Date post: | 02-Jan-2016 |
Category: |
Documents |
Upload: | winifred-golden |
View: | 222 times |
Download: | 1 times |
Edwin Agasa Lecturer
Security Expert
Department of Social SciencesKaratina University
Physical security is defined as: Physical measurers, policies, and procedures to protect an organizations systems, facilities/buildings and equipment from unauthorized access, natural and environmental hazards.
The Physical Security domain addresses the threats, vulnerabilities, and countermeasures that can be utilized to physically protect an enterprise’s resources.
These resources include people, the facility in which they work, and the data, equipment, support systems, media, and supplies they utilize.
Physical Security is accomplished by performing an assessment of the facility/building and the surrounding premises.
Physical security enhancements should be considered during the budget process.
During new construction Physical security should be taken into account during the budgeting process
Physical security designs should be performed by a qualified professional regarding the topology and architecture of the systems and how they will integrate
Physical security installations should be performed by a manufacturer certified/authorized dealer
Threats to physical security include: Interruption of servicesTheftPhysical damageUnauthorized disclosureLoss of system integrityArson ETC
Threats fall into many categories:Natural environmental threats
(e.g., floods, fire)Supply system threats (e.g.,
power outages, communication interruptions)
Manmade threats (e.g., explosions, disgruntled employees, fraud)
Politically motivated threats (e.g., strikes, riots, civil disobedience)
Primary consideration in physical security is that nothing should impede “life safety goals.”Ex.: Don’t lock the only fire exit door from the outside.
“Safety:” Deals with the protection of life and assets against fire, natural disasters, and devastating accidents.
“Security:” Addresses vandalism, theft, and attacks by individuals.
Physical security should be based on a layered defense model.
Layers are implemented at the perimeter and moving toward an asset.
Layers include: Deterrence, Delaying, Detection, Assessment, Response
A physical security program must address: Crime and disruption protection through deterrence (fences, security guards, warning signs, etc.).
Reduction of damages through the use of delaying mechanisms (e.g., locks, security personnel, etc.).
Crime or disruption detection (e.g., smoke detectors, motion detectors, CCTV, etc.).
Incident assessment through response to incidents and determination of damage levels.
Response procedures (fire suppression mechanisms, emergency response processes, etc.).
Examples of questions to ask when performing a Physical Security Assessment:
1. What are you protecting? (Determination of what you are protecting will determine the amount of “security” you will place on facility/
2. Is the facility located in a high crime area?
3. Do you own or lease/rent the facility?
4. Is the facility designed for the type of environment the work will be performed? (IE. Power, structure, communications and fire suppression)
5.What is the net worth of the assets to be guarded
6.How much would it cost your organization to overcome a catastrophic loss of data or property
7.Cost of implementation of physical security measures versus worth of the data or property
N.B Perform an impact statement to determine if the cost of implementing physical security measures is cost effective or prohibitive.
Facilities may require perimeter fencing:
Chain link fence Should be at least 11 gauge steel. Common
installation, easy to climb or cut for entry
Concrete masonry unit (CMU), One of the strongest installations, offers
privacy, very expensive
Wrought iron fencing Offers great protection, very expensive.
Box steel welded fence construction Architecturally acceptable, offers great
protection, offers very little privacy and expensive
Physical barriers such as fences and walls deter intruders and restrict visibility into the premises
Inspect barriers for deterioration
Windows are conducive to forced entry:
Windows have the highest vulnerability to forced entry.
The location and characteristics of windows needs to be inspected.
Windows that are less than 18 feet from the ground are the most vulnerable since they are easily accessible.
Facility doors should be constructed of material that will discourage breakage:
Steel or Solid wood doors.
Doors that are constructed of glass, should be inspected for glass type such as tempered glass or safety glass.
