Secure by Design

Residential Security Handbook 2022: Smart Estate Living Editor's Choice, Residential Estate (Industry), Training & Education

Rob Anderson’s new book, Secure by Design: A Guide to Residential Estate Security, is a very welcome and necessary handbook on the South African electronic security scene. Not since the 2013, third edition, publication of the Consumer Goods Council of South Africa’s Recommended CCTV Industry Guidelines, has there been a more useful guide.

Not only has the past decade seen a surge in reported crime, but the perceptions of crime in South Africa have also played an important role in the continued fast pace of the development of residential estates and in many areas of our country, ‘gated’ suburbs. This growth has, of course, seen a concomitant growth in the number of security services and products serving these markets.

The growth of the latter and the recent harsh economic realities of our country, have seen the blossoming of many registered and unregistered security service providers providing, at best, questionable levels of quality advice and service in the electronic security environment, which they offer at cut-throat prices; the Afrikaans idiom, ‘goedkoop is duurkoop’, springs to mind here.

Being an electrical engineer by profession, with more than 20 years in the security industry, Rob approaches his topic from a practical perspective; the guide’s content is almost equally split between ‘theory’ and ‘practice’. The aim of Secure by Design is to educate all parties, whether security service providers, homeowners, or body corporate board members and provides a good basis to do so.

Perhaps the best approach, in a review such as this, is to list some of the contents of the publication and hope that it elicits the desired level of salivation by the reader.

Secure by Design has three Parts, covering a rather comprehensive and delightful number of subject areas:

Part 1 – The Principles of Security Engineering

1.1. Basic Security Concepts

1.1.1. The Crime Triangle

1.1.2. Crime Prevention Through Environmental Design

1.1.3. Risk Assessment and the CPTED Audit

1.1.4. Intelligence and Information

1.1.5. Investigation and Reporting Tool (the 5W1H)

1.1.6. The 5 Ds in Security

1.1.7. The Game of Numbers

1.1.8. What is Cyber Security and why should we be worried?

1.2. The Generic Solution

1.2.1. Guarding Staff

1.2.2. Electronics

1.2.3. Data/Cyber Security

1.2.4. Intelligence

1.2.5. Monitoring and Control

1.2.6. Security Management

1.2.7. The Audit Process

1.2.8. Entrances and Access Control

1.2.9. Perimeters and Detection

Part 2 – A Guide to Control Rooms

2.1. A Structured Approach

2.2. Defining Requirements

2.3. Engineered Approach

2.4. Key Components and Technologies

2.5. The Control Facility Spaces

2.5.1. General

2.5.2. Equipment Room

2.5.3. Administration and Management Offices

2.5.4. The Control Room

2.5.5. The Desk and Workstation Layout

2.5.6. Drawings and Sketches

2.5.7. Disaster Management

2.6. Putting the Ideas into Practice

2.6.1. Finance

2.6.2. The Construction Project

2.6.3. The People

2.6.4. Staff Hierarchy

2.6.5. Interpretation of Data

2.6.6. Managing the Control Room

Part 3 – Putting Principles into Practice

3.1. The Risk Assessment

3.2. Developing a Security Plan and Operating Procedures

3.2.1. How to Make a Plan

3.3. Security Plan

3.4. The Emergency Response Plan

3.4.1. Possible Emergency Events

3.4.2. Emergency Plan Procedures Outline Templates

3.5. Medical Emergency

3.6. Fire Emergency

3.7. Bomb Threat Emergency

3.8. Hostage Emergency

3.9. Armed Robbery Emergency

3.10. Civil Unrest

3.11. Extreme Weather Emergency

3.12. Applying CPTED and Undertaking a CPTED Audit

3.12.1. Design Principles

3.12.2. Considerations

3.12.3. Understanding the Concepts

3.13. CPTED Audit Template

3.14. The Standard Orders and Procedures Document

3.15. Access Control Schedule

3.16. Security Audit Checklist

3.17. References

Most appealing for me is Rob’s drawing together the various elements of a well-thought-out security programme, with a focus on the risk assessment as the cornerstone. He looks at the three component aspects of a properly considered security risk management system – the three Ps: People, Products (technology) and Paperwork (risk assessment, plans, procedures, etc.) which inform the design and selection of appropriate risk mitigation measures. The failure of far too many security risk management programmes is rooted in the absence of a properly conducted security risk assessment and a siloed approach to implementing and managing the risk mitigation measures.

