In order to develop a suitable, practical and appropriate security system for any organisation, it is essential to first develop a master security and life safety plan strategy. Defining your core business processes is the first step, which then allows one to identify essential resources and facilities that need protection.
However one must first perform a risk assessment to identify the associated risks to one’s facilities and resources which will map out on those to focus on which you consider most likely to occur. The risk assessment will determine and quantify if the chance of threat/risk is low, medium or high and what the exposure, frequency and severity of the risks are to the business.
Although the core elements of businesses may differ, they generally all have a number of processes and strategies, and are capable of identifying and responding to attacks when they occur. In saying this, there is a common tendency to look at security technologies as a quick fix to security risks.
Effectively addressing and preventing security risks requires much more than getting the right technology, and as highlighted above, fails by neglecting to adopt a holistic system-based approach when considering and designing access control.
There are five security principles that need to be considered when exploring the deployment of access control solution.
Security principle 1
Delay without detection is not delayed. Consider a door fitted with a deadbolt lock which would take some time before an intruder could penetrate the door where the detection of the intruder is first detected (when the door is opened). The time value of the lock as a delay barrier can be several minutes, however, the moment the door is opened, the time value of the lock as a physical barrier is actually zero. If a homeowner, for example, is not at home it would make no difference if the burglar took five minutes or five hours to get through the lock because delay without detection is not delayed.
Security principle 2
Detection without assessment is not detection. This principle is similar to that of an alarm system. The first detection takes place; however, the detection process is not complete until the assessment takes place. An effective access control system requires the components of where people and procedures must be well articulated. Depending on the design when configuring access control layers, the response times could be short at the point of detection. It must be noted that in order to meet the desired access control design standards, this will only be possible with a clear systematic approach.
Security principle 3
People make great assessors but poor detectors. A common mistake is to assume the security personnel will be able to detect a threat in a sufficient amount of time to respond and deploy the final denial barriers. Often the required response times are too short and therefore people do not make good assessors.
Security principle 4
Adversary path. There are a number of adversary paths/routes a burglar may take to gain access to a business and therefore it is important to identify and address the multiple adversary paths when designing one’s access control solutions.
Security principle 5
Critical detection point. This is the culminating principle that borrows from the other four principles. Once one’s adversary paths have been identified and determined they must then be analysed by measuring the time it takes for the adversary to reach the asset/identified threat along with the probability of detection in order to determine the critical detection point. Note that if the adversary makes it past this point it’s too late.
Crime Prevention Through Environmental Design (CPTED).
This is an essential discipline that is often overlooked. This principle outlines how the proper design of a physical environment can reduce crime by directly affecting human behaviour and has three main strategies:
• Natural access control. This relates to the guidance of people entering and leaving a space by the placement of doors, fences, lighting and landscaping, including bollards, use of security zones, access barriers, and use of natural access controls.
• Natural surveillance. This entails the use and placement of physical environmental features, personnel walkways and activity areas in ways that maximise visibility. The goal is to make criminals feel uncomfortable and make all other people feel safe and comfortable through the use of observation.
• Territorial reinforcement. This is achieved by creating physical designs that highlight the company’s area of influence to give legitimate owners a sense of ownership, and is accomplished through the use of walls, lighting, landscaping etc.
In conjunction with the above principles, when designing one’s access control platform it is critical that the following zone layout and design must also be considered, which can be divided into four primary zones:
• Approach zone.
• Access control zone.
• Response zone.
• Safety zone.
Generally speaking, it is important that the detection elements needed must be placed either in the approach or access control locations that will ensure the guard force has the response time needed for alarm assessment and response.
All these components take time, and the engineering and design will be directly affected when calculating the response times directly. Also, do not forget that this will also have a direct impact on were the final barriers will be placed. If they are too close behind the access control zone, the guard force will not have sufficient time to respond to the threat.
When one looks at the three primary zones in the zone corridor, one can begin to understand how critical these security principles are relative to access control point layout and design.
Lastly, based on the above application of risk process, principles and zone configuration, the effects of the different design elements to deter, deflect, delay, detect and response models will assist in determining the required subsystems – alarms, barriers, surveillance, EAS, smoke cloak, audio, lighting, etc. in order to provide the most cost-effective vulnerability solution.
It must be noted that in order to be successful, a systems approach will always include a combination of personnel, equipment and procedures. Herein lies additional issues which are another story in respect of the people element (poorly selected, poorly paid, poorly trained or poor retention) plus, in many instances, little or no procedures are in place.
For more information, contact Christopher C. Cobb, Accenture, +27 11 208 3153, firstname.lastname@example.org
© Technews Publishing (Pty) Ltd | All Rights Reserved