Cert Review, CPP, 2018, Domain 5

A Comprehensive Study Guide for the
CERTIFIED PROTECTION PROFESSIONAL (CPP)
Examination
Spring 2018
www.asishouston.org
ASIS INTERNATIONAL – HOUSTON CHAPTER https://www.vexels.com/vectors/preview/143499/skyline-houston-illustration
PHYSICAL SECURITY
Study Guide for the

CERTIFIED PROTECTION PROFESSIONAL (CPP)
Examination
PHYSICAL SECURITY
PAGE 3 /223
PHYSICAL SECURITY
Domain V Task Index
• Task 05/01 Conduct facility surveys to determine the current status of physical
security
– 05/01/01 Security protection equipment and personnel
– 05/01/02 Survey techniques
– 05/01/03 Building plans, drawings, and schematics
– 05/01/04 Risk assessment techniques
– 05/01/05 Gap analysis
• Task 05/02 Select, implement, and manage physical security strategies to mitigate
security risks
– 05/02/01 Fundamentals of security system design
– 05/02/02 Countermeasures
– 05/02/03 Budgetary projection development process
– 05/02/04 Bid package development and evaluation process
– 05/02/05 Vendor qualification and selection process
– 05/02/06 Final acceptance and testing procedures
– 05/02/07 Project management techniques
– 05/02/08 Cost-benefit analysis techniques
– 05/02/09 Labor-technology relationship
• Task 05/03 Assess the effectiveness of physical security measures by testing and
monitoring
– 05/03/01 Protection personnel, technology, and processes
– 05/03/02 Audit and testing techniques
– 05/03/03 Preventive and corrective maintenance for systems
Revised Spring 2018 ASIS INTERNATIONAL, HOUSTON CHAPTER David P. Cribbs, CPP, PSP | dpcribbs@gmail.com
PAGE 4 /223
PHYSICAL SECURITY
CPTED
• Eight main categories of physical security measures…
1) CPTED
2) Physical barriers and site hardening
3) Physical entry and access control
4) Security lighting
5) Intrusion Detection
6) Video surveillance
7) Security personnel
8) Security policies and procedures
ASIS GDL FPSM-2009, Sect. 1.2
• Crime Prevention Through Environmental Design (CPTED)…

– Proper design and effective use of the built environment can lead to a reduction in the opportunity, fear, and
incidence of predatory, stranger-to-stranger type crime
– Divided into smaller, more clearly defined areas or zones (defensible space, per Oscar Newman)
– CPTED can also result in an improvement of the quality of life - how and where we live, work and play
– CPTED should be integrated into the design and function of the buildings or location
– All human space
• Has some designated purpose
• Has social, cultural, legal or physical definitions that prescribe the desired and acceptable behaviors
• Is designed to support and control the desired and acceptable behaviors
ASIS GDL FPSM-2009, Sect. 3.1.1
PAGE 5 /223
PHYSICAL SECURITY
CPTED
• Crime Prevention Through Environmental Design (CPTED) (continued)…
– CPTED is the design or redesign of a venue to reduce crime opportunity and fear of crime through
• Natural means
• Mechanical means
• Procedural (organizational) means
– CPTED is a crime prevention theory grounded in environmental

criminology
• Carefully designed places such as buildings, parks, parking lots,

and other structures in the surrounding environments can improve
the quality of life by deterring opportunities for crime and reducing
the fear of crime
– At its core, CPTED is based on common sense, and a heightened

awareness about how people use their space for legitimate and
criminal intentions
ASIS POA, Vol. 2, Sect. 3.1
PAGE 6 /223
PHYSICAL SECURITY
CPTED
• Crime Prevention Through Environmental Design (CPTED) (continued)…
– CPTED is best applied using a multidisciplinary approach engaging the following stakeholders in working teams
• Planners
• Designers
• Architects
• Landscapers
• Law enforcement
• Security professionals
• Facility users (residents, employees, etc.)
– When designing new or renovating existing

properties, security and crime prevention
practitioners should have a thorough
understanding of CPTED concepts and
applications to work effectively with
• Local crime prevention officers

• Security professionals
• Building design authorities
• Architects and design professionals
PAGE 7 /223
PHYSICAL SECURITY
CPTED
• Three classifications of CPTED strategies…
1) Mechanical measures
2) Organization measures
3) Natural or architectural measures
• CPTED strategies…
– Natural access control BASIC
– Natural surveillance BUILDING
– Natural territorial reinforcement BLOCKS
– Management and maintenance
– Legitimate activity support
– Compartmentalization
• The CPTED approach focuses on…

– Manipulating the physical environment to produce behavioral effects that reduce the fear and incidence of
certain types of criminal acts
– Understanding and modifying people's behavior in relation to their physical environment
– Redesigning space or using it differently to encourage desirable behaviors and discourage illegitimate activities
– Reducing the conflicts between incompatible building users and building uses, with the goal of eliminating "no
persons land" for which no one takes ownership
• Methods for implementing CPTED…

– Organized methods (staffing)
– Mechanical methods (technology products)
– Natural methods (site planning, design, landscaping, and signage)
ASIS POA, Vol. 2, Sect. 3.2.1
PAGE 8 /223
PHYSICAL SECURITY
CPTED
• Crime prevention…
– Broken Windows Theory

• Once the first window is broken, vandalism and/or other crime quickly follow if it is not repaired
– While CPTED may not be able to stop determined terrorist attacks, even acts of terrorism usually start with
trespassing and unauthorized access as the property is scoped for vulnerabilities
• A criminal or terrorist may seek a different or more vulnerable target if the original target is not easily accessible or has a
proper security system in place
– CPTED is congruent with the 3 D's: Deterring, detecting, and delaying aggressors
– Preventing crime and losses is inherent in many human functions, behaviors, and activities
• Crime prevention is not just something that police or security professionals do
PAGE 9 /223
PHYSICAL SECURITY
CPTED
• Territoriality…
– CPTED security standards focus on four categories
1) Perimeter and exterior security
• Parking area and parking controls
• Video surveillance monitoring
• Lighting with emergency backup
• Physical barriers (including landscaping and planting designs)
2) Entry security
• Intrusion detection system
• Upgrade to current life safety standards
• Mail, person, and package screening
• Entry control with video surveillance and electric door strikes
• High-security locks
3) Interior security
• Employee IDs and visitor controls
• Control of access to utilities
• Emergency power for critical systems
• Location of day care centers
4) Security planning
• Locations of tenants based on their particular security needs
• Blast standards (security glazing, bomb-resistant design and construction)
• The criteria balance cost-effectiveness, acceptance of some risk, and the need for federal buildings to be accessible to the public
– Types of CPTED security zones

• Unrestricted zones
• Controlled zones - authorized personnel in these general areas
• Restricted zones - authorized personnel in these very specific areas
PAGE 10 /223
PHYSICAL SECURITY
CPTED
• Territoriality (continued)…
– Perimeter definition and access control can deter unwanted pedestrian access to a garage or lot
• Fencing
• Level changes
• Ground-floor protection
• Other architectural and environmental barriers that channel people to designated entry points and discourage others
from hiding outside or inside the facility
– The territoriality of desired site users is

being increased by a new trend of making
parking part of a mixed-use development
– More legitimate users = more natural

surveillance around parking areas
– Deterrence is achieved through measures that potential

adversaries perceive as too difficult to defeat
ASIS POA, Vol. 2, Sect. 3
– In CPTED terms, graffiti represents a designation of turf by gangs or vandals and should be removed as
quickly as possible
• Wall surfaces can be coated with graffiti-resistant epoxy paint
• Lighting levels can be increased in problem areas to increase the potential for natural surveillance
• Attempts to prevent graffiti tell vandals the property is the territory of its rightful owners
PAGE 11 /223
PHYSICAL SECURITY
CPTED
• Building-in CPTED (continued)…
– For the security professional, CPTED is a set of management tools targeting

• Places. Physical environments (such as office buildings, parking garages, parks and public spaces, etc.) can be designed to
produce behavioral effects that reduce the opportunity for certain types of crime and the fear of those crimes
• Behavior. Some locations seem to create, promote, or allow criminal activity or unruly behavior
while other environments elicit compliant and law-abiding conduct
• Design and use of space. Redesigning a space or using it more effectively can encourage desirable behavior and discourage
crime and related undesirable conduct
– Integrating CPTED during initial planning is more cost-effective than making changes after construction starts
• Once a property is built, it is much more difficult and expensive to make structural changes for security purposes
• Designing without security in mind can lead to
– Lawsuits
– Injuries
– Expensive retrofitting
– Need for additional security personnel
• Security measures added after construction may
– Distort important building functions
– Add to security personnel costs
– Result in exposed, unsightly installations
ASIS POA, Vol. 2, Sect. 3.1, 3.2, 3.2.1
– Whenever possible, security planning should begin during site selection

• The first level of security defense planning is the site analysis
• The second level of security defense planning is the perimeter or exterior of the building
• The third level of security defense planning is internal space protection
PAGE 12 /223
PHYSICAL SECURITY
CPTED
– CPTED is intended to be integrated throughout the construction process

• Programming: The owner informs the architect about the building’s purpose and occupants
• Schematic design (SD): The architect processes the programming information and develops bubble diagrams reflecting
circulation patterns and proximity relationships. The diagrams evolve into drawings of the floor plan, site plan, and elevations
as the beginnings of engineering considerations
• Design development (DD): The architect presents ideas to the client and makes design corrections. The drawings become more
sophisticated and include more engineering considerations, such as structural, mechanical, electrical, ventilation, and site
planning issues. Drawings are put into a larger scale (typically 1/4 inch to 1 foot in the United States)
• Construction documents or working drawings (CD). These are the final drawings prepared for construction purposes. All
technical data are presented in the drawings and are accompanied by technically written specifications
• Bids for construction and selection of contractor (RFP): The architectural drawings and specifications are put out to bid
• Security needs should be addressed in the programming phase. It is primarily the owner’s or client’s responsibility to define
the potential threats to people, information and property, and to determine the necessary level of security and the available
budget. Owners, clients, and developers may need to consult a security professional to develop appropriate security strategies.
– Typical design implications related to people in a new building

• A sign-in desk for the service trades
• Access system to allow staff to control entry, and log movements
• Placement of garbage bins
• Location of service elevator
• Location of service doors
• Alarm systems for offices, and critical cabling to control room
• Infrastructure lines and structure
PAGE 13 /223
PHYSICAL SECURITY
CPTED
– Questions to be answered about people who will occupy the new or renovated building
• Who are the users? (visitors, staff, service crew, sales)
• What can the users do in the building? (tasks, recreation, work)
• Why are the particular users there? (official business, visiting as guests)
• When do the users arrive and leave? (shifts or other patterns)
• Where can users go in the building? (horizontal, vertical)
• How can the users get there? (access methods, circulation)
– Questions to be answered relative to information stored or managed in a new building

• Who has access to the information? (staff, contractors, partners, etc.) Who has access to the facility after normal duty hours?
• What is the information? (trade secrets, personnel records, classified information, operational or business plans, etc.)
• What format is the information? (personal knowledge, hardcopy, electronic media, models/prototypes, equipment, etc.)
• How transportable and transferable is the information?
• Why is the information worth protecting? (competition, critical technology, privacy, contractual/ legal restrictions, etc.)
• When is the information accessible or vulnerable (and for how long)?
• Where is the information accessible or vulnerable?
• How can the information legitimately and illegitimately be acquired or compromised?

PAGE 14 /223
PHYSICAL SECURITY
CPTED
– Steps to be considered when protecting government buildings from bombing attacks
• Establish a secure perimeter around the building, as far out as possible – setbacks of 100ft are suggested
• Design concrete barriers as flower planters, etc. and position them near curbs with less than 4ft between them to block cars
• Build a simple rectangular layout to minimize the diffraction effect when blast waves bounce off U- or L-shaped buildings
• Reduce or eliminate building ornamentation that could break away in a blast, causing further damage
• Eliminate potential hiding places near the facility
• Provide unobstructed views around the facility site, and place the facility within view of other occupied facilities
• Eliminate lines of vehicular approach perpendicular to building
• Minimize the number of vehicle access points
• Eliminate or strictly control parking beneath facilities
• Locate parking as far from the building as practical,

and place it within view of occupied rooms or facilities
• Illuminate the building exterior
• Secure access to power or heat plants, gas mains,

water supplies, and electrical and telephone service

https://www.researchgate.net/figure/262374833_fig7_Fig-8-Different-measures-to-enhance-the-protection-of-building-against-blast-loading
PAGE 15 /223
PHYSICAL SECURITY
CPTED
– Potential CPTED problems in schools
• Campus borders are poorly defined
• Informal gathering areas are out of sight
• The building layout produces isolated spots
• Bus loading conflicts with car traffic
• Student parking lots are farthest from the building
• Street parking by students creates conflict with

the neighborhood
• Parking areas are obscured by plantings
• Locker areas create confusion and facilitate the

hiding of contraband
• The overuse of corridors creates blind spots
• Restrooms are located away from supervision
PAGE 16 /223
PHYSICAL SECURITY
CPTED
– The United States has no national guidelines or standards for bank facility lighting
• Some cities and states have standards
– Landscaping considerations in CPTED

• Plantings should not obscure extensive parts of a main path or recreation area
• Plants’ growth rates and maintenance requirements must be considered
• Low-growing plants should be set back 1 yard (1 m) from the edge of paths or walkways
• Low-growing shrubs should be kept no higher than 32 inches (81 cm) in height
• Thorny shrubs should be used in hiding places, areas of illegitimate activity, and under windows
– Thorny plantings may attract litter; a low perimeter fence may be needed to keep windblown debris away
• Hard landscaping should be vandal-resistant and not provide potential missiles, such as cobblestones or loose gravel
• Landscape features and furniture should not be climbing aids; furniture should be short-term use and not usable for sleeping
• Tree canopies should be trimmed up to 8ft to provide a clear line of site and reduce hiding spots
– Lighting for security should be from the tops of trees downward

PAGE 17 /223
PHYSICAL SECURITY
CPTED
– Parking garages should be equipped with
• Ground-level metal screening, but not floor-to-ceiling (to prevent climbing to upper floors)
• Open-walled, upper levels to allow natural surveillance and permit

hearing of calls for help
• Egress-only exterior pedestrian doors
• Three foot or higher shrubs/trees should be 10 to 15 feet from the structure
• One vehicle entry/exit should be used if possible (based on traffic volume)
• The use of multiple vehicle entries/exits requires attendant booths,

access gate arms, roll-down shutters, video and lighting
• Pedestrian pathways should pass attendant booths for natural surveillance
• Booths should have 360 degree visibility, and a means of communication
• No public restrooms, but if necessary, should be within view of the booth
• Round instead of square columns (visibility)
• Exterior loop ramps to preserve level floors and better visibility
PAGE 18 /223
PHYSICAL SECURITY
CPTED
– Parking garages (continued)
• Portholes in solid walls for visibility
• Stairwells and elevators in a central location, visible from the booth
• Stairwells visible from the exterior and offering no hiding places,

and no roof access (if not a parking area)
• Elevators with glass for exterior visibility, along the exterior of the facility
• Access only to the lobby from the garage elevators/stairs
• Video surveillance systems monitored in real time
• Adequate lighting
– To maximize natural surveillance, it is best to place a surface parking lot where it can be viewed from the road
and nearby occupied buildings
– Parking facility signage should include letters that are at least eight inches tall, and graphics should be used
instead of text whenever possible
– Interior of parking garages should be painted light colors to increase light reflection
PAGE 19 /223
PHYSICAL SECURITY
Security Technology
• Maturity model for security technologies…
– Research: The scientific basis is established, but the security application has not necessarily been identified. An
example could be the discovery of the ferroelectric properties of lithium niobate, a material that has been used
to sense IR energy in IR detectors.
– Level I: Concept feasibility is established in a laboratory demonstration.
– Level II: Research prototype. A prototype is hand-built in a laboratory, breaks a lot, and cannot withstand an
operational environment.
– Level III: Engineering prototype. This prototype has about 90 percent functionality; reliability is improving.
– Level IV: Field prototype. This fully functional prototype works in an operational environment; produces
reliable, repeatable results; is user-driven and accepted; and is ready to progress to full-scale production.
– Level V: Commercial off-the-shelf technology (COTS). Manufactured production units are available, with
infrastructure in place for replacement parts and technology support.
– Level VI: Performance testing. This testing is done to establish performance metrics, such as probability of
detection, NARs, vulnerability to defeat, performance degradation factors, and sensor-to-sensor interference.
This type of testing takes approximately 12 months for outdoor applications so that all weather conditions can
be observed.
– Level VII: Onsite testing. This is done to determine actual performance in the desired operational environment,
foliage, weather, and terrain, including integration into the site monitoring station.
– Level VIII: Nontechnical maturity factors. This is the site’s concept of operations, addressing such issues as how
the response force should use the information provided, how it should respond, and whether legal or policy
issues prevent use of the technology.
PAGE 20 /223
PHYSICAL SECURITY
Access Control and Entry Control
• Access control…
– Refers to the process of managing databases or

other records and determining the parameters of
authorized entry, such as who or what will be
granted access, when they may enter, and where
access will occur
• Many industrial access control systems include software
to manage the database of those having authorized
access (access control), as well as the physical means of
restricting entry or exit (entry control)
– Categories
• Manual
• Machine aided
• Automated
– Designed to
• Permit only authorized entry/exit
• Detect and prevent the entry of contraband
• Detect and prevent the unauthorized removal of assets
• Provide information to security officers for assessment
and response
– Types of attacks used to defeat access controls

• Deceit
• Direct physical attack
• Technical attack
PAGE 21 /223
PHYSICAL SECURITY
• Entry control…
– An entry control subsystem
• Is NOT an access control system
• Is part of the detection function
• Allows the movement of authorized personnel and material into and out of facilities
• Detects and possibly delays movement of unauthorized personnel and contraband
• Includes the following performance measures
– Throughput
– Error rates
• Refers to the physical equipment used to control the movement of people or material into an area
– Because the technical issues associated with the installation and use of entry control hardware are different than the administrative
controls required to manage authorized access, they require separate consideration in order to achieve an effective and integrated
subsystem
ASIS POA, Vol. 2, Introduction
– The objectives of an entry control system used for physical protection are
• To permit only authorized persons to enter and exit
• To detect and prevent the entry or exit of contraband material (weapons, explosives, unauthorized tools, or critical assets)
• To provide information to security personnel to facilitate assessment and response
PAGE 22 /223
PHYSICAL SECURITY
• Verification of authorization of personnel to enter a controlled area is usually based on…
1) Carrying a valid credential (what you have)

