by Siva | May 12, 2020 | Physical Security Audit
Security threats are ever-changing. To protect your facilities in this volatile environment, dangerous your physical security system must be audited periodically.
Everyone knows that their facilities are required to have security measures to prevent losses and protect their employees. What most facility/security leaders may not realize is their facilities are more vulnerable to physical security threats than they think.
The prime reason for any failure is the misalignment of what needs to be done versus what is being done. The objective of a review is not finding faults instead of helping the client to benchmark the best practices. Also, aligning the gap between what needs to be done versus what is being done.
The independent physical security auditing helps the client to understand the readiness of their program against ever-changing security threats.
In short, A physical security audit is a visual inspection that highlights the best practices and uncovers significant security issues. It is aligning gap between what needs to be done versus what is being done.
The physical security audits will uncover the actual effectiveness of your existing program: There many significant insights your audit will give you, the following 7 are a significant impact on your business.
#1. Outdated security procedures:
In general, Security Procedures are written during the inception of the security program and forgotten.
Outdated security procedures do not protect your facility against current security threats.
To secure your facilities, you have to regularly update your security procedures based on changing security threats.
So your facility security plan must be regularly (quarterly or semi-annually) audited to confirm that those relevant to current threats and adequately protecting your facility.
#2 Dysfunctional electronic security & design faults:
Often electronic security systems are installed by people who do not have security design expertise. Many times, the installation of electronic security systems is done without assessing security risks.
A physical security audit can reveal any electronic security measures in place are as per design basis threat.
The performance of system response to the security incidents and maintenance schedules of the system to ensure effectiveness.
#3. Unprepared staff:
Untrained staff can reduce your productivity, some times, even put your employees and facilities at risk. Because they do not know what to do and how to respond correctly to security or safety incidents.
All your facility staff needs the training to make better decisions and act correctly during emergencies.
Independent physical security audits will reveal your employees’ actual preparedness to handle emergencies. Thus you will get a fair understanding of which areas needs improvement.
#4. Unauthorized access:
Often facility managers deploy security staff and visitor management systems and assume that access control to their facility is going smoothly. A physical security audit is the best way to know if any unauthorized people had accessed the facility, and the security staff is following as per process.
Uncontrolled access can lead to unauthorized people accessing the facility and, eventually, any security incident. Access control of people, the material is a must in a facility.
Also, based on the physical security audit findings, the best practices can be implemented.
#5 Abuse of policies & procedures:
Organizations hope that employees do not abuse company procedures. But the reality is otherwise. One leaked security information, or one stolen badge, can put your business and operations at risk.
A physical security audit will reveal all such process gaps by employees and other facility staff.
#6 Negligence towards company assets:
Employees’ non-adherence security processes can lead to any extreme security incidents.
Do not let the culture of convenience overriding security processes. If you allow your employees to unauthorizedly open the doors or use short cuts or improperly discard confidential information, it will become a cultural issue.
It will lead to devastating results of severe security breaches and loss of business reputation.
A physical security audit is the best way to know security process adherence and level of employee awareness in the facility security program.
#7 Improper screening of the candidates:
In this volatile security threat landscape, negligent hiring can cost organizations severe reputational risks.
Employee background checks are a must. But often the effectiveness of checks and sometimes checks are being neglected by the hiring department due to the urgency of filling the posts.
A physical security audit can reveal the employee background screening was done effectively.
Conclusion:
In any security program, the prime objective of the audit is the alignment between the existence and implementation of the security policies.
People often fall into their natural tendencies, and operations focus shift to “a person dependant rather than process-driven.” A physical Security audit can align what your policy and procedures with execution.
The Physical Security Audits will give the management the independent, objective, and professional insights into the following things. So the management will have a fair understanding to make informed decisions.
The physical security audits will act as eyes and ears on the ground to the management and for regional leaders they effectively utilized.
