Systems Approach to Physical Security - Coursework Example

Systems Approach Definition Name: Lecturer: Course: Date: Systems Approach Definition Introduction Physical security consists of an integrated set of security measures aimed at restricting unauthorized access to equipment, facilities and resources. A typical physical security is therefore a system composed of various layers of interdependent systems, including security personnel, surveillance cameras or protective barriers (Smith & Brooks, 2012). This depicts system’s approach to security, which postulates that an effective physical security system should be made up of interrelated components that function collaboratively within an organization to achieve maximal security, or such objective. In any case, all components must be measured for effectiveness against a defined threat. This essay shows that physical security controls should be approached as an integrated system rather than as specific components of layers. This is based on the premise that there is no specific physical security layer or component that can fulfil all security needs. The underlying assumption is based on the Systems Theory. Physical Security Smith and Brooks (2012) describe physical security as the integration of procedures, individuals and resources in protection of assets against potential threats or risks. According to Fennelly (2012), it is the means through which an individual or property is protected against unauthorised access, theft, sabotage or vandalism. It also represents the physical measures intended to safeguard individuals, to protect property from unauthorised access and to guard against theft, damage or sabotage (Fay 2006). Basing on these definitions, an organisation’s physical security prevented unauthorised parties from accessing buildings, premises or vaults. The descriptions are consistent with Defence in Depth theory, which proposes that people, procedure and equipment should be integrated to offer in depth security (Coole at al., 2012). Smith and Brooks (2012) indicates that components of physical security offer target hardening as well as lead to the restraint effect of a security plan. An ingenious and effective security measures along with a suitable security plan can prevent an opportunistic intruder (Garcia, 2007). Despite this, in situations of an unwavering intruder, the components of physical security and measures will therefore merely serve as delay, detection and response layers since it is considered that with adequate resources and time, it is possible to breach any physical barrier. In regards to mathematical probability of the failure or success of the system, physical security modelling demands that any given component of the physical security, the relative properties of detection, delay and response mix to create a general relative risk value for the security system (Alach, 2007). Consideration of issues related to developing an appropriate physical security should first be addressed after analysis of the nature of the problems identified through perception of the reality of human adversary that may defeat physical security system in real life scenario. In an adverse case scenario, the adversary defeats the system to get unrestricted access to the facility, thus presenting a major risk to the facility. The basis for determining effectiveness of the components of physical security in this respect may be expressed either by probability of failure or probability of success (Alach, 2007). Systems theory Systems theory describes a trans-disciplinary field of study of the theoretical arrangement of a phenomenon independent of their types, variations, substances or levels of existence (Coole & Brooks, 2011). The theory inquires into the principles that are shared by all complex entities as well as the approaches that can be used in describing them. Smith and Brooks (2012) depict systems theory as a set of principles that apply to systems regardless of the nature of their elements, forces or relations between them. In brief, the theory emphasizes the value of integrating parts or elements of a solution to solve a problem (Mele, Pels & Polesce, 2010). It further postulates that problems cannot be solved if interrelated components are pursued while separated or isolated. A problem in this case refers to a situation that seeks a solution on account of the critical challenges that threaten its effective existence or functioning (Coole & Brooks, 2011). As stated by Smith and Brooks (2012), systems theory considers systems as capable of interacting with their environments. Systems can also obtain new properties that facilitate continual evolution. Systems theory stems from the perspective that objects examined through mathematics are basically “relations and sets between sets and their components”(Mesarovic, 1967). Integrating Systems approach and Physical Security Systems theory suggests that the individual components of physical security cannot function in isolation. Rather, they work as an integrated system (Young & Leveson, 2014). Hence, protection of property using physical security is attainable using layers or components of physical protective measures. Therefore, in security management, physical protective systems seek to attain and sustain a steady-state despite their vulnerability to external and internal environment (Smith & Brooks, 2012). In integrating physical security to systems theory, the physical security is viewed as system that is made of interrelated components that function collaboratively within an organization to achieve maximal security, or such objective (Masaya at al., 2007). Therefore, rather than reducing physical security to the properties of its components, systems theory is focused on the organization and interaction of the components that connect them to become a complete system. This kind of arrangement determines existence of a system that is separate or isolated from the physical substances of the elements (Fenelly, 2012). Drawing on the aspects of physical security, the systems theory emphasizes the means through which an organized security system responds to threats in an adaptive way so