2) Knowing a valid PIN (what you know)
3) Possessing the proper, unique physical characteristics on file (who you are)
• Types of tokens/credentials…
– Photo ID badge: Manually checked against photo and name

– Exchange badge: Invalid credential is exchanged temporarily for a valid credential
– Stored image badge: Requires guard to check the badge photo against a stored image for authenticity
– Coded credential: Typical coded badges with electronic media for determination
of access authority (smart card, prox, etc.)
ASIS POA, Vol. 2, Sect. 8.1.2, 8.1.3
• Badge technologies…
– Magnetic stripe (“Magstripe”)

• Widely used in commercial credit/debit cards
• Slotted card reader reads coercivity in magnetic strip (resistance of a magnetic material)
• Coercivity is magnetic energy, measured in oersteds
• Low-coercivity ("Lo-Co") cards are 300 oersteds; easy to erase; typical of credit/debit cards
• High-coercivity ("Hi-Co") cards are 2,500 to 4,000 oersteds; hard to erase, but can be done
with rare-earth magnets; typical of company badges
• Encodes the badge holder's name and badge number
• Easily forged, duplicated (can use proprietary encoding schemes, but not common)
PAGE 23 /223
PHYSICAL SECURITY
• Badge technologies (continued)…
– Bar code
• Widely used in retail trade to automatically identify products at the point of sale
• Sometimes used on coded credentials
• Varying widths of the bars and spaces between them establish the code
• An opaque covering increases security and becoming more common on bar codes
• 2-D bar codes are also used on credentials and are capable of storing more information than their 1-D bar codes
– Proximity
• Non-contact card
• Classified by the method of powering the badge, operating frequency range of the badge, and read-only or read/write
capability
• A small RF transponder/transmitter is powered by an onboard battery (active) or it is
energized by the card reader (passive)
• Low-frequency badges are in the 125 kHz range
• High-frequency badges range from 2.5 MHz to over 1 GHz
• A read-only badge contains a specific code that is usually fixed at the time of manufacture
and cannot be changed
• A read/write badge usually contains a larger data field than read-only badges and can be
programmed by the system manager as required
PAGE 24 /223
PHYSICAL SECURITY
• Badge technologies (continued)…
– Smart card
• The size of a standard bank credit card with an integrated circuit embedded in the card
• Gold contacts on the surface of the card allow for communication with a reading device
• Contactless smart cards use RF communications and do not have the gold contacts
• Memory-only circuits store only the badge number, user’s name, and other information
• True smart card: 8 kb to 64 kb microprocessor
• Main advantages: Large memory and its high degree of resistance to forgery or compromise
• Ability to encrypt communications
• Can be prohibitively expensive
• Homeland Defense Presidential Directive 12 (HSPD12)
– Signed by President George W. Bush in August 2004
– Directs the entire federal government and all contract agencies to use a single, high-security credential
– Based on Federal Information Processing Standard 201 (FIPS 201)
– Uses both contact and contactless smart card technology
– Primarily affects federal and federal contractor facilities
– GSA and NIST: Oversight for development and testing of credentials, related equipment and issuance procedures
PAGE 25 /223
PHYSICAL SECURITY
• Personal identity verification systems…
– Biometrics
• Corroborate claimed identities on the basis of one or more unique
physical biometric characteristics of the individual
• Can differentiate between
– Verification
• The user initiates a claim of identity by presenting a credential,
PIN or password
• The user also presents a biometric feature for analysis
• The system performs a one-to-one comparison of the biometric data on the
credential, or linked to the PIN/password in a database, with the presented
biometric feature
• The system verifies the identity of the user and determines access authorization
based on privileges in the database
– Recognition
• The user does not initiate the transaction with a credential, but offers a biometric
feature
• The system attempts to identify the unknown individual based on the feature
• The system performs a one-to-many comparison against a database
• The system either finds a match and recognizes the user and determines access
authorization based on privileges in the database, or it does not recognize the user and
prevents entry
– All personal identity verification systems consider three things
• The uniqueness of the feature used for identification
• The variability of the characteristic
• The difficulty of implementing the system that processes the characteristic
– Type I error rate: False rejection of a valid user
– Type II error rate: False acceptance of an invalid user
– Equal error rate: Cross-over point where Type I and Type II errors are equal
• Not necessarily the point at which the device should be operated
• Not the lowest point for either type of error
PAGE 26 /223
PHYSICAL SECURITY
• Personal identity verification systems (continued)…
– Fingerprints
• Used as a personnel identifier for more than 100 years
• Still considered one of the most reliable means of distinguishing one individual from another
• Most systems use image processing and pattern recognition
– Minutia points
– Ridge endings
– Bifurcations
• Some systems use the entire image for comparison
• Fingerprint acquisition methods
– Prism with a solid-state camera
– Ultrasound
– Direct imaging sensors with solid-state devices
– Capacitive
– Electric field
– Thermal
– Hand/finger geometry
• Characterizes the shape of the hand
• Measures three-dimensional features of the hand such as the widths and lengths of fingers and the
thickness of the hand
• Generally measures the right hand face-down on a platen, but can also measure the left hand
face-up on the platen
• Utilizing a solid-state camera to image the hand, including from the side, a "feature vector" is
created
• Can achieve Type I and Type II error rates of less than 1%
• Also available as a two-finger geometry system (index and middle fingers)
PAGE 27 /223
PHYSICAL SECURITY
– Eye pattern
• Imaging of the iris by a video camera
• Operates in the recognition mode
• 10-12" read distance (no physical contact)
• Eye is illuminated with visible light
• Some issues with glare from glasses - caused some
Type I errors, no Type II errors
• Transaction times are 4-5 seconds (experienced users)
• 2% of population cannot be enrolled due to blindness or
other eye issues

https://www.slideshare.net/khushi_13_/retina-scan-51623171
– Face
• Utilize distinguishing characteristics of the face
• Captured with video camera or thermal image
• Problems in development include
– Wide variations in the presentation of the face
– Lighting variations
– Not yet as reliable as other biometrics
– Can be useful in identifying wanted criminals or others on a watch list within a crowd
PAGE 28 /223
PHYSICAL SECURITY
– Voice
• Speech measurements: Waveform envelope, voice pitch period,
relative amplitude spectrum, resonant frequencies of vocal tract
• Low security, easily deployed, more public acceptance (low distrust)
• Systems operates at only one end of the telephone
• Minimal training
• Susceptible to changes in voice due to sickness, stress, etc.
– Handwriting
• Used for many years by the banking industry
• Signatures can be easily forged
• Handwriting dynamics include displacement,

velocity and acceleration
• Handwriting sensors can be in the writing

instrument (pen) and tablet
PAGE 29 /223
PHYSICAL SECURITY
• Access control barriers include…
– Doors
– Gates
– Turnstiles
– Elevators
• Vehicle access controls are…

– Manual
– Electronic
• Electromechanical locks…
– Types
• Electric deadbolts
• Electric latch
• Electric strike
• Electric lockset
• Exit device
• Electromagnetic lock
– Fail safe: Device unlocks upon loss of power (but may stay latched - "positive latching")
– Fail secure: Device locks upon loss of power
– Single action/motion egress

• One action/motion required to release door to exit
• Required by local fire codes, NFPA, etc.
• Some exceptions for banks, jewelry stores, high security, Alzheimer's and pediatrics care
• Turning a door set counts as one action
PAGE 30 /223
PHYSICAL SECURITY
Alarm Communication and Display (AC&D)
• AC&D: Alarm communication and display…
– The part of a PPS that transports alarm and assessment information to a central point and presents the
information to a human operator
• Characteristics of a good alarm communication and display system…

– Designed to withstand environmental variations
– Components are reliable with a long mean time between failure (MTBF), reliable communications, and display
with no data loss
– Redundancy, backup for component failure
– Timely communication of alarms
– Secure from attacks
– Easy for use by the operator(s)
• The most important measure of AC&D

effectiveness…
– How well it quickly and clearly
communicates alarm data from sensors to
the system operator
PAGE 31 /223
PHYSICAL SECURITY
• Two critical elements of alarm communication and display…
– Transportation or communication of data
– Presentation or display of that data to a human operator in a meaningful manner
• When an alarm event occurs, the AC&D system must communicate to the operator the following
information…
– Where an alarm has occurred
– What or who caused the alarm
– When the alarm happened
• Security communications require the following

assurances…
– Integrity of the communications medium (availability of
the message path)
– Integrity of the message (complete and errorless
transmission of the data)
– Timeliness of the transmission (data communication
within an appropriate time frame)
– Message security (accessibility of the communication to
authorized persons only)
PAGE 32 /223
PHYSICAL SECURITY
• Graphical User Interfaces (GUI's)…
– Limits the ways information is displayed and which operations are allowed
– Up to three windows displayed at once
– Operators should not have to move or resize windows to view information
– Menus should not be overcomplicated (no more than nine items and three levels)
– Common commands should be available as buttons; only commands valid in the current context available
– Visible buttons should be limited to nine, and include text labels
– Maps should eliminate excessive details, generally be 1:5000 in scale, interactive, and black-and-white
– No map should include more than 50 sensor icons (some may need to be grouped)
– Color should be used sparingly (no more than seven), and should not be required to operate the system
– Major commands should require only one mouse click or key press
– Annunciators should not override operations in progress
– Should avoid loud, continuous alarms or bright, flashing displays
– Commands should be available in several ways
(menu items, buttons, shortcut keys, etc.)
• Ergonomics of the AC&D console…

– Factors to consider
• What the operator needs to see, hear, reach, manipulate
– Displays perpendicular to the line-of-sight; easily visible from
normal working position
• Primary interface area: Most important controls, 30 degree
viewing cone, little head or eye movement required
• Secondary interface area: Operational displays used often,
eye movement OK, no head movement
• All other areas: Support displays used infrequently
PAGE 33 /223
PHYSICAL SECURITY
• Subsystems of an alarm communications and display (AC&D) system…
– Communications
– Line supervision and security
– Information handling
– Control and display
– Assessment
– Off-line subsystems
• AC&D Subsystem: Alarm communications…

– Transfers data from sensors or "collection point" to displays
– Basic concepts incorporated in an AC&D subsystem
• Design model
• Detailed system functions and how they relate to the
other AC&D requirements
• Size of the system and topologies used
• Combination (hierarchies) of simple system configurations
• Characteristics driving design of AC&D Subsystem…

– Quantity of alarm data
– High reliability needed
– Speed of delivery
• Speed of communications…
– No perceptible delay (tenths of a second)
– Sufficient bandwidth of communications media
– Appropriate communications protocols (or overhead)
PAGE 34 /223
PHYSICAL SECURITY
• Communications security…
– Line protection
• Outside lines should be installed underground
• Inside wiring should be encased in conduit
• Underground telephone service connection, preferably from a distant utility pole
• Divide communications requirements between two providers
– Line supervision
• Simplest line supervision: End-of-line (EOL) resistor (detects open circuit, ground, wire-to-wire short)
• Higher protection
– Minimizing the permissible variance in circuit value
– Using quasi-random pulses, which must be recognized by the control equipment
– Using shifts in the transmission frequency
– Scramblers
• Scramblers disguise interceptible communications
• Scrambler selection depends on the importance of the information, and the skill of the aggressor
• Two characteristics of voice that can be scrambled
– Frequency (pitch of the voice) (most typically scrambled)
– Amplitude (loudness)
• Frequency inverters: Simplest, low cost, tolerates poor communications channel; can be understood by trained listener
• Band splitters: Breaks up speech band in to smaller, inverted and re-arranged frequency bands - a 5-band splitter can generate
3,080 different combinations, 90% of which are no better than a frequency inverter
• Rolling band splitters: Continuously modifies the arrangement patterns of the band splitter, but some degree of information
can still be obtained by a trained listener
• Frequency or phase modulators: Similar to a rolling band splitter, but changes the phase rather than the frequency of the voice
- still susceptible to some small degree of intelligible communication
• Masking: Adds an outside signal into the voice band - typically only effective when used with another scrambler
• Rolling codes: Use of a pseudo-random generator creates varying key-streams used to decode the voice transmission for rolling
band splitters, frequency and phase modulators, and many masked voice scramblers.
PAGE 35 /223
PHYSICAL SECURITY
• Transmission of alarm signals…
– Alarm signals may be transmitted on an

unshielded pair of direct current (DC)
conductors
• The size of the wire and its resistance must be

considered because resistance varies directly
– Signals also may be transmitted on lines installed
with the length of the line and inversely with the
diameter of the wire to carry electric power
• Audio transmissions require the use of shielded, • In the U.S. power is usually transmitted at 60 Hz; in
twisted pairs of alternating current (AC) wires other countries, the transmission may be at different
frequencies
– Referred to in telephone parlance as voice-grade
lines • A device can be installed on the line to couple the
higher-frequency communication signals to the AC
– Alarm signals and audio transmissions may both wire path
be transmitted on the same pair of twisted,
shielded wires • At the receiver, the frequencies above 60 Hz are
separated and displayed or recorded
• The normal 60 Hz electrical current is undisturbed
• The communication path may be blocked at an AC

power transformer
• Interference on the AC wire path may degrade or

garble the signal frequencies
PAGE 36 /223
PHYSICAL SECURITY
• Transmission of alarm signals (continued)…
– Optical fiber
• A system operating at 565 Mbits—565,000,000 bits per second—can support 8,064 telephone conversations per fiber
• Virtually any combination of video, data, and audio one at a time or simultaneously, one way or two ways, over a single fiber
• An optical fiber is a strand of high-purity spun glass, typically about the thickness of a human hair
• A laser or LED sends a modulated beam through the fiber, unattenuated and unchanged, to the other end, where it is decoded
– The LED is the light source of choice – it has a longer life without maintenance, and is less sensitive to humidity and power fluctuations
• Optical fibers can be used to carry voice-grade signals, video signals, and digital or data grade signals
• Optical fibers differ from conventional metal wire in several ways

– They are not affected by electromagnetic
interference (EMI) or radio frequency
interference (RFI)
– They do not carry any electrical current
and do not radiate signals
– They can carry many more different
multiplexed messages than
conventional wires
– They are much smaller and lighter
than conventional wires
– They are flexible and can take
an irregular course from point to point
– They are not vulnerable to interception
by acoustical or inductive coupling
• Optical fiber is less expensive than copper

ASIS POA, Vol. 2, Sect. 7.3, 7.3.1
PAGE 37 /223
PHYSICAL SECURITY
• Video transmission methods…
– Coaxial cable
• No processing required if transmission distance is short enough, typically 1,000 ft
• Longer transmissions can be achieved if the signal is amplified along the way
– Telephone lines
• Video signals on normal telephone circuits are converted to digital, then to audio signals
– The audio is reconverted to video at the receiving end
• Telecommunications are continuously amplified; there is no theoretical limit to the distance
• Signal can move from wire to microwave to satellite, as required by the phone switch
– Optical fiber
• Conversion from video to optical signals at the transmitter, reconverted at the receiver
• The transmission distance without amplification is 1 mile or more
• Real-time transmission
• Supports color or monochrome video equipment
• Data signals (PTZ, heater, other controls) are transmitted over the same optical fiber
• Three functions can be transmitted simultaneously in two directions on one fiber
– Dedicated, twisted pair

• No bridging or coupling, no other connections between the video transmitter and receiver
• Equipment can perform required conversions, impedance matching, frequency compensation
• Good performance can be achieved at wire distances of up to 4,000 ft
– DC wire
• Video signals cannot be transmitted directly on DC lines
PAGE 38 /223
PHYSICAL SECURITY
• Three types of line transmission used in electronic protection systems…
– Loop (multiple points on a single circuit; addressed or non-addressed)
– Point-to-point (direct connection of each sensor to the controller)
– Multiplexed (multiple messages on the same medium, separated at the controller)
– Multiplexed signals should always be backed-up by a redundant means of communication, as the lost of a
multiplexed signal will interrupt multiple sensors.
– Two methods used to separate multiplexed signals

• Time division multiplexing (TDM)
• Frequency division multiplexing (FDM)

SENSORS SENSORS SENSORS
ALARM ALARM ALARM

PANEL PANEL PANEL
LOOP POINT-TO-POINT TDM OR FDM

MULTIPLEXED
PAGE 39 /223
PHYSICAL SECURITY
• Wireless transmission…
– A wireless communication requires
• A transmitter to furnish radio frequency energy
• An antenna to radiate the energy into the atmosphere
• A receiver
• Power for the transmitter and receiver
– Wireless modulation
• AM: Amplitude modulation (variations are in the amplitude, or range, of the signal)
• FM: Frequency modulation (variations are in the frequency of the signal)
– Any unscrambled or unencrypted communication transmitted by wireless technology should be

considered available for interception
– U.S. laws prohibit the interception of cordless telephone transmissions

• Regardless, listening to the cordless telephone calls of a neighbor is not uncommon
• A basic rule is that sensitive information should not be discussed on any cordless telephone call
– Private communications systems may be interconnected with the public telephone network
when in compliance with Part 68 of the FCC rules, and when the telephone company is advised
of the FCC registration number and ringer equivalency rating on the equipment
PAGE 40 /223
PHYSICAL SECURITY
• Wireless transmission (continued)…
– Voice radio (two-way radio) cost and power are determined by

• Distance required to communicate
• Barriers in the transmission path
• Signal interference in the area
– Cellular communications
• Service areas are divided into cells
• Cells are grouped into clusters
• Cells can be any shape
• Each cell in a cluster has a unique frequency, but frequencies are repeated in other clusters
• Power levels of transmitters are not sufficient to allow receipt of the same frequency in another cluster
• Call are "handed-off" between adjoining cells as the user moves through them
• U.S. cellular frequencies: 800 MHz(analog) or 1,900 MHz (digital)
• Other countries' cellular frequencies (in some cases): 900 MHz or 1,800 MHz
– DCS: Digital Cellular Service

