Physical Security
Introduction
The concept that is embraced in the physical security has been gradually developing from the past centuries to our present day. Shearing and Johnston (2013) argue that this evolvement has significantly impacted on the tactics that are embraced in our advanced physical security. This argument can be supported by the evidence based on the historical, physical security strategies that were utilized in the past communities as a way of securing the people and safeguarding the property possessed. It can be evidenced by the strategies employed in the ancient kingdoms and colonies in which the soldiers formed highly valued security features against the intrusion by any malicious beings (Schumacher, et al., 2013). The soldiers were also utilized for detection of any activities that deemed an interference of the physical security of the colonies. Besides, the colonies were surrounded by strong and tall walls which prevented unauthorized access to the cities that were renowned for being the heart of the kingdoms and where most of the wealth was stored. In this ancient kingdoms, the walls served as perimeter protection and a way of controlling the access as it can be related to our modern physical security systems. About the recorded human history, it is evident that people have always had the need of feeling protected and always secure. Shearing and Johnston (2013) state that the concept of physical security which majors on the theory of defense remains to be unchanged but may seem to be changed since the technology behind this concept keeps varying over the years.
The discussion expounded on in this exposition is based on the understanding that the security of any organization resources and all the sensitive information that it may possess forms the cornerstone behind its existence. Therefore, the physical security forms an essence feature in all organizations in the examining of any vulnerabilities, risks, threat and necessary measures that need to be taken in an attempt to secure the organization and all its resources physically. In essence, physical security entails all the physical measures that are formulated to safeguard data, people, infrastructure, system and information that is possessed by the organization. As explained by Snow (2015), the level of security varies from one group to another based on the risk assessment and the threat analysis of the organization. Therefore, it is important for all organizations to carry out individual risk analysis based on the understanding of risks the organization faces and the possible proper countermeasures. The aim of this exposition is to give an understanding of what systems approach to physical security means based on the theory of in-depth defense.
Literature Review/Research and Argument
Schumacher et al. (2013) argue that physical security is of the essence when a need of averting a risk arises or safeguarding the points of interest in case the insecurity activity is in progress. However, the intent of physical security is to form a defensive mechanism that can be able to prevent the occurrence of any malicious activity to a distinct organization. Such risks are defined to be as a consequence of the combination of several threats that are known to exploit the vulnerability of the body. The assets are the main things that come to a person’s mind once security issues are stated in an organization. The property is considered as all the valued commodities in an organization that needs protection. Snow (2015) states that such valuables include the information of the organization, the people, the reputation of the organization and the owned property.
Therefore, addressing the security issues requires the overall management of all the stakeholders involved in the running of activities in this particular group. In this, perspective, the physical security aims at controlling the risks that are related to the security. Such programs should emphasize on activities such as delaying or preventing entirely the insecurity activities, detecting and easy recovery from the sudden attacks (Peltier, 2013). As stated before, different institutes require different security risk management systems based on the risk rating of the facilities.
As such different levels of security, treatment is necessary to be implemented based on the theory of defense in depth. This theory aims at utilizing different security elements so as to come up with one functional whole unit. The theory aims at incorporating the security elements into the technological aspect of the systems, the procedures of the organization, the people and the barriers aimed at protecting the organizations’ welfare. These elements involved in the security are the different components that form a complex combination that function as a whole unit. Physical security as described by most security authors is thus the different physical measures that are designed to protect the people and the resources of the organization against any possible damage and theft of the valuables.
In accordance to Rittinghouse and Ransome (2016), one of the main challenges that is encountered in the security field is the issue of inconsistency. Giving security pieces of advice is a complicated thing to do since consistency in such processes is highly flexible. This is because collateral management is comprised of many activities that require varying skills across different organizations. This assertion is based on the different conceptions upheld by the society in regards to security where social contract forms an essential pillar to support the overall security. Crime prevention is considered as a function that ought to be dealt with through the unity of all stakeholders involved in the society which encompasses the individuals in society, government at a national and international level and the different organizations (Collins & Van Meter, 2015; Hughes & Edwards, 2013). As Maslow argues in the Maslow hierarchy of needs, security forms an essential need that human beings require to survive. As such, security encompasses protection, stability, freedom from chaos and anxiety and the need for law and order (Cao et al., 2013). In not only the past communities but also our modern society, no organization can successfully thrive without security.
