Tips on Physical and Environmental Security
- Physical security is usually the first line of defense against environmental risks and unpredictable human behavior.
Crime Prevention Through Environmental Design (CPTED) combines the physical environment and sociology issues that surround it to reduce crime rates and the fear of crime. - The value of property within the facility and the value of the facility itself need to be ascertained to determine the proper budget for physical security so that security controls are cost-effective.
- Automated environmental controls help minimize the resulting damage and speed the recovery process. Manual controls can be time-consuming and error- prone, and require constant attention.
- Construction materials and structure composition need to be evaluated for their protective characteristics, their utility, and their costs and benefits.
- Some physical security controls may conflict with the safety of people. These issues need to be addressed; human life is always more important than protecting a facility or the assets it contains.
- When looking at locations for a facility, consider local crime, natural disaster possibilities, and distance to hospitals, police and fire stations, airports, and railroads.
- The HVAC system should maintain the appropriate temperature and humidity levels and provide closed-loop recirculating air-conditioning and positive pressurization and ventilation.
- High humidity can cause corrosion, and low humidity can cause static electricity.
- Dust and other air contaminants may adversely affect computer hardware, and should be kept to acceptable levels.
- Administrative controls include drills and exercises of emergency procedures, simulation testing, documentation, inspections and reports, prescreening of employees, post-employment procedures, delegation of responsibility and rotation of duties, and security-awareness training.
- Emergency procedure documentation should be readily available and periodically reviewed and updated.
- Proximity identification devices can be user-activated (action needs to be taken by a user) or system sensing (no action needs to be taken by the user).
- A transponder is a proximity identification device that does not require action by the user. The reader transmits signals to the device, and the device responds with an access code.
- Exterior fencing can be costly and unsightly, but can provide crowd control and help control access to the facility.
- If interior partitions do not go all the way up to the true ceiling, an intruder can remove a ceiling tile and climb over the partition into a critical portion of the facility.
- Intrusion detection devices include motion detectors, CCTVs, vibration sensors, and electromechanical devices.
- Intrusion detection devices can be penetrated, are expensive to install and monitor, require human response, and are subject to false alarms.
- CCTV enables one person to monitor a large area, but should be coupled with alerting functions to ensure proper response.
- Security guards are expensive but provide flexibility in response to security breaches and can deter intruders from attempting an attack.
- A cipher lock uses a keypad and is programmable.
- Company property should be marked as such, and security guards should be trained how to identify when these items leave the facility in an improper manner.
- Floors, ceilings, and walls need to be able to hold the necessary load and provide the required fire rating.
- Water, steam, and gas lines need to have shutoff valves and positive drains (substance flows out instead of in).
- The threats to physical security are interruption of services, theft, physical damage, unauthorized disclosure, and loss of system integrity.
- The primary power source is what is used in day-to-day operations, and the alternate power source is a backup in case the primary source fails.
- Power companies usually plan and implement brownouts when they are experiencing high demand.
- Power noise is a disturbance of power and can be caused by electromagnetic interference (EMI) or radio frequency interference (RFI).
- EMI can be caused by lightning, motors, and the current difference between wires. RFI can be caused by electrical system mechanisms, fluorescent lighting, and electrical cables.
- Power transient noise is a disturbance imposed on a power line that causes electrical interference.
- Power regulators condition the line to keep voltage steady and clean.
- UPS factors that should be reviewed are the size of the electrical load the UPS can support, the speed with which it can assume the load when the primary source fails, and the amount of time it can support the load.
- Shielded lines protect from electrical and magnetic induction, which causes interference to the power voltage.
- Perimeter protection is used to deter trespassing and to enable people to enter a facility through a few controlled entrances.
- Smoke detectors should be located on and above suspended ceilings, below raised floors, and in air ducts to provide maximum fire detection.
- A fire needs high temperatures, oxygen, and fuel. To suppress it, one or more of those items needs to be reduced or eliminated.
- Gases like halon, FM-200, and other halon substitutes interfere with the chemical reaction of a fire.
- The HVAC system should be turned off before activation of a fire suppressant to ensure it stays in the needed area and that smoke is not distributed to different areas of the facility.
- Portable fire extinguishers should be located within 50 feet of electrical equipment and should be inspected quarterly.
- CO2 is a colorless, odorless, and potentially lethal substance because it removes the oxygen from the air in order to suppress fires.
- Piggybacking, when unauthorized access is achieved to a facility via another individual’s legitimate access, is a common concern with physical security.
- Halon is no longer available because it depletes the ozone. FM-200 or other similar substances are used instead of halon.
- Proximity systems require human response, can cause false alarms, and depend on a constant power supply, so these protection systems should be backed up by other types of security systems.
- Dry pipe systems reduce the accidental discharge of water because the water does not enter the pipes until an automatic fire sensor indicates there is an actual fire.
- In locations with freezing temperatures where broken pipes cause problems, dry pipes should be used.
- A preaction pipe delays water release.
- CCTVs are best used in conjunction with other monitoring and intrusion alert methods.
- CPTED provides three main strategies, which are natural access control, natural surveillance, and natural territorial reinforcement.
- Window types that should be understood are standard, tempered, acrylic, wired, and laminated.
- Perimeter Intrusion Detection and Assessment System is a type of fence that has a passive cable vibration sensor that sets off an alarm if an intrusion is detected.
- Security lighting can be continuous, controlled, stand by, or responsive.
- CCTV lenses can be fixed focal length or zoom, which control the focal length, depth of focus, and depth of field.
- IDS can be a photoelectric system, passive infrared system, acoustical detection system, wave-pattern motion detectors, or proximity detector