in spaces that are occupied 24 hours per day? Are assets located in areas where they are visible to more than one person? Is interior glazing near high-2.22 threat areas minimized? 25 | P a g e
  26. 26. ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT ITEM 2.23 Do interior barriers differentiate level of security within a facility? 2.24 Do foyers have reinforced concrete walls and offset interior and exterior doors from each other? 2.25 Does the circulation routes have unobstructed views of people approaching controlled access points? 2.26 Are pedestrian paths planned to concentrate activity to aid in detection? 2.27 Are ceiling and lighting systems designed to remain in place during emergencies? 3 Structural Systems 3.1 What type of construction? What The type of construction provides type of concrete & reinforcing an indication of the robustness to steel? What type of steel? What abnormal loading and load type of foundation? reversals. Reinforced concrete moment resisting frame provides greater ductility and redundancy than a flat-slab or flat-plate construction. The ductility of steel frame with metal deck depends on the connection details and pre- tensioned or post-tensioned construction provides little capacity for abnormal loading patterns and load reversals. The resistance of load-bearing wall structures varies to a great extent, depending on whether the walls are reinforced or unreinforced. A rapid screening process developed by FEMA for assessing structural hazard identifies the following types of construction with a structural score ranging from 1.0 to 8.5. The higher the score indicates a greater capacity to sustain load reversals. Wood buildings of all types - 4.5 to 8.5 Steel moment resisting frames 3.5 to 4.5 Braced steel frames - 2.5 to 3.0 Light metal buildings - 5.5 to 6.5 Steel frames with cast-in- place concrete shear walls - 3.5 to 4.526 | P a g e
  27. 27. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT Concrete moment resisting frames - 2.0 to 4.0 Concrete shear wall buildings 3.0 to 4.0 Concrete frame with unreinforced masonry infill walls - 1.5 to 3.0 Steel frame with unreinforced masonry infill walls - 1.5 to 3.0 Tilt-up buildings - 2.0 to 3.5 Precast concrete frame buildings - 1.5 to 2.5 Reinforced masonry - 3.0 to 4.0 Unreinforced masonry - 1.0 to 2.3.2 Do the reinforced concrete structures contain symmetric steel reinforcement (positive and negative faces) in all floor slabs, roof slabs, walls, beams and girders that may be subjected to rebound, uplift and suction pressures? Do the lap splices fully develop the capacity of the reinforcement? Are lap splices and other discontinuities staggered? Do the connections possess ductile details? Does special shear reinforcement, including ties and stirrups, available to allow large post- elastic behavior?3.3 Are the steel frame connections moment connections? Are the column spacing minimized so that reasonably sized members will resist the design loads and increase the redundancy of the system? What are the floor-to- floor heights?3.4 Are critical elements vulnerable The priority for upgrades should to failure? be based on the relative importance of structural or non- structural elements that are essential to mitigating the extent of collapse and minimize injury and damage. Primary Structural Elements provide the essential parts of the building’s resistance 27 | P a g e
  28. 28. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT Catastrophic blast loads and progressive collapse. These include columns, girders, roof beams, and the main lateral resistance system; Secondary Structural Elements consist of all other load bearing members, such as floor beams, slabs, etc.; Primary Non-Structural Elements consist of elements (including their attachments) which are essential for life safety systems or elements which can cause substantial injury if failure occurs, including ceilings or heavy suspended mechanical units; and Secondary Non-Structural Elements consist of all elements not covered in primary non- structural elements, such as partitions, furniture, and light fixtures. 3.5 Will the structure suffer an The extent of damage to the unacceptable level of damage structure and exterior wall resulting from the postulated systems from the bomb threat threat? may be related to a protection level: Low and Medium/Low Level Protection - Major damage. The facility or protected space will sustain a high level of damage without progressive collapse. Casualties will occur and assets will be damaged. Building components, including structural members, will require replace- ment, or the building may be completely un-repairable, requiring demolition and replacement. Medium Level Protection Moderate damage, repairable. The facility or protected space will sustain a significant degree of damage, but the structure should be reusable. Some casualties may occur and assets may be damaged. Building elements other than major structural members may require replacement. Higher Level Protection - Minor damage, repairable. The facility or protected space may globally sustain minor damage with some28 | P a g e