Let me know your thoughts from the comments section below what all other aspects you have discovered in your internal/external audits:
P.S. If you are looking for independent, objective, and professional physical security auditing services, Corp Security Solutions can help you. Contact us for no-obligation free consultation to know how we can help you.
by Siva | Mar 18, 2020 | CCTV, Electronic Security, Security Awareness, Security Technology
Every human being needs regular exercise to keep him/her fit. Similarly, every security system needs periodic maintenance to function properly. Simply put, security system maintenance is essential.
Security system maintenance involves testing the functionality, rectify the issues, and updating software that increases durability. Criminals/bad guys always look for weak points in the security systems to steal valuable assets and cause harm. If you ignore the security systems maintenance, the worst thing you wanted to avoid will happen.
Hackers can compromise your security system, fails to detect intrusion attempts, and fails to record when the crime occurs.
Video Surveillance/CCTV Security Systems:
We have witnessed countless examples of security systems that are not being appropriately maintained.
Many instances, we found that customers are shocked to know that their video surveillance/CCTV security systems did not record the scene of the crime.
Our investigation revealed that the customers installed video surveillance/CCTV security systems a year ago. But they never bothered to get the maintenance done after that. Before the actual crime happened, the security system got malfunctioning and did not record the footage.
In some other instances, the business leaders were shocked to know that the theft insurance was not settled by their insurer due to the security system not maintained.
Even the police/ your security team cannot recover the assets as there is no evidence.
The losses caused by the criminals/bad guys in terms of stealing critical data and valuable assets resulted in more than 100x of the maintenance cost to the business.
Just in case of video surveillance/CCTV security systems, if you do not carry out periodic maintenance, there could be many things that could affect the functionality of the system. For example,
- CCTV cameras are not recording,
- hard disk failure,
- the date & time of CCTV footage is showing wrong that could mislead an investigation,
- cables wear and tear or broken, or loose cabling resulted in blurry CCTV footage,
- Motion sensor malfunctioning. In general, businesses are using motion-based CCTV footage recording if the motion sensor is faulty, it does not record the crime. Motion sensors need periodic checks to ensure their functionality
Access Control Systems:
In many instances, the businesses get the Access Control Systems are installed for their facilities
But the maintenance part was not taken seriously. It is like to install and forget.
Our Physical security audits revealed that many such instances in which the Access Control systems, once installed, were never got updated to save money. The outdated versions are prone to systems hacks.
What worst could happen to your assets if you have an outdated Access control System that can be controlled by criminals easily? And the only way to prevent system hacks or getting compromised is through periodic security system maintenance.
To the gloom of the business leaders, the cost-cutting on security systems can cost their whole business.
Intrusion Detection Systems:
Organizations often focus on automating security systems to reduce the guarding staff and cost. One of the vital security systems that are considered in this stage is intrusion alarm systems.
What worst could it happen if your IDS fail to detect the intrusion of the criminals? Or your security response team did not attend assuming false alarms?
False alarms are one of the frustrating things of many security response staff.
False alarms could affect the quality of security team response. As they perceive the real alarm as false due to the high number of false alarms.
And the only way to prevent false alarms and improve security team response is through periodic security system maintenance.
Conclusion:
Security system maintenance is a must to protect your assets.
Security system maintenance will:
- Ensures that your security systems are working to their optimum performance.
- Prevent your security system from being comprised or hacked
- Increase the life of the equipment that prevents the replacement of costly equipment that actually saves money in the life cycle.
- Avoid wastage of resource of time and
- Avoid the downtime of critical security equipment
- Increase the motivation of security response team that improve the quality of your security response
- From a business standpoint, it could even reduce the insurance premiums and ensure your security team supports your business continuity during crises.
- Finally, it assures the quality of services to your clients and employees by actually protect the assets.
The security systems that are not maintained adequately, actually cost huge fortunes to their owners.
