Systems Approach to Physical Security - Coursework Example

Systems Approach to Physical Security Student’s Name Institutional Affiliation Systems Approach to Security Security as a specializedbody has been the topic of numerous debates in academic spheres. Driving this discussion is works drawn from different realms. The domains emphasize that a profession and professionals are describedaccording tothe rank of their affirmed unit of knowledge, settings of education associated with skills drawn from these entities of knowledge and the public’s faith emanating from such standards. Until now, the profession of security occupation is yet to develop a real body of knowledge. This literature reviewprovides an argument towards a fundamental method to the security of assets comprises of a systems method that derives on concepts comprising‘Defence in Depth,’ Security in Depthin addition to Protection in Depth. Physical Security Whereas security as a concept has been described differently, despite its context, there exists a wish for a setting where people, states, andinstitutions are at liberty to carry themselvesas they would love, and in line with social contract conceptualizations. Nevertheless, this is not often the scenario. Dangers to such freedoms of activities always exist. According to a proposition by Brooks and Coole (2011) the concept of security, despite of itsperspective ought to be risk-based and threat-influenced, whereby protective measures are warranted based on risk and context. The proposition is reinforced by Nalla and Morash (2002) and Standards Australia HB (2006) researches. Nalla and Morash (2002) contendthat with no imminent danger to an asset, there exists no aim for security. This culminates to what is referred as mutual occupational threads in security (Coole & Brooks, 2011). In line with the present literature, thecommon threads in security encompass several points. That there is a danger to a secured property, perceived or real (Awwad-Rafferty&O’Shea, 2009), a wish on the practitioner’s portionto guard assets from malicious and the deliberate human interference through several reactions (Coole & Brooks, 2011), and a functional context of the pre-eminentapproach to protecting an asset by ensuring access to it is moderated (Borodzicz & Gibson, 2006). The fourth thread is that access to an asset is well controlledvia various approaches used within the systems approach. This would encompass both logical and physical approaches (Fisher & Green, 2003). Bearing in mindthese mutual threads and main subjects, the article authored by AISPTF (2008) recommended that security experts have a role of ensuring that their guidanceis solidlygroundedin best practice principles and established theory. Coole and Brooks (2011) second this approach. In order to absorb the proposition articulated by Manunta (1999), the security professionals must guarantee the use of mutual interpretation when giving expert advice towards the guarding of property. It is difficult to achieve consistency in security advice because of the same idea of security and in specific, management of security, whichinvolves a wide variety of skills and activities spread in a wide variety of related concerns (Brooks, 2007). This comprises social convention ideas (Green& Fisher, 2004), as theyassociate with apprehensions in global relationships and the functioning of internal community according toconcepts of preventing crime. These concepts encompass state level, governments at the local and international level, organisations, and individuals. Nevertheless, due to its diverse nature, as an occupation, security lacks agreement in description (Gibson & Borodzicz, 2006). Maslow (1971) regarded the idea of security as one of the fundamental needs of humans in his needs hierarchy, involving; dependence, protection, liberty from anxiety,stability, and fear, necessity for structure, limits, strength, and law and order in the protector. These elements are collectively regardedas “security” in modern times (McCrie, 2004).Coole, (2010) highlights that no institution, despite its setting can thrive or survive with no sufficient security. According to Spender (2009), risks often arise from a mix of a hazard showing some weakness, which could culminate in danger to a valuable asset that needs protection. These normally comprise of reputation, people, information, and property. In handling issues of security risks, Standards Australia (2006) posits, “the major elements of organizational, individual or community security controls are those elements, which contribute to the risks management through their ability to prevent, detect, delay, react and recover from antagonistic attacks”. Thus, the objectives of a security programin regulating risks that are security-associated dangers are to prevent, sense, deferral or deny, react,and where possible recuperate from sensiblypredictable attack situations. Physical security describes the physical measures instituted to safeguard people, avert unauthorized access to property and to guard assets against theft, sabotage, and damage. Therefore, a management plan of security