7.14 Implement and manage physical security

  • Perimeter security controls
  • Internal security controls

As discussed earlier, security is built in layers.  Crime Prevention Through Environmental Design is an idea that we can reduce crime by making our building more difficult to penetrate.

At the outmost layer, we have the external perimeter of the complex.  What do we put here?

  • A fence.  Going back to what I said earlier, we first want to make the fence so difficult to penetrate that people won’t bother.  That might mean building a concrete wall instead of a fence.  A concrete wall can’t be climbed, and it can’t be penetrated with a vehicle.

    A company called Cochrane Global makes some innovative fence products.  They include razor wire fences that are almost invisible, fences that can be deployed via a truck, fences that can float (to protect marine installations), and electric fences.

    We might put multiple layers of fences.

  • Cameras.  We should be able to view the entire perimeter.  This will allow us to detect a security breach and send security guards to stop it.  The cameras may be installed as part of the fence.

  • Motion sensors.  We might install motion sensors around the perimeter.

    Some companies make a fiber optic cable that is installed as part of the fence.  If the fence or the cable is cut, it sends an alert to the monitoring station.  We can see exactly where the cut is.

    We might also install pressure sensitive motion sensors in the ground to detect vehicles or people.

  • Security patrols.  The security patrols walk or drive around the perimeter and check for damage or unusual activity.

  • Gates.  At the entrance, we might have a gate for vehicles and/or people.  The gate might be automatic (a proximity card reader opens the gate) or operated by a security guard.

  • Lighting.  Lighting is important because people are less likely to attack an area if they know that they will be spotted.

Once the access to the complex has been gained, we now need to protect the building or buildings.  We might have one building or many.  Just because somebody is granted access to the complex does not mean that they are entitled to access every building.

Some of the security measures the perimeter of each building might have

  • Secure entrances and exits

  • Cameras and motion sensors

  • Access control card readers

The buildings themselves might be constructed far away from a public roadway if we are concerned about a bombing or other threat from a vehicle.

Within the building, we may have a public area where visitors can be and a work area for employees and authorized vendors.  Within the work area we may have even more sensitive areas.  These areas include vaults, SCIFs, equipment rooms, evidence storage rooms, and media storage rooms.  We might install electromagnetic shielding in these areas.

In general, we want to give each person access only to the areas that they require to do their job.  This can be completed with a granular access control system and also strict policy that prohibits tailgaiting.  Tailgaiting is when you let another person follow you through a restricted access door.

We must weigh the cost of the security against the value of the infrastructure that we are protecting.