Please don’t do it for the sake of record-keeping. Do it because it protects your assets and gives you and your stakeholders peace of mind.
by Siva | Feb 11, 2020 | CCTV, Electronic Security, Home Security Advice, Security Awareness, Security Technology
Are you planning CCTV/video surveillance at your place? Everyone tells that they are experts in CCTV cameras installation these days. For example:
- Security System Integrators.
- Local CCTV Suppliers/Installers.
- Electrical Contractors/Electricians.
- Computer Repair & Services.
- Interior Decoration Dealers.
But who are experts actually?
In the above list, the Security System integrators are only qualified to do the job correctly because it is their specialization.
Knowing how to install CCTV does not mean that they understand security design methodologies.
What is the purpose of installing CCTV cameras in the first place?
To protect your valuables, right?
Our on-site assessments brought out some of the craziest design faults. For example, a local CCTV installer designed the storage system in an unsecured zone, which gives easy access to the bad guy to destroy your CCTV system quickly.
If the price is the only factor that you decide, you better do not purchase.
If you make your purchase decision based on only at a low cost, you will only get cheap service.
Security is all about quality, whether it is design or response.
No quality, no protection.
If the budget is a prime concern, you better decide on less quantity and more quality rather than more quantity and less quality.
If you go cheap, you will face the following problems:
If you choose the local installers/distributors/technicians/electricians, you will not only waste your money but also the installed system does not protect your assets.
And the worst part is if you choose cheap equipment due to budget limit, no one provides service support to your CCTV system if it does not work. Because the maintenance cost of cheap equipment will be more.
The trend has been that those companies/vendors who operated at low cost have suffered losses and closed their businesses within 2 Years due to loss. This will be a huge replacement cost for you.
If you want to avoid the above headache, it is better to choose professional security solutions providing companies.
Corp Security Solutions is a Security Risk Consulting Company & Expert Security System integrator.
The benefits you will get are risk-based security planning, professional CCTV design, installation& service. Also, you will get onsite support and assistance through AMC or On-Call.
by Siva | Feb 6, 2020 | Security Awareness
Daily, when you read a newspaper or watch a news channel on the TV, the crime news, be it a murder, rape, robbery or assault, is everywhere.
You come across stories such as Ram, a software engineer, was robbed of his values while he on his way home from office or Rachel, a student was raped or goons assaulted Arjun, a techie.
Crime is everywhere. After reading or watching this news, you pity for these individuals, curse their fate or blame the society, police, or political system.
Two choices:
One is either to go back to the routine mode and do the same, as I mentioned above.
Or the second is to spend less than one percentile of the time to understand how crime occurs practically and then learn to avoid being a victim of a crime or protect ourselves from it rather than wasting way too much of time on either reading a newspaper or watching the TV without having a clue of it.
The choice is yours!
Common folks believe that crime is something that happens unexpectedly. Because they are misled by the crime scenes depicted in the movies or in the fiction novels or in the news channels in that direction.
However, security professionals and law enforcement professionals know that crime is a process and often follows a pattern by virtue of his profession and experience.
Crime Triangle
Anyone can understand this process easily if he or she is willing to learn. Security experts call it a Crime Triangle. For a crime to occur, three elements, namely “desire, target, and opportunity” must be present.
For example, If you ever attended a fire safety class in your college or your office induction training, they might have told you, for the fire to occur, three elements, namely “ignition source, fuel, and oxygen,” must be present.
Safety professionals call it a fire triangle.
They also might have told you that fire cannot happen unless these three elements are present. If you remove any one of these elements, you can remove the risk of a fire.
The simple theory applies to a crime as well. For a crime incident to be successful, three elements, namely “desire, target, and opportunity” must be present there.
This process is known as a crime triangle. The good news is that you have control over the two out of the three elements.
Let me explain each of these individual elements step-by-step.
Desire Or Motivation:
The first element is “desire.” This is the criminal’s drive, intent, motivation, and his rationale for committing a crime.