as to cope with underlying vulnerabilities of threats in their external environment (Young & Leveson, 2014). This depicts that the kind of security system put in place should keep its basic components intact. Additionally, the theory emphasizes how agents of physical security such as security guards interact with the organization and those outside the organization while at the same time concentrating on identifying the specific components in the organization that substantially affect the outcome of security. In this case, to maximise the effectiveness of physical security components, the threats they respond to are examined as well as the pre-existing response mechanism designed in that respect (Fennelly, 2012). To examine the mathematical probability of failure or success of the system, physical security model can be used to create virtual security and in recognising the key security performance measures such as probability of intervention, probability of detection, equivalent annual cost, capital costs and worst interventions (Alach, 2007). Although these attributes may be difficult to quantify and can lead to situations where calculations are made that have huge uncertainty, to attain cost-effective perimeter security, the objective and subjective approaches can be used in considering the limits of physical security modelling (Alach, 2007). Relating Systems Approach to Components of Physical Security Rudimentary approach to physical security separates it into two core components. While on one hand there is the human aspect, the other is the technology aspect. However, these can further be divided into different sets of security layers. A comprehensive physical security provides effective and efficient use of personnel and equipment to minimize the effects of security breach and other disruptive incidences (Prezelj, 2012). The concept of physical security in deterring invasive behaviour is in itself wide, which means it needs a relatively comprehensive approach that deals with various human behaviours such as that of systems theory (Patton, & McMahon, 2006). The theory helps in effective understanding of physical security as a system with independent components of its own (Young & Leveson, 2014). Its comprehensive nature is seen in the problems it seeks to solve, such as seeking to protect hardware, personnel, buildings, programs, hardware, or any conceivable object, whose security can be breached or activities disrupted by antagonistic forces. These may vary from hacking, natural disasters, theft, burglary, arson attacks, terrorism, vandalism or any kind of intrusion (Jones at al., 2006). To narrow down the scope of physical security, theorists conceived three main components. The first includes the obstacles that can be put to guard against attacks or environment disasters or accidents. These include fireproofs, fencing and multiple locks. The second component includes having a notification or surveillance system to guard against intrusion (Jones at al., 2006). Third, measures can be implemented to cease the attackers before any damage or to recover from intrusion. In such a situation, systems theory proposes that a fragmented approach should not be used in examining a phenomenon (Young & Leveson, 2014). This is based on the premise that it is much less useful to have intimate and specific knowledge of the smaller and more distinct component. Rather, than an abstract knowledge of the entire system as a whole is necessary (Smith and Brooks (2012). To this end, rather than focusing on the components of the system, focus for physical security should be placed on the integrated system despite the ranking or significance of the components of physical security within the system (Coole & Brooks, 2011). EASI model can be used to evaluate the effectiveness and efficiency of components of physical security against adversary threats that attempt to reach the facility. The process may begin by randomly assigning the adversary of population paths before determining the budget of the physical security components (Gargano et al., 2003). The probability of failure determined by the EASI results on the failure of the first component can be used to evaluate the second component based on how they interrupted the first population. The process is repeated to the last component. In this ways, the entire system components are evaluated for threats (Gargano et al., 2003). Selection of physical security components based on systems theory Fennelly (2012) indicated that the physical security measures used to protect property depends on the property that is to be protected, the location of the property and the threats or vulnerabilities that face the property. Applying the right protection requires understanding all these components. In this case, the physical security should be approached collaboratively by all actors in the organisation in terms of integrated systems rather than individual components such as fences, guards or lighting (Graves, 2006). To accomplish this, Fennelly (2012) suggested that planning for physical security components should begin from the outset. For instance, all actors in the organisation should work collaboratively as well as take consideration of all protection requirements to identify and come up with the security measures targeted at risk. This is based on Routine Activity theory, which proposes that an action of guardian security will occur if the suitable target is identified (Coole at al., 2012). To this end, the collaborative approach proposed by the systems theory becomes evident. Fennelly (2012) explained that such collaborative planning can help create optimum security cost-effectively. On analysis, Fennelly (2012) implied that if a comprehensive and systematic approach that integrates entire security factors is taken into consideration during planning, then issues of security breach would be unheard off. Application of physical security controls should be approached as whole, or integrated system, rather than in specific components of layers since there is no specific layer that can fulfil all security needs. Fennelly (2012) argues that in any physical security, no