This article was first published on The Security Professional Directory blog and is intended to provide a high-level overview of the term “physical security,” which is truly dynamic. The definition of physical security must evolve constantly if we as physical security professionals intend to keep pace with the changing threat landscape we operate in. For the reasons shared below, those of us in the security industry need to be regularly collaborating, innovating, and auditing that which we put into practice; to ensure we are proactively preventing those risks we can predict, and to ensure we’re positioned to rapidly recover from those we cannot.
Physical security encompasses technologies such as closed-circuit television (CCTV), access control, alarm systems, barriers, lighting, and more. It includes comprehensive concepts such as Crime Prevention Through Environmental Design (CPTED) or zones of protection, and progressive processes such as risk assessments and system audits. Additionally, when properly designed, physical security deliverables are compliant with required Authority Having Jurisdiction (AHJ) codes and industry standards, which exist as a means of providing baseline regulations for an industry very much in need of creativity and fresh perspective. These technologies, concepts, processes, and regulations, the sum of which achieve maximum protection via a multi-layered approach, are essential building blocks when endeavoring to provide wholistic physical security.
The goal of any physical security deliverable is to protect assets by discouraging and, as much as possible, preventing loss. Assets can be machinery or products, they can be intellectual property or proprietary information, and they can certainly be the people driving an organization forward. The physical security deliverables necessary to achieve the goal of protecting assets are determined by conducting a case by case threat level assessment; this will bring to light the organization’s risk level.
Whether protecting a private small business in a rural town or a large public facility in the center of a booming metropolis, where there are assets there will be varying degrees of risk. There is no cookie cutter approach to protecting an organization’s assets, as each are unique, and so it is extremely important for security professionals to assess the threat landscape each time a new system is designed. Likewise, regular re-assessments are critical, as the threat landscape is constantly changing for the following reasons:
1. Technology is constantly changing; new advancements oftentimes bring new vulnerabilities.
2. Determined would-be criminals may be conducting their own penetration tests of the organization’s physical security measures in hopes of uncovering a weakness in perimeter defenses.
3. Employee turnover leading to inside information becoming available outside the organization.
4. Growing organizations are oftentimes changing process and technologies as inefficiencies are identified; their physical security measures should be growing with them.
“Physical security” cannot be statically defined or viewed as a fixed, one-time deliverable, as it must evolve with the threat landscape around us; acknowledgement of this lays the foundation for the implementation of sustainable security measures that address both today’s threats, and future threats. It is prudent for organizational leadership to not only invest in expert(s) who can professionally assess threats and make security recommendations specific to their needs, but also for them to invest in continued security education for their employees, regular re-assessments of their technologies, concepts and processes, and scheduled maintenance of each of these.