Physical Security Risk and Countermeasures: Information Requirements
What information does a security manager need in order to select countermeasures? Thomas Norman spells out the details.
By Thomas Norman
February 22, 2010 — CSO —
Excerpted from Risk Analysis and Security Countermeasure Selection
What Kind of Information Do We Need to Evaluate to Determine Security Effectiveness?
Security managers need to know:
-
Asset Locations
Property
Proprietary information
—Where intrusions are possible
—Where intruders are likely to travel where they can be delayed or interrupted
—Where intruders can be detected along the way to valuable assets
Direct attacks
—Where direct attacks from the perimeter can be conducted
Removals/misappropriations
—Where assets are readily available that can be stolen or misused Countermeasures
—Detection systems
—Assessment systems
—Delaying systems
—Evidence-gathering systems
—Response systems
—Communications systems
—Guards
—Transportation
—Weapons
—Tactics
b. Functions
—Detect intrusion
—Verify intrusion
—Assess intentions
—Delay intrusion
—Intervene
—Defeat aggression
—Identify intruder
Probable effectiveness of countermeasures in addressing the type of vulnerability
—Detection
—Assessment
—Delaying
—Responding
b. Denial (delaying systems and respond and defeat force)
c. Containment (prevent the adversary from leaving with the asset)
d. Recovery (after the loss of the asset)
e. Observe and report
f. Respond and defeat
Read more about physical security in CSOonline's Physical Security section.
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
PHYSICAL SECURITY ESSENTIAL READING
Gain expert insight into the full gamut of physical security issues, including access control, surveillance, protective strategies, metrics and much more
Inside the new World Trade Center's 'situational awareness' platform
A case study in connecting sensor input for faster incident identification and response
PSIM: physical security information management basics
What is PSIM and how will it improve your risk management?
Metrics for physical security programs
Leading CSOs identify operational measures that matter
Physical security risk and countermeasures: effectiveness metrics
7 deadly sins of building security
Buyers' guide to IP surveillance cameras | 2011 update: The march to megapixel continues
Six keys to executive protection
Organized crime and retail theft
Preventing workplace violence
Physical Security Webcasts
- Distributed Database Security with Real-time Monitoring
- InfoSphere Warehouse Packs Demo
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
Physical Security White Papers
- Step right up and listen to the security barker
I've gotten some interesting feedback to yesterday's post about the security evangelist title, especially from a guy who gave himself the perfect title in an industry that often feels like a circus. Sean Jackson (@shunkydave on Twitter) sent me the following tweet: "Re: Evangelist, I'm now calling myself the Security Barker to my family and friends." - Is the title 'security evangelist' really that bad?
- Teenage hackers could be our last, best hope
More Salted Hash with Bill BrennerWhite Papers
Sponsored Links
