CCP 4I6 SECURITY DESIGN AND FORMULATION Edwin Agasa Lecturer Security Expert Department of Social Sciences Karatina University

Introduction Physical security is defined as: Physical measurers, policies, and procedures to protect an organizations systems, facilities/buildings and equipment from unauthorized access, natural and environmental hazards.

Introduction The Physical Security domain addresses the threats, vulnerabilities, and countermeasures that can be utilized to physically protect an enterprise’s resources. These resources include people, the facility in which they work, and the data, equipment, support systems, media, and supplies they utilize.

Introduction Physical Security is accomplished by performing an assessment of the facility/building and the surrounding premises. Physical security enhancements should be considered during the budget process. During new construction Physical security should be taken into account during the budgeting process Physical security designs should be performed by a qualified professional regarding the topology and architecture of the systems and how they will integrate Physical security installations should be performed by a manufacturer certified/authorized dealer

Introduction Threats to physical security include: Interruption of services Theft Physical damage Unauthorized disclosure Loss of system integrity Arson ETC

Categories of threats Threats fall into many categories: Natural environmental threats (e.g., floods, fire) Supply system threats (e.g., power outages, communication interruptions) Manmade threats (e.g., explosions, disgruntled employees, fraud) Politically motivated threats (e.g., strikes, riots, civil disobedience)

Physical security Primary consideration in physical security is that nothing should impede “life safety goals.” Ex.: Don’t lock the only fire exit door from the outside. “Safety:” Deals with the protection of life and assets against fire, natural disasters, and devastating accidents. “Security:” Addresses vandalism, theft, and attacks by individuals.

Physical Security Planning Physical security should be based on a layered defense model. Layers are implemented at the perimeter and moving toward an asset. Layers include: Deterrence, Delaying, Detection, Assessment, Response

Physical Security Planning A physical security program must address: Crime and disruption protection through deterrence (fences, security guards, warning signs, etc.). Reduction of damages through the use of delaying mechanisms (e.g., locks, security personnel, etc.). Crime or disruption detection (e.g., smoke detectors, motion detectors, CCTV, etc.). Incident assessment through response to incidents and determination of damage levels. Response procedures (fire suppression mechanisms, emergency response processes, etc.).

Physical Security Assessments Examples of questions to ask when performing a Physical Security Assessment: What are you protecting? (Determination of what you are protecting will determine the amount of “security” you will place on facility/ Is the facility located in a high crime area? Do you own or lease/rent the facility? Is the facility designed for the type of environment the work will be performed? (IE. Power, structure, communications and fire suppression)

Physical Security Assessments What is the net worth of the assets to be guarded How much would it cost your organization to overcome a catastrophic loss of data or property Cost of implementation of physical security measures versus worth of the data or property N.B Perform an impact statement to determine if the cost of implementing physical security measures is cost effective or prohibitive.

Perimeter protection and outer structure Facilities may require perimeter fencing: Chain link fence Should be at least 11 gauge steel. Common installation, easy to climb or cut for entry Concrete masonry unit (CMU), One of the strongest installations, offers privacy, very expensive Wrought iron fencing Offers great protection, very expensive. Box steel welded fence construction Architecturally acceptable, offers great protection, offers very little privacy and expensive

Perimeter protection Physical barriers such as fences and walls deter intruders and restrict visibility into the premises Inspect barriers for deterioration

Outer Structure Windows are conducive to forced entry: Windows have the highest vulnerability to forced entry. The location and characteristics of windows needs to be inspected. Windows that are less than 18 feet from the ground are the most vulnerable since they are easily accessible.

Outer Structure Facility doors should be constructed of material that will discourage breakage: Steel or Solid wood doors. Doors that are constructed of glass, should be inspected for glass type such as tempered glass or safety glass.

Outer Structure Inspect doors with exterior hinges that may be in a sensitive area of exposure: Normally doors that open out are the issue Door that open out are easier to compromise

Outer Structure Door frames should be strong and tight to prevent forcing/spreading: Inspect door frame to ensure the frame is plumb and level Ensure fasteners are tight and properly installed Door locks should be in good repair: Inspect for rust or deterioration Inspect for proper operation

Outer Structure Visitor’s should be required to sign in Require a visitor’s log Require visitor’s identification badges Have an attendant oversee the visitor’s log Review the visitor’s log periodically

Outer Structure Escort facility visitor’s: Create a policy on escorted and unescorted visitor’s Provide different color identification badges for escorted and unescorted visitor’s Require visitor’s to turn in identification badges after visit

Access Control and Closed Circuit Television Access control systems are typically a scalable management solution encompassing complete access control, advanced event monitoring and administration auditing. Access control systems typically involve a central server for control and monitoring.

Basic Access Control Remote capability to lock and unlock doors Audit log of who and when personnel utilized a door Audit log when a door has been forced or ‘help’ open Capability to restrict or remove access to specific person or group Monitoring of room occupancy by intrusion-detection systems

Access Control Selection Criteria: What manufacture of system to purchase ? How many facilities attached to the access control system? How do you communicate with the access control system? How many card holders will you have? Who will administrate the system? What type of card technology to use (FIP 201 compliance)

C•CURE 800 C•CURE 800 which provides users with scalable access control solution that allows functionality and increased capacity as the system needs grow C•CURE 800 is a complete integration solution with unlimited application

C•CURE 800 C•CURE 800 is a complete integration solution that reaches beyond traditional security. It provides integration with critical applications including: Closed Circuit Television (CCTV) and Digital Video Management systems (DVMS). Other integration applications include: Fire Alarms Intercoms Burglar alarms Environmental building controls Crystal reporting Time management or time tracking software

C•CURE 800 Open Architecture Support. The C•CURE 800 ensures universal support and enormous flexibility. As such, C•CURE 800 interacts with industry standards database, video recorders and cameras and networks C•CURE 800 is a complete integration solution with unlimited application

C•CURE 800 C•CURE 800 Foundation Security Features: Event and Alarm Monitoring Database Partitioning Windows 2000 professional, Windows server 2003, Window XP Professional for servers Open journal data format for enhanced reporting Automated personnel import Wireless reader support

C•CURE 800 C•CURE 800 advanced Security Features: CCTV Integration Enhanced monitoring with split screen views Escort management Card holder access events Single subscriber Email and paging Open journal data format for enhanced reporting

Closed Circuit Television and Digital Video Management Systems Closed Circuit Television (CCTV) and Digital Video Management System (DVMS) has taken many advances over the years. The evolution of CCTV is an interesting history that combines the entertainment industry, consumer electronics and CCTV.

History of Closed Circuit Television Systems The original CCTV systems were built using equipment intended for the use of the broadcast industry and industrial television Cameras were large Expensive Required high energy consumption Required frequent maintenance

History of Closed Circuit Television Systems As a result of the high expense and the need to change tubes in the equipment coupled with the heat generated by the equipment, service calls and service technicians made lucrative business. The high expense of CCTV installation and the cost of servicing the equipment made it possible for only the wealthy to afford such systems since the cost of installation and maintenance surpassed the cost of the assets to be protected .

History of Closed Circuit Television Systems In the mid-60’s, CCTV started to evolve as an industry. Two inventions facilitated this change and allowed the cost of installation and the maintenance of CCTV systems to become an affordable option. The Pan, Tilt and Zoom (PTZ) was invented along with the motorized lens. The PTZ function allowed the camera to move up, down and side to side. The motorized lens allowed remote control of zoom, focus and iris adjustment. These inventions reduced the number of cameras required to cover an area.

History of Closed Circuit Television Systems In the consumer electronic market, amateur video taping, movie rentals and the mass production and use of the video cassette recorder (VCR) became less expensive and lightweight. Soon the two technologies merged creating the camera and recorder or what we know today as the “Camcorder” In the late 80’s a mass market of products began to dramatically reduce prices and improvements in quality and availability. What was once enjoyed by the wealthy was now made affordable and available to the general public and industry

Designing a Closed Circuit television Systems System use, Security or surveillance: Security is defined as watching objects or items Surveillance is defined as watching people Will operators manage the system: Operators will be required for surveillance The potential for “large” storage may be required for security or the watching of objects or items (recommended seven days of storage)

Designing a Closed Circuit television Systems Cameras selection and locations, indoors or outdoors: PTZ or fixed cameras Indoor cameras are used, are they covert or in plain site Outdoor cameras are used, what is your outdoor climate Storage of video: Hard drive storage or the network storage Video cassette recorder

CCTVs Know the factors in choosing CCTV: Focal Length, Lens Types (Fixed V. Zoom), Iris, Depth of Field, Illumination requirements

CCTVs “Focal length:” The focal length of a lens defines its effectiveness in viewing objects from a horizontal and vertical view. The sizes of images that will be shown on a monitor along with the area that can be covered by one camera are defined by focal length. Short focal length = wider angle views Long focal length = narrower views

CCTVs “Depth of field:” Refers to the portion of the environment that is in focus “Shallow depth of focus:” Provides a softer backdrop and leads viewers to the foreground object “Greater depth of focus:” Not much distinction between objects in the foreground and background.

Closed Circuit Television Systems Designs Common short comings of many CCTV systems Not enough cameras Cameras installed incorrectly or incorrect cameras installed No operator Not enough storage or improper media for storage Improperly trained personnel Neglected or improperly maintained systems to include cameras, power supplies, VCR’s, DVR’s, software application and network connection

IT concerns for Closed Circuit Television Systems Network traffic for IP cameras Network traffic with the Integration of CCTV and access control Improperly trained personnel Storage of video on site with specific hard drives or network storage The downloading of updates for windows based DVR’s The potential of viruses on windows based DVR’s

FIRE SAFETY “Fire Prevention:” Includes training employees on how to react, supplying the right equipment, enabling fire suppression supply, proper storage of combustible elements “Fire Detection:” Includes alarms, manual detection pull boxes, automatic detection response systems with sensors, etc. “Fire Suppression:” Is the use of a suppression agent to put out a fire.

FIRE SAFETY Fire needs oxygen and fuel to continue to grow. Ignition sources can include the failure of an electrical device, improper storage of materials, malfunctioning heating devices, arson, etc. Special note on “plenum areas:” The space above drop down ceilings, wall cavities, and under raised floors. Plenum areas should have fire detectors and should only use plenum area rated cabling.

FIRE SAFETY Types of Fire: A: Common Combustibles B: Liquid Elements: Wood products, paper, laminates Suppression: Water, foam B: Liquid Elements: Petroleum products and coolants Suppression: Gas, CO2, foam, dry powders C: Electrical Elements: Electrical equipment and wires Suppression: Gas, CO2, dry powders D: Combustible Metals Elements: magnesium, sodium, potassium Suppression: Dry powder K: Commercial Kitchens Elements: Cooking oil fires Suppression: Wet chemicals such as potassium acetate.

FIRE SAFETY Types of Fire Detectors Smoke Activated Heat Activated Different types of suppression agents: Water Halon and halon substitutes Foams Dry Powders CO2 Soda Acid

GATES Gates have 4 distinct types: Class I: Residential usage Class II: Commercial usage, where general public access is expected (e.g., public parking lot, gated community, self storage facility) Class III: Industrial usage, where limited access is expected (e.g., warehouse property entrance not intended to serve public) Class IV: Restricted access (e.g., a prison entrance that is monitored either in person or via CCTV)

LIGHTING Lighting Know lighting terms and types of lighting to use in different situations (inside v. outside, security posts, access doors, zones of illumination) It is important to have the correct lighting when using various types of surveillance equipment. Lighting controls and switches should be in protected, locked, and centralized areas.

LIGHTING “Continuous lighting:” An array of lights that provide an even amount of illumination across an area. “Controlled lighting:” An organization should erect lights and use illumination in such a way that does not blind its neighbors or any passing cars, trains, or planes.

LIGHTING “Standby Lighting:” Lighting that can be configured to turn on and off at different times so that potential intruders think that different areas of the facility are populated. “Redundant” or “backup lighting:” Should be available in case of power failures or emergencies. “Response Area Illumination:” Takes place when an IDS detects suspicious activities and turns on the lights within the specified area.