Security Improvement Starts With a Plan

When it comes to project implementation, many security professionals jump right in at the solutions stage — throwing any and all technology at the problems. In doing so, they are missing the boat. A number of questions should be answered before jumping to a solution. It starts with evaluating inherent risk to the company or organization, and identifying threats and liabilities.

Concentric Rings of Analysisand Protection

Any security plan’s intent is to protect an organization’s core assets. To accomplish the task, the organization should create concentric rings of protection, starting the furthest distance from the assets and moving inward toward those assets.

Starting with an evaluation of the site or location of a facility, a number of fundamental questions come to mind:

• What are the crime statistics in the geographic location?

• Is there an incident history for the facility?

• Is the facility in a remote area and therefore away from public eyes?

• How many entrances and exits are there to the site and what is the coverage model for these points?

• Is there adequate lighting present to support a sound CCTV application?

• What is the relative location to airports, chemical plants and facilities, railway tracks, highways, etc.?

These questions are part of a complete examination of site conditions that is the first step to a successful protection plan. Improving security may be as easy as fencing the perimeter of the site or constructing gates to limit access. Maybe there is a need for advanced CCTV applications or fence and perimeter detection and protection. Or perhaps the solution requires further analysis.

Evaluating Building Security

Moving inward on the rings of protection, looking now at the building or buildings brings these questions to mind:

• How does the architecture of the facility control the flow of employees and visitors?

• Are there buffer zones between parking areas and the building itself?

• Does the facility have blind spots or areas difficult to cover with CCTV?

• Are there adequate emergency exits and are the exit plans clearly posted and understood?

Possible solutions to these conditions include constructing barriers between the parking areas and the building or putting up a wall or fence in blind or concealed locations, thus creating limited ingress points to screen personnel or visitors.

Planning for Asset and Liability Protection

Turning attention to what assets need to be protected, what the facility is used for, and what risks and liabilities are associated with the assets and the facility, it’s time to ask the following questions:

• Are the assets, products or information highly desirable to others?

• Are the assets valuable or easily converted to liquid assets? (e.g. chemical or biological agents, drugs, defense or classified information.)

• Is the floor plan open and inviting or is access to different areas and/or departments limited?

• What type of ventilation is built into the facility and are there control systems in place to limit exposure to personnel and visitors?

If the organization has conditions or assets described by some of these questions, more advanced solutions such as access control, chemical and biological detection, or integration and automation of the security process are needed to effectively limit exposure and liability. In this more extensive, complicated terrain, additional answers are needed:

• Is there limited access to mailrooms and shipping and receiving areas?

• Have bomb threat policies and procedures been put in place?

• Are there invasion and penetration response plans?

• Are all mail, supplies and deliveries entering the facility screened?

• What are the liabilities or risks associated with internal personnel removing assets or information from the facility?

• Are there screening processes for personnel and visitors leaving the facility?

• Is there a good business continuity plan in place?

Improved security is more than random, sophisticated technology. It lies in really examining what needs protecting and what comprehensive and integrated protection will look like.

If necessary, retain the services of a security professional, but keep in mind that there is no substitute for a comprehensive security risk, vulnerability and threat assessment.

JAMES GOMPERS is founder of Gompers Technologies Design Group Inc. and Gompers Technologies Testing and Research Group Inc. He has more than 20 years of expertise in the security industry as a consultant from the end-user perspective. This is another in a series of articles he is writing for Government Security. E-mail him at [email protected]