risks establishes the extent of controls of treatment needed grounded on an organization’s rating of risks and is executedin connection with the philosophy of defence in depth. The Defence in Depth Concept Methods for protecting property for safety as a realm discipline jointlyencompasses a regular plan towards averting stealing, damage of amenities, the security of information and personnel, called Protection in ‘Depth’ (Smith, 2004). Expressed as a security model by (Coole & Brooks, 2011), the theory is supported by major consecutiveroles comprising dissuasion, or real exposure, response and delay (Smith, 2003). Standards Australia HB (2006) has an added function being recovery. Smith (2003) highlights that this theory in its outmodedstructure has been used in the protecting property for centuries, grounded on propositionsthat a guardedproperty should be surrounded by a series of barricades, to controlincidences of illegal accessibility. The aim goes toproviding time for a proper reactionand recovery (Smith, 2003). According toVerizon (2012), Defence in Depth is a powerful theory to systems approach. Both Rational Choice and Routine Activity concepts from the opportunity theory of crime prevention concepts support this idea empirically (Standards Australia, 2006).The theory of Routine Activity pays attention on what Reynald (2011) calls caretaker intensity, where an activity will happen if an appropriate target is recognized, or the inadequacy of a skilledprotector is supposedas aninspired perpetrator (Talbot & Jakeman, 2009). This culminates to a discernment of lower levels of challenge and minimum chances of being found. In this theoreticdescription for deviance is the concept of Rational Choice. The theory regards the procedures ofdecision-making of a possible sensibleopponent in choosing if to try participatingin bad demeanour or no. Rational Choice concept contends that a likely criminalpays attention to a target in tandem with their beliefs of the odds of being seen, the effort range in attaining their objectives (deferral) and the odds of getting caught in connection to the inclination for ferocity (reaction) (Childers, 2011). Where a perceptive analysis of costs and benefits implies that they have a low probability of being foundand more likelihood of success an opponent will choose whether they will reach the essential resources or to continue with their preferred activities. Nevertheless, if they observe that there is greater challenge and a higherlikelihood of being caught they will choose not to participate in the deviant activities. Therefore, as Coole (2010) asserts, if security is considered in entirety, then the supposedamount of deferment, perceive, and reaction, as a kind of “wholeness” is the energizer of the dissuasionneeded of a scheme of security. Therefore, it is affirmedthat this theory is considered as a concept of security because Rational Choice and Routine Activity theories underpin it. It provides an opportunity to articulate a preventive, protective mechanism within the securityrealm (Cameron et al. 2005). According to Garcia (2001), the Defence in Depth theory is saidto derive a mechanism model, whichassimilatespeople, equipment and procedures into a barricade system. This kind of mechanism enables the uses of systems reasoning that identifies that people analysis (events) form part of a sequence of activities (synthesis) (Police, 2004). Therefore, in thesystems model, an assessment must generate actions where each assessment necessitates a consequentaction to comprehend fullness of the assessment. Ritchey (1991) says that a safetyentrance (door) can be regarded a building material’s sub-system in terms of resistance to intruders. In this assessment, the doorway openingis examinedat the micro range for the power of the material of the doorway, the creation of the joints and how they fit, the type and use of pivot pins, the method of closing apparatus fitted, and the kind and value of the locking method. The portal opening is also examined to see its fitto the doorframe to guarantee minimized spaces that may bring weakness and the construction and the frame’s quality. Additionally, sensor innovations may be fixed to assist in identifyingtrials to avoid the opening. Every security component in the opener is assessed for its material strength and design facades in providing challenges to anopponent wherein their approaches of efficiency are integrated (synthesised) to deliver a scope of challenge coming as a gateway measurement. Systems reasoning establishes a sequence of sub-systems in the safety coat’smodel in whichTuriel (2011) highlights that mathematics gives ways of representing such usefulassociations to which operational implication (parameters of performance) can be linked. In line with Manual’s perspective (2001), this kind measurement is also supportedby Coole (2010). This is definedin line with the EASI model, whichsimilarly to General Systems Theory principles. The theory statisticallystates theassociation between the different segments in a Defence in Depth system and it presents a calculatedrepresentation of entire