Inspect doors with exterior hinges that may be in a sensitive area of exposure:
Normally doors that open out are the issue
Door that open out are easier to compromise
Door frames should be strong and tight to prevent forcing/spreading:
Inspect door frame to ensure the frame is plumb and level
Ensure fasteners are tight and properly installed
Door locks should be in good repair:
Inspect for rust or deterioration
Inspect for proper operation
Visitor’s should be required to sign in
Require a visitor’s log
Require visitor’s identification badges
Have an attendant oversee the visitor’s log
Review the visitor’s log periodically
Escort facility visitor’s:
Create a policy on escorted and unescorted visitor’s
Provide different color identification badges for escorted and unescorted visitor’s
Require visitor’s to turn in identification badges after visit
Access control systems are typically a scalable management solution encompassing complete access control, advanced event monitoring and administration auditing.
Access control systems typically involve a central server for control and monitoring.
Remote capability to lock and unlock doors
Audit log of who and when personnel utilized a door
Audit log when a door has been forced or ‘help’ open
Capability to restrict or remove access to
specific person or group
Monitoring of room occupancy by intrusion-detection systems
What manufacture of system to purchase ?
How many facilities attached to the access control system?
How do you communicate with the access control system?
How many card holders will you have?
Who will administrate the system?
What type of card technology to use (FIP 201 compliance)
C•CURE 800 which provides users with
scalable access control solution that allows functionality and increased capacity as the system needs grow
C•CURE 800 is a complete integration solution with unlimited application
C•CURE 800 is a complete integration solution that reaches beyond traditional security.
It provides integration with critical applications including: Closed
Circuit Television (CCTV) and Digital Video Management systems (DVMS).
Other integration applications include:
Fire Alarms
Intercoms
Burglar alarms
Environmental building controls
Crystal reporting
Time management or time tracking software
Open Architecture Support. The C•CURE 800
ensures universal support and enormous flexibility.
As such, C•CURE 800 interacts with industry standards database, video recorders and cameras and networks
C•CURE 800 is a complete integration solution with unlimited application
C•CURE 800 Foundation Security Features:
Event and Alarm Monitoring
Database Partitioning
Windows 2000 professional, Windows server 2003, Window XP Professional for servers
Open journal data format for enhanced reporting
Automated personnel import
Wireless reader support
C•CURE 800 advanced Security Features:
CCTV Integration
Enhanced monitoring with split screen views
Escort management
Card holder access events
Single subscriber Email and paging
Open journal data format for enhanced reporting
Closed Circuit Television (CCTV) and Digital Video Management System (DVMS) has taken many advances over the years.
The evolution of CCTV is an interesting history that combines the entertainment industry, consumer electronics and CCTV.
The original CCTV systems were built using equipment intended for the use of the broadcast industry and industrial television
Cameras were large
Expensive
Required high energy consumption
Required frequent maintenance
As a result of the high expense and the need to change tubes in the equipment coupled with the heat generated by the equipment, service calls and service technicians made lucrative business.
The high expense of CCTV installation and the cost of servicing the equipment made it possible for only the wealthy to afford such systems since the cost of installation and maintenance surpassed the cost of the assets to be protected .
In the mid-60’s, CCTV started to evolve as an industry.
Two inventions facilitated this change and allowed the cost of installation and the maintenance of CCTV systems to become an affordable option. The Pan, Tilt and Zoom (PTZ) was invented along with the motorized lens.
The PTZ function allowed the camera to move up, down and side to side.
The motorized lens allowed remote control of zoom, focus and iris adjustment.
These inventions reduced the number of cameras required to cover an area.
