Seven Deadly Sins of Building Security
From bad building designs to management that ignores badge rules, Tim Giles runs through the top building security mistakes.
By Joan Goodchild , Senior Editor
September 07, 2009 — CSO —
You've got a few security guards and your CCTV system is up to snuff. You've got your building security covered, right? Think again. While many organizations are taking the steps to ensure their building is secure, many are ignoring basic pieces of the puzzle that is physical security in and around a facility.
Tim Giles, a security consultant and author of 'How to Develop and Implement a Security Master Plan,' was once in charge of all IBM Security operations for the US and Canada and today advises clients about how to design a security plan that fits the risk-level and needs of their building. He gave CSO a run down of some common missteps organizations make when devising a building security plan.
1.) Creating post orders without advanced analysis
"Most companies don't have an inside person with facilities security expertise," said Giles. "Often the facilities manager will put together a guard services contract and contract services with a company and they really have very limited ideas about how to manage it."
Giles thinks the problem is that an outside contract company will often come into the assignment with their own post orders and place security personnel without first conducting a real analysis of the security needs of the building. And because there isn't an experienced person within the company that understands security, there is no system of checks to ensure the contract security personnel are doing what they should be doing, said Giles. (Read a first-hand account of how easy it is for criminals to get in the door of a secure building in Anatomy of a Hack) Before any contract security services firm creates post orders for a building, they should first conduct a thorough assessment of the unique needs for security in the facility.
"Buildings differ primarily because of who the tenants are," said Giles. "Security needs to evaluate who is in there and what kind of risks they bring with them. Some have a high-traffic volume of visitors. They could be controversial; some might face the possibility of problems with former or disgruntled employees. All of those things dictate what security should be doing at their posts." (See Giles's sample employee termination checklist in CSOonline's Security Tools and Templates section)
2. Placing aesthetics over security
Giles said this mistake can be made as early as when the building is designed by an architect. While ground-level lighting and hidden cameras may be more pleasing to the eye, neither are good for security. Giles said he once worked in a building where the architect had designed all the cameras to be out of sight.