You absolutely have no control over what is going on in someone else’s mind. Therefore, there is nothing realistically or practically, you can do to restrict or eliminate their desires or motives.
Once a criminal has a desire, he or she looks for a target and an opportunity. This is where your security awareness and readiness come to into play a vital role.
Target Or Victim:
Criminals always look for an easy target. They choose someone who appears to be an easy victim. They search for people who appear as not being aware of their surroundings, easy to overtake, or overpower.
Therefore, an easy target for the criminal is the one who will not put up any resistance while committing a crime. Here is what you can do not to become an easy target:
- By becoming more aware of your surroundings
- By improving your body language like confident glance, chest up & chin up and shoulders back & arms swinging, walking confidently
- Scanning the area etc
By doing the above, you send a strong signal to any would-be predator that you are not an easy target.
Opportunity Or Place:
The third element is “opportunity.” You can simply break the crime triangle by not providing an opportunity to criminals. Once a criminal has a desire and finds an easy target or victim, then he needs an opportunity or place to commit the crime.
Understand Security Process:
For being secure 24/7, one needs to understand that there are two elements involved in the security process. One is security awareness, and another is the security readiness of the individual.
Awareness is the understanding of what a crime is, why, and how the crime occurs and knowing about the environment.
The security readiness is how capable anyone can become to avoid the potential dangers, to reduce the impact, or to neutralize the crime if he or she becomes a target
In the awareness part, you can control this by paying attention to the environment like
- Are you in a crime-prone area of the town?
- Are you walking in the unlit or dark area?
- Are you in an isolated area?
- Are you not defining personal boundaries?
- Are you letting the strangers too close to ask questions?
In the readiness part, you can prepare yourself simply by avoiding the opportunities that lead to crime. Reduce the opportunity is about being vigilant to your environment and your readiness to remove yourself from the questionable environment if you sense any danger or by sending strong signals that you are not an easy target.
Neutralizing a criminal is by taking a self-defense course or learning skills set for becoming a capable guardian of yourself to fight back if you are confronted if the crime is inevitable.
Example-1:
Imagine a criminal got a desire to steal a significant amount of the money so that he can get whatever he wants without working hard to earn that money legally.
He carried out the recce of the town and found a nearby bank has several customers drawing money daily. One day, he observed a person drawing a significant amount of money from the bank.
Now, whether he will become the victim of the crime or not depends on two factors (not becoming an easy target and not giving an opportunity)
Here Is How He Can Do It:
Not to become an easy target:
- Be alert to his surroundings
- Confident gazing and scanning the area quickly for anyone suspicious person or activity
By doing these, he could send a strong signal to the criminal that he is not an easy target.
Not giving an opportunity:
- Not letting the strangers come too close
- Avoid going through crime-prone area
- Avoid walking in the unlit or dark area
- Avoid going in an isolated area
Example-2:
Let us take an example of Rosie, an attractive, bold young lady who had to work late night in the office. After back-to-back meetings, she is almost tired, and then she left for home.
She booked a local cab and got into the cab to go home. If the cab driver has a desire to sexually assaulting her, he will look for whether she is an easy target or not.
Since she is already tired and available in his cab, she might appear to be an easy target. Also, it is also late night and the area is dark so that he can quickly isolate her from any public, an excellent opportunity for him to commit a crime.
Whether she becomes a victim of a crime or not depends on two factors (Not becoming an easy target and not giving an opportunity).
According to the Crime Triangle principle, she will not have any clues about his desire or motivation, whether he will commit a crime or not.
Here Is How She Can Avoid The Crime:
Not to appear an easy target:
- Sit and behave in the cab as someone on purpose and a capable guardian by projecting strong body language and vocal projection
- Being vigilant to the driver and surrounding environment rather than texting with the smartphone
- Book the cab from reliable transport and take complete details of the driver during booking
- Update about her whereabouts to the capable guardians (family members, friends, or police patrolling teams) overtly so that the driver be aware that his identity has already been passed to the concerned response team.