• 1,900 MHz frequency range - also knows as Personal Communication Service (PCS)
• TDMA: Time Division Multiple Access - digital cellular transmission compression based on time slots
• CDMA: Code Division Multiple Access - digital cellular transmission compression based on frequencies and
assigned codes into which data is divided (20x capacity of analog cellular transmission)
• AMPS: Advanced Mobile Phone Service - analog cellular transmission in the 800 MHz range; highly
interceptible
PAGE 41 /223
PHYSICAL SECURITY
– Wireless PABX (private automatic board exchange) uses low-power transmission with handheld phones within
a limited range - interceptible if not protected
– Local digital fixed wireless system - provided by a local telecommunications provider and serves as wireless
"home phones" to multiple subscribers (eliminates the need for wired home phone service)
– Satellite communications
• GEO: Geo-stationary earth orbit satellites
– High altitudes (22,300 miles)
– Inherent signal delay
– Television, digital voice, fax, data, email
• MEO: Medium earth orbit satellites

– Medium altitudes (6,500 miles)
– Handheld, dual-mode phones; ship-to-shore
communications; fixed phones in developing areas
• LEO: Low earth orbit satellites

– Low altitudes (480 miles), 28 satellites
• Less delay, used for data transmissions (tracking, etc.)
• Handheld, dual-mode phones; paging, low-speed data/fax
• Worldwide mobile and fixed telephone service
• High speed transmission, supports small, low-power terminals and antennae
• Satellite transmissions should be considered susceptible to interception

http://www.harriscaprock.com/blog/high-throughput-satellite-communications-systems-meo-vs-leo-vs-geo/
PAGE 42 /223
PHYSICAL SECURITY
– Microwave transmission
• Operates between 30-300 GHz
• Requires microwave generator, power amplifier, modulator, antenna
• One-way and two-way communications
• Often require FCC licenses
• Penetrates rain, fog, snow and man-made noise
• Used in television, multiplexed telephone, multiplexed alarm, and high-speed data transmissions
• Line-of-sight (LOS) required
– Laser communication
http://scis.athabascau.ca/html/courses/comp200/fo/comp200/grphc060.html
• Light amplification by stimulated emission of radiation (LASER)
• Laser light is modulated at a very rapid rate
• A phot-detector at the receiver demodulates the laser
• Virtually impossible to intercept the beam without detection
• 4-mile transmission, line-of-sight
• Reflectors can be used with no LOS is possible, but
resolution quality is reduced
• Interference from snow, fog and rain
• No FCC license required
– Most common causes of wireless interference

• Signals from other transmitters
• Industrial and atmospheric noise
– Main sources of man-made noise
• Electrical transients radiating from circuits where
electrical arcing occurs
– Natural sources of noise are characterized by static
PAGE 43 /223
PHYSICAL SECURITY
Intrusion Detection
• Intrusion detection…
– The process of detecting a person or vehicle attempting to gain unauthorized entry into an area
– Includes exterior and interior intrusion sensors, video alarm assessment, entry control, and alarm
communication systems working in combination
– Boundary is a sphere for detecting surface, air, underwater, or underground intrusions.
– Exterior: Emphasis on or slightly above the ground surface (airborne detection increasing)
• Considerations for intrusion detection systems…

– Should meet security needs of the facility
– Should operate in harmony with other systems
– Should not interfere with business operations
– Should be cost effective
• Steps in the installation of an IDS…

– Engineering and installation
– Commissioning
– Auditing
– Maintenance
– Repair
PAGE 44 /223
PHYSICAL SECURITY
Intrusion Detection
• Sensors are the basic building blocks of an intrusion detection system…
– They initiate the detection function of the security system, indicating an intrusion attempt
or a tamper event
– All logical discrimination, transmission, processing display, and recording

activities that occur after the initial alarm are due to the technology on
which the sensor is based, including optical, electronic, electromechanical,
or mechanical capabilities
– It is critical to properly match the sensor to the threat and operating

environment and integrate it into the overall PPS
– Detection criteria for a sensor or sensor system includes

• What will be detected
• What actions are expected
• Weight or speed of movement
• Probability of detection required
• Three main characteristics of intrusion sensor performance are…

– Probability of detection (PD)
– Nuisance Alarm Rate (NAR)
– Vulnerability to Defeat
If the sensor is inappropriate for the operating environment or the threat, or is not installed,
operated, maintained, and tested properly, the output of the entire system is severely limited,
becoming a greater burden than benefit - sensor selection must match the application and
environment
- ASIS POA, Vol. 2, Sect. 4.1
PAGE 45 /223
PHYSICAL SECURITY
Intrusion Detection
• Probability of detection (PD)…
– Perfect is a "1" - reality is always less than 1
– Confidence Level (CL) is often described in conjunction with PD
• Unstated CL implies a 90% or better confidence level
– PD depends primarily on these factors:

• Target to be detected (e.g., walking, crawling, tunneling, etc.)
• Sensor hardware design
• Installation conditions
• Sensitivity adjustment
• Weather conditions
• Condition of the equipment
– PD is always conditional
– PD also varies by sophistication of threat (refer to DBT)
– When a high PD is required at all times and all weather conditions, use of multiple sensors
• Nuisance Alarm Rate (NAR)…
– A nuisance alarm is any alarm not caused by an intrusion
• The NAR identifies the number of nuisance alarms over a given period (ideally zero, but not realistic)
• Alarm assessment is needed to preserve manpower - without assessment, detection is incomplete
• Natural causes: vegetation, wildlife, weather conditions, etc.
• Industrial causes: ground vibration, debris moved by wind, electromagnetic interference, etc.
– A false alarm is a nuisance alarm generated by the equipment itself

• Acceptable False Alarm Rate (FAR) should also be specified
• Poor design, inadequate maintenance, or component failure
PAGE 46 /223
PHYSICAL SECURITY
Intrusion Detection
• Common sources of nuisance alarms for sensors…
– Electromagnetic interference (EMI)
– Nuclear radiation (causes damage to semiconductors and IC boards)
– Acoustic (sound) sources
– Thermal sources
– Meteorological sources
– Seismic sources
– Optical effects
– Wildlife
PAGE 47 /223
PHYSICAL SECURITY
Intrusion Detection
• Vulnerability to Defeat…
– All sensors can be defeated
– The objective is to make the system very difficult to defeat
– Two general ways to defeat the system
• Bypass: - Going around the detection volume/limits
• Spoof: - Passing through the sensor’s normal detection zone without
generating an alarm
• Sensor activation conditions…

– Intrusion: Occurrence of a potential intrusion event
– State: A change in the condition being monitored
– Fault Event: Loss of electrical power, or failure of the sensor itself
– Tamper: Opening, shorting, or grounding of the device circuitry, enclosure or control panels
– Sensor operating conditions

• Indoor: 32 degrees to 120 degrees
• Outdoor: -30 degrees to 150 degrees
• All: 90 degrees and 95% humidity
• Five ways of classifying intrusion sensors…

1) Passive or active (interior and exterior)
2) Covert or visible (overt) (interior and exterior)
3) Line-of-site or terrain following (exterior only)
4) Volumetric or line detection (point) (interior and exterior)
5) Application (interior and exterior)
ASIS POA, Vol. 2, Sect. 4.3.1, 4.4.1
PAGE 48 /223
PHYSICAL SECURITY
Intrusion Detection
• Passive sensors…
– Two types
• Detect target-generated mechanical energy (walking, climbing, vibration, etc.)
• Detect target-emitted energy in a natural field of energy (heat, sound, magnetic fields, etc.)
– Sensors are harder to locate by aggressors because they do not emit energy
– Safer to use in explosive environments
– Passive infrared, mechanical activity (walking/climbing), vibration, etc.
• Active sensors…
– Transmit energy and detect changes to it
– Include transmitter and receiver (bi-static)
– Create fewer nuisance alarms
– Microwave, active infrared, RF, etc.
– Bistatic: Separate transmitter and receiver

– Monostatic: Transmitter and receiver are combined
• Volumetric sensors - detect interruption of a field, or volume of space…
• Line or Point sensors - detect intrusion at a specific point, or along a line…

PAGE 49 /223
PHYSICAL SECURITY
Intrusion Detection
• Types of motion detectors…
– Microwave
– PIR
– Dual technology
– Ultrasonic
– Beam detectors
ASIS GDL FPSM-2009,
Sect. 3.5.1
• Video motion detectors (VMDs)…

– Passive, covert, line-of-sight
– Exterior or interior applications
– Video motion detection is based on pixel changes
• Changes in brightness or contrast
• Logical movement across adjacent cells
• Speed of motion across all cells
• Size of objects within cells
• Global changes across most or all cells
– Sufficient lighting and resolution required
– Nuisance alarms can be plentiful - flickering lights,
vegetation movement, animals, rain, camera "noise"
– Analytics improve NAR
– Digital is more sophisticated, but analog is less expensive
– Most VMD's susceptible to very slow movement
ASIS POA, Vol. 2, Sect. 4.3.2, 4.4.2
PAGE 50 /223
PHYSICAL SECURITY
Intrusion Detection
• Wireless sensors…
– May be motion detectors, line/point sensors, etc.
– Operate in the 300MHz or 900 MHz bands
– Transmitters (sensors) sleep until they go into alarm
– Transmit "state-of-health" messages at pre-determined intervals
– Issues include
• Collisions - multiple messages received at the same time, causing none to be read
• Fading - degradation of signal due to distance
• Interference - other signals overpowering the sensors' signals
– Resolution to issues include
• Spread-spectrum transmissions
• Dithering of state-of-health transmission timing
• Line supervision techniques…

– Reverse polarity
– Sound monitoring
– Radio class C
– Steady direct current class B
– Tone
– Digital classes A and AB
PAGE 51 /223
PHYSICAL SECURITY
Intrusion Detection
• UL / ANSI standards applicable to intrusion sensors…
– 365 Police Station Connected Burglar Alarm Units and Systems
– 606 Linings and Screens for Use with Burglar Alarm Systems
– 609 Local Burglar Alarm Units and Systems
– 611 Central-Station Burglar Alarm Systems
– 634 Connectors and Switches for Use with Burglar Alarm Systems
– 636 Hold-Up Alarm Units and Systems
– 639 Intrusion Detection Units
– 681 Installation and Classification of Mercantile and Bank Burglar Alarm Systems
– 1037 Anti-Theft Alarms and Devices
– 1076 Proprietary Burglar Alarm Units and Systems
– 1610 Central Station Burglar Alarm Units
– 1635 Digital Burglar Alarm Communicator Units
– 1641 Installation and Classification of Residential Burglar Alarm Systems
• GSA specification for alarm system components, W-A-450C/Gen, 1990…
• Sandia Laboratories, Intrusion Detection System Handbook…
• NFPA 72, National Fire Alarm Code…

– Fire and smoke alarm sensors
PAGE 52 /223
PHYSICAL SECURITY
Intrusion Detection
• Exterior application sensors are divided into three categories…
– Buried line
– Fence-associated
– Freestanding
• Exterior, perimeter intrusion sensors…

– Typically used by government, nuclear, and correctional facilities
– Ported coaxial cables
– Fence disturbance sensors
– Sensor fences
– Electric field or capacitance
– Freestanding infrared sensors
– Bistatic microwave sensors
– Exterior video motion detectors (VMDs)
– Ported coaxial cables
• "Leaky Coax"
• Active, covert, terrain-following
• Buried underground
• Respond to objects with high dielectric constant or high
conductivity (humans, vehicles, etc.)
• Outer jacket of cable is "ported" to allow the signal to leak out
• Range is 1.5 to 3 feet above the surface and about 3 to 6 feet
wider than the cable separation
– Installation can be two cables in same jacket (one trench) or two
separated cables (two trenches) several feet apart
• Nuisance alarm sources include metals, water, utility lines, large
` ``` quantities of salt or metals in soil
PAGE 53 /223
PHYSICAL SECURITY
Intrusion Detection
• Exterior, perimeter intrusion sensors (continued)…
– Fence disturbance sensors
• Passive, visible, terrain-following
• Attached to fence
• Detect motion or shock
• May be one of several technologies
– Fiber-optic
– Strain-sensing cable
– Vibration-sensing, etc.
• Nuisance alarm sources are common, including wind,
rain/hail, nearby vibrations (i.e. traffic, etc.)
• Can be defeated by crossing over the fence without touching it,
or tunneling under the fence
• Fence posts should flex/move no more than 1/2" against a
50lb force at 5 feet of height
• Fence fabric should flex/move no more than 2.5" against a
30lb force centered between posts
– Sensor fences
• Passive, visible, terrain-following
• The sensor cables form the fence itself
• Horizontally-stretched, high-tension wires, at 4" or less apart
• Includes taut-wire fences
• Designed to detect climbing, separation of wires, or cutting
• Less susceptible to nuisance alarms - requires about 25lbs of
force to activate alarm
• Can be defeated by crossing over the fence without
touching it, or tunneling under the fence
PAGE 54 /223
PHYSICAL SECURITY
Intrusion Detection
– Electric field or capacitance sensors
• Active, visible, terrain-following
• Detects change in "capacitive coupling" in wires isolated from the fence itself
• Range can extend to 3.3 feet (more nuisance alarms)
• Susceptible to lightning, rain, small animals, motion of the fence itself
• Requires good electrical grounding
• Less susceptible to crossing over or tunneling under the fence
PAGE 55 /223
PHYSICAL SECURITY
Intrusion Detection
– Freestanding infrared sensors

• Active, visible, line-of-sight, freestanding
• .9 micron wavelengths - invisible to the human eye
• Beam is transmitted through a "collimating" lens and received by a "collecting" lens
• Multiple beams required for higher security applications (typically a 2" x 6' detection range)
• Nuisance alarm sources include snow, fog, dust, vegetation, etc.
– Bistatic microwave sensors

• Active, visible, line-of-sight, freestanding
• 10GHz or 24 GHz spectrum
• "Vector sum" = direct and reflected microwave energy received by the receiver
• Susceptible to crawling or rolling under the beam if ground is not very flat or distance between antennae is more than 120 yards
• "Offset distance" = zone of no detection about 10 yards out from
the transmitting antenna - requires overlapping zones of 20 yards
• Antennae height of 18-24" above the sensor bed surface with no
more than 1" rise/drop per 10 feet
• Sensor bed surface is composed of 4" of 1.5" or smaller gravel to
eliminate nuisance alarms from standing water
• Largest detection zone is midway between sensors - approximately
4 yards wide x 3 yards high
• Nuisance alarm sources include vegetation higher than 1-2", loose
chain link fabric, heavy snow
PAGE 56 /223
PHYSICAL SECURITY
Intrusion Detection
– Perimeter detection systems should use protection-in-depth philosophies, relying on two or more simultaneous
lines of detection, especially in high-security facilities
• Complementary sensors may also be considered to increase the effectiveness of a sensor deployment
– Each sensor brings its own strengths and weaknesses to the overall security plan - complementary sensors do not have the same
nuisance sources and probability of detection under each possible scenario
– Sensors should be prioritized for assessment purposes - higher PD sensors have first priority
– Sensor combinations operate in two ways
• OR basis: Either sensors triggers the alarm; higher PD, higher NAR
• AND basis: Both sensors are required to trigger the alarm; lower PD, lower NAR
• Clear zones bounded by fences on both sides are preferable for perimeter detection systems
– No sensors should be mounted on the outside fence
• Configuration of multiple sensors should be arranged to provide overlapping coverage AND separate lines of coverage
– Physical and environmental conditions affecting perimeter detection system

• Topography (gullies, slopes, water, etc.)
• Vegetation (motion from wind, sources of concealment/cover)
• Wildlife (large animal interference with sensors, small animal burrowing and chewing)
• Background noise (wind, traffic, EMI, seismic activity, etc.)
• Climate and weather
• Soil and pavement (soil conductivity, seismic conductivity)
– Lightning protection of exterior perimeter detection sensors

• Signal cables should be shielded
• Good grounding is required
• Passive transient suppression devices should be used
PAGE 57 /223
PHYSICAL SECURITY
Intrusion Detection
– Barriers designed to delay intrusion should be placed along the inner fence line of a dual-fence line clear zone,
to prevent tampering with the barriers without first traversing the detection zone
– A clear zone "compromise" width between 10 and 15 yards facilitates reduction of nuisance alarms (wide) and
high resolution for alarm assessment by cameras (narrow)
– Periodic maintenance of perimeter intrusion detection systems is critical

• Calibration
• Sensitivity checks
• Alignment
• Visual inspection
• Operational tests should also be performed periodically
PAGE 58 /223
PHYSICAL SECURITY
Intrusion Detection
• Interior intrusion sensors…
– Interior application sensors are divided into three categories

• Boundary-penetration
• Interior motion
• Proximity sensors
– Interior intrusion sensors are highly effective against insider threats when the following, complementary
measures are in place
• Administrative procedures
• Access controls
• Material monitoring
– Two important physical conditions

that affect sensor performance
• Building or room construction
• Equipment and objects that
occupy the space
PAGE 59 /223
PHYSICAL SECURITY
Intrusion Detection
• Interior intrusion sensors (continued)…
– Electromechanical sensors
• Passive, visible, line/point sensors
• Magnetic reed switches (doors, windows, etc.)
• Balanced magnetic switches (BMSs) or bias magnets –
higher sensitivity than reed switches, less susceptible to spoofing
• Hall effect switch detects field of magnet - no moving parts - measures charge separation and
polarity - most advanced switch
• Continuity/break wire - wires embedded or attached to surface, activated by cutting (security
screens, etc.), low NAR (May use optic fibers instead of wires)
– Vibration sensors
• Passive, visible or covert
• Jiggle switches
• Inertial switches: metal ball mounted on metal contacts –
detects vibration frequencies between 2-5kHz
• Piezoelectric sensors: sensing element that flexes at frequencies between 5-50kHz
• Fiber-optic cables detect microbending caused by vibration
– Glass-break sensors
• Glass-mounted, passive (vibration activated); detect >=20kHz vibrations
• Glass-mounted, active; generate vibrations received by another device
elsewhere on the glass (lower NAR)
• Ceiling-mounted, passive; listen for frequency of breaking glass; volumetric by design; not
vibration activated
– Interior motion sensors
• Monostatic microwave (common)
• Passive infrared (PIR) (common)
• Dual technology
• Video motion detection (VMD)
PAGE 60 /223
PHYSICAL SECURITY
Intrusion Detection
– Passive infrared (PIR)

