Know Your Vulnerabilities

A vulnerability study is a comprehensive assessment of all current physical security measures and operational characteristics that affect the facility’s ability to detect, deter, delay and respond to threats.

Included in the study is an examination of the physical systems and procedures used by the response team to manage the system and respond to identified threats. During the vulnerability study, the system’s performance capabilities are tested to verify the life safety features of the systems. For example, a company may have an existing access control system. There is usually an interface between the electric locking systems and the building fire alarm system to meet fire code requirements. These interfaces are tested during the vulnerability study to ensure proper operation.

Prepare to Conduct the Survey

A vulnerability study begins with a review of the physical threat assessment. The threat assessment identifies the assets that require protection and the threats to those assets. To prepare for the vulnerability study and physical survey, develop a written plan to help keep the study on track. When conducting the study, there are many distractions. A written plan outlines the steps in the proper sequence to completion.

The plan should include at least the following:

An inspection of all identified assets.
Establishing a protected perimeter for each asset.
An assessment of the physical barricades that comprise the protected perimeter.
An identification of each opening that provides human access (of any kind) to the asset.
A definition of the use of that opening (e.g., ordinary and usual access, emergency exit only, freight only, etc.).
Means of control for each opening in each protected perimeter.
Lighting conditions around the protected perimeters.
An assessment of the means to affect the critical infrastructure that supports the asset (power, water, gas, etc.).
A review of employee identification procedures.
A review of visitor controls.
An evaluation of the effectiveness of existing security systems in light of identified threats.
A review of incident reporting procedures (if not done during the physical threat assessment).
A review of written security response procedures (if not done during the physical threat assessment).
A review of post instructions for the existing security force (if not done during the physical threat assessment).

Means and Methods

A comprehensive study includes all of the elements necessary to detect, deter, delay and respond to manmade physical security threats. The techniques used in making this determination are:

Technique 1: Inspect Asset and Establish a Perimeter

Using the floor plans and plot plans provided by the company, identify all of the assets in the protected areas. In many cases, the assets are simply the areas where work is taking place. A useful method of making these identifications is to highlight the asset in a meaningful way on the floor plans and plot plans.

Technique 2: Establish a Security Perimeter Around Each Asset

The perimeters are usually walls or fence lines that encircle the asset. Please note that the term “circle” when used to define protected perimeters is a general term and not used to mean a “round” circle. The perimeter is simply the parts of the infrastructure that enclose the asset. Often these circles follow the contours of the surrounding structure and have a variety of shapes.

Physical security perimeters are concentric circles around each asset with each succeeding circle widening and having progressively lower levels of security. In that way, the most valuable resources receive the greatest focus of security system measures. Define the perimeters on the floor and plot plans by marking the walls and fence lines that encircle the assets.

Some typical elements of perimeter development include:

An assessment of the likelihood of intrusion by unauthorized personnel to areas of critical assets (people or property).
The facility’s mission and objectives.
A determination of consequences of loss from perpetrators with deliberation and intent.
A review of existing countermeasures to threats, including emergency procedures and insurance reimbursement as a result of anticipated losses.

Michael Khairallah is president, Security Design Solutions of Covington, La. His book, Physical Security Systems Handbook – The Design and Implementation of Electronic Security Systems (Elsevier, Butterworth Heinemann), is available at $49.95 and can be ordered through the Elsevier Web site at www.elsevier.com or telephone (800) 545-2522 or write Elsever, Order Fulfillment, 11830 Westline Industrial Drive, St. Louis, Mo. 63146.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.

Know Your Vulnerabilities

Prepare to Conduct the Survey

Means and Methods

Technique 1: Inspect Asset and Establish a Perimeter

Technique 2: Establish a Security Perimeter Around Each Asset

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Know Your Vulnerabilities

Prepare to Conduct the Survey

Means and Methods

Technique 1: Inspect Asset and Establish a Perimeter

Technique 2: Establish a Security Perimeter Around Each Asset

Share This Story

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.