system efficiency. Garcia (2001) and Janget, al. (2008), supported this approach. Furthermore, Childers (2011) posited that the integration of procedures, equipment and individuals can be computed in relation to the “systems” victory in generating recognition, response and delay to the opponent’sintrusion. In the model, incidences of interference is computedfrom the recognition, response and delay elements as an integrated system production. Counteractionis computed as a possibilitydemonstrating the regarded efficiencyscope of the reactionconstituent against the described threat of the system. These kinds of quantitative approaches are repeatable, methodical, and grounded on objective parameters and determinegreat statistical legitimacy. EASI’s input measures necessitate detection, transportation, communication inputs and assessments as the likelihood that the whole function will be fruitful while the delay and reaction as standard deviation and mean time measures for every element (SANS Report, 2002). Protection in Depth Nunes-Vaz et al. (2011) define the use of security controls or measures as a technical, physical, procedural, psychological, or other device, which contributes or performs one or more functions of security. This is often attainedthrough the separationor demarcation of space known as rings of protection (Coole& Brooks, 2011) or zones (Atlas, 2008). It can also be achieved by separating security zones in such a way that there ought to be way of detecting, procrastinating and reacting to dangers of unwarranted entry across all zones in the security setting and this might comprise information technology and physical regions. Moreover, contingent to the danger, scholarscontended that this division may comprise different detection components, various measures of reaction control, multiple delays all interconnectedas a system for every zone. These elements forma layer of security between zones. Nevertheless, as pointed by Coole and Brooks (2010) ‘Protection in Depth’comprises differentapproaches afoeought to deal within a series. The approach pays attention to the aversion of a single point botch in any strategy of protection. This kind of methodpossiblyincludes multiple mechanisms of detection, multiple measures of delay and capabilities of multiple reaction (Coole& Brooks, 2011). However, it is contended that this kind of method can be executed for safeguarding the transfer of illegal actions over one security area, or various security regions, whereinin tandem with possible outcomes there exists a wish to interfere and where necessary counteractthe illegallytriedintrusionover a security area. According to Atlas, the principle of safety zones has a comprehensive description. The description highlights that some parts in an organization should be entirely unobstructed during the times of selected use. Nevertheless, restricted or controlled zones and/or spaces exist within. For restricted or moderated zones,admittance is foundedon important detailsas opposed to wishes. Atlas (2008) highlights that the concept of onion layers or security zones analogy is efficiently used in numerous facility models. Moreover, parts within restricted regions may need more authorizations of access moderation. Fig. 1 Defence in Depth Approach to Physical Security In addition, defence in depth necessitates that mechanisms be implemented to guard against attack, to identify such attacks and to provide an efficient response.In order to implement defence in depth successfully in an organisation, management must embrace core principles within the organisation’s structure, strategy, and planning. These core principles then relate to implementation and design actions in the areas of technology, governance, people, and processes. Security in Depth The idea of Security in Depth by positingthat numerous zones are required due to the challenging nature of establishingthe best layer, and various layers could be extra or least efficient from various dangers. This is according to NunesVazet, al.,2011). Therefore, a full mechanism to safety must contemplatedangers that pose a hazard for every documented zone in a full defencedisposition. Under this situation, the range of Defencein Depth indorsed in every zone and the way ‘Security in Depth’ at every zone is warranted, and the wayall zones are combined to form a bigger complete model to attain ‘Security in Depth.’According to works by Talbot &Jakeman’s(2009), such a method of definition allows the accomplishment of the resilience of safety where ‘Security in Depth’is attainedvia the application of ‘Protection in Depth’in accordance with the ‘Defence in Depth’ concept. This applies in all access regions inside a guarded organization or institution whereby each institution will have numerous zones or access layers for both logical and physical parameters of access moderation. Additionally, organizational‘Security’ in Depth is the total of all approaches taken across all institutions. In conclusion, security is still a young academic discipline when related to other fields such as medicine, business, medicine and sociology. However, as the field