By doing these, he could send a strong signal to the criminal that he is not an easy target.
Not giving an opportunity:
- First off, avoid traveling in odd hours alone
- If unavoidable, taking the help of capable guardians (Security escort or family members, friends, colleagues, or police patrolling teams colleague).
- Having and trained in using a self-defense instrument (gun, pepper spray, etc.) to respond back
- Making herself a capable guardian by taking a self-defense class(Requires time and effort) or else avoid going alone is the best option.
Conclusion:
To protect yourself from crime, you must understand that there are two elements involved in the security process. One is your security awareness, and another is your security readiness.
Security Awareness is the understanding of what a crime is, why, and how the crime occurs and knowing about the environment.
Security Readiness is how capable you can avoid the potential dangers, to reduce the impact, or to neutralize the crime if you become a target.
Therefore, by improving your awareness and readiness, you can break the crime triangle and then avoid being a victim of a crime or can protect yourself from potential crime.
Thanks for reading! Let me know your thoughts from the comments sections.
by Siva | Feb 6, 2020 | Electronic Security, Security Technology
The design of effective physical security system requires a methodological approach. An effective physical security system integrates people, procedures, and technology for protection of the assets against thefts, sabotage, and malicious human attacks.
Hence, the designer or security director should weigh the objectives of the physical security system clearly against available resources and then evaluate the proposed design to ascertain how well it meets the objectives of the security program.
Comprehensive security risk assessment is the key
A comprehensive security risk assessment is essential prior to design the effective physical security system. The PSS (Physical Security System) might waste valuable capital on unnecessary protection or fail to provide sufficient protection at critical points of the facility if a comprehensive security risk assessment is not carried out.
For instance, it is probably imprudent to protect employee recreation area with the same level of protection that a data center may require. Similarly, maximum security at the main entrance would waste if the entry could also possible from other unprotected points.
As each facility is unique, a proper security risk assessment that evaluates the criticality of assets, threats, vulnerabilities will give a clear picture of risk exposure that gives a baseline for effective physical security system design.
Focus on Performance not on features:
Another important thing to keep in mind is a performance based system design is always effective than compliance or features based system. Because performance-based system design provides clear performance measures that can be validated with numeric characteristic for various system components.
For instance, a Performance based system design allows predicting performance against identified threat in various system effectiveness parameters. In this, we can assess sensors effectiveness under various environmental conditions, video clarity at different illuminating conditions, the response time of guard force etc.
This performance-based system is also quite helpful to build the business case to persuade the business leaders to by highlighting clear cost benefit analysis.
Design Basis Threat:
An effective PSS design should have a process that produces the design as per DBT (Design Basis Threat) and not on mere assumptions or experience of the individual designing the system.
Even though there are a number of security risk assessment and system design methodologies available to adapt, the following 3-step methodology suggested by Mary Lynn Garcia was proven its effectiveness over 3 decades at the critical installations.
1. Determining PSS objectives
2. Design or characterization of PSS
3. Analysis and Evaluation of PSS
1. Design Physical Security System Objectives:
In order to develop the objectives, the designer must accomplish three steps. Those are Facility Characterization, Threat Definition, and Target Identification.
a. Facility Characterization:
It this step, the designer needs to understand the facility itself. He or she needs to assess the facility operations, conditions, operating states and the entire layout of the facility such as site boundary, building location, building interiors floor plans, access points, blueprints, process descriptions, health, safety and environmental analysis reports etc.
Then he or she also needs to assess any additional considerations for any operational, safety, legal liability or regulatory requirements while designing PSS.
In addition, a tour of the sites and interviews with the facility personnel will provide necessary info on the effectiveness of any existing physical protection features.
Involving all-important stakeholders is also necessary for ensuring the business operations are continued in a secure, safe and efficient environment. As each facility is unique, this process should be followed each time a need is identified.
b. Threat Definition:
The second step in determining the objectives is to define the threat. In this step, the designer needs consider the factors about potential adversaries, their class, capabilities and a range of tactics.