Different diversity experienced in the security field may be expected to arise questions towards the inconsistency and incapability of the different security systems. However, different security authors such as Damodaran (2016) and Collins (2016) argue that there is a need for a common language demand in all the security settings so as to come up with an overall accepted way of tackling the insecurity issues. In this perspective, there is a need for a precise language that is necessary for conveying a universal message as portrayed in the varying decisions, performances and measure of security (Peltier, 2013). One of the adopted theories that are expected to fulfill this expectation in physical security is the theory of security in depth. This theory is mostly employed in the study of the closed circuit television which is one of the essential elements in overseeing the physical safety in our modern society. IT forms a relevant aspect of ensuring stable security in almost all organizations.
Utilization of the Defense in Depth in security is aimed at the detection of the unexpected insecurity activities and the response that is taken to tackle such activities. This concept oversees the detailed security both at an internal and external level and if the security structures serve the purpose that they were established for (Ahmad, Maynar & Park, 2014). Most of the organization in our modern society are at a position that they cannot tell whether their perimeter is breached or not. It is only through internal audits that some of the organization can detect an abnormal activity has been going in the systems. As such, it may be late to respond to such insecurity activities hence pointing out one of the setbacks in the physical security of most organizations. An efficient security system in an organization is expected to easily detect breaching of the perimeter hence resulting with an effective response that can deter such activities. Most of the organization are not aware that there is an intrusion or whether some of their data and information has been stolen out of the intrusion. In accordance to Mo et al. (2012), the Defense in Depth thus forms one of the necessary aspects that ought to be applied at multiple levels of the cyber security so as to easily detect the attacks and drive to instigate the necessary response. Therefore, Defense in Depth is one of the functional approaches and the best practice that should be widely embraced in the ensuring of a holistic system intended to protect the assets and even individuals.
Defense in Depth as defined by most security scholars such as Parmar (2012) as the different approaches that are embraced in the attempt of securing the assets through the utilization of strategies that are aimed at mitigating the destruction of properties, protection of the data and information and prevention of theft. This concept is underpinned by major functions which include the detection of insecurity breeches, deterrence, response and delay of such activities. This concept in security has been in practice for several centuries. It has always been based on the assertion that different assets should be well protected by enclosing them in a barrier (Peoples & Vaughan-Williams, 2014). Towards enhancing the security of such assets, successive barriers have always been added so as to reduce the chances of breeching by intruders. As argued in this exposition, the Defense in Depth forms a sound theory and applicable since it is supported by both the rational choice theories and the routine activities in the crime prevention theory.
The routine activity theory is one of the concepts that explains major causes of insecurity activities. As such, this theory explains that an action will take place if a suitable target is identified. Therefore, before the commencement of any criminal activity, the perpetrators are involved in a study of the organization so as to point out the point of vulnerability thus identifying a weakness to utilize in the actualizing of their plans (Miró, 2014; Andresen, & Farrell, 2015). Similarly, an action will occur if the perpetrators recognize the lack of a capable guardian in the organization. This motivates the offenders to a carry on with their activities since they realize the minimum possibility of being caught. In accordance to Cornish and Clarke (2014), the rational theory thus explains theoretically on the decision-making process of the offenders which includes weighing the different elements in the security system of an organization and thus concluding on whether to engage in the set plan or not.
