Edwin Agasa Lecturer

Security Expert

Department of Social SciencesKaratina University

Physical security is defined as: Physical measurers, policies, and procedures to protect an organizations systems, facilities/buildings and equipment from unauthorized access, natural and environmental hazards.

The Physical Security domain addresses the threats, vulnerabilities, and countermeasures that can be utilized to physically protect an enterprise’s resources.

These resources include people, the facility in which they work, and the data, equipment, support systems, media, and supplies they utilize.

Physical Security is accomplished by performing an assessment of the facility/building and the surrounding premises.

Physical security enhancements should be considered during the budget process.

During new construction Physical security should be taken into account during the budgeting process

Physical security designs should be performed by a qualified professional regarding the topology and architecture of the systems and how they will integrate

Physical security installations should be performed by a manufacturer certified/authorized dealer

Threats to physical security include: Interruption of servicesTheftPhysical damageUnauthorized disclosureLoss of system integrityArson ETC

Threats fall into many categories:Natural environmental threats

(e.g., floods, fire)Supply system threats (e.g.,

power outages, communication interruptions)

Manmade threats (e.g., explosions, disgruntled employees, fraud)

Politically motivated threats (e.g., strikes, riots, civil disobedience)

Primary consideration in physical security is that nothing should impede “life safety goals.”Ex.: Don’t lock the only fire exit door from the outside.

“Safety:” Deals with the protection of life and assets against fire, natural disasters, and devastating accidents.

“Security:” Addresses vandalism, theft, and attacks by individuals.

Physical security should be based on a layered defense model.

Layers are implemented at the perimeter and moving toward an asset.

Layers include: Deterrence, Delaying, Detection, Assessment, Response

A physical security program must address: Crime and disruption protection through deterrence (fences, security guards, warning signs, etc.).

Reduction of damages through the use of delaying mechanisms (e.g., locks, security personnel, etc.).

Crime or disruption detection (e.g., smoke detectors, motion detectors, CCTV, etc.).

Incident assessment through response to incidents and determination of damage levels.

Response procedures (fire suppression mechanisms, emergency response processes, etc.).

Examples of questions to ask when performing a Physical Security Assessment:

1. What are you protecting? (Determination of what you are protecting will determine the amount of “security” you will place on facility/

2. Is the facility located in a high crime area?

3. Do you own or lease/rent the facility?

4. Is the facility designed for the type of environment the work will be performed? (IE. Power, structure, communications and fire suppression)

5.What is the net worth of the assets to be guarded

6.How much would it cost your organization to overcome a catastrophic loss of data or property

7.Cost of implementation of physical security measures versus worth of the data or property

N.B Perform an impact statement to determine if the cost of implementing physical security measures is cost effective or prohibitive.

Facilities may require perimeter fencing:

Chain link fence Should be at least 11 gauge steel. Common

installation, easy to climb or cut for entry

Concrete masonry unit (CMU), One of the strongest installations, offers

privacy, very expensive

Wrought iron fencing Offers great protection, very expensive.

Box steel welded fence construction Architecturally acceptable, offers great

protection, offers very little privacy and expensive

Physical barriers such as fences and walls deter intruders and restrict visibility into the premises

Inspect barriers for deterioration

Windows are conducive to forced entry:

Windows have the highest vulnerability to forced entry.

The location and characteristics of windows needs to be inspected.

Windows that are less than 18 feet from the ground are the most vulnerable since they are easily accessible.

Facility doors should be constructed of material that will discourage breakage:

Steel or Solid wood doors.

Doors that are constructed of glass, should be inspected for glass type such as tempered glass or safety glass.

Inspect doors with exterior hinges that may be in a sensitive area of exposure:

Normally doors that open out are the issue

Door that open out are easier to compromise

Door frames should be strong and tight to prevent forcing/spreading:

Inspect door frame to ensure the frame is plumb and level

Ensure fasteners are tight and properly installed

Door locks should be in good repair:

Inspect for rust or deterioration

Inspect for proper operation

Visitor’s should be required to sign in

Require a visitor’s log

Require visitor’s identification badges

Have an attendant oversee the visitor’s log

Review the visitor’s log periodically

Escort facility visitor’s:

Create a policy on escorted and unescorted visitor’s

Provide different color identification badges for escorted and unescorted visitor’s

Require visitor’s to turn in identification badges after visit

Access control systems are typically a scalable management solution encompassing complete access control, advanced event monitoring and administration auditing.

Access control systems typically involve a central server for control and monitoring.

Remote capability to lock and unlock doors

Audit log of who and when personnel utilized a door

Audit log when a door has been forced or ‘help’ open

Capability to restrict or remove access to

specific person or group

Monitoring of room occupancy by intrusion-detection systems

What manufacture of system to purchase ?

How many facilities attached to the access control system?

How do you communicate with the access control system?

How many card holders will you have?

Who will administrate the system?

What type of card technology to use (FIP 201 compliance)

C•CURE 800 which provides users with

scalable access control solution that allows functionality and increased capacity as the system needs grow

C•CURE 800 is a complete integration solution with unlimited application

C•CURE 800 is a complete integration solution that reaches beyond traditional security.

It provides integration with critical applications including: Closed

Circuit Television (CCTV) and Digital Video Management systems (DVMS).

Other integration applications include:

Fire Alarms

Intercoms

Burglar alarms

Environmental building controls

Crystal reporting

Time management or time tracking software

Open Architecture Support. The C•CURE 800

ensures universal support and enormous flexibility.

As such, C•CURE 800 interacts with industry standards database, video recorders and cameras and networks

C•CURE 800 is a complete integration solution with unlimited application

C•CURE 800 Foundation Security Features:

Event and Alarm Monitoring

Database Partitioning

Windows 2000 professional, Windows server 2003, Window XP Professional for servers

Open journal data format for enhanced reporting

Automated personnel import

Wireless reader support

C•CURE 800 advanced Security Features:

CCTV Integration

Enhanced monitoring with split screen views

Escort management

Card holder access events

Single subscriber Email and paging

Open journal data format for enhanced reporting

Closed Circuit Television (CCTV) and Digital Video Management System (DVMS) has taken many advances over the years.

The evolution of CCTV is an interesting history that combines the entertainment industry, consumer electronics and CCTV.

The original CCTV systems were built using equipment intended for the use of the broadcast industry and industrial television

Cameras were large

Expensive

Required high energy consumption

Required frequent maintenance

As a result of the high expense and the need to change tubes in the equipment coupled with the heat generated by the equipment, service calls and service technicians made lucrative business.

The high expense of CCTV installation and the cost of servicing the equipment made it possible for only the wealthy to afford such systems since the cost of installation and maintenance surpassed the cost of the assets to be protected .

In the mid-60’s, CCTV started to evolve as an industry.

Two inventions facilitated this change and allowed the cost of installation and the maintenance of CCTV systems to become an affordable option. The Pan, Tilt and Zoom (PTZ) was invented along with the motorized lens.

The PTZ function allowed the camera to move up, down and side to side.

The motorized lens allowed remote control of zoom, focus and iris adjustment.

These inventions reduced the number of cameras required to cover an area.

In the consumer electronic market, amateur

video taping, movie rentals and the mass production and use of the video cassette recorder (VCR) became less expensive and lightweight. Soon the two technologies merged creating the camera and recorder or what we know today as the “Camcorder”

In the late 80’s a mass market of products began to dramatically reduce prices and improvements in quality and availability. What was once enjoyed by the wealthy was now made affordable and available to the general public and industry

System use, Security or surveillance:

Security is defined as watching objects or items

Surveillance is defined as watching people

Will operators manage the system:

Operators will be required for surveillance

The potential for “large” storage may be required for security or the watching of objects or items (recommended seven days of storage)

Cameras selection and locations, indoors or outdoors:

PTZ or fixed cameras

Indoor cameras are used, are they covert or in plain site

Outdoor cameras are used, what is your outdoor

climate

Storage of video:

Hard drive storage or the network storage

Video cassette recorder

Know the factors in choosing CCTV: Focal Length, Lens Types (Fixed V. Zoom), Iris, Depth of Field, Illumination requirements

“Focal length:” The focal length of a lens defines its effectiveness in viewing objects from a horizontal and vertical view.

The sizes of images that will be shown on a monitor along with the area that can be covered by one camera are defined by focal length.

Short focal length = wider angle views

Long focal length = narrower views

“Depth of field:” Refers to the portion of the environment that is in focus

“Shallow depth of focus:” Provides a softer backdrop and leads viewers to the foreground object

“Greater depth of focus:” Not much distinction between objects in the foreground and background.

Common short comings of many CCTV systems

Not enough cameras

Cameras installed incorrectly or incorrect cameras installed

No operator

Not enough storage or improper media for storage

Improperly trained personnel

Neglected or improperly maintained systems to include cameras, power supplies, VCR’s, DVR’s, software application and network connection

Network traffic for IP cameras

Network traffic with the Integration of CCTV and access control

Improperly trained personnel

Storage of video on site with specific hard drives or network storage

The downloading of updates for windows based DVR’s

The potential of viruses on windows based DVR’s

“Fire Prevention:” Includes training employees on how to react, supplying the right equipment, enabling fire suppression supply, proper storage of combustible elements

“Fire Detection:” Includes alarms, manual detection pull boxes, automatic detection response systems with sensors, etc.

“Fire Suppression:” Is the use of a suppression agent to put out a fire.

Fire needs oxygen and fuel to continue to grow.

Ignition sources can include the failure of an electrical device, improper storage of materials, malfunctioning heating devices, arson, etc.

Special note on “plenum areas:” The space above drop down ceilings, wall cavities, and under raised floors. Plenum areas should have fire detectors and should only use plenum area rated cabling.

Types of Fire: A: Common Combustibles

Elements: Wood products, paper, laminates Suppression: Water, foam

B: Liquid Elements: Petroleum products and coolants Suppression: Gas, CO2, foam, dry powders

C: Electrical Elements: Electrical equipment and wires Suppression: Gas, CO2, dry powders

D: Combustible Metals Elements: magnesium, sodium, potassium Suppression: Dry powder

K: Commercial Kitchens Elements: Cooking oil fires Suppression: Wet chemicals such as

potassium acetate.

Types of Fire DetectorsSmoke ActivatedHeat Activated

Different types of suppression agents:WaterHalon and halon substitutesFoamsDry PowdersCO2Soda Acid

Gates have 4 distinct types: Class I: Residential usage Class II: Commercial usage, where

general public access is expected (e.g., public parking lot, gated community, self storage facility)

Class III: Industrial usage, where limited access is expected (e.g., warehouse property entrance not intended to serve public)

Class IV: Restricted access (e.g., a prison entrance that is monitored either in person or via CCTV)

LightingKnow lighting terms and types of

lighting to use in different situations (inside v. outside, security posts, access doors, zones of illumination)

It is important to have the correct lighting when using various types of surveillance equipment.

Lighting controls and switches should be in protected, locked, and centralized areas.

1. “Continuous lighting:” An array of lights that provide an even amount of illumination across an area.

2. “Controlled lighting:” An organization should erect lights and use illumination in such a way that does not blind its neighbors or any passing cars, trains, or planes.

3. “Standby Lighting:” Lighting that can be configured to turn on and off at different times so that potential intruders think that different areas of the facility are populated.

4. “Redundant” or “backup lighting:” Should be available in case of power failures or emergencies.

5. “Response Area Illumination:” Takes place when an IDS detects suspicious activities and turns on the lights within the specified area.