He or she must collect information about the adversary Class, Tactics, and Capabilities.
The classes of adversary:
An adversary can be categorized into three classes – outsiders, insiders and outsiders working in collusion with insiders.
Tactics of adversary:
Adversary can use deceit, stealth, force, or any of the combination is the range of tactics each class of adversary can use to defeat PSS. For instance, Deceit is an attempt to defeat a security system by using false authorization or identification. Stealth is an attempt to defeat a security system by using covert means. (Spoofing or bypassing a sensor). Force is an overt, forcible attempt to overcome a security system,
Capabilities of adversary:
The designer needs to identify the most likely threats and should design the system to meet those threats by the keeping their capabilities in consideration. For instance, there may be several threats, any given facility can encounter, such as a criminal outsider, disgruntled employee, competitors or some combination. Hence, an effective physical security system must be designed to protect against all of these threats.
c. Target Identification:
The final step is to perform target identification for the facility. For, this A thorough review of the facility and its assets should be conducted. This may include identifying critical assets, people, information or critical equipment or processes or reputation anything that could impact business operations.
For instance, Determining the negative impact or unacceptable consequence in the event of loss of an asset or sabotage of an equipment or interruption of a business process will help identify critical assets, or equipment, or process that needs to be protected.
Once the designer completes these three steps, he can determine the protection objectives of the physical security system. For example, to intercept a criminal adversary with hand tools and a vehicle before he removes finished goods from the shipping dock.
The threat definition will depend on target identification and vice versa. Since any facility can have any number of threats, the process of determining objectives will be somewhat recursive and requires assessing the complex relationships among the protection system objectives.
2. Design Physical Security System:
Once the designer knows the objectives of PSS that is what to protect against whom, the next step is to design the new system or characterize the existing system.
The primary functions of a physical Security system are
· Detection of an adversary
· Delay of that adversary
· Response by security personnel (Guard Force)
If a new system is to be designed, the designer should better integrate PSS components (people, procedures, and technology) with PSS functions (detect, delay and response) to achieve PSS objectives.
The integration process includes better combining the elements such as barriers, intrusion detection systems, access control systems, video surveillance, communication devices, procedures, and security personnel into a physical security system that can achieve the protection objectives.
An effective PSS should meet protection objectives within the operational, safety, legal and economic constraints of the facility.
The designer should also be aware and implement certain important principles during the physical security design and the close associations between detection, delay, and response functions. For instance,
· A physical security system performs better if detection is as far as from the target as possible and delays are as near as the target.
· Detection without assessment is not detection.
· A response Force cannot respond unless it receives a communication call for a response.
The designer should integrate each system component in combinations that complement each other to protect any weaknesses in the overall PSS.
If the Physical security system already exists, it must be characterized to establish whether it is meeting the protection objectives. If not, it needs to be redesigned.
3. Analysis and Evaluation of PSS:
Once the PSS is designed, it must be analyzed and evaluated to ensure that it is meeting the physical security objectives. To estimate the minimum performance levels achieved by a physical security system more sophisticated qualitative and quantitative analysis techniques can be used.
Generally, quantitative analysis will be used in systems that are designed to protect high-value critical assets and qualitative techniques used in systems that are designed to protecting lower value assets. In order to complete a quantitative analysis, performance data must be available for the system components.
The outcome of this analysis process is a system vulnerability assessment which will find that the design effectively achieved the protection objectives or it will identify weaknesses.
If the protection objectives are achieved, then the design and analysis process completed. However, the PSS should be analyzed periodically to ensure that the original protection objectives remain valid.
If the PPS is found to be ineffective, the designer needs to redesign or upgrade the initial protection system design to correct the identified vulnerabilities. Then, an analysis of the redesigned system is performed. This cycle continues until the outcome indicates the PSS meets the protection objectives.