• Passive, visible, volumetric
• Thermopile or pyroelectric detector converts heat to electrical signals
• Responsive to human heat approximately equal to heat from 50-watt incandescent light bulb
• Generally requires motion in addition to heat signature contrast against background heat
• Minimum resolvable temperature (MRT): Difference in heat between target and background
(can be as low as 1 degree Celsius)
• Responds to infrared energy in the wavelength band between 8 and 14 nm
• Uses one of two focusing mechanisms
– Segmented parabolic mirrors - designed for corridors (target moving toward/away from sensor)
– Fresnel lens optics - designed for large, open areas (target moving across field of view) (most effective)
• Does not penetrate most building materials, including glass; detection may be limited by line-of-sight
• Susceptible to unintended heat sources, like windows heated by the sun, or heating vents
– An incandescent bulb suddenly going out may cause an alarm (loss of heat signature)
• No interference between PIR devices in the same area
PAGE 61 /223
PHYSICAL SECURITY
Intrusion Detection
– Microwave
• Active, visible, volumetric
• 10GHz frequency range; senses Doppler Shift of returned frequency
• Best positioned to sense aggressors moving towards or away from sensor; slow-moving targets may spoof microwave sensors
• Microwave horn, printed circuit planar, or phased array antenna
• Various detection patterns available; concave portion of detection zone is vulnerable
• Penetrates most glass and normal wall materials (not metal)
• Immune to high air turbulence and temperature/humidity changes; susceptible to "pattern drift" and can reflect off metal
• Often used in automatic door openers; multiple microwave sensors in the same area must be on different frequencies
• Ionized gas in fluorescent lighting can reflect microwaves and cause nuisance alarms
– Proximity sensors
• Pressure mats
– Largely obsolete - replaced by motion detectors
– Detected weight of 5-20 lbs per square foot
– Still used in security portals (man traps) to prevent tailgating - based on valid user's weight in database
• Capacitance sensors
– Large, electrical condenser that radiates energy
– Detects changes in capacitive coupling between antenna and the ground
– Target touches protected object and absorbs some of the radiated energy, generating an alarm
PAGE 62 /223
PHYSICAL SECURITY
Video Surveillance
• Video surveillance systems…
– Alternative names for "CCTV“: Digital Imaging System (DIS) or Visual Imaging System (VIS)
– When selecting a video surveillance system, use a systems approach rather than a components approach
ASIS GDL FPSM-2009, Sect. 3.6.1.3
– The following parameters determine the effectiveness of a video assessment subsystem

• Minimum time between sensor alarm and video display
• Complete video coverage of the sensor detection zone (called the assessment zone when sensors and video are integrated)
• Ability to classify a 1 ft target at the far edge of the assessment zone
• Vertical field of view at far edge of exterior detection zone = height of a standard fence and person climbing it
• Continuous operation, 24/7
• Minimal sensitivity to environmental conditions, for all cameras
• Minimal obscuration of the assessment zone (such as trees, fences, furniture, etc.)
• Camera FOV and recording system integration displays the alarm source to an operator
– Legal considerations
• Avoid cameras where reasonable expectation of privacy exists
• Covert cameras are generally legal but consult an attorney
• Dummy cameras are a liability; they provide a false expectation
of protection
• Signs re of video monitoring are acceptable (be careful of wording)
• Recorded video must meet standards for quality, time/date stamp,
and % of scene occupied by the subject (among other things and
depending on the jurisdiction) to be admissible as evidence
• In some jurisdictions, the presence of a unique scene identifier in
recorded video is required
• Digital watermarking is utilized with varying degrees of success
PAGE 63 /223
PHYSICAL SECURITY
Video Surveillance
• Three reasons for cameras in security applications…
– Obtain visual information about something that is happening (most important)
– Obtain visual information about something that has happened (most important)
– Deter undesirable activities

• Primary uses of video surveillance systems…
– Detection of activities
– Recording of incidents
– Assessment of alarms/incidents
PAGE 64 /223
PHYSICAL SECURITY
Video Surveillance
• Main elements of a video surveillance system…
– Field of view (FOV)
– Scene
– Lens
– Camera (including mounting hardware)
– Transmission medium
– Monitor
– Recording equipment (analog or digital)
– Control equipment
• Three main components of an analog video surveillance system…

1) Camera
2) Transmission cable
3) Monitor
Other parts may include
4) PTZ unit
5) Controller (aka keyboard, joystick, etc.)
6) Switcher (or sequential switcher, quad splitter, multiplexer ("mux"), matrix switcher
7) Lens
8) Video transmitter/receiver
9) Amplifier
10)Video recorder
PAGE 65 /223
PHYSICAL SECURITY
Video Surveillance
• Three main components of a digital video surveillance system…
1) Camera
2) Digital electronic signal carrier
3) PC with software
Other parts may include
4) Digital electronic scanning software (electronic PTZ)

5) Controller (aka server, PC, smart phone, etc.)
6) Switcher (or encoder, digital switcher (multiplexer), built-in multiplexer (DVR, NVR), etc.)
7) Lens
8) Video transmitter/receiver
9) Amplifier
10) Video recorder
PAGE 66 /223
PHYSICAL SECURITY
Video Surveillance
• Designing the VSS…
– In designing a video surveillance application, security managers should keep in mind

• Video surveillance is a visual tool of security and should be applied accordingly
• No matter what, the equipment of the system will become obsolete.
– Obsolete does not necessarily mean ineffective or out-of-date for the application
– If a system is obsolete but performing well, it’s because the original application was correctly designed to meet performance needs
• Video surveillance systems should always be designed with future growth or changes to the needs of the application in mind
– Key points for designing video surveillance systems

• Once simplified, the most complex electronic system can be managed by almost anyone
• The application drives the choice of equipment, not the other way around
– Simple rules for design

• Keep the system in perspective
• Design generically
• Design for the best option first (budget after)
• Don't feel driven to build the system all at once
ASIS POA, Vol. 2, Sect. 5.3, 5.5
PAGE 67 /223
PHYSICAL SECURITY
Video Surveillance
• Designing the VSS (continued)…
– Steps for design
1) Define the system’s purpose
2) Define each camera's purpose
3) Define the areas to be viewed by each camera
4) Choose a camera style
5) Choose the proper lens
6) Determine best transmission method
7) Layout control area
– Other design factors

• Environment, weather
• Vandalism
• Aesthetics
• Angle/field of view
• Mounting and serviceability
– Design questions for the video surveillance system software/controller application

• How many cameras handled at each node point?
• Will any of the cameras be viewed at more than one monitor point?
• Will individual monitoring points need separate controlling capabilities?
• Will there be any alarm point interfaces/integration?
• Will the switchers be required to activate any devices on alarm?
• Would it be advantageous to transmit an email, text, or video image to a portable device?
• Are there plans to expand the system in the future?
• Can the network and individual nodes handle expansion?
• What units will need to be rack-mounted, tabletop, wall-mounted?
PAGE 68 /223
PHYSICAL SECURITY
Video Surveillance
• Video resolution…
– Resolution (limitation of resolution) is determined by the following, in order
1) The camera
2) The transmission method
3) The weakest link in the video system interface
4) The reproduction capability of the storage system
– Limiting factors
• Analog video recorders average a playback of 325 horizontal lines (very low)
• DVR's digitize analog signals, dropping 25% of the resolution
• Sloppy installation or cheap coaxial cable costs 10-15% of resolution
• Digital compression also reduces resolution
– Analog resolution
• The monitor paints horizontal sweep lines one at a time, left to right, top to bottom
• The monitor paints an equal or greater number of vertical sweep lines
• A pixel is the intersection of the horizontal and vertical sweep lines
• The more pixels a monitor displays, the better the overall resolution or quality of detail within the image
• Vertical resolution is restricted by NTSC4 or PAL5 standards
• Horizontal resolution is the most common measurement of the quality because it is limited only by the camera imager,
monitor, and bandwidth
• 2:1 interlace pattern
– The monitor first paints the odd-numbered horizontal sweep lines of the image
– The monitor resweeps the screen with the even-numbered horizontal sweep lines
– This process creates 60 fields (half pictures) of information per second in NTSC
– This process creates 50 fields per second in PAL
– Combining one odd field and one even field of video information produces one complete frame or picture of analog video.
– In NTSC the viewer sees 30 complete frames per second
– In PAL the viewer sees 25 complete frames per second
PAGE 69 /223
PHYSICAL SECURITY
Video Surveillance
• Video resolution (continued)…
– Digital resolution
• Does not use 2:1 interlace
• Digital images are presented on the monitor as a full grid of small, colored squares, or pixels
• Real-time digital video may not be represented by 30 frames per second
– Real time is based on the needs of the application, on a camera-by-camera basis
– Perhaps 20% of cameras in a system may be recording at a different frame rate from the other cameras
– Video is no longer held to NTSC or PAL standards; Instead it is held to the various digital standards established for visual media
– Digital standards vary around the world, but all digital knowledge is being standardized on a universal basis
PAGE 70 /223
PHYSICAL SECURITY
Video Surveillance
• Video resolution (continued)…
– All IP cameras measure resolution as a multiple of the Common Intermediate Format (CIF) (about half the
average 325 horizontal lines; not recommended as a usable standard for storage)
• 1/4 CIF = 176 X 120 (3,520 pixels or 0.003 megapixels)
• CIF = 352 x 240 (84,480 pixels or 0.08 megapixels)
• 4 CIF = 704 x 480 (337,920 pixels, or 0.3 megapixels)
• 16 CIF = 1408 x 960 (1,351,680 pixels, or 1.3 megapixels)
• 32 CIF = 2816 x 1920 (5,405,720 pixels, or 5.4 megapixels)
• A 4mp camera = resolution of 400 ASA film

• A 6mp camera = resolution of 100 ASA film
• The most effective and current standard for digital video compression is the H.264 compression algorithm *
* H.265 is currently available but not widely used (2017)

PAGE 71 /223
PHYSICAL SECURITY
Video Surveillance
• Fields of View (FOV)…
– Three considerations when determining video surveillance fields of view (FOV)
• Target (person, vehicle, etc.)
• Activity (assault, slight-of-hand, etc.)
• Purpose (identification vs general monitoring, etc.)
– Video surveillance systems are designed to be only two things

• Visual assessment (what is happening now)
• Visual documentation (what has happened previously)
– Three theoretical identification views of an analog VSS

• Subject identification
– Ability to identify something or someone beyond a shadow of a doubt
– Depends on Size and detail of the image, and the angle of view
– Subject should occupy at least 10% of the scene's width
(average person is 2' wide)
• Action identification
– Ability to identify and document exactly what happened
– Frame rate is particularly important
– Automated triggers can be used (integration with sensors)
• Scene identification
– Ability to accurately identify a location
– Includes ability to read accurate character generation on the screen
http://www.ncitymacs.com/CamPage.html
PAGE 72 /223
PHYSICAL SECURITY
Video Surveillance
• Fields of View (FOV) (continued)…
– Theoretical identification views of a digital VSS
• General: Cannot distinguish clothing and colors - pixelated zoom [5 pixels/ft]
• Monitor: General human/vehicular traffic flows - no serious detail on zoom [7 pixels/ft]
• Detect: Detect but not identify person-sized object - no significant detail on zoom [11 pixels/ft]
• Observe: Clothing/colors gain distinction - no good detail on zoom [18 pixels/ft]
• Recognize: High degree of accuracy identifying and separating known individuals - good detail on zoom [35 pixels/ft]
• Subject Identification: Establish identity beyond shadow of a doubt - excellent detail on zoom [46 pixels/ft]
• License Plate Identification: Identification of license plates - excellent detail on zoom [70 pixels/ft]
• Facial Recognition: Extreme detail - excellent detail on zoom [88 pixels/ft]

– Identification of an object in video means the ability to differentiate between peoples' identities.
– Classification of an object in video means the ability

to differentiate between humans, animals, etc.
– Cameras should not be required to view more

than one major and one minor objective
– Cameras should not auto-pan more than 45 degrees left or right of the major focus
PAGE 73 /223
PHYSICAL SECURITY
Video Surveillance
• Cameras…
– Major types of cameras

• Analog
• Digital/IP
• Infrared
• Thermal
– Four main types of cameras

1) Standard analog CCD cameras
2) IP cameras
3) Infrared cameras
4) Thermal cameras
– Three basic styles of IP cameras

1) Standard
2) Megapixel
3) Smart (edge analytics, etc.)
– Infrared cameras require an IR source
– Thermal cameras do NOT require an IR source

– While different camera models are commonly used in the same video surveillance system, it is critical to ensure
compatibility of language and format between manufacturers
PAGE 74 /223
PHYSICAL SECURITY
Video Surveillance
• Cameras (continued)…
– Camera selection criteria, in order of importance

1) Sensitivity (light)
2) Resolution (image quality)
3) Features (WDR, IR, analytics, etc.)
– Placement of cameras is dictated by

• Angle of view
• Pixels per foot
– Three basic sensitivities of cameras

1) Full-light
2) Lower-light
3) Low-light
Light sensitivity of standard analog CCD cameras

ranges from .005 lux to 10 lux
PAGE 75 /223
PHYSICAL SECURITY
Video Surveillance
• Cameras (continued)…
– Camera features
• Automatic gain control (AGC): Manages output based on light levels –

increases noise by 10x, degrading low-light video 10,000K (Xenon headlights)
• Electronic shuttering: Compensates for lack of auto-iris to reduce light intake
• Backlight compensation: Compensates for bright background light 9,000K
• Auto-iris lens: Ensures consistent 1 volt-peak-to-peak (VPP)
8,000K (Snow, water, blue sky)
• Masking: Allows the camera to ignore certain "grids" in its FOV
• Electronic iris: Replaces the auto-iris 7,000K (Overcast daylight)
• Super Dynamics: Analog backlight compensation
• Auto focus 6,000K (Lightly overcast sky, LCD monitor)
• Privacy blocking or image protection
ASIS POA, Vol. 2, Sect. 5.5 5,000K (Average daylight, direct sunlight)
– Corrected color temperature (CCT)
4,000K (Cool fluorescent light)
• Measure of the warmth or coolness of light
3,000K (Incandescent light)
• Measured in Kelvin
(0 degrees Kelvin is approximately -272 degrees Celsius)
2,000K (Early sunrise, High Pressure Sodium light)
• Red hot ~2700 degrees Kelvin (perceived as a "warm" color)
• White hot ~4100 degrees Kelvin (perceived as a "cool" color)
1,000K (Candlelight)
• Blue hot ~5000 degrees Kelvin (approximates daylight)
(perceived as a "cool" color)
http://www.holycrapitslate.com/hobby-quick-tip-daylight-bulbs-miniature-model-painting/light-bulb-color-temperature-chart/
PAGE 76 /223
PHYSICAL SECURITY
Video Surveillance
• Camera lenses…
– The camera is selected before the lens

• The lens is selected based on its ability to provide the desired identification information
– The lens is one of the few elements of a video system not converting to digital
• Various functions of the lens can be automated (auto-iris, zoom/varifocal, focus)
– Five main types of lenses

1) Wide angle (best for 0 to 15' ranges)
2) Standard (best for 15 to 50' ranges) (equivalent to the view from the human eye)
3) Telephoto (best for >50' ranges)
4) Varifocal
5) Zoom
– Lens/camera compatibility questions

• Lighting requirements
• Format (1/4", 1/3", 1/2", 2/3", 1" or megapixel)
• Color vs black and white
• Standard (C or CS)
• Type (AC/EC or DC/LC)
• Megapixel
• IR
PAGE 77 /223
PHYSICAL SECURITY
Video Surveillance
• Camera lenses (continued)…
– The human eye has peripheral vision equal to approximately 2.5 times that of a standard lens
• 1" format camera = 25mm lens (standard/human eye)
• 1/2" format camera = 12.5mm lens (standard/human eye)
• 1/3" format camera = 8mm lens (standard/human eye)
ASIS POA, Vol. 2, Sect. 5.6.2, 5.7
– Two differences between zoom and varifocal lenses

• Range of focal length is small in the varifocal
• Varifocal lenses do not have a tracking
mechanism to align focal length with focus
– AC/EC and DC/LC lenses

• AC/EC (also called video) lens uses the
original, antiquated auto-iris lens design
– AC = auto circuit
– EC = electronic circuit (metric equivalent of AC)
– Video sampler circuit built into its body to control the iris based on the
video signal level of the camera
– Cameras designed before 1995
• DC/LC lens has become the standard for camera and lens design
– DC = direct circuit
– LC = logic control (metric equivalent of DC)
– Less expensive and more efficient
– No electronics built into the lens for iris control; camera supplies voltage
– Cameras designed after 2002
• Cameras designed between 1995 and 2002 accept either lens
PAGE 78 /223
PHYSICAL SECURITY
Video Surveillance
• Video storage/recording…
– When storing and using security video, it is important to decide whether the system’s purpose is to
• Verify information
• Prove information
• Aid a prosecution with the information
• This decision helps determine the type of video imaging, degree of quality or resolution, and frame rate
– The only reason to reduce bandwidth and storage space is cost. Methods to reduce these requirements include
• Reduce frame rate (images per second)

• Reduce resolution
• Reduce amount of recording time with VMD, etc.
– Types of recorders
• DVR's: Analog inputs only, converted to digital in the box,

stored on hard drive or external media
• NVR's: Analog OR digital inputs, analog converted to
digital, stored on hard drive or external media
• Server/cloud: Digital inputs stored on network
storage devices
PAGE 79 /223
PHYSICAL SECURITY
Locking Systems
• Locks…
– Most widely used method of controlling physical access

