Paradise is now shut and locked, barred by angels, so now we must go forward, around the world and see if somehow, somewhere, there is a back way in. — Heinrich von Kleist
The concept of security in physical layers is introduced and addresses external barriers (such as, fences, walls, gates, buildings, and lobbies) and internal barriers (such as, access control systems). Internal controls and intrusion detection systems are also addressed, as is the use of current technology, such as biometrics.
Definition of Physical Security
No business is without security problems and assets protection risks.These risks and problems take many forms. Effectively mitigating them is not a happenstance occurrence. Problem elimination and risk mitigation require planning and an understanding of security needs, conditions, threats, and vulnerabilities. Assessing security conditions and planning for appropriate levels of assets protection begins with the basics: risk management. Physical security is the most fundamental aspect of protection. It is the use of physical controls to protect the premises, site, facility, building, or other physical assets belonging to IWC. The application of physical security is the process of using layers of physical protective measures to prevent unauthorized access, harm, or destruction of property. In essence, physical security protects a property, plant, facility, building, office, and any or all of their contents from loss or harm. Physical security contributes to protection of people and information. Sophisticated protection measures, other than physical, are employed to protect people and information. Nevertheless, physical security measures are part of the overall protective package. They are the baseline security measure, or foundation, on which all other security measures and functions are built.
For IWC, physical security measures are used to ensure that only authorized persons have access to IWC facilities and property. The measures employed must be appropriate for each separate operating environment. The IWC manufacturing facility requires physical security measures and functions and controls that may differ from those used at one of the IWC sales offices. Manufacturing facilities in different parts of a country or in different countries generally require differing physical security measures—one size does not fit all. In any event, physical security measures are the baseline of protection for IWC. All other security measures will be integrated with physical security measures, developing a protection profile of assets protection within layers. It is the responsibility of the IWC corporate security manager (CSM) to determine what physical security controls are necessary to provide an adequate level of protection. To do this, the CSM must know the facility or site layout. The CSM must understand the operating requirements and operation of the enterprise, conduct an initial physical security survey, and periodically conduct supplemental surveys as part of the CSM’s risk management survey program.
Security in Layers
What physical security measures are used to protect IWC assets depends greatly on what assets need to be protected, where they are located, and what threats, vulnerabilities, and risks pertain to them. Applying an appropriate level of protection for each environment requires a specific understanding of that environment. To best accomplish this, you should start at the beginning. Physical security measures should be designed into a facility during the facility design phase and built into the facility during the construction phase. Ideally, architects and security professionals would work together taking into consideration all aspects of assets protection requirements applicable to the proposed operating environment. This type of planning helps create optimum security at the lowest possible cost. If done properly, security problems created by so many buildings being designed without any consideration given to security controls would no longer be the issue that it usually is these days. As the IWC CSM, if you are not working with new construction and are occupying an existing building, designing in architectural security may not be possible. If retrofitting or renovation of the site or facility is necessary to accommodate the new business operating environment, then security may still be considered as part of the design. If not, physical security issues should at least be addressed prior to occupancy or operation.
Security problems resulting from a failure to make security part of the design and construction phase will probably be of a structural nature and too expensive to undo or fix. The only solution in this case is the application of protective measures that otherwise might not have been needed, thus adding costs. Since the CSM knows that the foreign IWC facilities will be moved, it is important that the CSM coordinate the move to facilities that meet the IWC assets protection physical security criteria, or arrange to locate to another facility, or modify the existing facility before the IWC move takes place. The application of physical security controls should be approached in layers. There is no single physical control that will fulfill all of IWC’s security needs. Layering controls from the outer boundaries of each of the IWC facilities to the inner boundaries will allow you to build a security profile to meet IWC’s specific security needs.
Outer Layers of Protection
The outer layers of protection for a facility depend on the type of facility and its location. For example, an office building located within a city may only have as its outer layer, or perimeter, the walls of the building, whereas a manufacturing facility located in an industrial district may be on a large parcel of land with parking lots, storage areas, and grounds surrounding the building or buildings. On a facility of the second type, the perimeter is usually a barrier, such as a wall or fence, located at or near the edge of the property line. The perimeter of a facility takes many forms. For an office building it may be the building walls. For a factory it may be a fence line or a wall at the property edge. The outermost layer of protection could also be a highway; a natural physical barrier, such as a river, lake, or other body of water; or other manmade barriers. Whatever the barrier, it is the first layer of physical security. It may be at the perimeter’s edge or inside the perimeter. Regardless of where it is situated, it is the layer of first control. Inside the outer layer, the use of other layers of physical security may be necessary.
Summary
The physical security function through the CSM’s physical security organization is the foundation for basic assets protection measures. To this foundation, or baseline, additional controls for protection of assets are added, creating a complete protection profile. No single physical security control can satisfy all of the assets protection needs. Physical security is built in layers. Each layer of security control serves a specific purpose by providing specific protections. Many controls used in conjunction with each other help to create a secure environment. Conducting a site physical security survey should enable the gathering of all information necessary to make an intelligent and informed risk assessment of the sites or facilities and create a physical security profile. From this point, additional controls can be developed and implemented to provide the most cost-effective security profile tailored to the specific needs of the enterprise.
