As I have previously stated, I am not a security officer. My work/business means that I do travel internationally. I have a mixed history/background, like most of us. That said, I make a point of being aware of security, be that personal, physical or systems/data.
The first caveat is that the following information is personal observation. The second caveat is that I do not endorse any firm in any way. Any decision made by anyone reading this, is purely of their own volition.
There are lots of places that we have to keep secure, our personal transport, homes, places of employment. I will not venture into locations deemed to be public property; these are the responsibility of government, or rather their departments.
So, the obvious threats are from theft; ranging from opportunists, through pre-meditated to organised crime and commercial espionage.
The second level of threat takes the forms of civil unrest and terrorism
Physical security covers security measures designed to protect people and property from damage or harm and to deny unauthorized access to facilities, equipment and resources. Physical security can involve the use of multiple layers of interdependent systems which include CCTV surveillance, security guards, protective barriers, locks, access control protocols, and many other techniques.
At its simplest, the use of a personal alarm when you venture out. Or in your vehicle, the use of key/lock, alarm and immobiliser. At home, external PIR activated security lights and internally an alarm system, all provide the security needed, from a general perspective; without venturing into keeps and lockdown survival cells. Obviously, if you have items of specific high value, it may also be prudent to invest in a safe.
From a commercial perspective, things are different. I will not deal with the threat of fire, as all businesses should have fire alarms and preventive measures in place, even if not by legal statute.
What you do have to consider are, environment, perimeter, the shell, buildings, property and people. These can further be broken down;
Environment (geophysical) – Area (urban, industrial or rural) also covers proximity to other buildings or vegetation that may hide unwanted intent, road and path network allowing unwanted persons ingress or egress to your site.
Perimeter – This will cover physical walls, fences, ditches and barriers around your location.
Shell– This is the material of which the building or buildings are made of, points ingress (doors and windows).
Building – What type of building is this (what is it used for, retail, storage, production, office, data management or even mixed usage).
Property – What assets (cash, stock, data or equipment) do you have in the building or buildings. These need to be identified and valued.
People – This will include Staff, Ancillaries, Security Guards and Visitors
Believe it or not, the biggest threat to any organisation is people and theft by those who have legitimate access to the site. Generally speaking, in this case it would be petty theft (the odd pen, pencil, paper, or it could be a little more serious, like purses and wallets).
When providing security, you build from the ground up, in layers; a bit like an onion, each layer over lapping the previous. The aim of each layer is to:
- reduce the rewards of crime
- reduce the chance to commit crime
- remove the excuse of criminal behaviour
- increase the chance of discovery
Organisations must take into account the costs of specifying, developing, testing, implementing, using, managing, monitoring and maintaining the security system devised. Other broader issues also need to be considered such as aesthetics, civil or personal rights, health and safety, plus societal norms or conventions.
Physical Security is to convince potential attackers that any attack is unlikely to succeed, due to a strong defence.
Starting at the outermost layer, the areas bordering your location; these need to be monitored and in the case of vegetation, maintained, so no hard security here. Although approaches should be monitored, through use of CCTV, from the perimeter or from just behind it.
The perimeter, is a different case as you either own or lease the location, although there may be planning restrictions in place. None the less the perimeter fixes and defines your boundary. A fence or wall acts a physical and psychological deterrent to unauthorised entry. This barrier can be topped with some other device such as rotating vanes, barbed or razor wire. Beyond this lighting, lockable gates, intrusion detectors, or a patrol guard may be deployed.
Likewise the shell of the building has to be considered. If we assume we are not dealing with a structure with a soft shell such as plastic or material walls, then all external doors and windows will need to be lockable and the windows potentially barred at ground level. Any roof access or skylight will also need to be secured in a similar manner. If the building is soft skinned, some form of additional alarm system would need to be implemented, in case entry was gained through the wall structure.
Internal building security for all types of structure should include electronic entry systems, vibration sensors on windows and PIR motion detectors throughout the buildings. Sensitive or controlled areas within such locations should have a further layer security added. This should include biometric access tags and CCTV. This way if someone has unauthorised access to a tag they can still be identified.
All corporate property should be tagged with a property tag. This can be further improved with physical sensor, so the item would initiate an alarm if moved from within a specified location. Other processes could be put into place covering movement documentation for larger items of inventory. Data is more of a problem, due to the size of memory storage devices, but this too can be resolved by locking down systems, disabling usb ports, card readers and CD writers. In addition to this most computers can also have a padlock fitted to the chassis to prevent access to the hard drive.
The most difficult component to deal with is the human factor. Luckily most of us do not live in a Police State, so the best we can do is to try to minimise the risk by vetting staff, visitors, ancillaries and security personnel. In most cases, the last two can be outsourced and this becomes the responsibility of the service supplier. Visitors should be supervised when on site and access tightly controlled. Staff need to be vetted prior to taking up employment through references. There may be specific roles, which require additional levels of security, so checks on social media may indicate a risk, together with credit checks. Depending on where you are internationally, some other checks may be available to an organisation through government agencies, but the organisation would have to pay for this service to be provided.
I hope this has provided a useful insight and give guidance, pointing out areas which need to be considered if you are having to undertake a security survey for the first time.