Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!

Up or Down the Access Staircase

By Jeffrey Dingle
July 1, 2007


I recently got an e-mail from a colleague asking a question about my thoughts on increasing access control at a site he was tasked with reviewing.

The site has no real history of access problems, so there was no real reason to increase the existing level of security. His point was that with the current state of world affairs – there is no real reason NOT to increase the level of security and access control.

This brought up a series of questions and debates among my staff – when is a good time to increase the level of security by increasing the level of access control? The consensus was that a client or end-user is often unwilling to increase security without justification – not so much that there is a reluctance to increase security, but almost always an increase in security involves significant cost. The reluctance is in spending money, not in increasing security.

The most vivid statement defining security funding is “money flows when blood flows.”

Making the Upgrade Move

So when do you increase security? Generally speaking, security is increased after a problem or “event” (generally involving injury or loss), or at a well defined increase in threat.

The most common increase in security involving access control is the addition of biometrics to an existing system. Biometrics-based systems are generally understood to be very secure, and existing technology is both very accurate and very effective. As with any change, it is important to address all of the issues facing the user. But there are issues to consider.

Acceptance -- A critical factor in the success of a biometrics-based system is user acceptance of the biometrics device. There are several factors that have an impact on acceptance. The concept may seem frightening, especially devices using the eye to verify identity. A successful device must not cause discomfort or frighten the user, and users need to know what the system does, and doesn’t do. There is a story circulating of a bored security officer telling users that the retina scan system at a facility could “read your thoughts” when using the system. If people are afraid to use a device, they will probably not use it properly, and will probably not be granted access. Biometrics must also be easy to use. People better accept things that are simple.

Biometrics (like all access systems) will accomplish one of four tasks. The four possibilities are: 1) You are allowed access and you get in (this is Good), or 2) You are not allowed access and you don’t get in (this is also Good). The other two possibilities are: 3) You are allowed access but you don’t get in (this is bad, but we can fix this) or 4) You are not allowed access, but you get in (this is VERY BAD). The chance of one of these last two problems occurring is defined by the False Accept and False Reject error rates.

False Rates and Throughput

False Accept Rates – This is the probability of allowing access to an unauthorized person. This error rate must be low enough to present a real deterrent for a given application. False accept rates in current biometrics-based access systems are generally less than 0.1 percent. Remember that the only way a false acceptance can occur is if someone tries.

False Reject Rates – This is the probability that the biometrics does not recognize an authorized user and denies access. False reject rates for currently available systems are generally less than 1.0 percent. A low false reject rate impacts user acceptance. What is acceptable depends on the application. A false reject usually results in the user being sent to a security or access control officer to verify current authorized access. While inconvenient, the user ultimately gains access. Given a choice, we would always rather keep someone out that is authorized access, than let someone in who is not allowed access.

Throughput – It’s the time it takes for a person to manipulate the device until access is allowed. When a person uses a biometric reader, he or she sometimes enters a PIN number on an associated keypad. The reader then prompts to position a hand, finger or eye where the device can scan physical details. The elapsed time from presentation to identity verification is the “verification time.” Most readers verify ID in less than two seconds. Throughput time includes the total time it takes a person to use the system, including the time it takes to enter the PIN number and the time necessary to be in position to be scanned. If PIN numbers are used, they should be kept as short as possible. Some systems obtain the number by reading a card that has the PIN number embedded in the card code. Faster throughput generally equates to higher user acceptance.

Once extraordinarily expensive and only used in the highest of security applications, biometrics-based access systems are no longer the “super high tech” answer to access control. They are more widely used, effective and efficient.

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jeff Dingle is assistant director of special projects for LSI, a U.S.-based anti-terrorism, homeland security and physical security training company. He has been a Federal Criminal Investigator, security manager at a FORTUNE 15 company and ran the security operations for a former U.S President for eleven years. He can be reached at JeffDingle@LSIeducation.com.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Get Into Access: The Value of Buy-in

    See More
  • Access Control, the Government Version

    See More
  • Turning to Access Control Turnstiles

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing