Physical Security Assessment Handbook: An Insider’s Guide to Securing a Business

Cover
Half Title
Title Page
Copyright Page
Table of Contents
About the Author
Introduction
	What Is This Book About?
	How Is This Edition Different?
	When Is This Book Most Useful?
	Why Is This Book Important to You?
	Who Should Use This Book?
Chapter 1 The Process From 10,000 Feet
	1.1 Introduction: Why Do You Need a Security Assessment?
	1.2 Why the “Old Way” Doesn’t Work
	1.3 Reasonable Care
	1.4 Let’s Get Started
	1.5 What Threatens Your Company?
	1.6 The Goal Setting Meeting
	1.7 How Vulnerable Is the Company to Those Threats?
	1.8 The Command Center
	1.9 Creating the Design
	1.10 The Rest of the Story
	1.11 Documenting Your Findings
	1.12 Presenting the Recommendation
	1.13 Time to Buy
	1.14 The System Specification
	1.15 The Bid Process
	1.16 The Award of Contract
	1.17 Follow Up
Chapter 2 The Physical Threat Assessment
	2.1 Square One
	2.2 The Goal Setting Meeting
	2.3 The Selection Committee
	2.4 Identifying Assets
		2.4.1 Which Employees Are Most Susceptible to Attack?
		2.4.2 What Equipment Is Most Critical to the Operation?
		2.4.3 When Are These Assets Most Vulnerable?
		2.4.4 Are There Off-Premise Assets That Also Require Attention?
		2.4.5 Other Vulnerable Assets
		2.4.6 Threats From Damage to the Assets of Others
	2.5 Cyber Threats
	2.6 The Threat Assessment Interviews
	2.7 Insider Threats
	2.8 Internal Incident Assessments
	2.9 External Incident Data
	2.10 Other Potential Threats and Sources
	2.11 Tools to Analyze Threats and Their Advantages
		2.11.1 CARVER Matrix
		2.11.2 MEVA
		2.11.3 MSHARPP
	2.12 The Next Step
Chapter 3 The Vulnerability Assessment
	3.1 Vulnerabilities – Introduction
	3.2 The Vulnerability Assessment Plan
		3.2.1 The Plot Plan
		3.2.2 Building Floor Plans
		3.2.3 Threat By Proximity (Explosives)
	3.3 Perimeter Integrity
		3.3.1 Fencing
			3.3.1.1 Going Over It
			3.3.1.2 Going Through It
			3.3.1.3 Going Under It
			3.3.1.4 Gates
		3.3.2 Wall Construction
			3.3.2.1 Doors
			3.3.2.2 Locks
			3.3.2.3 Electrified Locks and Access Control Design
			3.3.2.4 Windows
			3.3.2.5 Ceilings and Floors
	3.4 What You Should Look for
		3.4.1 Review Existing Systems
		3.4.2 Review Security Procedures
		3.4.3 Inspect the Assets
		3.4.4 Establishing the Perimeter Controls
		3.4.5 Key Management Controls
		3.4.6 Find Observation Points (Remote Investigations)
		3.4.7 Response Team and Incident Reporting
		3.4.8 Lighting
		3.4.9 Employee Identification
		3.4.10 Visitor Control
		3.4.11 Evaluate the Existing Security Systems
		3.4.12 Protocols and Regulations
		3.4.13 Communications
		3.4.14 Signage
		3.4.15 Blast Proximity
		3.4.16 Company Utilities
	3.5 Getting It Done
		3.5.1 On Site
		3.5.2 Examine Internal Security Conditions
Chapter 4 Analyzing the Data and System Design
	4.1 Introduction: Assessing and Mitigating the Vulnerabilities
	4.2 New Construction
	4.3 Perimeter Construction
		4.3.1 Perimeter Blast Proximity
		4.3.2 The Outer Perimeter
		4.3.3 Bollards
		4.3.4 Perimeter Alarms
		4.3.5 Exterior Perimeter Openings
		4.3.6 Interior Perimeter Openings
	4.4 Door Security
		4.4.1 Door Hinges
		4.4.2 Door Latching Devices
		4.4.3 Access and Egress Control Devices
		4.4.4 Egress Control
		4.4.5 Types of Access Control Devices
		4.4.6 Biometrics
		4.4.7 Smart Phone Credentials
	4.5 Door Hardware
		4.5.1 Door Locks
		4.5.2 Exit Button
		4.5.3 Door Status Switches (DSS)
		4.5.4 Balanced Magnetic Switch
		4.5.5 Supervised Door Status Switches
		4.5.6 Pressure Mats
		4.5.7 Pressure Switches
		4.5.8 Space Protection
		4.5.9 Glass-Break Sensors
	4.6 Surveillance
		4.6.1 Camera Placement
		4.6.2 Angle of View
		4.6.3 Camera Type
		4.6.4 Lenses
		4.6.5 Digital Zoom
		4.6.6 Camera Housings and Mounts
		4.6.7 Camera Monitoring Features
		4.6.8 Drones Used in Security