of security progresses further, its language and clearness of its definitions should follow suit. Whereas outdated and usually synonymous descriptions of safety words being affirmed till now, as safety progressestowards greater specialized footing, its meanings and terms ought to advance. On the other side, as highlighted by Spender (2009), decisions in security, measures, performance, and methodology will have restricted meaning. Therefore, ‘Defence’ in Depth is said to demonstrate applying the ‘Rational Choice’ concept. ‘Protection in Depth’demonstratesthe industrialconcept of averting one point botchgrounded on established danger in every sector’s zone, and ‘Security in Depth’ represents complete capable guardianship. Security in Depth denotes an entire system perspective of security encompassing logical intelligence and physical measurements of security, all integrated according to a threat proposition. All these system approaches are targeted at enhancing physical security. References Atlas, R, I. (2008). 21st Century security and CPTED: Designing for critical infrastructure protection and crime prevention. Boca Raton: CRS Press. Australian Interim Security Professional’s Task Force (2008). Advancing security professionals: Discussion paper. Retrieved from August 2011: http://www.isacaadelaide.org/pd/Discusion_paper_Future_Security_Professionals_March08.pdf Borodzicz, E., & Gibson, S. D. (2006). Corporate security education: towards meeting the challenge.Security Journal,19, 180-195. Brooks, D. J. (2007). Defining security through the presentation of security knowledge categories. Perth: Western Australia. Edith Cowan University, International centre for Security and Risk Sciences. Cameron, K., Quinn, R., DeGraff, J., &Thakor, A. (2005). ‘The competing values framework: creating value through purpose, practices, and people. Ann Arbor: Addison-Wesley. Childers, R. G. (2011). Being One's Own Boss: How Does Risk Fit In?.American Economist, 56(1), 48. Coole, M., P. (2010). The theory of entropic security decay: the gradual degradation in effectiveness of commissioned security systems. A Thesis Submitted to the Faculty of Computing, Health and Science Edith Cowan University. Retrieved from: Coole, M., P., & Brooks, D., J. (2011). Mapping the organizational relations within physical security’s body of knowledge: A management heuristic of sound theory and best practice. Proceedings from the fourth Australian security and intelligence conference. Perth. Western Australia. Retrieved from: Fisher, R. J., & Green, G. (2004). Introduction to Security (7the.d.). Boston: Butterworth- Heinemann. Garcia, M. L. (2001). The design and evaluation of physical protection systems. Boston: ButterworthHeinemann. Howell, D, C. (2008). Fundamental Statistics for the Behavioral Sciences. Wadsworth: California. Jang, S, S., Kwak, S, W., Yoo, H., Kim, J., S., & Ki Yoon, W. (2009). Development of a vulnerability assessment code for a physical protection system: Systematic analysis of physical protection effectiveness (SAPE).Nuclear Engineering and Technology. 41, 5-18. Manual, F. (2001). Physical security. Headquarters, Department of the Army, Washington, DC, 1-317. Manunta, G. (1999). What is security? Security Journal.12, 57-66. Maslow, A., H. (1970). Motivation and personality (2nd end). New York: Harper & Row. McCrie, R.D. (2004). The history of expertise in security management practice and litigation. Security Journal 17 (3): 11-19. Nalla, M., &Morash, M. (2002). Assessing the scope of corporate security: Common practices and relationships with other business functions. Security Journal.15, 7-19. Nunes-Vaz, R,M Lord, S., &Ciuk, J. (2011). A more rigorous framework for security-in-depth. Journal of Applied Security Research, 6 (3), 372-393. O’Shea, L., S, &Rula, A. (2009). Design and security in the built environment. Fairchild Books, INC. New York. Police, R. C. M. (2004). Protection, detection and response. Physical security guide, Technical Security Branch, 1-20. Reynald, D., M. (2011). Factors associated with guardianship of places: Assessing the relative importance of the spatio-physical and sociodemographic contexts in generating opportunities for capable guardianship. Journal of Research in Crime and Delinquency, 48, 110-197. SANS Institute. (2002). A Scalable Systems approach for Critical Infrastructure Security. Retrieved from: http://energy.sandia.gov/wp/wp-content/gallery/uploads/020877.pdf Smith, C. L. (2003). Understanding concepts in the defence in depth strategy, School of Engineering and Mathematics. Australia: Edith Cowan University. Spender, J. C. (2009). Organizational capital: concept, measure or heuristic.Organizational Capital: Modelling, Measuring and Contextualising, 5-23. Standards Australia. (2006). Security risk management. Sydney: Standards Australia International Ltd. Talbot, J., &Jakeman, M. (2009). Security risk management body of knowledge: (SRMBOK).New Jersey: John Wiley and Sons. Turiel, A. (2011). IPv6: New technology, new threats. Network Security,2011(8), 13-15. Verizon. (2012). 2012 Data breach investigations report:Aus: Verizon Business. Read More