Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Leadership and ManagementAccess Management

Can You Measure Your Building’s Penetration Risk? - Part 1

Part 1 of a 2-part series on security entrance metrics

By Mark Perkins
lobby-enews
January 31, 2017

How can you measure your risk of unauthorized entry? Until now, it’s been virtually impossible. When it comes to security entrances, new analytics technologies (e.g. PSIM, IoT, etc.) are emerging, and it’s becoming possible to use technology, combined with people, to tap into security entrance metrics as part of an overall physical security strategy.

Measuring penetration risk is about prediction, and to accurately predict requires a reliable tailgating prevention strategy, otherwise any PSIM or other available analytical tool will fall short. In this article, we’ll talk about the challenges security professionals face related to penetration risk measurement; later, in a second article, we’ll demonstrate how a tailgating prevention strategy actually works and the metrics that can help predict your risk of penetration.

 

Rise and Fall of the Security Professional?

It’s 2017, and we all know people see the world differently since 9/11. Expectations on security managers today are high. In a 2009 survey conducted by the Society for Fire Protection Engineers (SFPE), 29 percent of Americans polled said that security was the most important feature for public buildings, while only 12 percent believed it was fire safety, despite fires being a far more likely event. According to a national poll commissioned by Workplace Options in late 2015, U.S. workers ranked “workplace violence/criminal activity in the community” second behind only “employer announcing layoffs/job losses,” when asked to rank workplace events that cause trauma, stress and anxiety. The perception now is that creating safe, secure buildings is highly important. This may spell job security for security professionals, but there is also irony here.  

The irony is that given today’s emphasis on security, security professionals are asked to provide a return on investment (ROI), mitigate workplace violence, and plan for multiple emergency responses, all while being under-resourced. One cause for this current reality is that metrics proving ROI have been unconvincing in getting more resources. Everyone seems to be running from the elephant in the room: who is in my building right now, and are those people authorized?

 

The Elephant in the Room

If security managers cannot adequately answer who exactly comes and goes from their facilities, how can they say they are protecting their company’s brand, assets, IP, and employees?  What other executives with multi-million dollar capital and operational budgets are considered successful managers, yet cannot measure spending decision outcomes and prove an ROI? Since when does a “perceived improvement” constitute a good investment? How do you communicate that you are reducing risk if you don’t have a baseline from which to measure the reduction?

Recently, ASIS announced a new global strategic priority for its members:  Enterprise Security Risk Management. ESRM uses risk-management principles to control security-related risks across an enterprise. A reliable tailgating prevention strategy, which includes measuring and predicting risk at entry points, would definitely be a critical piece to a successful ESRM initiative. If you can instill fact-based, standard operating procedures (SOPs) when it comes to authorized entry, rather than strictly assumptive and reactionary SOPs, you can measure and accurately predict results.

 

Better Security vs. Life Safety Compliance

The ability to measure risk can also help security professionals find a balance between security and life safety across an ESRM platform.  Imagine a violent incident is taking place in a courtyard and you want to lock down all entrances leading to that location to prevent anyone from panicking and running into the danger and keep the violence from coming inside. But complying with NFPA 7.2, and ensuring free, unobstructed egress could result in injury or worse, death. It is a challenge to obtain any kind of variance from local jurisdictions (government, fire and law enforcement) to override locked exit point restrictions. Without an approved variance, you can only do with your entrances what fire codes demand. On the other hand, if your physical security plan includes fact-based SOPs and verifiable metrics, the likelihood of lobbying successfully for variances greatly improves.

 

Preventing or Merely Detecting?

Let’s look more closely at a common example of the elephant in the room. As security professionals make significant capital investments for physical security infrastructure, they often deploy optical turnstiles in their lobbies and at side entrances. The turnstiles certainly serve as a deterrent; however they alarm after tailgating occurs and require manned supervision to respond. This is a tailgating “detection” strategy, but it’s not a “prevention” strategy. The result is evidence collection and risk mitigation that is not measurable or predictive. Relying on humans is a reactionary SOP that assumes perfect guard behavior every time there is an alarm. Worse yet, I’ve witnessed situations where the guards become “numb” to the audible alarms and eventually turn them off!

To date, measuring performance has traditionally been analyzing alarm outputs and complaints. 

Somewhere mixed in with user errors and false rejections are valid and true alarms, which are rejections to a tailgating/piggybacking incident. These are the metrics security managers have hung their hat on for years; for example, “there were x number of tailgating alarms yesterday.” But, what are the chances of false acceptance… that a person could successfully trick the sensors and get in? Better stated, what is the statistical probability of a false acceptance at every entry point? More importantly, can you prove it?  This is where the whole process needs to start and security managers who can generate real ROI and answer these questions now deserve a seat at the C-suite table. 

 

Stop Running from the Elephant

Risk measurement is even more critical when managing systems and facilities across an enterprise’s multiple buildings. We are currently working with a large retail chain corporate headquarters with tens of thousands of associates. In addition to an effective tailgating prevention strategy deployment, they also have SOPs that direct employees away from danger and toward bullet-resistant safe zone enclosures. They can accurately measure and predict the result of this deployment (spend), because they know exactly who is in their facilities at any given time.

Enterprises cannot adequately manage their level of penetration risk without knowing exactly who comes and goes. As ESRM becomes a fundamental discipline in managing enterprise security, we all must stop running from the elephant in the room by implementing a real, effective tailgating prevention strategy. Combined with other analytical methods available today, this will allow security professionals to much more effectively meet the challenges of this new world. In our second article, we’ll cover how you can go about planning and implementing a tailgating prevention strategy that achieves measurable, predictive data that will effectively prove the value of the work that you do.

Read more on this topic in Part II of this series, to be released in the Security eNewsletter on February 28.

KEYWORDS: penetration testing security metrics security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Mark perkins round4

Mark Perkins is Vice President of Strategic Markets Development for Boon Edam USA. Perkins was previously the Vice President of Enterprise Sales and was instrumental in the rapid worldwide growth of Boon Edam’s security products lineup. With more than ten years of experience at Boon Edam and more than 25 years of experience in the security industry, Perkins brings a strong background to the Boon Edam team.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • doors-enews

    Can You Measure Your Building’s Penetration Risk? - Part 2

    See More
  • busy lobby

    How can security teams manage risk if they can’t measure it?

    See More
  • security entrance, revolving door, mantrap,

    How Do Security Entrances Affect an Organization's Bottom Line?

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products

Events

View AllSubmit An Event
  • May 14, 2012

    Effective Risk Communication: Theory, Tools, and Practical Skills for Communicating about Risk

    Stay ahead of the curve by attending this in-depth program, featuring the latest scientific findings on risk perception, case studies from around the world, a suite of practical tools, and hands-on skill training.
  • October 17, 2024

    How to Assess and Hone Your Security Program

    ON DEMAND: In this webinar, Erik Antons, a security risk management executive with more than 20 years of working in the Federal Government, energy, hospitality, and manufacturing sectors, shares his perspective on the building blocks of a successful manufacturing security program.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing