classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2017


Assessing risks in security technology systems
September 2017, This Week's Editor's Pick, Security Services & Risk Management, Residential Estate (Industry)

The process of risk assessment and implementing mitigating actions is well known to us all. In the business world, the risk assessment process is often undertaken following the PESTEL format. PESTEL refers to the components that need to be evaluated, i.e. PESTEL stands for Political, Economic, Social, Technology, Environmental, Legal.

Rob Anderson
Rob Anderson

To a large extent, this approach does carry over to the methods used when doing a security risk assessment. It is, however, unusual for the security risk assessment to evaluate the risks ‘embedded’ in the technology solutions, be they existing or new technology. Even more interesting is that the technology solution was probably implemented because of a physical risk assessment. The technology was used to mitigate the physical risk, and much to the surprise of all, it comes with its own risks.

One of the challenges is that the technical risk assessment needs to be undertaken by a technically competent person who understands the risk assessment process. Do these individuals exist? Probably, yes, but they are few and far between.

Common risks

Let’s look at some of the technology risks that are most common, easy to assess and resolve. At present, the biggest risk must be the sudden rush of ransomware and virus infections. If these get into your security system you will remember it for a long while. The problem is that almost 100% of security systems are connected to the Internet. The security ‘guru’ will tell you this is vital for:

(a) Software upgrades

(b) Remote maintenance

(c) Cloud-based security systems

Before the digital age, we had ’closed’ systems, now it seems that this is not possible. The solution, employ a specialist who puts actions and processes in place to reduce the risk, and provide a recovery solution for when your systems are attacked by a cyber criminal. True to form, most organisations take action after the first infection.

Moving on to the other risks seen on many sites:

Camera systems

Have you checked that the camera is still recording? If the camera has been set up with analytics, is it still functioning as planned? What happens when the power fails? Is there a backup power system (that works)? Is the camera still showing the view intended and does it provide a good picture 24/7?

And of course, in the IP camera world the threat of the camera being ‘hacked’ has become real.

Power backup systems

• How often are the batteries checked to see if they are at the end of their life?

• Does the standby generator support the UPS correctly, or does the UPS see the generator as a ‘bad supply’ and runs on batteries?

• Are cables sized correctly so that voltage drops are not excessive?

Lightning and surge damage

• Are the power as well as data systems backed up with surge protection?

• Does the earth system comply with the surge protection equipment requirements?

• Surge protectors fail and need to be checked regularly. Is that being done?

Data backup

We have all learnt the hard way, so in most cases this is being done. The most common problems are:

• The system fault or virus migrates to the backup as well. Then there is no backup other than an accurate copy of the problem.

• Has anyone ever tried to recover the system from the backup to see if it works?

Access control systems

The access control systems are just as good as the current database of valid users and the way the system is used. In most cases (hopefully), the access control is synchronised with the CCTV to create a visual image of the person gaining access and egress. The most common failures here are:

• The security guard gives access and there is no visual or data record of the transaction.

• The database is years old. People still have access that should not.

• The database backup method is incorrect. This is most often the case with the SQL database.

• Who has the system setup access codes? Have they been shared? Or worse, if the maintenance chap is gone, how do you get into the system? But don’t worry, in most cases the systems are run on the default access codes…

Installation defects

This is probably the most common area of concern.

• Are there drawings and network diagrams of the systems? If not, what happens when service providers change?

• Are cables numbered and installed neatly so that it’s possible to trace faults?

• Have the correct cable types been used? Solid core, braided core, current carrying capacity etc.

• Is the electric fence energiser installed well away from the other components?

• Is there fuse or circuit breaker protection on the power circuits?

• Has the surge protection been by-passed?

• Are there tamper switches, power fail and low battery notification systems?

• Have all the system clocks been synced to one time?

The maintenance contract and procedures

So, the systems are all well managed and kept as risk free as possible. And then the monthly maintenance crew arrived and switched some equipment off for repairs and maintenance. As luck will have it, there is an incident while the equipment is off. We usually call it bad luck, but actually it is a real risk and there must be procedures to be able maintain a minimum level of security.

Interlinkages and dependences

The above risks are often linked: e.g. if the power fails then your other systems go down. Some interlinkages and dependencies will be obvious, but others less so. Does anyone consider mapping these and trying to work out how robust the whole system is?

This is a situation that we have all found ourselves in, with systems failing and we can’t believe so much can go wrong at the same time. Well, maybe it was one of those ‘lurking’ risks we need to be aware of.

And so, we can go on evaluating possible risks in the technology and putting actions in place to reduce the chance of a risk showing its potential. For the security technology sector to mature and play a positive part in this industry, much needs to be done to manage these risks.

Being aware of them is the first step.

Taking action is the most important next step to provide reliable solutions, and it has to be a client and integrator/ service provider joint action.

Let’s reduce our technology risks in the security sector.


Credit(s)
Supplied By: Adamastor Consulting
Tel: 086 099 5269
Fax: 086 211 0993
Email: rob@adamastor.co.za
www: www.adamastor.co.za
  Share via Twitter   Share via LinkedIn      

Further reading:

  • Back to the future
    September 2017, Adamastor Consulting, This Week's Editor's Pick, Cyber Security, Integrated Solutions, Residential Estate (Industry)
    The future is not what it used to be. Rob Anderson looks at estate security in 2027.
  • Manage your data appropriately
    September 2017, This Week's Editor's Pick, Security Services & Risk Management, Residential Estate (Industry)
    Home is where one relaxes and forgets about the stresses and demands of day-to-day life, except if your job is managing an estate and the security of its residents.
  • Who’s on your estate?
    September 2017, LexisNexis, Security Services & Risk Management, Residential Estate (Industry)
    Verifying a candidate’s identity is one of the most important checks to conduct as it establishes whether a person is really who they say they are.
  • Effective, PoPI-compliant visitor management
    September 2017, Residential Estate (Industry), Security Services & Risk Management
    Establishing the correct identity of visitors to an estate or complex is crucial to effective security, especially with the Protection of Personal Information (PoPI) Act looming.
  • Essential backup power equipment
    September 2017, Eurobyte Technology, Legrand Southern Africa, This Week's Editor's Pick, Security Services & Risk Management, Residential Estate (Industry)
    Planning for unexpected power outages has become an essential part of any security strategy for residential estates wanting to keep their security running.
  • Five safety rules
    September 2017, DEHN Africa, This Week's Editor's Pick, Security Services & Risk Management, Residential Estate (Industry)
    Working on electrical installations can be dangerous as those that are not properly connected or maintained pose a serious risk to both people and property.
  • Partnering with estates for security success
    September 2017, Elf Rentals - Electronic Security Solutions, This Week's Editor's Pick, Perimeter Security, Alarms & Intruder Detection, Integrated Solutions, Residential Estate (Industry)
    The team at Elf Rentals considers themselves to be specialist partners in the electronic security sector in terms of the financing, installation and maintenance of security contracts.
  • Dynamic environments require dynamic solutions
    September 2017, Excellerate Services , Residential Estate (Industry), Security Services & Risk Management
    Enforce has a number of success stories within the residential estate market that include the deployment of thermal imaging CCTV cameras with analytics.
  • Advances in video analytics
    September 2017, Avigilon, Bosch Security Systems, Reditron, Cathexis Technologies, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Perimeter Security, Alarms & Intruder Detection, Residential Estate (Industry)
    Analytics technologies are continually advancing to not only alert to potential threats, but also to reduce the occurrence of false alarms.
  • Surveillance on the move
    September 2017, Doculam, Forbatt SA, Vantage MDT, CCTV, Surveillance & Remote Monitoring, Integrated Solutions, Residential Estate (Industry)
    Hi-Tech Security Solutions asked a few body-worn camera vendors for their insights into whether these devices are suitable for estate security.
  • Expect the unexpected
    September 2017, This Week's Editor's Pick, Integrated Solutions, Security Services & Risk Management, Residential Estate (Industry)
    The scouts’ motto of Be Prepared is probably more suited to those responsible for managing the security of residential estates.
  • Remote maintenance is a reality
    September 2017, This Week's Editor's Pick, Integrated Solutions, Residential Estate (Industry)
    With the Internet of Things (IoT) and artificial intelligence (AI) becoming more accepted in general, remote maintenance has in fact become possible.

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.