The document discusses physical security systems and security management systems. It provides information on the goals of physical security systems, which are to employ security in depth through deterrence, detection, assessment, delay, and response. It then describes key aspects of a security management system, including identifying assets and risks, analyzing vulnerabilities, evaluating risk, analyzing improvements, and making recommendations. The document argues that a security management system provides benefits like reducing losses and costs while protecting reputation, and that senior management commitment is important for sustainability.

1. Security Roundtable
Business Strategy, Security Integration, Value for Shareholders

2. WHAT ARE THE
GOALS FOR
TODAY?
(PROTECTION)

3. The Concept Physical Security
Systems
 A physical security system is built on the foundation that baseline security and protection
posture are established—based on the local threat, site-specific vulnerabilities, number and
type of critical assets, and employment of available resources.
 To successfully counter threats, physical security systems must be scalable and proportional
to increases in the local threat and designed to employ layered defense in depth.
 Physical security measures are a combination of active and passive systems, devices, and
security forces that are used to protect an asset or facility from possible threat.
These systems and measures include—
1. Barrier systems
2. Security lighting
3. Integrated electronic security systems
4. Access control systems
5. Key and locking systems
6. Security and guard forces

4. Goal of Physical Security Systems
 The goal of physical security systems is to employ security in-depth to
preclude or reduce the potential for sabotage, theft, trespass, terrorism,
espionage, or other criminal activity.
 To achieve this goal, each security system component has a function and
related measures that provide an integrated capability for—
i. Deterrence
ii. Detection
iii. Assessment.
iv. Delay
v. Response

5. Deterrence.
 A potential aggressor who perceives a risk of being caught may be
deterred from attacking an asset. The effectiveness of deterrence varies
with the aggressor’s sophistication, the asset’s attractiveness, and the
aggressor’s objective. Although deterrence is not considered a direct
design objective, it may be a result of the design.

6. Detection.
 A detection measure senses an act of aggression, assesses the validity of
the detection, and communicates the appropriate information to a
response force.
 A detection system must provide all three of these capabilities to be effective.
i. Detection measures may detect an aggressor’s movement via IDSs, or they may detect
weapons and tools via X-ray machines or metal or explosive detectors.
ii. Detection measures may also include access control elements that assess the validity of
identification credentials. These control elements may provide a programmed response
(admission or denial), or they may relay information to a response force.
iii. Guards serve as detection elements, detecting intrusions and controlling access.
 Assessment. Assessment—through the use of video subsystems, patrols,
or fixed posts—assists in localizing and determining the size and intent of
an unauthorized intrusion or activity.

7. Delay.
 Delay measures protect an asset from aggression by delaying or preventing an
aggressor’s movement toward the asset or by shielding the asset from weapons
and explosives.
 They—
I. Delay aggressors from gaining access by forced entry using tools. These
measures include barriers, along with a response force.
II. Prevent an aggressor’s movement toward an asset. These measures provide
barriers to movement and obscure the line of sight to assets.
III. Protect the asset from the effects of tools, weapons, and explosives.
 Delay measures may be active or passive. Active delay measures are
manually or automatically activated in response to acts of aggression.
Passive delay measures do not depend on detection or a response—for
example, blast-resistant building components and fences. Guards may also
be considered delay measures.

8. Response.
 Most protective measures depend on response personnel to
assess;
 unauthorized acts,
report detailed information, and
defeat an aggressor.
 Although defeat is not a design objective, defensive and
detection systems must be designed to accommodate (or at
least not interfere with) response force activities.

11. What Is Meant By A “System”?
 Objectives and scope defined and documented
 Responsibilities assigned and documented
 Procedures in place and documented
 Adequate resources assigned
 Progress periodically measured
 Objectives adjusted accordingly
 Results reviewed with management
 Adequate communication to and from those
involved

12. SECURITY MANAGEMENT SYSTEM
(COUNTERMEASURES)
 The SMS is used by all Corporate physical security personnel and planners
to standardize the procedures used to conduct physical security
inspections, surveys, planning, and programming.
 The system is a planning tool that presents a coherent view of the physical
security posture for defined areas of responsibility. It provides a
standardized set of risk analysis measurements that are based on risk
management techniques .
 The SMS performs cost benefit analysis; allows the detailed scrutiny of
threats, vulnerability, and loss expectancy; and standardizes the execution
of physical security business processes.

13. Key Features SMS
Key features SMS the following:
1. Identifies assets and their value.
2. Calculates vulnerabilities.
3. Evaluates risk based on applicable threats.
4. Facilitates the analysis of improvements to security posture.
5. Determines compliance with rules and policies.
6. Recommends corrective actions.
7. Calculates anticipated losses.
8. Performs cost-benefit analysis and return on investment
calculations.

14. Security Expectations
EVERY security program should deliver the following results:
 Management provides adequate resources, visibility and active participation to
the security program.
 Provide timely, credible information regarding threats.
 Integrate proven best practices into a security system for use by all stakeholders.
Best practices should be continually benchmarked.
 Measure security and controls performance company wide.
 Communicate security expectations to all shareholders and continually reinforce
that “Security is Everybody’s Business”
 Promote functional cooperation to anticipate, prepare for and manage issues that
may escalate into full blown security incidents.

15. SMS Framework
SAMPLE PWO SECURITY PROGRAM ELEMENTS
XYZ’s security systems will organize security activities into program elements.
The security system provides an organizational framework to develop, maintain
and implement security best practices. Security dept will ensure that corporate
specific security best practices are implemented to protect the organisation’s
people, assets, information and operations.
XYZ’s proposed security system will include the following program elements:
• Leadership
• Threat assessment
• Risk Assessment
• Personnel Protection
• Operations Security
• Information Protection
• Emergency Response and
Management
• Investigation
 Internal, Background & Due
Diligence
• External Relations
 Community Relations
 Government Relations
 Information Management
• Management of Change
The Security Management System provides a common framework for
systems and establishes company expectations for 10 key elements:

16. BUSINESS CASE
FOR SMS

17. Business Case For SMS
 Sound SECURITY performance will:
 Reduce losses, frequency of incidents and
disruptions to operations
 Reduce security department & operational costs
 Protect/improve reputation
 Reduce potential liability
 Prepare security staff to meet & exceed
management’s expectations

18. Business Case For SMS
 Strengthen critical business processes
 Improve security performance in normal
conditions and emergency situations
 Sustain benefits of security investment
 Reinforce prevention focus vs. reactive
approach
 Provide a competitive advantage

19. How Does SMS Differ From Current?
The current focus is on ad
hoc activity, no integration.
With SMS a Company focus is on
Business Processes:
• Clear Accountability & Continuous
Improvement

20. WHAT WILL
MAKE IT
SUSTAINABLE
?

21. What Will Make It Sustainable?
 Senior Management
Demonstrate commitment, provide resources
Actively participate, review security performance
 Business Unit
Set annual security objectives
Make SECURITY everybody’s responsibility
Track implementation progress quarterly
 Individual
Comply with policies and procedures
Report incidents and gaps
Share lessons learned

22. The End
DISCUSSION
QUESTIONS