single measure or control can address all security needs for a property or asset. In this case, security measures have to be designed in layers or components. These components are what comprise an effective physical security. Bitzer and Hoffman (2007) suggest that effective protection can be achieved through procedural, physical and psychological barriers to deter or delay unauthorised access. Physical security controls must integrate the components of detection, protection, response and recovery. Physical security modelling demands that any given component of the physical security, the relative properties of detection, delay and response mix to create a general relative risk value for the security system. In analysis and evaluation of physical protection system (PPS), Garcia (2001) suggests a mathematic approach where qualitative and quantitative analysis and construction of an evaluation map of a system is done to determine effectiveness of the system in meeting security objectives. The process entails analysis of the physical security components and listing this strengths and limitation. The model entails a complex configuration of delay, detection and response components that are analysed to determine the effectiveness of the physical security system. In regards to analysis, deficiencies and effectiveness of the system are identified. To this end, effectiveness of the system depicts the property of the facility to meet security objectives (Alach, 2007). Outer Layers Selecting the outer layers as an integrated system of protection depends on the location and type of the asset or property. Fennelly (2012) suggests that an office premise situated in a city may only have a perimeter while a factory in an industrial area may have a large piece of land with grounds that surround the building. On a property of the second type, the perimeter may be a barrier such as a fence or a wall situated near the edge of the property. While the factory may have a wall or a fence, a building may have building walls. Based on the systems’ theory, whatever the barrier is erected, it should in actual fact be the first layer of physical security since other layers still need to be integrated (Fennelly, 2012). Roads allow customers and employees to access a facility although they may also facilitate unauthorised access. Physical security selected for the road depends on the type and use of the road, since public roads do not allow for additional controls. For private roads, controls such as perimeters restricting access can be installed (Fennelly, 2012). Based on systems theory, an integrate approach should be used to make sure that the barriers installed cater for comprehensive security needs. In this regards, walls, gates and fences should be integrated to at the outer layer. Two types of barriers should be used for perimeter protection. These include structural and natural barriers. Natural barriers include cliffs or water bodies such as rivers and lakes or terrains with dense and thorny plant life. Structural barriers to be considered include fences, gates, highways or walls. Basing on systems theory, it can be argued that none of the structural or natural barriers can completely prevent access, despite making it difficult for unauthorised persons to gain entry into the facility. Because of this limitation, Fay (2006) suggests that other physical control layers should as well be used to increase their effectiveness. Other components to be integrated in the outer layer system include buildings and doors. The two define where the outer layer of security ends. Buildings separate outer and inner layers. In using this control, the areas adjacent to the exterior door and the building should be left clear to allow for unobstructed surveillance by other controls such as guards and cameras. In integrating security controls at parking areas, parking space for customers, employees and visitors should be left. Parking should be outside the outer perimeter to prevent theft by employees, unless all vehicles that are inside are inspected or additional fencing is provided (Werner, 2012). Lighting should also be integrated into the system to serve as deterrent to antagonistic intruders. Adequate lighting allows walls, fences, parking and grounds to be observed clearly (Kruegle, 2011). To determine whether the lighting is sufficient, it should be taken through an actual test, where the existing light should be sufficient as evaluated under practical and controlled conditions failure to which more lighting would be needed (Garcia, 2007). Surveillance should also be integrated into the system. It involves using surveillance cameras and security guards. However, based on systems theory, both should be used to achieve effective security (Kruegle, 2011). An alarm is another component to be integrated to the outer layer. How and to what extent they are used is determined during the planning process. Alarms supplement surveillance and barriers by calling attention to intrusion. Like selecting surveillance, the key to selecting an alarm depends on the physical survey or risk assessment of the environment (Feruza & Kim, 2007; Oludele et al., 2009). Inner Layers Penetrating the outer layer components leads to access of the inner layers. Basing on systems theory, to make the physical security more complete, an inner layer should be installed to integrate the outer layer. Inner layer consists of doors, buildings, glass and windows. Buildings may serve as the first inner layer or outer perimeter. Selection of the component depends on configuration of a facility (Fennelly, 2012). Other components such as passageways, conduits and windows need to be controlled. Any opening should be closed permanently (Werner, 2012). Doors should remain locked when not in use and controlled when being used. The perimeter or exterior doors should be hardened and need to be stronger than the doors inside the facility. In accordance to the systems approach, associated components should as well be strong. For instance, high security door should be supplemented by strong latching devices. Locks, combinations and keys should be strong enough to deter unauthorised