In order to answer the title to my article, I firstly need to define exactly what physical security is… according to Wikipedia – “physical security describes measures that are designed to deny access to unauthorized personnel (including attackers) from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts”.
Physical security is NOT a large burly man growling at people as they try to enter an installation, although once the full picture of security is analyzed, the actual security guard is an important factor as well.
Now that it is clear as to what physical security is, the question remains, why hire a physical security consultant? – There are many methods today to protect ones business, assets, home and oneself. There are many solutions such as various building methods and materials, forced entry resistance, blast mitigation, CCTV and motion detection and security guards. The amount of companies selling all these “products” are endless and each company promotes their products and services promising the most advanced systems and technologies. Many of these companies are fly-by-nights, and many are top organizations selling high end security solutions and elements. However, their main objective is to sell as many of their products as possible. For the end user the choices are endless – The salesman will arrive at your premises, he will do a brief walk around and advise as to which is the best system to use, however he is a salesman and his goal is to sell his product. This is not to say he is dishonest, it is just that his “closing the deal” is more important than your budget and your protection.
You now have all your security elements in place; you have CCTV in every corner of the building, all doors and windows can be locked, the perimeter of the premises has all the best products and your guard at the entrance is controlling who enters/exits the premises. However you have to ask yourself the following questions:
· What am I protecting myself against, what are the threats?
· Are the threats realistic?
· Have I purchased the correct products?
· Are the security elements installed correctly and will they work?
· Is there a correct balance between the physical, technological and human domains?
· Have I used my budget correctly?
· Could I have been better protected and spent less money?
· Do my premises now look like a fortress?
· Is my business, staff, clients, building secure?
MIP Security’s aim is to provide our clientele with holistic security that is efficient, cost effective and yet does not interfere with the aesthetics of the premises and the individual objectives of each one of our customers businesses. Whether in the public or the private sector, there are never sufficient funds to cover all the security requirements. This means that the main obstacle preventing the increased protection level of businesses, institutions and buildings is the financing.
The only way of determining priorities and allocating the funds is an empirical method of analyzing the threats, the sites and the consequences of any decisions made.
The question that must be asked is whether the security measures in place provide relevant security for relevant threats. In too many cases, those responsible for security budgets or operations can demonstrate all the elements and procedures that have been put in place. They are unable, however, to describe the specific threat scenarios that the security is supposed to address, why those threat scenarios were chosen and in what way the security mitigates or prevents the threats.
Stages in our methodology include:
Data collection
· Determine the relevant threats and their likelihood of occurrence
· Determine priorities within the site
· Collect demographics of the site
Site Survey
· Human resources and procedures
· Technology
· Construction and physical elements
Analysis
· Determine vulnerabilities
· Risk assessment
Reports
· Recommended countermeasures
· Prioritized budget
· Comparative costs for counter measures
Implementation
· Technical specifications and design drawings
· Manage and oversee implementation of accepted recommendations
Training
· Training management, staff and security personnel in all aspects of security including procedures, case studies and scenarios (red teaming)
In conclusion
MIP Security has developed a methodology to support the decision-making process for security enhancement projects. Use of this methodology has resulted in quantifiable benefits for our clients through the avoidance of unnecessary investments and by ensuring that funds are allocated in the most appropriate and cost-effective ways.
www.mipsecurity.com
www.mipsecurity.com
No comments:
Post a Comment