– Among the oldest of security devices
– Should not be relied upon as the only means of physical protection for important assets
– Should always be used with complementary protection measures
– Two classes of locks

1) Mechanical
2) Electro-mechanical
– Two major components of most mechanical locks

1) Coded mechanism (key cylinder, wheel pack, etc.)
2) Fastening device (bolt, latch, etc.)
– Four components/assemblies of locks

1) Bolt or latch
2) Keeper or strike
3) Tumbler array
4) Key
– Vulnerabilities of mechanical locks

• Attack by force (spreading, forcing, twisting, etc.)
• Surreptitious attack (picking, raking, bumping, etc.)
• Impressioning and try keys
PAGE 80 /223
PHYSICAL SECURITY
Locking Systems
• Primary types of locks…
– Warded (first type, very weak security, skeleton keys, old houses, antiques)
– Lever (18th century, more security than warded locks, master keyable, safe deposit boxes)
– Pin tumbler (19th century, Linus Yale, most widely used, can be high security, residential/
office locks, master-keyable)
– Wafer tumbler (sometimes double-bitted keys, mostly furniture locks, lower security than pin
tumblers, master-keyable)
– Dial combination (safes, mechanical or electronic, many combinations (dial #'s to the
power of spins))

PAGE 81 /223
PHYSICAL SECURITY
Locking Systems
• Locking systems…
– Coordinated arrays of mutually supportive and complementary locking elements
– Based upon design plans which consider

• The need for different, concurrent levels of security control for locked spaces
• The likelihood that such levels will change with time
• The probability that some (or many) users will require common access in some spaces and exclusive access in others
• The possibility that access devices (keys, cards or tokens) may be lost, compromised or damaged
• The requirement that there be effective means for adapting the system to planned, as well as unanticipated changes
– Must be designed, not simply installed
– Without lock planning, security will usually degrade to mere privacy
– If it is not clear who has access to what spaces, a locking program is not secure
– If it is not possible to provide multiple levels of access, the program is not convenient
– Aspects of lock system planning

• System needs are correctly defined at the beginning
• Most appropriate locking mechanisms for the particular application are selected
PAGE 82 /223
PHYSICAL SECURITY
Locking Systems
• Locking system considerations…
– Total number of locks

– Major categories of sectors of the system
– Security objectives
– Size and turnover of population
– Related or supportive security subsystems
– Intelligence or information requirements
– Criticality of asset exposure
• Planning the locking system…
– Proper lock planning requires consideration of the "totality" of the area

(strength of doors and walls, drop ceilings, etc.)
– Questions to ask when planning a locking system

• Assets?
• Threats?
• Access required?
• System flexibility required?
• Impact on operations?
• Organization culture / image impact?
• Resources and skills to plan, design, implement, operate and maintain?
• Budget for installation, maintenance?
PAGE 83 /223
PHYSICAL SECURITY
Locking Systems
• Locking policy should do the following…
– Require a systematic approach be taken to the use of locks for security purposes
– Assign specific responsibility for the development of the lock program
– Make all persons responsible for compliance with the program requirements
• Lock change methods…
– Re-arrange or rotate the locks among doors

– Rekey the locks (most effective)
• Master keying…
– Three major security difficulties

1) Effective master key accountability
2) Manipulations are easier
3) Additional maintenance
PAGE 84 /223
PHYSICAL SECURITY
Lighting
• Three primary functions of security lighting…
– Deter criminal activity
– Life safety functions
– Support of video surveillance
• Typical lighting costs…

– Capital (up front costs) (~8%)
– Energy (~88%)
– Maintenance (~4%)
• Major components of a lighting system…

– Lamp (bulb)
– Luminaire (fixture)
– Mounting hardware
– Electrical power
PAGE 85 /223
PHYSICAL SECURITY
Lighting
• Terms…
– Lumen: The quantity of light emitted by a lamp
• A typical 100 watt incandescent bulb outputs about 1700 lumens
– Illuminance: The concentration of light over a particular area

• A floodlight generating 1000 lumens illuminates a large area 50 feet away
• A spotlight generating 1000 lumens illuminates a small area 50 feet away
• Both lights output the same lumens
• Each light generates a different level of illuminance from the same distance
– Foot-candles: The U.S. measure of illuminance (lumens per square foot)
– Lux: The metric measure of illuminance (lumens per square meter); 1 FC = 10.76 lux (approximately 10:1 ratio)
– Scene illuminance: Illuminance level of the scene
– Faceplate illuminance: Illuminance of the camera lens

– Efficacy: Lumens / watts (output divided by consumption)

– Strike Time: Initial, cold start time of the light fixture
– Restrike Time: Re-start time of a warm

– Reflectance: The percentage of light reflected from a scene, which depends on the incident light angle, and the
texture and composition of the reflecting surface
PAGE 86 /223
PHYSICAL SECURITY
Lighting
• Light color…
– Color rendition index (CRI)

• Scale of 0 to 100
• 70 to 80 CRI is good; above 80 is excellent; 100 is daylight
• High CRI is important in security, retail, restaurant, and precision manual work
• High CRI increases visual clarity and has been found to create higher morale and greater productivity
• High CRI in outdoor locations at night makes pedestrians feel safer because it allows them to see at a greater distance and
have better depth perception
– White balance is the automatic adjustment within the camera for the color temperature of the light source
• Ranges from 2,200 to 7,000 degrees Kelvin
– Wavelengths of light visible to the

human eye
400 nm to 700 nm
– Infrared spectrum
700 nm to 1,100 nm
– Ultraviolet spectrum
10 nm to 400 nm
NASA
PAGE 87 /223
PHYSICAL SECURITY
Lighting
• Light uniformity and coverage…
– Uniformity: The measurement of variation in lighting levels
• Working environments are 1 : 0.7
• Pedestrian walkway is 4 : 1
• Roadway is 10 : 1
• Higher uniformity levels provide better depth perception and greater perception of security
– A 4:1 uniformity ratio is preferred for parking structures
– Landscaping environments can be expensive to light due to the numerous areas of

potential concealment
• Lighting should be focused from the ground up into trees and shrugs to deter concealment
– Lighting ratios in parking lots should not exceed 4:1

– Along building facades where individual exterior objects cannot be adequately lit,
providing a high contrast will give good identification of shape and movement - flood
lights work well for this purpose
– A bright white, horizontal strip along the interior walls of parking structures provides
higher contrasts and facilitates object identification
PAGE 88 /223
PHYSICAL SECURITY
Lighting
• Light uniformity and coverage (continued)…
– The height of light poles in parking areas should be

12 - 14 feet to reduce shadows and dark spots
– High mast lighting is preferred outdoors because

• Broader, more natural light distribution
• Requires fewer poles
• Is more aesthetically pleasing
• Lighting implications to video surveillance…
– The successful deployment of even the simplest VSS requires an understanding of

• The relative levels of scene illumination produced by natural sources
• The amount of light reflected from typical scenes
• The resultant faceplate illumination levels required by the variety of image tube and solid-state imagers
– The amount of light necessary to produce a usable video signal from any video
camera is a function of these factors
• The type and brightness of the source
• The amount of light energy illuminating the scene of interest
• The portion of the light reflected from the scene
• The amount of light transmitted by the lens to the imager
• The sensitivity of the imaging device itself
PAGE 89 /223
PHYSICAL SECURITY
Lighting
• Lighting implications to video surveillance (continued)…
– Lighting considerations for video surveillance
• CRI
• Reflectance of materials
• Directionality of reflected light
– The two most important parameters of a lighting system for video surveillance are its
• Minimum intensity
• Evenness of illumination
– Cameras are light-averaging devices - All lighting in the camera’s FOV must be even, not just the target area
– The sensitivity of a CCTV camera can be defined as the minimum amount of illumination required to produce a
specified output signal. The following factors are involved in producing a video signal
• Illuminance level of the scene
• Spectral distribution of the illumination source
• Object reflectance
• Total scene reflectance
• Camera lens aperture
• Camera lens transmittance INCANDESCENT
& HALOGEN TRIPHOSPHORE
METAL
• Spectral response of the camera imager FLUORESCENT
HALIDE COATED HIGH
FLUORESCENT
• Video amplifier gain, bandwidth, MERCURY PRESSURE
SODIUM
CLEAR
MERCURY LOW
PRESSURE
and signal-to-noise ratio SODIUM
• Electronic processing circuitry
– Minimum output video signal is

100 85 85 70-50 49 24 17 5
usually 1 volt peak-to-peak (VPP)
http://www.standardpro.com/select-lighting-to-enhance-the-true-colours-of-your-store-merchandise/
PAGE 90 /223
PHYSICAL SECURITY
Lighting
• Lighting implications to video surveillance (continued)…
– Camera sensitivity may sometimes be overstated based on these two, commonly used factors
• Higher scene reflectance than normally encountered
• Greater transmittance than is commonly available in standard auto-iris lenses with neutral density spot filters
– A minimum of 1.5 fc is required for a camera system using an f/1.8 or faster lens and a solid-state imager
• This assumes reflectivity of 25%
• This also assumes a light : dark ratio of no more than 4:1
• 4:1 ratio is allowed to creep to 6:1 as materials age
Color cameras require twice the

light of black-and-white cameras
PAGE 91 /223
PHYSICAL SECURITY
Lighting
• Protective lighting…
– Protective lighting types

1) Standby
2) Continuous
3) Moveable
4) Emergency
5) Glare projection
6) Controlled
– General security lighting equipment

• Streetlight
• Searchlight
• Floodlight
• Fresnel
• High mast lighting
PAGE 92 /223
PHYSICAL SECURITY
Lighting
• Lamp comparisons…
– High-intensity discharge (HID) lamps
• Metal halide
• Mercury vapor
• High-pressure sodium
• Require an electrical arc within a gas to generate illumination
• Require steady electrical voltage - cannot tolerate fluctuations in power
• Require lengthy hot restart times - up to 20 minutes - because the tube must cool to re-generate the arc
• Offered with two tubes, one used at a time, to reduce restart times
• Should have back-up power in security/safety areas
– Most CPTED practitioners prefer metal halide lamps because

• They last about 20,000 hours
• They accurately reproduce the color of cars, clothes, and people
– Hours in a year: 8,760

• 8 hours per day lamp usage:
2,920 hours per year
– Planned replacement of bulbs, rather than

waiting for them to go out, is more effective
because
• All or a group of bulbs can be replaced at once,
rather than incurring the expense of replacing
them one at a time
• Dark spots can be reduced or eliminated
PAGE 93 /223
PHYSICAL SECURITY
Lighting
• Lighting levels…
– The number of luminaires required to cover an areas is a function of

• The area to be covered
• Light levels required
• Height of the luminaires and their design
• Type of lighting used
– Rule of thumb for outside lighting: You should be able to read a driver's license or newspaper with some
eyestrain
– General rule for lighting levels with regard to identification of subjects

• Detection (someone is there) - 0.5 fc
• Recognition (recognizing the person) - 1.0 fc
• Identification (evidentiary) - 2.0 fc
https://www.archtoolbox.com/materials-systems/electrical/recommended-lighting-levels-in-buildings.html
PAGE 94 /223
PHYSICAL SECURITY
Lighting
• Lighting levels (continued)…
Application Minimum Light Level

(IES Standard)
Perimeter fence 0.50 fc

Outer perimeter 0.50-2.00 fc
Open area 2.00 fc
Open parking lot 0.20-0.90 fc
Covered parking lot 5.00 fc
Pedestrian walkway 0.20 fc
Pedestrian entrance 5.00 fc
Vehicle entrance 10.00 fc
Building façade 0.50-2.00 fc
Gatehouse 30.00 fc
Loading dock exterior 0.20-5.00 fc
Loading bay 15.00 fc
Office – general 30.00-50.00 fc
Office – task 50.00-70.00 fc
Interior public area 10.00-20.00 fc
Retail store 50.00 fc
Bank – lobby 20.00 fc
Bank – teller 50.00 fc
Bank - ATM 15.00 fc
PAGE 95 /223
PHYSICAL SECURITY
Lighting
– For pedestrian walkways and roadways, vertical lighting illuminates the path
and helps identify potholes or other tripping hazards. Horizontal lighting aids in
the identification of pedestrians and camera usage
– Typical light levels

• 50,000 fc: Upper limit of visual tolerance
• 10,000 fc: Direct sunlight
• 1,000 fc: Full daylight
• 100 fc: Overcast day
• 1 fc: Twilight; White paper 1 foot from a standard candle
• 0.1 fc: Deep twilight (1/10 of a foot-candle)
• 0.05: Snow in full moon (5/100 of a foot-candle)
• 0.01: Full moon (1/100 of a foot-candle)
• 0.005: Average earth in full moon (5/1000 of a foot-candle)
• 0.001: Quarter moon (1/1000 of a foot-candle)
• 0.00005: Grass in starlight (Four zero's; 5/100,000 of a foot-candle)
• 0.00001: (Four zero's; 1/100,000 of a foot-candle) Overcast night
• 0.000001: (Six zero's; 1/10,000,000 of a foot-candle) Absolute limit of seeing
– Typical reflectance levels

• Asphalt: 5%
• Concrete (old): 40%
• Concrete (new): 25%
• Red brick: 25%
• Grass: 40%
• Snow: 95%
PAGE 96 /223
PHYSICAL SECURITY
Lighting
– Glare: Excessive brightness

• Important in security applications
• Hurts the eye and affects its efficiency
• Creates excessive contrast with other objects, makes people
turn their eyes away, generally makes it difficult to see clearly
• Can be used effectively to deter unauthorized activity at a site
perimeter
• Has an equally negative effect on patrols and response forces
• May cause light trespass onto adjoining properties, including
sidewalks and roadways
– Light trespass must not cause glare or excessive contrast to drivers and pedestrians, both on and off the organization’s property
– Many communities set limits, through zoning restrictions, on the level of lighting and light trespass
Light performance declines with age of the bulb,

up to a 20% loss by the end-of-life of the bulb.
– Light output in an office or other clean environment declines by 3 to 4% each year due to dirt accumulation on
lighting fixtures and bulbs
• Recommended light cleaning cycle is every three years
• A dirty environment may result in a reduction of up to 20% per year in light output due to dirty lighting
PAGE 97 /223
PHYSICAL SECURITY
Barriers
• Barrier types…
– Natural
– Structural (man-made)
• Barrier purposes…
– Physically and psychologically deters the undetermined
– Delays the determined
– Channels authorized traffic
– Discourages unauthorized access that takes place by
• Accident
• Force
• Stealth
– Explicitly defines territorial boundaries
– May be used to prevent views of the facility
– May be used to prevent placement of listening devices
• Barrier notes…
– Should be supported by interior clear zone whose width
depends on the threat
– Should be supplemented by sensors and/or other security
measures
– Should not provide concealment opportunities or climbing aids
– Should not obstruct lighting, video surveillance, or intrusion
detection
– Should not facilitate observation of the facility
PAGE 98 /223
PHYSICAL SECURITY
Barriers
• Structural barriers…
– Walls, doors, windows, roofs, floors, etc.
– If a barrier’s effectiveness is uncertain, it should only be considered a potential obstacle

– Selection and placement of barriers depends on the adversary's objective
• Balanced design…
– Layered barriers provide equal delay –
no weak links
– Barrier penetration begins two feet in front of
the barrier, and ends two feet beyond it
– Upgraded perimeter barriers provide several

significant benefits
• Coupling vehicle and personnel barriers into a
perimeter, inside and adjacent to the perimeter
detection system, delays the intruder at the point
of detection, improving the assessment function
• Delaying the intruder at the perimeter may enable
the response force to intercept the intruder near
the point of the alarm. Without a delay, the intruder
will likely have left the alarm point by the time the response force arrives
• They make it possible to protect a site whose targets
are assets stored in several easily penetrated buildings on-site
• Vehicle barriers around a site’s perimeter (inside the perimeter sensors) may force an intruder to travel on foot and to carry
any needed tools and weapons
PAGE 99 /223
PHYSICAL SECURITY
Barriers
• Fences and walls…
– Are the most common perimeter barriers
– Define areas and give notice of a protected property line
– Demonstrate commitment to security and may stop a casual trespasser
– Channel traffic and reduce the required number of security personnel
– Provide intrusion detection and/or video surveillance zone
– Force intruders to demonstrate intent to enter the property
– Must be maintained
– Walls are generally more resistant to penetration than are doors, windows, vents, and other openings
• Most walls can be breached with the right tools
• Using explosives and cutting tools, an adversary can make a "crawl hole" through 18" reinforced concrete in under five minutes
• Increasing wall thickness usually adds only a moderate delay against explosives, even though the amount of explosive needed
increases substantially with wall thickness
• Ordinary reinforced concrete walls can be penetrated quickly because they are generally designed to support structural loads,
not to thwart or delay penetration
• Placing two or more reinforced concrete walls in series results in longer penetration delays than using one wall that is as thick
as the two walls combined
• Removing the rebar often takes longer than removing the concrete; delay can be increased by using additional rebar,
increasing rebar size, or decreasing rebar spacing
• Use earth cover or other overburden to delay access to the wall itself
• Hardening a normally constructed building against forcible penetration for a significant period is rarely practical or cost-
effective
PAGE 100 /223
PHYSICAL SECURITY
Barriers
• Fences…
– Wire toppers on fences do not prevent intrusion, but rolls of barbed tape on or near them can increase delay
• One of the most cost-effective additions to a fence is to attach a roll of barbed tape to the outriggers
• Typically, barbed-tape rolls are placed inside an outer perimeter fence and outside an inner (double) fence
• The direction of the outriggers makes little difference in fence climbing times
• Directing the outriggers to point toward the inside does eliminate the handgrip used by intruders when
climbing over the fence
– Inner fence-lines (double fence areas such as prisons) are spaced a minimum of 10 - 20 ft
from the outer fence-line
ASIS GDL FPSM-2009, Sect. 3.2.1.1.2
– Wooden, picket fence slats should be spaced apart no more than 1-3/4", and the
horizontal rails (top vs bottom) should be 50" apart
– Electrified fencing
• Most industrial, electrified fences are 8' tall with 20 wires fitted to the inside of the chain
link perimeter fence
• Pulses electrical energy 45 times per minute
• Two types
– All live wire "deterrent" fence (less common)
– "Monitored" fence (more common)
– Expanded metal
• Four basic types
– Standard/regular
– Grating
– Flattened
– Architectural or decorative
PAGE 101 /223
PHYSICAL SECURITY
Barriers
• Gates…
– Establish points of entry and exit to an area defined by fences and walls
– Limit or prohibit the flow of pedestrian or vehicular traffic
– Establish a controlled traffic pattern
– Should provide equal levels of delay as perimeter fences
• Doors…
– While walls may be hardened, doors tend to be a weak link in a structure because of their functional
requirements and associated hardware
• If the door assembly cannot be sufficiently enhanced (door, frame, hinges, bolt and lock), it may not be cost-effective to
upgrade the building structure
• Most common exterior doors are 1 3/4" thick with 16 or 18 gauge steel surface sheets, usually hollow or filled with composite
material
• It only takes about one minute to defeat exposed hinges and remove the door from the frame
– This vulnerability can be mitigated by welding the hinge pin heads to the hinge knuckles, using the hidden
"stud-in-hole" method, or affixing a Z-strip to the rear face of the door
– Most industrial windows and doors can be penetrated in less than one minute
– Door classifications
• Standard industrial doors
• Personnel doors
• Attack-and bullet-resistant doors
• Vehicle access doors
• Vault doors
• Blast-resistant doors
• Turnstile gates
PAGE 102 /223
PHYSICAL SECURITY
Barriers
• Doors (continued)…
– Unnecessary, external doors should be eliminated, as well as unnecessary, external (exposed) door hardware
• Doors can be reinforced with steel plates on their surfaces, heavy duty hinges, and filling frames with concrete
• Installing wood cores in metal doors, especially using redwood, increases the delay time for thermal cutting tools by 3x or 4x
• Prying or spreading the jamb from the door usually only requires 1/2" to 3/4" of space to defeat the lock
– This vulnerability can be mitigated with welded, 2" wide metal strips (astragals or block plates), concrete-filled frames and high
security deadbolts
• Windows…
– Windows can be hardened with additional or heavier fasteners in the
frames, or by welding the frames
– Transparent plastic glazing