access (Fennelly, 2012). The three should be selected based on their high quality and strength in avoiding unauthorised access. Annual assessment of the three components should be done to identify stolen or lost ones and variation in quality (Khairallah, 2006). Roofs are another critical component that may either be the inner or outer perimeter. Selecting one depends on the level of security desired. Access to the roofs should be difficult to deter unauthorised access (Masaya at al., 2007). All openings should be sealed. Access controls is another critical component of physical security to protect assets (Werner, 2012). Only authorised vehicles and personnel should enter the facility to minimise risk of damage or loss (Masaya at al., 2007). Assessing them for effectiveness involves checking whether they integrate with different security functions that serve as individual components or layers of protection (Khairallah, 2006). To use them as components of an integrated system, useful controls include guards, card reader systems and locks, combinations or keys. Card reader systems may include biometric systems, optical bar code and retina or voice recognition. Conducting site physical surveys will help identify the vulnerabilities of access. Selecting the right access controls should be based on the vulnerabilities (Rumelili, 2013). Conclusion Physical security controls should be approached as an integrated system rather than as specific components of layers. This is since there is no specific layer that can fulfil all security needs. In integrating physical security to systems theory, physical security is viewed as system that is made of interrelated components that function collaboratively within an organization to achieve maximal security, or such objective. In essence therefore, the security controls should be made up of sets of interrelated components that work collaboratively to achieve the common purpose of security objectives such as deterring, detecting, delaying, responding and recovering from antagonistic attacks. The basis for determining effectiveness of the components of physical security in this respect may be expressed either by probability of failure or probability of success. In this regards, an evaluation of the physical security may be considered to be suitable or unsuitable. References Alach, Z. (2007). Mapping the elements of physical security towards the creation of a holistic physical security model. This thesis is presented for the degree of Master of Science (Security Science) at Edith Cowan University Bitzer, E. & Hoffman, A. (2007). Psychology in the Study of Physical Security. Retrieved from: Coole, M. & Brooks, D. (2011). Mapping The Organizational Relations Within Physical Security’s Body Of Knowledge: A Management Heuristic Of Sound Theory And Best Practice. Perth: Security Research Centre. Coole, M., Corkill, J. & Woodward, A. (2012). Defence in Depth, Protection in Depth and Security in Depth: A Comparative Analysis Towards a Common Usage Language. Paper published in the Proceedings of the 5th Australian Security and Intelligence Conference, Novotel Langley Hotel, Perth, Western Australia, 3rd-5th December, 2012 Fay, J. (2006). Contemporary Security Management. Burlington, MA; Butterworth-Heinemann, Fenelly, L. (2012). Effective Physical Security. (4th ed.) Waltham, MA: Butterworth-Heinemann, Feruza, S. & Kim, T. (2007). IT Security Review: Privacy, Protection, Access Control, Assurance and System Security. International Journal of Multimedia and Ubiquitous Engineering 2(2), 17-30 Garcia, M. (2001). Analysis and Evaluation. In The Design and Evaluation of Physical Protection Systems. Boston: Butterworth-Heinemann. Garcia, M. (2007). Design and Evaluation of Physical Protection Systems. Burlington, MA: Butterworth-Heinemann Gargano, M., Edelson, W., Benjamin, P., Meisenger, P., Kasinadhuni, M. & DeCicco, J. (2003). Evolving Efficient Security Systems Under Budget Constraints Using Genetic Algorithms. Proceedings of Student Research Day, CSIS, Pace University, May 9th, 2003 Graves, G. (2006). Analytical Foundations of Physical Security System Assessment. Texas A&M University Jones, D., Davis, C., Turnquist, M. & Nozick, L. (2006). Physical Security and Vulnerability Modeling for Infrastructure Facilities. California: Sandia National Laboratories Khairallah, M. (2006). Physical Security Systems Handbook: The Design and Implementation of Electronic Security Systems. Burlington, MA: Butterworth-Heinemann Kruegle, H. (2011). CCTV Surveillance: Video Practices and Technology. Burlington, MA: Butterworth-Heinemann Masaya, N., Goto, J., Morino, J., Yanoo, K, Sakaki, H & Terasaki, H. (2007). "Cooperative Security" Breaks the Limits of Traditional Security Measures. NEC Technical Journal 2(1), 11-16 Mele, C., Pels, J. & Polesce, F. (2010). A Brief Review of Systems Theories and Their Managerial Applications. Service Science 2(1/2), 126 – 135 Mesarovic, M. (1967). General Systems Theory And Its Mathenlatical Foundation. For presentation at the 1967 Systems Science and Cybernetics Conference, IEEE, Boston, Massachusetts, October 11-13, 1967 Oludele, A., Ogunnusi A., Omole O. & Seton O. (2009). Design of an Automated Intrusion Detection System incorporating an Alarm. Journal of Computing, 1(1), 149-157 Patton, W. & McMahon, M. (2006) The Systems Theory Framework Of Career Development And Counseling: Connecting Theory And Practice. International Journal for the Advancement of Counselling 28(2):pp. 153-166 Prezelj, I. (2012) Challenges in Conceptualizing and Providing Human Security. HUMSEC Journal, Issue 2, 1-22 Rumelili, B. (2013). Identity and desecuritisation: the pitfalls of conflating ontological and physical security. Journal of International Relations and Development doi: 10.1057/jird.2013.22 Smith, C. & Brooks, D. (2012). Security Science: The Theory and Practice of Security. Oxford: Butterworth-Heinemann Young, W. & Leveson, N. (2014) An Integrated Approach to Safety and Security Based on Systems Theory. Communications Of The ACM. 57(2), 31-35 Werner, D. (2012). Church Security: First Assembly Worship Center. Journal of Law Enforcement 1(2), 2-15 Read More