In the consumer electronic market, amateur
video taping, movie rentals and the mass production and use of the video cassette recorder (VCR) became less expensive and lightweight. Soon the two technologies merged creating the camera and recorder or what we know today as the “Camcorder”
In the late 80’s a mass market of products began to dramatically reduce prices and improvements in quality and availability. What was once enjoyed by the wealthy was now made affordable and available to the general public and industry
System use, Security or surveillance:
Security is defined as watching objects or items
Surveillance is defined as watching people
Will operators manage the system:
Operators will be required for surveillance
The potential for “large” storage may be required for security or the watching of objects or items (recommended seven days of storage)
Cameras selection and locations, indoors or outdoors:
PTZ or fixed cameras
Indoor cameras are used, are they covert or in plain site
Outdoor cameras are used, what is your outdoor
climate
Storage of video:
Hard drive storage or the network storage
Video cassette recorder
Know the factors in choosing CCTV: Focal Length, Lens Types (Fixed V. Zoom), Iris, Depth of Field, Illumination requirements
“Focal length:” The focal length of a lens defines its effectiveness in viewing objects from a horizontal and vertical view.
The sizes of images that will be shown on a monitor along with the area that can be covered by one camera are defined by focal length.
Short focal length = wider angle views
Long focal length = narrower views
“Depth of field:” Refers to the portion of the environment that is in focus
“Shallow depth of focus:” Provides a softer backdrop and leads viewers to the foreground object
“Greater depth of focus:” Not much distinction between objects in the foreground and background.
Common short comings of many CCTV systems
Not enough cameras
Cameras installed incorrectly or incorrect cameras installed
No operator
Not enough storage or improper media for storage
Improperly trained personnel
Neglected or improperly maintained systems to include cameras, power supplies, VCR’s, DVR’s, software application and network connection
Network traffic for IP cameras
Network traffic with the Integration of CCTV and access control
Improperly trained personnel
Storage of video on site with specific hard drives or network storage
The downloading of updates for windows based DVR’s
The potential of viruses on windows based DVR’s
“Fire Prevention:” Includes training employees on how to react, supplying the right equipment, enabling fire suppression supply, proper storage of combustible elements
“Fire Detection:” Includes alarms, manual detection pull boxes, automatic detection response systems with sensors, etc.
“Fire Suppression:” Is the use of a suppression agent to put out a fire.
Fire needs oxygen and fuel to continue to grow.
Ignition sources can include the failure of an electrical device, improper storage of materials, malfunctioning heating devices, arson, etc.
Special note on “plenum areas:” The space above drop down ceilings, wall cavities, and under raised floors. Plenum areas should have fire detectors and should only use plenum area rated cabling.
Types of Fire: A: Common Combustibles
Elements: Wood products, paper, laminates Suppression: Water, foam
B: Liquid Elements: Petroleum products and coolants Suppression: Gas, CO2, foam, dry powders
C: Electrical Elements: Electrical equipment and wires Suppression: Gas, CO2, dry powders
D: Combustible Metals Elements: magnesium, sodium, potassium Suppression: Dry powder
K: Commercial Kitchens Elements: Cooking oil fires Suppression: Wet chemicals such as
potassium acetate.
Types of Fire DetectorsSmoke ActivatedHeat Activated
Different types of suppression agents:WaterHalon and halon substitutesFoamsDry PowdersCO2Soda Acid
Gates have 4 distinct types: Class I: Residential usage Class II: Commercial usage, where
general public access is expected (e.g., public parking lot, gated community, self storage facility)
Class III: Industrial usage, where limited access is expected (e.g., warehouse property entrance not intended to serve public)
Class IV: Restricted access (e.g., a prison entrance that is monitored either in person or via CCTV)
LightingKnow lighting terms and types of
lighting to use in different situations (inside v. outside, security posts, access doors, zones of illumination)
It is important to have the correct lighting when using various types of surveillance equipment.
Lighting controls and switches should be in protected, locked, and centralized areas.
1. “Continuous lighting:” An array of lights that provide an even amount of illumination across an area.
2. “Controlled lighting:” An organization should erect lights and use illumination in such a way that does not blind its neighbors or any passing cars, trains, or planes.
3. “Standby Lighting:” Lighting that can be configured to turn on and off at different times so that potential intruders think that different areas of the facility are populated.
4. “Redundant” or “backup lighting:” Should be available in case of power failures or emergencies.
5. “Response Area Illumination:” Takes place when an IDS detects suspicious activities and turns on the lights within the specified area.