3. The Concept Physical Security
Systems
A physical security system is built on the foundation that baseline security and protection
posture are established—based on the local threat, site-specific vulnerabilities, number and
type of critical assets, and employment of available resources.
To successfully counter threats, physical security systems must be scalable and proportional
to increases in the local threat and designed to employ layered defense in depth.
Physical security measures are a combination of active and passive systems, devices, and
security forces that are used to protect an asset or facility from possible threat.
These systems and measures include—
1. Barrier systems
2. Security lighting
3. Integrated electronic security systems
4. Access control systems
5. Key and locking systems
6. Security and guard forces
4. Goal of Physical Security Systems
The goal of physical security systems is to employ security in-depth to
preclude or reduce the potential for sabotage, theft, trespass, terrorism,
espionage, or other criminal activity.
To achieve this goal, each security system component has a function and
related measures that provide an integrated capability for—
i. Deterrence
ii. Detection
iii. Assessment.
iv. Delay
v. Response
5. Deterrence.
A potential aggressor who perceives a risk of being caught may be
deterred from attacking an asset. The effectiveness of deterrence varies
with the aggressor’s sophistication, the asset’s attractiveness, and the
aggressor’s objective. Although deterrence is not considered a direct
design objective, it may be a result of the design.
6. Detection.
A detection measure senses an act of aggression, assesses the validity of
the detection, and communicates the appropriate information to a
response force.
A detection system must provide all three of these capabilities to be effective.
i. Detection measures may detect an aggressor’s movement via IDSs, or they may detect
weapons and tools via X-ray machines or metal or explosive detectors.
ii. Detection measures may also include access control elements that assess the validity of
identification credentials. These control elements may provide a programmed response
(admission or denial), or they may relay information to a response force.
iii. Guards serve as detection elements, detecting intrusions and controlling access.
Assessment. Assessment—through the use of video subsystems, patrols,
or fixed posts—assists in localizing and determining the size and intent of
an unauthorized intrusion or activity.
7. Delay.
Delay measures protect an asset from aggression by delaying or preventing an
aggressor’s movement toward the asset or by shielding the asset from weapons
and explosives.
They—
I. Delay aggressors from gaining access by forced entry using tools. These
measures include barriers, along with a response force.
II. Prevent an aggressor’s movement toward an asset. These measures provide
barriers to movement and obscure the line of sight to assets.
III. Protect the asset from the effects of tools, weapons, and explosives.
Delay measures may be active or passive. Active delay measures are
manually or automatically activated in response to acts of aggression.
Passive delay measures do not depend on detection or a response—for
example, blast-resistant building components and fences. Guards may also
be considered delay measures.
8. Response.
Most protective measures depend on response personnel to
assess;
unauthorized acts,
report detailed information, and
defeat an aggressor.
Although defeat is not a design objective, defensive and
detection systems must be designed to accommodate (or at
least not interfere with) response force activities.
9.
10.
11. What Is Meant By A “System”?
Objectives and scope defined and documented
Responsibilities assigned and documented
Procedures in place and documented
Adequate resources assigned
Progress periodically measured
Objectives adjusted accordingly
Results reviewed with management
Adequate communication to and from those
involved
12. SECURITY MANAGEMENT SYSTEM
(COUNTERMEASURES)
The SMS is used by all Corporate physical security personnel and planners
to standardize the procedures used to conduct physical security
inspections, surveys, planning, and programming.
The system is a planning tool that presents a coherent view of the physical
security posture for defined areas of responsibility. It provides a
standardized set of risk analysis measurements that are based on risk
management techniques .
The SMS performs cost benefit analysis; allows the detailed scrutiny of
threats, vulnerability, and loss expectancy; and standardizes the execution
of physical security business processes.
13. Key Features SMS
Key features SMS the following:
1. Identifies assets and their value.
2. Calculates vulnerabilities.
3. Evaluates risk based on applicable threats.
4. Facilitates the analysis of improvements to security posture.
5. Determines compliance with rules and policies.
6. Recommends corrective actions.
7. Calculates anticipated losses.
8. Performs cost-benefit analysis and return on investment
calculations.
14. Security Expectations
EVERY security program should deliver the following results:
Management provides adequate resources, visibility and active participation to
the security program.
Provide timely, credible information regarding threats.
Integrate proven best practices into a security system for use by all stakeholders.
Best practices should be continually benchmarked.
Measure security and controls performance company wide.
Communicate security expectations to all shareholders and continually reinforce
that “Security is Everybody’s Business”
Promote functional cooperation to anticipate, prepare for and manage issues that
may escalate into full blown security incidents.
15. SMS Framework
SAMPLE PWO SECURITY PROGRAM ELEMENTS
XYZ’s security systems will organize security activities into program elements.
The security system provides an organizational framework to develop, maintain
and implement security best practices. Security dept will ensure that corporate
specific security best practices are implemented to protect the organisation’s
people, assets, information and operations.
XYZ’s proposed security system will include the following program elements:
• Leadership
• Threat assessment
• Risk Assessment
• Personnel Protection
• Operations Security
• Information Protection
• Emergency Response and
Management
• Investigation
Internal, Background & Due
Diligence
• External Relations
Community Relations
Government Relations
Information Management
• Management of Change
The Security Management System provides a common framework for
systems and establishes company expectations for 10 key elements:
17. Business Case For SMS
Sound SECURITY performance will:
Reduce losses, frequency of incidents and
disruptions to operations
Reduce security department & operational costs
Protect/improve reputation
Reduce potential liability
Prepare security staff to meet & exceed
management’s expectations
18. Business Case For SMS
Strengthen critical business processes
Improve security performance in normal
conditions and emergency situations
Sustain benefits of security investment
Reinforce prevention focus vs. reactive
approach
Provide a competitive advantage
19. How Does SMS Differ From Current?
The current focus is on ad
hoc activity, no integration.
With SMS a Company focus is on
Business Processes:
• Clear Accountability & Continuous
Improvement
21. What Will Make It Sustainable?
Senior Management
Demonstrate commitment, provide resources
Actively participate, review security performance
Business Unit
Set annual security objectives
Make SECURITY everybody’s responsibility
Track implementation progress quarterly
Individual
Comply with policies and procedures
Report incidents and gaps
Share lessons learned