In essence, the choice theory is based on the argument that a potential offender focuses on the target based on the evaluation of the difficulty of accomplishing their mission, the perception of the likelihood of being detected and the possible response of the owners of the breached property (Kelly, 2013). Through the evaluation of these key elements in a security system of an organization, that is when the offenders decide on whether to not to engage in their set practice. If according to their perception that there is a likelihood of a violent and immediate response or delay in their activities due to the difficulty of the activity, then there is a possibility of failing to complete the expected actions. On the contrary, a system that depicts low chance of being caught and high chances of successfully undertaking the illegal actions, then the offenders will easily pick on such a take. Therefore, it is evident that security is seen as a whole unit where it is perceived to be comprised of three entities which include detection, delay, and response (Snyder, 2015; Ifinedo, 2014; Cheng et al., 2013). These three entities are known to carry the deterrence value of any security system. In reference to this, the Defence in Depth is termed as a security theory because it is seen to be underpinned by not only routine activities but an array of ration choice theories that lie within the opportunity directed at reduction paradigm (Hindess, 2014). This paradigm aims to not only articulate a preventive approach in the security domain but also establish a preventive approach in the security scope.
Defence in Depth is explained to embrace and follow an approach where the systems involved in the security management integrate people, equipment, and procedures into the barrier system. Coker (2014) explain that the approach upholds that individual events are a part of the expected pattern of events. Therefore, in the systems approach, an analysis must always come before the synthesis so as to comprehend wholly the evaluation. An appropriate example that can be used in the justification of this argument is the construction of a security door that is of essence in most organizations for preventing unaccepted access to the assets stored behind such doors. The security door is thus considered as a subsystem in the building outlook regarding the intruder resistance since together with other elements that form the entire system; security is realized. The determination of whether the security door serves to achieve its purpose is scrutinized from the evaluation of the material used to build the door. The small elements incorporated into the security door functioning such as the types of hinges used, quality and the type of mechanism used in locking, type of pins in the hinge and the strength of the door are also evaluated. Such elements dictate the vulnerability or the strength of the security door.
To enhance the level of security assured by the security doors, sensor technologies can be incorporated to add to the previously mentioned elements of security which include level of difficulty in accomplishing the insecurity activities, the response and the likelihood of being caught (Gao et al., 2015). The sensors can detect the attempts of breeching hence deterring the activity, make it difficult for the offenders to successfully accomplish their plans and evoke immediate response from the property holders. Therefore, all the individual security elements in the opening should be evaluated for not only their design facets but also for their material strength that can provide a difficulty in intrusion where different measures are incorporated to form a level of complexity as an overall portal measure.
The system thinking is involved in creating several subsystems in the main security layer system of the organization. Therefore, it necessitates the need of using mathematical expressions as a channel of expressing the various functional relations which show a measure of the performance that can be alternatively attached. In this view, the physical barrier system that form a major element in the physical security can be defined in reflection to the Estimated Adversary Sequence Interruption (EASI). The model is formulated under different relations with the several parts of the Defence in Depth System through which it presents a mathematical comprehension of the entire system efficiency (Terao & Suzuki, 2014). This statement can be supported by the fact that the integration of procedures, people, and equipment can be estimated in relation to the security system success of achieving delay, response and coming up with a detection against the enemies’ incursion. Through this approach, the probability of interruption is estimated through calculation of the delay, detection and the response variables as a whole system output (Ahmad et al., 2014). The neutralization is calculated as the probability of representing the expected level of effectiveness in response to the threats. The quantative methods that are used in these parameters should be repeatable, systematic, demonstrate statistical validity and are based on the objectives.
The utilization of the different security measures is described by Kshetri (2013), as a procedural, psychological, physical or technical that serves as a contribution to other security functions that are made possible through the division of some physical spaces that are else referred to as zones. These zones are known to form a ring of protection around the assets to be protected hence in the traditional perspective of Protection in Depth, they are referred to as the onion ring layers. The Protection in Depth thus involves several measures that an intruder must overcome in sequence. Besides, it considers avoiding of any single failure in the protection plan established. Therefore, thus approach incorporates the detection elements, multiple response abilities and several delay measures. Such an approach can be of essence in protecting the organization from unauthorized movement across one security zone to the other or across several security zones. Such approaches are driven by the desire of interrupting or neutralizing any unaccepted incursion through the security zones (Atlas, 2013). However, the restricted entry zones are governed and controlled based on acceptable reasons. Moreover, some of the sections within these restricted zones may require added access controls authorizations.