• Some types are combustible and their use may be restricted by fire codes
• Acrylic plastics like Lucite™ and Plexiglas™, if less than one inch thick,
can be broken with hand tools in less than 10 seconds
• Polycarbonates resist impact about as well as bullet-resistant glass
• Lexan in 1/2" thicknesses resists hand-tool penetration for up to two minutes
• Thermal tool attacks require about one minute but cause combustion and the
release of toxic gases
•
– Glass/polycarbonate composite glazing contains a tough core of
polycarbonate between two layers of glass
• Developed for use in prisons
• Penetrated when hand tools and fire axes were used in tests
– The thickest panels lasted 10 minutes against miscellaneous steel tools
PAGE 103 /223
PHYSICAL SECURITY
Barriers
• Windows (continued)…
– Wire glass
• Used often in fire doors and fire windows
• The 1/4" material is fabricated with diamond, square, or hexagonal wire patterns
• Can be penetrated with hand tools in about 20 seconds
– Laminated glass
• Made of two or more panes of annealed float, sheet, or plate glass
• Bonded to a layer or layers of plastic
– Safety glass that is 1/4" thick can be penetrated in 30 seconds
– Security glass that is 9/16" thick requires 15 minutes of work with hand tools to produce a crawl-through hole
• Utility portals…
– "Utility ports" are openings other than doors and windows,
through which maintenance and other functions might be
performed
– Most tunnels used to link buildings are not protected very well
– Pipe channels inside buildings are often congested but still

allow space for maintenance work
– Ducts associated with HVAC systems could provide an

adversary path
PAGE 104 /223
PHYSICAL SECURITY
Barriers
• Roofs…
– Can be enhanced in several ways (new and existing)
• Enhancing membranes with embedded screen
• Adding several inches of rigid insulation
• Using concrete reinforced with deformed steel bars and expanded steel mesh
• Forming larger rebar into several rows or layers for reinforced concrete
• Increasing the number of fasteners and adding structural members to corrugated roofs
• Using mechanical fasteners or joints and a continuous weld and heavier gauge material on metal roof systems
• Using larger rebar to strengthen the flange area of precast concrete tee beams
– Contemporary roof types include the following

• Prestressed concrete tee beam
• Metal subdeck and reinforced concrete
• Metal roof deck with lightweight concrete
• Metal roof deck with insulation
• Metal roof
• Reinforced concrete beam and slab
• Wood sheathing with membrane
– Improvements below the roofline generally provide the best value

• Penetration tests suggest that barriers placed below the roof may be more
effective against penetration than those in the roof itself
• The optimal distance between the roof and the secondary barrier is 10" to 12"
• Earth coverings of both roofs and walls are effective delay barriers
PAGE 105 /223
PHYSICAL SECURITY
Barriers
• Vehicle barriers…
– Types of barrier methodologies
• Vehicle arrestor (slows vehicle to a stop) [Long distance]

• Crash cushion (cushions the impact that stops a vehicle) [Moderate distance]
• Inertia device (rigid, heavy movable objects) [Short distance]
• Rigid device (fixed devices) [Very short distance - almost immediate]
– A moving vehicle possesses kinetic energy, which must be dissipated by the vehicular barrier
– Optimum vehicular barrier height is about 30", but can

vary depending on threat vehicles
– Since cable barriers are easy to defeat with hand-held

tools, they should be used only in areas well patrolled
or monitored with sensors or cameras
PAGE 106 /223
PHYSICAL SECURITY
Barriers
• Vehicle barriers (continued)…
– DoD "K-ratings" for barriers/barricades:
• K4 stops a 15,000 lb. vehicle at 30 mph

– A vehicle barrier is considered penetrated when
• A ramming vehicle passes through or over it and is still a functioning vehicle or a second vehicle is
driven through the breached barrier, or
• The vehicle barrier is removed or bridged and a functional vehicle passes through or over it
– Vehicle barriers outside the detection and assessment zone are not recommended
– Private vehicles should be kept out of secured areas as much as possible

PAGE 107 /223
PHYSICAL SECURITY
Barriers
• Dispensable barriers…
– Devices that deploy a substance to hinder an aggressor
– Can be active (activated by an employee) or passive (accidentally activated by aggressor)
– Typically includes the following elements

• Process for deciding when to activate the barrier
• Command and control hardware
• Material deployed to delay access or incapacitate aggressor
• Dispensing mechanism
• Security officers on-site
– Dispensed substances utilize a physical or chemical expansion method
– Barriers isolate the aggressor visually, acoustically, or at a location

(or any combination of these)
– Passive dispensable barriers have no command and control

component, making them less expensive (but riskier)
– Materials include
• Rigid polyurethane foam
• Stabilized aqueous foam (also fire retardant; can include irritants)
• Smoke or fog
• Sticky thermoplastic foam
• Various entanglement devices
PAGE 108 /223
PHYSICAL SECURITY
Barriers
• Dispensable barriers (continued)…
– Generally deployed close to the protected asset(s)
– Considerations for selecting a dispensable material:

• Minimum impact on operations
• Ability to protect volumes
• Safety for personnel
• Ability to operate independently of barriers
• Multiple activation options
• Long storage life
• Protection-in-depth
• Cost effective
– Typical dispenser components

• Storage tanks
• Activation valves
• Safety valves
• Pressure regulators
• Filters
• Power sources
• Plumbing hardware
– Systems last 10 to 25 years, and active systems require routine maintenance

PAGE 109 /223
PHYSICAL SECURITY
Safes and Vaults
• Categories…
– Safes weighing less than 750 lbs are considered portable and UL standards
require they be anchored in place
– Burglary resistant safes do not generally protect against fire
– Burglary/fire resistant containers

• Some containers can achieve UL rating for burglary and fire resistance
• Fire resistant safes…

– Fire-resistant safes and record containers UL classifications
• 350-4 (formerly A)
• 350-2 (formerly B)
• 350-1 (formerly C)
– Classification/testing process also includes a drop-test and harsher temperature

test than filing devices
– Insulated filing device UL classifications

• 350-1 (formerly D) | 350-1/2 (formerly E)
– Classification/testing process does not include a drop-test
– Should not be used where they can fall during a fire, as they may break open
and allow compromise of the contents
PAGE 110 /223
PHYSICAL SECURITY
Safes and Vaults
• Fire resistant safes (continued)…
– Electronic media containers are designed to protect contents to 125 or 150 degrees, and 80% humidity, for one,
two, three and four hours periods (125-1, 150-1, 125-2, 150-2, etc.)
– Different types of safes designed for records protection

• Fire-resistant safes and record containers
• Insulated filing devices
• Containers to protect magnetic media
– Records safes typically incorporate moisture into their insulation to

help dissipate heat
• Once exposed to a fire, a records safe is not likely viable anymore (moisture burns off)
• Records safes, with moisture in the insulation, are rated for about 20 to 30 years,
depending on climate
• Burglary safes…
– GSA-approved safes come in six classes for protection against forcible or surreptitious entry, and are used for
storing classified information
PAGE 111 /223
PHYSICAL SECURITY
Safes and Vaults
• Vaults…
– Rooms that may be built to theft-resistant or fire-resistant (less expensive) standards
– Fire resistant vaults

• NFPA 232 provides the standard for fire-resistant vaults, and is tied to the fire resistance of the building itself
• Installing fire-resistant vaults below-grade should be avoided
• Construction standards
– Reinforced concrete with steel rods at least 1/2" diameter, spaced 6" on center and running at right angles in both directions
– Rods are wired securely at intersections not over 12" apart in both directions and
installed centrally in the wall or panel
– A structural steel frame protected with at least 4" of concrete, brickwork, or its
equivalent tied with steel ties or wire mesh equivalent to #8 ASW gauge
wire on an 8" pitch
– Any brick protection used is filled solidly to the steel with concrete
– The minimum thickness of a 4-hour vault wall is 12" for brick and
8" for reinforced concrete
– The minimum thickness for a 6-hour vault wall is 12" for brick and
10" for reinforced concrete
– Burglary resistant vaults

• Avoid exterior wall location
• All six surfaces of a vault should give equal protection
• Unreinforced concrete should never be used
• It is impossible to construct a vault that cannot be penetrated
– Vaults are designed to resist penetration for a defined period
• #4 (1/2") rebar and smaller diameters can be cut with hand tools
– #5 (5/8") through #8 (1") require hydraulic bolt cutters, torches or
burning bars
– Rebar larger than #8 (1") require torches, burning bars,
power saws or explosives
PAGE 112 /223
PHYSICAL SECURITY
Contraband Detection
• Methods…
– Manual search – Explosives detection (bulk and trace)
– Metal detectors – Chemical and biological agent detection
– Package searches (x-ray, etc.)
– Manual search
• Advantages: Low hardware investment, flexibility
• Disadvantages: Slow throughput, higher labor costs
– Metal detectors
• Magnetometer
– Passive technology detects changes to Earth's magnetic field caused by ferromagnetic materials
– Does not detect non-magnetic metals
– Outdated; not used for many years
• Continuous wave
– No longer commercially available
– Active technology detects changes to its own magnetic field
– Generates a "steady-state" magnetic field 100 Hz to 25 kHz
– Requires the subject/package to pass between transmitter and receiver coils
– Magnitude of response depends on metal's conductivity, magnetic properties, shape and size, and orientation
• Pulsed field
– Active technology detects eddy currents in metals produced by pulses
– 400 to 500 pulses per second
– Magnitude of response depends on metal's conductivity, magnetic properties, shape and size, and orientation
– Object orientation has less effect on results
• Handheld
– Better for detecting small amounts of metal
– Considered more intrusive
– Takes more time and manpower
PAGE 113 /223
PHYSICAL SECURITY
• Methods (continued)…
– Package searches
• Manual or active interrogation
• Active interrogation techniques
– Single-energy-transmission X-ray (low penetration, simple applications, not effective for explosives detection)
– Higher-energy X-ray and multiple-energy X-ray (screening large, dense containers and vehicles)
– Computed tomography (CT)
– Backscatter X-ray
• Low-Z materials: Materials with low atomic numbers ("Z-numbers"); materials starting with
hydrogen and ending with Z-number 26, Aluminum
– More difficult to image with less-sophisticated X-ray technology

PAGE 114 /223
PHYSICAL SECURITY
– Bulk explosives detection
• Macroscopic, detonable amounts of explosives
• Targets specific threat amounts of explosives
• Usually uses ionizing radiation that is not safe for use on people
• Measures X-ray absorption coefficient, X-ray backscatter coefficient, dielectric

constant, gamma or neutron interaction, or microwave or infrared emissions
• Can determine calculated mass, density, nitrogen, carbon, oxygen content, and
effective atomic (Z) number
• Multiple-energy X-rays and backscatter X-rays more readily identify low Z-number materials
• High-energy X-rays are large, fixed mechanisms designed to scan large cargo containers
– May be combined with backscatter X-ray technology for detection of low Z-number materials
– Instead of X-rays, these devices may use gamma rays or neutrons for detection (very high penetrating)
• Thermal neutron activation (TNA): Detects the presence of nitrogen through gamma wavelengths
• Pulsed fast neutron absorption (PFNA): Determines carbon and oxygen content
• Determination of nitrogen, carbon and oxygen content lends more accuracy to separating explosives from food items
• Food items/cargo cannot be irradiated at energy levels of more than 10 milli-electron volts (MeV) (international law)
PAGE 115 /223
PHYSICAL SECURITY
– Bulk explosives detection (continued)
• Low-dose backscatter X-ray technology is safe for humans, producing ~10 microrem per dose
(NRC limit is 100 millirem per year)
• CT scans spin sensors on a gantry around the package and produce a 3D image that detects small threat masses; may be
subject to high NARs
• Quadruple resonance (QR) technology uses pulsed low-energy radio waves to detect nitrogen-rich materials
– Can detect small threat amounts
– Can be defeated by shielding contents/materials with thin sheets of metal, but can detect and report the shielding efforts
• Raman analysis uses laser interrogation and analysis of the

spectrum of scattered light to identify threat materials
– Cannot see through opaque packaging –

designed for clear package searches
• Stand-off detection: Still under research and

development - experiments with distance
detection of explosives with infrared
cameras, passive and active
millimeter-wave imaging systems,
and lasers sensing fluorescence or
atomic emissions
PAGE 116 /223
PHYSICAL SECURITY
– Trace explosives detection
• Particles and vapor residues associated with handling explosives
• Key performance metrics
– Limit of detection (smallest detectable amount) (may be as low as <1 nanogram)
– Selectivity (ability to distinguish one material from another)
• Sampling methods
– Swipe (most efficient)
– Vapor (puffing) (less invasive)
• Challenges
– Low vapor phase concentrations of several common high explosives (parts per billion and parts per trillion)
– Packaging of explosives with oil-based gel or solvent
– Absorption of explosive molecules upon most materials at room temperature and decomposition
upon moderate heating or exposure to high energy, and thus, loss of significant sample material in collection and transport
PAGE 117 /223
PHYSICAL SECURITY
– Trace explosives detection (continued)
• Technologies
– Ion mobility spectrometry (IMS): Ni-63, ion drift time, Faraday plate; low NAR, sensitive, easy operation, robust, low maintenance
– Colorimetry: sprays, test paper, ampoule; portability is excellent, but high NAR, strong smell, disposal of chemicals
– Chemiluminescence: photochemical detection, fast gas chromatograph, nitrogen oxide, ozone, nitrogen dioxide, phototube,
photoemission, electron capture detectors (ECD's); excellent sensitivity to common high explosives but must expensive, longest
analysis time, more maintenance
– Mass spectrometry: magnetic and electric fields, mass-to-charge ratio, quadrupole mass
spectrometry, quadrupole ion trap time of flight, ion detector, parent ions, daughter ions,
many configurations; gold standard, high specificity, low limits of detection but high cost,
high maintenance, and expert operators required
– Fluorescence: fluorescent polymers, monomers, capillary tubes, photomultiplier tubes; high

sensitivity, low limits of detection, small size, low cost but not reactive to all explosives
– Canine olfaction: Very mobile and effective, but not generally used for check-points
(fixed locations), requires skilled handlers and healthy dogs, frequent rest breaks,
constant retraining, and recurring cost of handlers
– Trace explosives detection portals: Uses puffer in conjunction with an ion mobility
spectrometer or mass spectrometer, 10-25 seconds to screen a subject, automated
detection, high sensitivity, non-invasive but large, expensive (~$150k),
and high maintenance.
PAGE 118 /223
PHYSICAL SECURITY
– Chemical agent detection
• Uses point sensors at perimeters
• Goal is early warning
• NAR is a serious consideration (due to high response level)
• May not be appropriate for checkpoint screening
• May use optical sensing methods
– Biological agent detection

• Different from chemical detection in two ways
– Most biological agents are not immediately lethal, impacting necessary response times
– Usually requires several hours for collection and analysis of air samples
PAGE 119 /223
PHYSICAL SECURITY
Physical Protection Systems (PPS) Deployment Methodology
• The primary objectives of a PPS are…
• Detection
• Delay
• Response
– Deterrence is a secondary objective because
relying on deterrence is risky
• Biggest causes of vulnerabilities in a PPS…

– Improper component selection
– Improper installation and maintenance
– Improper operation
– Improper integration
– Aggravating factors
• Improper or limited training
• Ineffective or non-existent procedures
ASIS POA, Vol. 2, Sect. Intro
• System…
– A "system" is a collection of products, processes or both combined to provide a solution to a problem or goal
– Systems, not components, are optimized to yield the most effective design solution to the problem
– ASIS definition of "systems approach to problem solving": A logical method for problem solving in which a
comprehensive solution is developed in relation to a problem having several dimensions
– In the security context, a system is a combination of equipment, personnel, and procedures, coordinated and
designed to ensure optimum achievement of the system’s stated objectives
PAGE 120 /223
PHYSICAL SECURITY
• PPS Integration…
– "Integration" is the combination of a variety of components such as people, technology and procedures
– The security manager must simply be able to oversee the process of providing an integrated system solution to
physical security problems
– The business goals and objectives of the enterprise frame the high-level PPS goals and objectives
– Business elements such as budget, time to complete, and staff availability define the limits of what can be
accomplished using a PPS
– The security manager should engineer the PPS by using the building blocks of people, procedures, and
technology
– In general, a well-designed, integrated PPS is more effective against

lower-level threats than higher-level threats
– System integration considerations