		4.6.9 Recording Images
		4.6.10 Alarm Monitoring and Panic Alarms
		4.6.11 Asset Tags
		4.6.12 Audio Surveillance
	4.7 Equipment Location
	4.8 Key Management
	4.9 Lighting
	4.10 Signage
	4.11 Utilities and Emergency Power
	4.12 The Federal Government Standards
	4.13 Conclusion
Chapter 5 Design, the Rest of the Story
	5.1 Design, the Rest of the Story: Introduction
	5.2 Establish the Command Center
	5.3 Response Team
	5.4 Incident Reporting
	5.5 Employee Identification
	5.6 Visitor Controls
	5.7 Protocols and Regulatory Compliance
		5.7.1 Introduction to Setting a Security Policy
		5.7.2 Elements of Risk
		5.7.3 Drafting the Policy
	5.8 Communications
	5.9 Cyber Security
	5.10 Litigation Defense
		5.10.1 Reasonable Care
		5.10.2 Duty to Perform
		5.10.3 Reasonable Anticipation
		5.10.4 Expert Witness Assessments
	5.11 Concluding the Survey
Chapter 6 Documenting the System Design
	6.1 Introduction to Design Documentation
	6.2 The System Design Documentation
		6.2.1 List of Assets
		6.2.2 Threat Assessment
		6.2.3 Marked Plot Plans and Floor Plans
		6.2.4 Door Detail Schedule (DDS)
		6.2.5 Camera Detail Schedule (CDS)
	6.3 Drawings
		6.3.1 Plot Plans and Floor Plans
		6.3.2 Elevation Drawings
		6.3.3 Concept Drawing
	6.4 Personnel Security
	6.5 Prepare a Cost Estimate for Access Control and Alarm Monitoring
		6.5.1 The Access Control and Alarm Monitoring Budget
		6.5.2 Primary Material Costs
		6.5.3 Labor Costs
		6.5.4 Estimating Cable
		6.5.5 Estimating Incidental Costs
	6.6 Prepare a Cost Estimate for the Surveillance System
		6.6.1 Primary Material Cost
		6.6.2 Estimating Cable
		6.6.3 Estimating Labor
	6.7 Forecast Expense Budgets
	6.8 Human Resource Requirements
	6.9 Cost Analysis
	6.10 Legal Issues
Chapter 7 Presenting the Solutions
	7.1 Conveying the Benefits of Your Solutions
	7.2 What Management Wants to Know
		7.2.1 Why Would I Want to Do This?
		7.2.2 What Would Happen If I Didn’t Do What Is Recommended?
		7.2.3 Who Needs to Be Involved to Implement and Operate the System?
		7.2.4 When Should I Act?
		7.2.5 How Long Will It Take to Implement?
		7.2.6 How Much Will It Cost?
	7.3 Methods of Presenting the Recommendation
		7.3.1 The Written Presentation
			Section 1: Project Objectives and Scope of Work
			Section 2: Threats and Countermeasures
			Section 3: Benefits of the Recommended Solution
			Section 4: Recommendation
			Section 5: Investment Required
		7.3.2 The Oral Presentation
	7.4 Delivering the Presentation
	7.5 Gaining Acceptance for the Solutions
	7.6 The Politics of Change
	7.7 Follow Up
Chapter 8 How to Buy Your New Security System
	8.1 Introduction to the Acquisition Process
	8.2 Chose the Bid Type
		8.2.1 The Request for Information
		8.2.2 The Request for Quotation
		8.2.3 The Request for Proposal
	8.3 Preparing the RFP With Performance Specifications
	8.4 The Single Step RFP
	8.5 The Two-Phase RFP
	8.6 Organizing the RFP
	8.7 Preparing the RFP, Doing It On Your Own
		8.7.1 Cover Page
		8.7.2 The Bid Sections
		8.7.3 Scope of Work
		8.7.4 Invitation to Bid
		8.7.5 Bidder Qualifications
		8.7.6 Additional Bidder Qualifications
		8.7.7 Submittals
		8.7.8 Electronic Submittal
		8.7.9 Bid Requirements
		8.7.10 Basic Definitions
		8.7.11 Verifying Conditions
		8.7.12 Owner Requirements
		8.7.13 Life Safety Considerations
		8.7.14 Prior Approvals
		8.7.15 Insurance
		8.7.16 Bid Bond and Performance Bond
		8.7.17 Pricing Requirements
		8.7.18 Recommended Spares
		8.7.19 Projected Cost for Major System Components
		8.7.20 Anticipated Future Work
		8.7.21 Annual Hardware Maintenance
		8.7.22 Maintenance Forecast
		8.7.23 Annual Software Maintenance
	8.8 Executing the Contract
		8.8.1 Requirements After Acceptance of Bid
		8.8.2 Equipment Substitutions
		8.8.3 Scheduling
		8.8.4 Equipment Storage
		8.8.5 System Staging
		8.8.6 Job Site Rules and Regulations for Vendors
		8.8.7 Supervision of Work (Project Management)
		8.8.8 Split Contracts
		8.8.9 Change Orders
		8.8.10 Default Considerations
		8.8.11 Basis of Payment
	8.9 Post-Installation Support
		8.9.1 Personnel Training
		8.9.2 Warranty and Service Agreements
	8.10 Wrap Up
Chapter 9 Prepare the Technical Specifications
	9.1 Introduction to Technical Specifications
	9.2 Performance Specifications
	9.3 Design Parameters
	9.4 Certifications
		9.4.1 Certifications: UL
		9.4.2 Standards: ISO
		9.4.3 ADA Requirements
	9.5 Door Detail Schedule
	9.6 Camera Detail Schedule
	9.7 Drawings
		9.7.1 Marked Plot Plans and Floor Plans With Equipment Location
		9.7.2 Door Elevation Drawings
		9.7.3 Camera Elevation Drawings
		9.7.4 Network Drawing
		9.7.5 Command Center Drawing
		9.7.6 Common Equipment Elevation Drawings
		9.7.7 Custom Circuit Drawings
	9.8 Cabling
		9.8.1 Cable Labeling
	9.9 Component Installation Criteria
	9.10 Power Quality and Reliability
	9.11 Startup Responsibility
		9.11.1 Card Testing
		9.11.2 “As Built” Project Drawings
		9.11.3 Test Criteria
	9.12 System Acceptance
	9.13 Getting Approval for the Specifications
		9.13.1 Plan for Bid Evaluation
Chapter 10 Going Out for Bid
	10.1 Introduction to the Bidding Process
	10.2 Making Your Bidder’s List
	10.3 The Bidding Process
		10.3.1 Bid Announcement
		10.3.2 The Mandatory Pre-Bid Conference
		10.3.3 Bid Question Deadline and Response Deadline
		10.3.4 Bid Acceptance and Bid Opening
	10.4 The Single-Item Bid
	10.5 Bid Evaluations
	10.6 Technical Bid Evaluation
		10.6.1 The First Cull: Basic System Components
		10.6.2 The Second Cull: Deal Breakers
		10.6.3 The Third Cull: Desired System Features Missing Or Inadequate
	10.7 Business Plan Evaluation
		10.7.1 Price
		10.7.2 Maintenance
		10.7.3 Future Costs
		10.7.4 Terms
		10.7.5 Conditions and References
	10.8 Confirm Your Conclusions
	10.9 Vendor Presentations
	10.10 Wrap Up
Chapter 11 System Implementation
	11.1 Introduction
	11.2 Awarding the Contract
	11.3 Getting Started
	11.4 Milestone Reviews
		11.4.1 Milestone Meeting 1: Cabling Complete
		11.4.2 Milestone Meeting 2: Equipment Staging Complete
		11.4.3 Milestone Meeting 3: Equipment Mounting Complete
		11.4.4 Milestone Meeting 4: Final Termination Complete
		11.4.5 Unscheduled Visits
		11.4.6 Final Inspection
	11.5 System Commissioning
		11.5.1 Goals and Purpose
		11.5.2 Methodology and Standards
		11.5.3 Access Control
		11.5.4 Life Safety
		11.5.5 Alarm Monitoring
		11.5.6 Video Surveillance
		11.5.7 Audio Surveillance
		11.5.8 Intercom Systems
		11.5.9 Employee Identification
		11.5.10 Visitor Controls
		11.5.11 Communications
		11.5.12 Lighting
		11.5.13 Signage
		11.5.14 Special Circuits
		11.5.15 Software Test
	11.6 Final Report and Delivery
		11.6.1 Delivery, Who Should Attend
		11.6.2 When Should the Test Be Conducted
		11.6.3 What Should Be Covered
	11.7 Post-Installation Submittals
	11.8 Security System Personnel
		11.8.1 Identify the System Administrator
		11.8.2 Identify the Help Desk
		11.8.3 System User Training
	11.9 Creating User Documentation for System Management
		11.9.1 Identifying the Authorized Population
		11.9.2 Organize Card Reader Data
		11.9.3 Time Zones
		11.9.4 Assigning Access Permissions
		11.9.5 Video Observation and Recording
		11.9.6 Alarm Response
		11.9.7 Responding to Alarm Events
		11.9.8 System Reporting
		11.9.9 Programming
	11.10 System Management Procedures
		11.10.1 Establish Procedures to Issue Credentials
		11.10.2 Procedures for Lost Or Replaced Security Credentials
		11.10.3 Procedures for Dismissed Employees
		11.10.4 Procedures for Changes in Access Permissions
		11.10.5 General Protocols
	11.11 System Turn On
	11.12 Evaluating the Implementation
	11.13 Follow-Up Evaluation and Training
	11.14 The Last Word
Index