Physical security is a very interesting field, and quite different from anything else that I’ve written about so far. Unlike the technical principles the other posts have focused on, this one focuses on the equipment and layout associated with a secure physical setting. One note before we get into the meat of the issue, when it comes to the planning and implementation of physical security, life safety goals should always take precedence. Things can always be replaced, but the lives of those lost cannot be.
According to Shon Harris, the following steps need to be taken in order to establish an effective physical security program:
· “Identify a team of internal employees and/or external consultants who will build the physical security program through the following steps.
· Carry out a risk analysis to identify the vulnerabilities and threats and to calculate the business impact of each threat
· Work with management to define an acceptable risk level for the physical security program
· Derive the required performance baselines from the acceptable risk level
· Create countermeasure performance metrics
· Develop criteria from the results of the analysis, outlining the level of protection and performance required for the following categories of the security program:
o Deterrence
o Delaying
o Detection
o Assessment
o Response
· Identify and implement countermeasure for each program category
· Continuously evaluate countermeasure against the set baselines to ensure the acceptable risk level is not exceeded”
Following this process the group moves into the design process to implement this findings and decisions.
There are many concepts to be considered in the development process. One discipline that is considered by many to be very important to take into account during the development stage is the Crime Prevention Through Environmental Design (CPTED) discipline. It outlines how proper facility construction and environmental components can reduce crime by affecting human behavior. It follows three main strategies: natural access control – guidance of people entering and leaving a space, natural surveillance – providing many ways for people to potentially see a crime, and territorial reinforcement – creation of community through identifiable and unique markers. Target hardening should be used to maximize the effectiveness of the CPTED implementation through physical and artificial barriers.
When building or purchasing a new facility, several factors should be taken into account. The first is location. It is a good idea to check with police and review the crime report of the area you are considering. If the price of the property is too good to be true, it probably isn’t in the best location. On the topic of police, another issue to look at is how far from the closest police station, fire station, and medical facility the facility will be located. Being closer to these can often cause the price to go up, but can cause the price of insurance to go down some, as well as be beneficial to your company in the event of an emergency. The next factor is construction materials. The materials you choose should reflect the potential dangers the facility might face, such as regular flooding or a history of tornadoes in the area. The locations of things in the facility are also important. Entry points should be minimized with as much traffic being directed through a main entrance as possible. Other points should be emergency exit only with a release lever only on the inside. Security mechanisms for access points should be considered as well; i.e. fail-safe – all doors are automatically unlocked in the event of an emergency, or fail-secure – all doors are locked in the event of an emergency.
Computer and equipment rooms should be located in the center of a building; being in the basement could leave them susceptible to flooding, while being on the top floor could delay response from emergency personnel in the event of an emergency. The room should only have 2 doors, with one being limited to an emergency exit only. Fire, smoke, and water alarms need to be implemented in the raised floors or lowered ceilings, as well as the actual room itself. Power protection should also be considered for the servers. This can be achieved in the ways: UPSs, power line conditioners, and backup sources, such as generators. Fire suppression methods also need to be laid out, such as type of suppressant and how it will be handled.
Outside of the actual building, the next most important layer in physical security is the perimeter security, which is the first line of defense. Fencing is generally the go to perimeter protection, but it mostly depends on the needs of the company. Some find fencing to be obtrusive and ugly, while other needs the protection more than aesthetics and go for the 8 feet tall fencing with barbed wire facing out to keep would be intruders at bay. Gates also have classifications, depending on their strength and use. Lighting is very important for a variety of reasons. It prevents infiltrators from having a place to hide, provides a sense of security to authorized individuals, and allows better monitoring by security personnel and visual recording devices. These devices are generally used as closed circuit TV (CCTV) and today are generally taken in a digital format, which leads to smaller storage requirements and better quality. Intrusion detection systems and patrol forces are also possibilities. Like all other security systems, physical security can’t just rely on one or two features. It is a combination of things that can slow down a would-be attacker enough to either be caught or deterred from committing a crime.
No comments:
Post a Comment