• Will entry control and access control be the same system,
integrated but separate systems, or unlinked?
• Will video recording of entry controls occur?
• Will contraband detection be integrated with entry controls?
• What is the impact of fire codes?
• What interfaces with biometric devices are required?
PAGE 121 /223
PHYSICAL SECURITY
• PPS Integration (continued)…
– "Delay-in-depth" = "Protection-in-depth"
– The effect produced on the adversary by a system that provides protection-in-depth will be
• To increase uncertainty about the system
• To require more extensive preparations prior to attacking the system
• To create additional steps where the adversary may fail or abort the mission
– Access delay barriers types

• Passive (walls, fences, locks, etc.)
• Security officers (most flexible, but expensive) PROCEDURES
• Dispensable (fogs, foams, etc.)
– An effective PPS combines the following into an integrated system TECHNOLOGY

• People
• Equipment (technology)
• Procedures PEOPLE
– Regardless of how the investigation tool is used, it is an important design element in a PPS and should be used
when appropriate
– In addition to use of the investigative tool, some corporations are applying more resources to the use of
technical surveillance countermeasures, such as sweeps and searches for electronic bugging devices
– Procedural changes can be cost-effective solutions to physical protection issues, although when used by
themselves they will only protect assets from the lowest threats
PAGE 122 /223
PHYSICAL SECURITY
• PPS Analysis…
– Analysis of the PPS provides two key benefits

• It establishes the assumptions under which a design was formed
• It relates system performance to threats and assets, making possible a cost-benefit decision
– Analysis evaluates whether the PPS’s people, procedures, and technology are achieving the PPS functions of
detection, delay, and response
• Also referred to as a site survey or vulnerability assessment
• May be qualitative or quantitative
– Qualitative analysis
• Lower-security applications
• i.e. retail, restaurants, small businesses, etc.
– Quantitative analysis
• Higher-security applications
• Unacceptably high impact, despite level of probability
• i.e. museums, refineries, airports, etc.
• Requires immediate, onsite response to events
PAGE 123 /223
PHYSICAL SECURITY
• PPS Analysis (continued)…
– Two basic analysis approaches are used in a vulnerability assessment (VA)
COMPLIANCE-BASED (QUALITATIVE)
PERFORMANCE-BASED (QUANTITATIVE)
"Feature-based"
Easier to perform
Effective against low threats, low-consequences of loss,

or when cost-benefit analyses show that physical
protection measures are not the most cost-effective risk
management alternative
Evaluates how each element of the PPS
operates and what it contributes to Depends on conformance to specified policies or
overall system effectiveness regulations
The metric for this analysis is the presence of specified

equipment and procedures
PAGE 124 /223
PHYSICAL SECURITY
– A protective system is evaluated on the performance and cost-effectiveness of

individual measures in
...countering threats
...reducing vulnerabilities
...decreasing risk exposure considered as an integrated whole
– The performance measures for the PPS functions are
• Detection
– Probability of detection
– Time for communication and assessment
– Frequency of nuisance alarms
– Delay
– Time to defeat obstacles
• Response
– Probability of accurate communication to response force
– Time to communicate
– Probability of deployment to adversary location
– Time to deploy
– Response force effectiveness
PAGE 125 /223
PHYSICAL SECURITY
– A key principle of analysis is that an initial baseline must first be established; upgrades are then
considered if the baseline shows that the PPS does not meet goals and objectives
– Interruption
• Arrival of responders at a deployed location to halt adversary progress, which may lead to neutralization
• Probability of Interruption (PI)
– Neutralization
• Defeat of the adversaries by responders in a face-to-face engagement
• Probability of Neutralization (PN)
– PPS Effectiveness (PE): PE = PI x PN

– Adversary path
• An ordered series of actions against a facility, which, if completed, results compromise of assets
– A neutralization analysis is completed for any facility with an immediate response intention to
confront adversaries
• Neutralization is the force continuum, ranging from mere presence to deadly force
• Neutralization analysis represents a measure of response force capability, proficiency, training, and tactics
• Assumes interruption has already occurred
• Can use qualitative (low, med, high likelihood of neutralization based on force advantage in numbers,
weapons, skill, etc.) and quantitative (generally determined by computer modeling) techniques
PAGE 126 /223
PHYSICAL SECURITY
– Adversary sequence diagram (ASD)
• A functional representation of the PPS at a facility that is used to describe the specific protection elements present
• The ASD illustrates the paths that adversaries can follow to accomplish sabotage, theft or other harm
• There are three basic steps in creating an ASD for a specific site
– Describing the facility by separating it into adjacent physical areas
– Defining protection layers and path elements between the adjacent areas
– Recording detection and delay values for each path element
• A path analysis is conducted first to determine whether a system has sufficient detection and delay to result in interruption
– The path analysis uses estimated performance measures, based on
the defined threat tools and tactics, to predict weaknesses in
the PPS along all credible adversary paths into the facility
• For a specific PPS and a specific threat, the most
vulnerable path (the path with the lowest probability
of interruption, or PI) can be determined
• Using PI as the measure of path vulnerability, multiple
paths can be compared and an estimate of overall
PPS vulnerability can be made
• The biggest mistake in ASD is to follow a single
path from off-site to the target location and only
do an analysis on that path
PAGE 127 /223
PHYSICAL SECURITY
– Adversary sequence diagram (ASD) (continued)
• The best method for creating an ASD is to walk or drive around the exterior of the area, then repeat the same inside
– This is supplemented by the use of site drawings showing overall site layout and specific interior building details
• One ASD is required for each asset location
• Sabotage incidents require evaluation of only entry paths, as exit paths become irrelevant once the damage is done
• ASD's should be executed for day/night, open/closed, and other contradicting conditions of the facility
• "Scenario analysis" is sometimes used as a substitute for defined threats in the ASD process, but this can lead to gaps in
analysis
• Preferred approach: Analyze PPS using defined threats and path analysis, then generate scenarios by looking at weak paths
• Steps for scenario analysis
– Develop attacks and tactics designed to exploit weak paths. Consider attacks during different facility states using the defined threat
and capability
– Modify performance estimates for path elements using these tactics or under these states
– Document the assumptions used and the results of the scenario analysis
• Scenario analysis must also consider the possibility of concurrent attacks on multiple assets, concurrent threat objectives (i.e.
theft and sabotage, etc.), and attack by multiple threat teams
• Worst-case scenarios, or attacks, are utilized in neutralization analysis because they predict the lowest response effectiveness
– PPS response includes personnel and the communications system they use
PAGE 128 /223
PHYSICAL SECURITY
• PPS Design…
– The systems design process is a serial process

• Each phase and task must be performed sequentially before the next can begin
• Depending on the nature of the environment, organization, and potential risks, the process requires significant effort be
expended to develop the basis of design and resultant design documentation
• The process can be shortened only a little when the user arranges for a design/build relationship with a contractor versus a
design, procurement, and construction relationship with an architect or owner
• Generally, increasing staff or budget cannot substantially shorten the process
– Proper use and application of the integrated security systems design process is the most important element in
the defense against dynamic threats and potential catastrophic losses
– A well-engineered PPS exhibits the following characteristics

• Protection-in-depth
• Minimum consequence of component failure
• Balanced protection
– The design process can be based on two criteria/approaches

• 1) Performance criteria (preferred method)
• 2) Feature criteria ("checklist" method that may ignore performance goals)
– Four elements of physical design
PAGE 129 /223
PHYSICAL SECURITY
• PPS Design (continued)…
PHYSICAL/GEOGRAPHIC
– Particularly important factors in system design ENVIRONMENT
are the environment and unique needs of the facility
– Design and integration introduce and meld

technological and physical elements into the ECONOMIC POLITICAL
asset protection program ENVIRONMENT ENVIRONMENT
• When carefully and diligently followed, the process results

in a fully integrated security program that blends the
following elements into a flexible, responsive system
– Architectural SOCIAL DEMOGRAPHIC
– Technological ENVIRONMENT
ASSET/FACILITY
ENVIRONMENT
– Operational
– The beset PPS solution is designed by considering

• Threats
• Risks
TECHNOLOGICAL CULTURAL
• Vulnerabilities ENVIRONMENT ENVIRONMENT
• Constraints
– The basic tasks of security systems implementation are

• Planning and assessment to determine security requirements
LEGAL
• Developing conceptual solutions for resolving vulnerabilities ENVIRONMENT
• Preparing security systems design and construction documentation
• Soliciting bids and conducting pricing and vendor negotiations
• Installing, testing (which is most likely to be overlooked), and commissioning the security systems
http://www.economicsdiscussion.net/business-environment/business-environment-types-external-micro-and-external-macro/10095
PAGE 130 /223
PHYSICAL SECURITY
• Systems Design Process…
– Systems Design Process phases
• Planning and assessment
• Design and documentation
• Procurement
• Installation
– Phase 1, Planning and Assessment

• Task 1, identification of
– Critical assets
– Potential threats
– Subsequent vulnerabilities
– Likely risks
– Functional requirements
• Task 2, analyze security requirements and formulate solutions or countermeasures

concepts to reduce or eliminate vulnerabilities and mitigate risks
PAGE 131 /223
PHYSICAL SECURITY
• Systems Design Process (continued)…
– Phase 1, Planning and Assessment (continued)
• Planning and Assessment phase: The first phase of any security design project
• Referred to as the Programming, or Schematic Design (SD) phase in the architectural process
• Consists of gathering all relevant pre-design asset information and analyzing it in terms of project
requirements and constraints
• Culminates in a security “basis of design”

– The "basis of design" is the first and most important output of the design process
– Focuses on specific project requirements and a conceptual design solution based on those
requirements
• Three key ingredients in the planning phase determine its eventual success
– A multidisciplinary and committed approach from either a single individual or project team is needed
– Spending the necessary time and effort in the planning phase results in a more accurate and responsive
design solution, reduced risks, reduced overall costs of potential losses, and increased longevity and
effectiveness of the installed systems
– Decisions made during the planning and assessment phase must be made on the basis of sound
and relevant risk and asset environmental information
PAGE 132 /223
PHYSICAL SECURITY
• A thorough planning process must evaluate all asset vulnerabilities, and list specific functional
requirements and resultant protection strategies
• The planning and assessment phase results in a conceptual design solution that categorizes
vulnerabilities by their criticality and identifies the most preferred and cost-effective
protection scheme to mitigate or eliminate asset risks
• Another important outcome of the planning phase is the development of the business case
for the new or upgraded security systems
– Systems will be evaluated not only on quality and reliability but also on cost
– The business case documents the impact of the design solution on the business, the necessary
investments, expected quantifiable savings, and other metrics that allow decision makers to make
investment decisions on a security project
– The main feature of a security business case is a series of economic metrics (return on
investment, payback, net present value of cash flow, etc.) used to justify the security solution up
the management chain
– A formal presentation on the security needs, business case, costs and benefits, alternatives, and
impact on operations is often mandatory before the expenditure of capital
• The requirements analysis and definition process is designed to

– Ensure that the selected solutions will mitigate real and specific vulnerabilities
– Provide a cost/benefit justification for each solution
– Identify all elements (technology, staffing, and procedures) and resources required for each
solution
– Provide a basis for the accurate and complete system specification that will be used to procure
and implement the solutions
PAGE 133 /223
PHYSICAL SECURITY
• The requirements definition should focus on preventing, delaying, or modifying risk consequences
• The level of protection for a group of assets must meet the protection needs of the most critical
asset in the group. However, the designer of a security system may separate a critical asset for
specific protection instead of protecting the entire group at that higher level
• A security system built on absolute objectives, such as total denial of unauthorized entry (100%
confidence), will either be impossible to design or so costly as to be impractical
– Security design is just as dependent on collecting good data leading to informed

decisions by knowledgeable people as is any other analytical process where a
solution is engineered and constructed
– Design solutions to various asset vulnerabilities may be the same, similar,

or complementary
PAGE 134 /223
PHYSICAL SECURITY
• The Basis of Design document (Requirements Analysis) accomplishes the following

– Documents the initial designation of assets deemed critical
– Outlines the overall objectives of the asset protection program
– Describes the results of the risk analysis
– Lists the functional requirements to be satisfied by the eventual design
– Provides a narrative operational description of the proposed systems, personnel, and procedures that
constitute the security system or program
• The basis of design becomes the designer's means to obtain consensus from the design team on
– The goals and objectives of the project
– What will constitute the project
– How the project will secure the assets
• Implementing the Basis of Design is not the time to identify engineering details, prepare budgets,
or identify and debate specific countermeasures
– This is the time when the project is first conceived
– This is the time when the requirements are derived from a rigorous risk assessment
– This is the time when subsystem functional descriptions are provided to indicate eventual
system performance
– This is the time when initial site surveys may be accomplished to gather information on
existing conditions, measures, and needs for upgrades or additions
PAGE 135 /223
PHYSICAL SECURITY
• The Conceptual Design, also called a Design Concept, is the last task of Phase 1 Planning and Assessment
– The Design Concept incorporates the basis of design; documents the findings, conclusions, and
recommendations from any initial surveys; and is the first opportunity to document the project’s design
– The designer formulates a complete security solution for the assets to be protected
– The security solution typically consists of protection strategies grouped together to form an asset
protection program or augment an existing one
– The solution normally includes security systems complemented by procedures and personnel
– The solution is expressed in general narrative and descriptive terms accompanied by an initial
budgetary estimate for design and construction
– A Design Concept's detail should never be more than a top-level description of the various
anticipated security system elements, subsystems, and support systems
– From an architectural perspective, the Design Concept is usually referred to as the initial conceptual design or
schematic development (SD) phase
– The intended subsystems should be narratively described in the concept, as should their interaction with one
another to form a complete system
• The concept level is the ideal time to seek management approval since the project team has reached consensus on
the project's scope and sufficient detail has been developed to create an initial budget
– Cost effectiveness criteria that might be used include
• Operational restrictions
• Nuisance alarm susceptibility
• Installation cost
• Maintenance costs
• Probability of detection
• Mean-time between-failure
• Contribution to manpower reduction
• Contribution to asset vulnerability
• Reduced risk, normally expressed in the monetary
consequence of loss or destruction
PAGE 136 /223
PHYSICAL SECURITY

• Most security designers identify four principal security strategies—prevention, detection,
control, and intervention—as the most important functional requirements of security design
– Homeland security features five principal strategies: preparation, prevention, detection,
response, and recovery
• The importance of having a redundant security system (multiple layers of security) is based
on the 10 principles of probability developed by the French mathematician and astronomer
Marquis de Laplace (1749-1827)
– "When events are independent of each other, the probability of their simultaneous occurrence is
the product of their separate probabilities."
– Thus the probability that one detection system in the security system might be circumvented is
high, but the probability that all the detectors and barriers in an in-depth or redundant security
scheme would be compromised is very low
• Various design criteria that may have to be considered, in addition to what vulnerabilities are
addressed, when selecting countermeasures
– Codes and standards: National, state, local, building, fire, internal, etc.
– Quality: Consistent and balanced (cost vs quality) selection of products
– Capacity: Design for sufficient capacities (throughput, card holders, transactions, etc.) with 10-
15% spare capacity
– Performance: Particularly integration requirements (i.e. ACS with CCTV, etc.)
– Features: Summary of major system features
– Cost: Primarily design fees and installation costs; initial budget usually required
– Operations: Operational requirements need to be called out
– Culture and image: Corporate image, mission, objectives, values must be respected
– Monitoring and response: System monitoring and response objectives
– Preliminary cost estimate: Conceptual-level budget, including capital and operational costs
ASIS POA, Vol. 2, Sect. 12.4 - 12.4.10
PAGE 137 /223
PHYSICAL SECURITY
– Phase 2 Design and Documentation may be split into two phases in the construction industry
• Design Development (DD)

– Generally, DD includes a preliminary design (30-35%) following the conceptual design and concludes
with a 50-60% DD
• Construction Documents (CD)

– Generally starts with a 60% design and passes through a 90% submission and
concludes with 100% CD set
• A greater level of detail in the design will lead to better responses from
bidders and lower project costs
• The CD set consists of three elements

– Contractual details (usually the Div 01 spec for large projects)
– Specification (Div 28 for security on large projects)
– Drawings (not required for a services contract, like guards)
• The objective of Phase 2 Design and Documentation is

to complete the design and to document the process to Scope creep
the level of detail necessary for the chosen method The growth of a project's
of procurement scope of work, usually in
small increments, until the
value of the contract
ASIS POA, Vol. 2, Sect. 12.6 significantly differs from
the work performed
-ASIS POA, Vol. 1, Sect. 8.7.4
PAGE 138 /223
PHYSICAL SECURITY
– Phase 2, Design and Documentation (continued)
• A security specification should include, at a minimum
– Instructions to bidders with a list of all documents included in the contract documents
– List of project references
– Functional description of the complete systems design, its intended functional operation in a concept of
operations, maintenance and warranty requirements, quality assurance provisions, and installation
schedule
– List of design drawings
– List and description of products and services to be included in the contract
– List of required products and services included in other contracts (such as electrical door hardware,
which is provided and installed under the door hardware contract but must be connected to the
security system by the security contractor)
– List of applicable codes and standards
– Support services, such as drawing, sample and documentation submittals, commissioning, testing,
training, warranty, maintenance, and spare parts
– Technical descriptions of all major subsystems and their components, including
• Capacity
• Capability
• Expandability
• Performance and operational parameters
• Environmental operating parameters
• Installation and integration details
• Appearance and finish
• Acceptable makes and models
– General site conditions, installation standards and quality control standards
• Division 28 ("Div 28") is the Electronic Safety and Security section of the Construction
Specifications Institute (CSI) MasterFormat specifications template that includes 50 sections total
(not all used)
– Each division, or section, is divided into three parts: General, Products, and Execution
PAGE 139 /223
PHYSICAL SECURITY
– Phase 2, Design and Documentation (continued)
• Security systems drawings are always considered secondary to the specifications (specs take
precedence)
• Drawings include the following types