Conclusion
In a nutshell, most of the traditional aspects of security have not changed much up to date and are still acceptable such as the Defence in Depth theory. However, as security evolves as evidence in the technological advancements, there is a need in the subsequent evolvement of the meanings and terms. If this does not take place, the security decisions, performance and measures will be possibly demeaned. Therefore, the Defence in Depth is possibly argued to describe the Rational Choice theory where it is argued that the principle underlying failure in relation to the defined threats at all the zones layers represents the protection of the system. In essence, the security in Depth describes the overall view of security based on the incorporation of intelligence and the logical measures established in security that are combined to different threat thesis. Although there might be little variations in the concepts of security in different organizations, physical differences frequently exist across all the security systems.
References
Ahmad, A., Maynard, S. B., & Park, S. (2014). Information security strategies: towards an organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2), 357-370.
Andresen, M., & Farrell, G. (Eds.). (2015). The Criminal Act: The Role and Influence of Routine Activity Theory. New York: Springer.
Atlas, R. I. (2013). 21st century security and CPTED: Designing for critical infrastructure protection and crime prevention. New York: CRC Press.
Cao, H., Jiang, J., Oh, L. B., Li, H., Liao, X., & Chen, Z. (2013). A Maslow’s hierarchy of needs analysis of social networking services continuance. Journal of Service Management, 24(2), 170-190.
Cheng, L., Li, Y., Li, W., Holm, E., & Zhai, Q. (2013). Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory. Computers & Security, 39, 447-459.
Coker, C. (2014). Globalisation and Insecurity in the Twenty-first Century: NATO and the Management of Risk. New York: Routledge.
Collins, A. (2016). Contemporary security studies. Oxford: Oxford university press.
Collins, P. A., Ricks, T. A., & Van Meter, C. W. (2015). Principles of security and crime prevention. New York: Routledge.
Cornish, D. B., & Clarke, R. V. (Eds.). (2014). The reasoning criminal: Rational choice perspectives on offending. London: Transaction Publishers.
Damodaran, A. (2016). Damodaran on valuation: security analysis for investment and corporate finance (Vol. 324). San Francisco: John Wiley & Sons.
Gao, X., Zhong, W., & Mei, S. (2015). Security investment and information sharing under an alternative security breach probability function. Information Systems Frontiers, 17(2), 423-438.
Hindess, B. (2014). Choice, Rationality and Social Theory (RLE Social Theory). New York: Routledge.
Hughes, G., & Edwards, A. (Eds.). (2013). Crime Control and Community. New York: Routledge
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the effects of socialization, influence, and cognition. Information & Management, 51(1), 69-79.
Kelly, J. S. (2013). Social choice theory: An introduction. New York. Springer Science & Business Media.
Miró, F. (2014). Routine Activity Theory. The Encyclopedia of Theoretical Criminology. San Francisco: John Wiley & Sons.
Mo, Y., Kim, T. H. J., Brancik, K., Dickinson, D., Lee, H., Perrig, A., & Sinopoli, B. (2012). Cyber–physical security of a smart grid infrastructure. Proceedings of the IEEE, 100(1), 195-209. New York: Routledge
Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions and institutional evolution. Telecommunications Policy, 37(4), 372-386.
Parmar, B. (2012). Protecting against spear-phishing. Computer Fraud & Security, 2012(1), 8-11.
Peltier, T. R. (2013). Information security fundamentals. New York: CRC Press.
Peoples, C., & Vaughan-Williams, N. (2014). Critical security studies: an introduction. London: Routledge.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. New York: CRC press.
Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., & Sommerlad, P. (2013). Security Patterns: Integrating security and systems engineering. San Francisco: John Wiley & Sons.
Shearing, C. D., & Johnston, L. (2013). Governing security: Explorations of policing and justice. New York. Routledge.
Snyder, G. H. (2015). Deterrence and defense. New Jersey: Princeton University Press.
Terao, N., & Suzuki, M. (2014). A Probabilistic Extension of the EASI Model. Journal of Physical Security, 7(1), 12-29