Another big plus for me is the short section ‘The People’, buried away about halfway through the guide. It would be great to see a bit more comprehensive guidance on this, as people failures are a large cause of electronic security systems failing to perform optimally. However, I understand in taking a dig at Rob, that people and engineers don’t always get on well together.

A further useful aspect is the provision of several document templates to aid those people establishing or wishing to improve the documentation of their security management system. In my experience, basing a set of procedures, etc. on a Quality Management System such as the ISO 9001 QMS standard, is very useful and enhances the level of the security service, if conducted properly.

It is very pleasing to see that the important aspect of cybersecurity and data/privacy is covered in this guide, because it is still ignored in far too many instances. However, I believe that a bit more space should have been given to the legal aspects, such as those contained in the Protection of Personal Information Act, No. 4 of 2013.

Indeed, perhaps a future edition could list the legislation which applies to electronic security and the data collected and stored by an estate’s security services and offer guidance as to whom, between the estate’s governing body, management and security service provider/s is responsible for which aspects of cybersecurity and data/privacy protection. Allied to this would be some guidance of the principles of ‘secure design’, given that many networked devices (IoT – Internet-of-Things) used in electronic security are still not sold with acceptable levels of built-in security.

Another opportunity for improvement in my view, would be to list in the References section, a comprehensive selection of relevant standards, such as those published by the various standards development organisations, for ease of reference.

The final analysis: A ‘must-have’ for those who have an interest in implementing or reviewing their electronic security systems as an integral aspect of their estate’s professionally run security risk management programme.

For more information on obtaining Secure by Design: A Guide to Residential Estate Security, got to

Bruce Robertson.

Bruce Robertson is a security governance and management consultant in the converged security field, with 35 years’ experience in the Police Crime Intelligence, corporate and private security environments (the latter in the EMEA context). He is a member of, inter alia, SABS/TC 0068 ‘Electrical and electronic security systems’ and SABS/TC 0001/SC 40 ‘IT Services Management and IT Governance’ (also serving as a SABS representative on ISO/IEC JTC 1/SC 40) and follows the activities of the major foreign regional and national standards development organisations in this regard. Bruce is a past chairman of the South African Institute of Security (SAIS).


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

South Africa adopts ISO standard to guide use of social media in emergencies
Editor's Choice
The South African Bureau of Standards (SABS), through its technical committee, has adopted the ISO 22329 standard that provides guidance on the use of social media during an emergency or crisis.

Free and open-source tool for detecting stalkerware
Editor's Choice
Kaspersky has unveiled a new hub dedicated to TinyCheck, a unique, innovative tool designed to detect stalkerware on mobile devices.

Look before you leap into a back-up power solution
Editor's Choice Security Services & Risk Management
Before you rush into purchasing a back-up power solution, you need to take a considered and long-term view of how to get yourself as close to grid independence as possible.

All-mobile people management solution with facial recognition
Editor's Choice Integrated Solutions Security Services & Risk Management Products
The new mobile Incident Desk People Management platform with facial recognition combines identification data on suppliers, staff, sub-contractors and even people on watch lists, for less than the cost of traditional service management tools.

Passion, drive and hard work
Technews Publishing Editor's Choice CCTV, Surveillance & Remote Monitoring Security Services & Risk Management
Colleen Glaeser is a leader in the security market, having made her mark in the male-dominated security industry through determination and hard work, along with a vision of making the world a safer place.

Are you your insider threat?
Technews Publishing Editor's Choice Security Services & Risk Management Commercial (Industry)
Insider threats are a critical aspect of risk management today, but what happens when it is the owner of the company acting fraudulently and making sure none of his staff can catch him?

Global GPS tracking and IoT management platform
Technews Publishing Asset Management, EAS, RFID
Wialon, Gurtam’s flagship product, is a telematics and IoT platform currently tracking over 3.2 million units in over 150 countries.

CathexisVision integrated with Suprema’s BioStar2
Technews Publishing News Access Control & Identity Management Integrated Solutions
This integration uses BioStar2 access control events to trigger automated actions on the CathexisVision system, including alerts, recording a camera and commands such as locking and unlocking doors, and clearing an alarm.

R60 per month per camera for cloud AI
Iris AI Editor's Choice
Snap Guard offers homes and small businesses an easy, low-cost cloud AI service that is self-managed but can also be linked to armed response services.

From the editor's desk: A way to fail safely
Technews Publishing News
This edition of Hi-Tech Security Solutions has a rather sad story (, but also one of courage. We interviewed Chris Bentley, who was what we would call an insider risk, ...