In regards to mathematical probability of the failure or success of the system, physical security modelling demands that any given component of the physical security, the relative properties of detection, delay and response mix to create a general relative risk value for the security system (Alach, 2007). Consideration of issues related to developing an appropriate physical security should first be addressed after analysis of the nature of the problems identified through perception of the reality of human adversary that may defeat physical security system in real life scenario.

In an adverse case scenario, the adversary defeats the system to get unrestricted access to the facility, thus presenting a major risk to the facility. The basis for determining effectiveness of the components of physical security in this respect may be expressed either by probability of failure or probability of success (Alach, 2007). Systems theory Systems theory describes a trans-disciplinary field of study of the theoretical arrangement of a phenomenon independent of their types, variations, substances or levels of existence (Coole & Brooks, 2011).

The theory inquires into the principles that are shared by all complex entities as well as the approaches that can be used in describing them. Smith and Brooks (2012) depict systems theory as a set of principles that apply to systems regardless of the nature of their elements, forces or relations between them. In brief, the theory emphasizes the value of integrating parts or elements of a solution to solve a problem (Mele, Pels & Polesce, 2010). It further postulates that problems cannot be solved if interrelated components are pursued while separated or isolated.

A problem in this case refers to a situation that seeks a solution on account of the critical challenges that threaten its effective existence or functioning (Coole & Brooks, 2011). As stated by Smith and Brooks (2012), systems theory considers systems as capable of interacting with their environments. Systems can also obtain new properties that facilitate continual evolution. Systems theory stems from the perspective that objects examined through mathematics are basically “relations and sets between sets and their components”(Mesarovic, 1967).

Integrating Systems approach and Physical Security Systems theory suggests that the individual components of physical security cannot function in isolation. Rather, they work as an integrated system (Young & Leveson, 2014). Hence, protection of property using physical security is attainable using layers or components of physical protective measures. Therefore, in security management, physical protective systems seek to attain and sustain a steady-state despite their vulnerability to external and internal environment (Smith & Brooks, 2012).

In integrating physical security to systems theory, the physical security is viewed as system that is made of interrelated components that function collaboratively within an organization to achieve maximal security, or such objective (Masaya at al., 2007). Therefore, rather than reducing physical security to the properties of its components, systems theory is focused on the organization and interaction of the components that connect them to become a complete system. This kind of arrangement determines existence of a system that is separate or isolated from the physical substances of the elements (Fenelly, 2012).

Drawing on the aspects of physical security, the systems theory emphasizes the means through which an organized security system responds to threats in an adaptive way so as to cope with underlying vulnerabilities of threats in their external environment (Young & Leveson, 2014). This depicts that the kind of security system put in place should keep its basic components intact. Additionally, the theory emphasizes how agents of physical security such as security guards interact with the organization and those outside the organization while at the same time concentrating on identifying the specific components in the organization that substantially affect the outcome of security.

Read More