– Plans (top view, map-like view of system component placement in the facility)
– Elevations (views of vertical surfaces that show mounting heights and locations of wall-mounted devices)
– Details (define elements of the system in more detail)
– Risers (chart-like representations of complete subsystems, such as CCTV or access control)
– Hardware schedules (tables that provide detailed component information)
• Key factors to be considered in hardening of a facility

– Stand-off distance
– Structural integrity of the premises
– Prevention of progressive collapse
– Redundancy of operating systems
PAGE 140 /223
PHYSICAL SECURITY
– Phase 3, Procurement
• The type of procurement should be determined before or at the start of the design phase because
the type of procurement determines the level of detail required in the construction documents
(CDs)
• The three major forms of security systems procurement

– Sole source
– Request for proposal (RFP)
– Invitation for bid (IFB)
• Sole Source
– May be the most appropriate for small projects
– This method of procurement is recommended only where the security owner has the capability to
perform the security needs analysis and has good prior knowledge of systems and prices
– Positives
• The construction documents are usually simple, reducing owner design costs and saving time
– Negatives
• There is a tendency to focus on hardware and technology only, leaving the equally important personnel,
procedures, and facilities subsystems for others
• The owner may tend to skip the all-important security planning process and rely on advice from a contractor
with a vested interest in selling equipment
• Without a competitive bidding process, the organization has no means of comparing prices
PAGE 141 /223
PHYSICAL SECURITY
– Phase 3, Procurement (continued)

• RFP
– Almost always based on a set of detailed design and construction documents
– Specifications are usually generic and performance-based
– Equipment makes and models are often listed with the phrase “or approved equal”
• In some cases, specific models may be mandated for compatibility or commonality with existing equipment
– The owner typically procures a security business partner, not just a one-time security systems installer
– An RFP response may be open to any contractor or it may be limited to a list of prequalified
contractors
– In addition to providing a cost proposal, a proposer must submit a technical proposal that describes
the firm’s understanding of the requirements and how the objectives will be met
– It is common to allow responders to propose alternative solutions, called “alternates”
• To sensibly compare cost proposals from different contractors, it is usually necessary to require the
contractors to respond to the specified design and then, if they wish, allow them to provide alternates as
additional solutions
• It is not uncommon to instruct proposers that alternates must produce some definable improvement in
performance and be of equal or lesser cost than the base bid
– The RFP need not restrict the organization to accept the lowest bid. Instead, it aims to obtain the best
value
• Value may be defined by the organization to suit its needs, but it should include such factors as price,
quality, experience, and schedule
– If price will not be the determining factor in vendor selection, the RFP should say so
– A contractor’s response to an RFP usually takes longer to prepare than responses to other types of
procurement because both a technical and a cost proposal must be prepared
• Three to four weeks is the typical minimum proposal preparation time for medium-size to large projects
PAGE 142 /223
PHYSICAL SECURITY

• IFB
– Commonly used by government and other organizations whose procurement procedures require that
projects be competitively bid and that the award be given to the lowest qualified, responsive bidder
– No technical proposals or alternative solutions are sought, so the construction documents must be
extremely explicit
– The onus of selecting equipment makes and models, and the accuracy of the security system design, is
placed solely on the design team
– Bidders submit a cost proposal or bid, which may contain unit pricing and whatever price breakdown is
requested
– The award is then made, usually without negotiation, to the lowest qualified bidder who has conformed
to the bidding instructions.
– The IFB requires additional time and cost in design and specification, but typically needs only one to two
weeks of procurement time, depending on the size and complexity of the project
– It is common to require bids to be sealed and delivered by a specific time to a specific location
• At the time and place, the bids are opened (often publicly) and the apparent winner is announced
• Contracts are signed when the apparent winner’s proposal has been checked for completeness, accuracy, and
qualifications
PAGE 143 /223
PHYSICAL SECURITY
• In an RFP or IFB, the pre-bid conference should be held one week after CD's are issued for bid
• A very low bid should be scrutinized for
– Mathematical errors
– Quality of equipment being proposed
– Experience of the contractor on projects of this size and complexity
– Contractor’s understanding of the project
– Financial stability of the contractor

PAGE 144 /223
PHYSICAL SECURITY
– Phase 4, Installation
• The most important step in installing the PPS is to plan correctly

– The installation contractor should verify the locations and note any changes needed
– Together, the project manager and installation contractor should examine the installation requirements
and make sure all issues and differences have been resolved before proceeding
• The second step in installing the PPS is for the contractor to visit the site to ensure conditions agree
with designs
– The contractor should be required to prepare a written report of all changes to the site or conditions
that will affect performance of the system
– The contractor should be instructed not to take any corrective action without written permission from the
customer
– It is also important that the contractor inspect, test, and document all existing physical protection
equipment and signal lines that will be incorporated into the new system
• The POA manual refers security system component installation standards to the NFPA 731: Standard
for the Installation of Electronic Premises Security Systems (2011)
• Technical excerpts from NFPA 731 regarding installation of security systems

– Electric strike solenoids should not dissipate more than 12 watts, should operate on 12 or 24 VDC,
should not require more than 1amp inrush, should require no more than 500 mA of holding current,
and should move from fully secure to fully open in 500 milliseconds or less
– "Maglocks" should generate at least 1,200 lbs of holding force, should have no residual magnetism or
inductive kickback, should have a holding current of not more than 500 mA, and should require no
more than 300 milliseconds to unlock
– Analog video cabling should be RG-59/U for runs of 25' or less, RG-11/U or fiberoptic for longer runs
– Electronic locks should include EOL resistors for line supervision
ASIS POA, Vol. 2, Sect. 12.9.2, 12.9.3

PAGE 145 /223
PHYSICAL SECURITY
– Phase 4, Installation (continued)
• Technical excerpts from NFPA 731 regarding installation of security systems (continued)
– Cabling
• Should be run in 1/2" or larger rigid conduit with threaded connections (no EMT, armored cable, flex conduit, etc.)
• Should not be placed in conduits or raceways or other compartments with other building wiring
• Flexible power cords should not be used (power should be hard-piped)
– Grounding in accordance with NFPA 70: National Electrical Code, articles 250 and 800
– All enclosure penetrations from the bottom unless otherwise required
– All signal and data transmission lines should be supervised according to UL 1076: Standard for
Proprietary Burglar Alarm Units and Systems (1995) and should alarm on a current
change of 10% or more
– Interior electronics are installed in NEMA Type 12 enclosures
– Exterior electronics and electronics installed in corrosive environments are installed in NEMA Type 4x
enclosures
– Laminated name plates should be affixed to all components, 1/8" thick white, 1" x 3" in size, 1/4" black block
lettering
– All work should conform to the following codes
• Currently adopted National Electrical Code (NEC)
• Applicable federal, state, and local codes
• Currently adopted uniform building code
• Local electrical code as applicable
• Occupational Safety and Health Act (OSHA) standards
• Any additional codes effective at the job site
• Americans with Disabilities Act (ADA)
• All materials should conform to the following codes:
• National Electrical Manufacturers Association (NEMA)
• American National Standards Institute (ANSI)
• Underwriters Laboratories, Inc. (UL)
ASIS POA, Vol. 2, Sect. 12.9.2, 12.9.3
PAGE 146 /223
PHYSICAL SECURITY
• Four types of tests

– Pre-delivery or factory acceptance tests
– Site acceptance tests
– Reliability or availability tests
– After-acceptance tests
• In determining what tests to conduct on security systems, several factors should be considered
– Prioritizing of site-specific threats
– Identification of worst-case scenarios (lowest probability of detection, shortest amount of delay, various
pathways into a facility)
– Identification of system functions (detection, assessment, delay) that are most critical in protecting
company assets
– Determination of each subsystem’s assumed detection probabilities and vulnerability to defeat
– Determination of the time for assessment of incidents (immediate assessment versus delayed assessment)
– Identification of the last possible points at which an adversary must be detected to allow adequate
response by the facility protective force
– Comparison of vulnerabilities against findings and resolution of past security inspections and incidents
PAGE 147 /223
PHYSICAL SECURITY
• Factory acceptance testing

– Demonstrate system performance complies with specified requirements in accordance with approved
factory test procedures
– Tests may be designed by the customer, or the customer may require the contractor design the tests
– Scheduled in advance of any installation of the new system, and the customer should attend and observe
– Model numbers of components tested should be identical to those to be delivered to the site
– Should include
• At least one of each type of data transmission link, along with associated equipment, to provide a
representation of an integrated system
• A number of local processors (field panels) equal to the number required by the site design
• At least one sensor of each type used
• Enough sensor simulators to provide alarm signal inputs (generated manually or by software) to the system
equal to the number of sensors required by the design
• At least one of each type of terminal device used
• At least one of each type of portal configuration with all facility interface devices as specified
• Equipment for testing CCTV systems includes the following:
• At least four video cameras and each type of lens specified
• Three video monitors
• Video recorder (if required for the installed system)
• Video switcher, including video input modules, video output modules, and control and applications software (if
required for the system)
• Alarm input panel (if required for the installed system)
• Pan/tilt mount and pan/tilt controller if the installed system includes cameras on pan/tilt mounts
• Any ancillary equipment associated with a camera circuit, such as equalizing amplifiers, video loss/presence
detectors, terminators, ground loop correctors, surge protectors, or other in-line video devices
• Cabling for all components
– The customer should require a written report for the factory test indicating all the tests performed and
the results. All deficiencies noted in the pre-delivery testing should be resolved to the satisfaction of the
customer before installation and acceptance testing
PAGE 148 /223
PHYSICAL SECURITY
• Site Acceptance Test

– Contractor should verify all previous test results, diagnostics and calibrations two weeks prior to acceptance testing
– Test should be started after written approval has been received from the customer
– The customer may terminate testing any time the system fails to perform as specified
– Upon successful completion, the contractor should deliver test reports and other documentation to
the customer before commencing further testing
– Testing should include the following
• Verification that the data and video transmission system and any signal or control cabling have been
installed, tested, and approved as specified
• When the system includes remote control/monitoring stations or remote switch panels, verification that the
remote devices are functional, communicate with the security monitoring center, and perform all functions
as specified verification that the video switcher is fully functional and that the switcher software has been
programmed as needed for the site configuration
• Verification that all system software functions work correctly
• Operation of all electrical and mechanical controls and verification that the controls perform the designed functions
• Verification that all video sources and video outputs provide a full bandwidth signal
• Verification that all input signals are terminated properly
• Verification that all cameras are aimed and focused properly
• Verification that cameras facing the rising or setting sun are aimed sufficiently below the horizon that they do
not view the sun directly
• If vehicles are used near the assessment areas, verification of night assessment capabilities (including whether
headlights cause blooming or picture degradation)
• Verification that all cameras are synchronized and that the picture does not roll when cameras are switched
• Verification that the alarm interface to the intrusion detection subsystem is functional and that automatic
camera call-up is functional for all designated alarm points and cameras
• When pan/tilt mounts are used in the system, verification that the limit stops have been set correctly, that all
controls for pan/tilt or zoom mechanisms are operative, and that the controls perform the desired function
• If pre-position controls are used, verification that all home positions have been set correctly and have been
tested for auto home function and correct home position
PAGE 149 /223
PHYSICAL SECURITY
• Reliability Testing
– Conducted in alternating phases of testing and evaluation to allow for validation of the tests and corrective
actions
– Should not be started until the customer notifies the contractor, in writing, that:
• Acceptance testing has been satisfactorily completed
• Training (if specified) has been completed
• All outstanding deficiencies have been corrected
– The contractor should have one representative available 24/7 during testing
– The customer should terminate testing whenever the system fails to perform as specified
– Phase I Testing
• 24/7 for 15 consecutive calendar days, including holidays
• No repairs during this phase of testing unless authorized by the customer in writing
• Proceed to Phase II if no failures during Phase 1
– Phase I Assessment
• Identify all failures, determine causes of all failures, repair all failures, and deliver a written report to the customer
• About a week after receiving the report, the customer should convene a test review meeting at the job site to
discuss the results
• Customer may set a restart date or require Phase I be repeated
• The testing and assessment cycles continue until the testing is satisfactorily completed, then proceeds to Phase II
– Phase II Testing
• 24/7 for 15 consecutive calendar days, including holidays
• No repairs during this phase of testing unless authorized by the customer in writing
– Phase II Assessment
• Identify all failures, determine causes of all failures, repair all failures, and deliver a written report
to the customer
• About a week after receiving the report, the customer should convene a test review meeting at the
job site to discuss the results
• Customer may set a restart date or require Phase I be repeated
• The testing and assessment cycles continue until the testing is satisfactorily completed
PAGE 150 /223
PHYSICAL SECURITY
• After-implementation Tests
– Operational tests performed periodically to prove correct system operation, but do not involve verification
of equipment operating specifications
– Performance tests verify equipment conforms with equipment or system specifications
– Post-maintenance tests are operational tests conducted after preventive or remedial maintenance
– Subsystem tests ensure large parts of the system are all working together as originally designed
– Limited scope tests are used to test a complex system broken down into several subsystems tested
separately, which is useful when difficult and time-consuming to test the entire system at one time
– Evaluation tests are periodic, independent tests of the PPS to validate the vulnerability analysis and ensure
overall effectiveness is being maintained. An evaluation test should be performed at least once a year
• Although it is important to know the cause of component failure in order to restore

the system to normal operation, it is more important that contingency plans are provided
so the system can continue to operate
PAGE 151 /223
PHYSICAL SECURITY
• Training
– All the technological and procedural precautions in the world will be ineffective if they are not executed properly
– Through well-conceived, well-executed security training programs, personnel can
• Be better prepared to prevent incidents from happening
• Respond properly to incidents that do arise
• Contribute to recovery efforts more effectively
• Without appropriate training, personnel are more likely to contribute to security risks accidentally
• Typical training topics following installation of the PPS

– System Administration
– System Monitoring
• General PPS hardware architecture
• Functional operation of the system
• Operator commands
• Database entry
• Report generation
• Alarm assessment
• Simple diagnostics
– Alarm Assessment and Dispatch
– Incident Response
– System Troubleshooting and Maintenance
• Physical layout of each piece of hardware
• Troubleshooting and diagnostic procedures
• Repair instructions
• Preventive maintenance procedures and schedules
• Calibration procedures
– IT Functions
– System Overview
PAGE 152 /223
PHYSICAL SECURITY
• Warranty
– The common time for the contractor to report to the job site to address a warranty issue is within four
hours of the problem report
– The contractor should inventory spares to allow quick repairs instead of waiting for manufacturers to
deliver replacements
• Maintenance
– A PPS maintenance agreement typically includes two categories of services

• Remedial maintenance that corrects faults upon failures, and includes
• Establishing a maintenance function that acts on and logs requests from users in the event of a system
problem
• Investigating the problem
• Resolving the problem directly or managing the resolution if third-party service is required
• Restoring the system or returning its use to the customer
• Updating documentation with respect to the problem and its resolution
• Preventive maintenance consists of scheduled maintenance to keep the PPS in good operating condition, and
includes
• Keeping electromechanical equipment (fans, filters, backup batteries, door hardware, etc.)
operating correctly
• Replacing hardware components to keep the equipment up to current specifications (such as
engineering changes)
• Updating system and application software (bug fixes, new versions, etc.)
• Testing and analyzing system reports (error logs, self-tests, system parameters, performance
measures, etc.)
• Maintaining system documentation
PAGE 153 /223
PHYSICAL SECURITY
• Maintenance (continued)
– Indications of a poor maintenance program
• Frequent system failures
• Cursory testing procedures
• An inordinate number of components awaiting repair
– When contracting for maintenance services, the customer and the contractor should
• Agree on the basis of the contract document
• Document in detail the components of the systems that are to be maintained
• Set out the service levels for each component or subsystem
• Define roles and responsibilities of the parties to the agreement
• Agree on pricing and payments
• Set out how the agreement will be managed and administered
– Performance measures of system maintenance agreements

• Supplier performance against service levels and system performance for the previous period
• Call logging and account management
• Changes to the services or service levels that are required by the customer or recommended by the supplier
• Changes to the list of equipment or software on the system
• Customer’s future plans for the system (including staffing, new developments, upgrades, special events, or
changing priorities)
– Typically, maintenance and warranty costs equal 11% of the total capital systems construction cost
PAGE 154 /223
PHYSICAL SECURITY
• Maintenance (continued)
– Typical preventive maintenance tasks
• Inspect the cabinets to ensure that voltage warning signs exist on equipment like power supplies
• Ensure that security system warning signs, if installed, are in their proper location
• Inspect enclosures for damage, unauthorized openings, and corrosion of metallic objects. Repair and paint as
required
• Inspect air passages and remove any blockage
• Inspect, investigate, and solve conditions for unusual odors
• Inspect locking devices. Repair as required
• As equipment is operated and tested, listen to, investigate, and solve conditions for unusual noises
• Inspect equipment mounting for proper installation
• Inspect for loose wiring and components.
• Inspect electrical connections for discoloration or corrosion. Repair as required
• Inspect electrical insulation for discoloration and degradation. Repair as required
• Inspect equipment grounding components such as conductors and connections. Repair as required
• Clean equipment. Remove debris, dirt, and other foreign deposits from all components and areas of non-
encapsulated
equipment, such as ventilated control panels
• Tighten electrical connections
• Torque all electrical connections to the proper design value
• Perform operational tests periodically to prove correct subsystem operation, not necessarily to verify equipment
operating specifications
• Open protected doors
• Walk into protected rooms
• Test metal detectors by passing metal through the detection area
• Prove operation of fence disturbance sensors by shaking the fence
• Conduct visual checks and operational tests of the CCTV system, including switchers, peripheral equipment,
interface panels, recording devices, monitors, video equipment electrical and mechanical controls, and
picture quality from each camera
• Check operation of duress buttons and tamper switches
Revised Spring 2018 ASIS INTERNATIONAL, HOUSTON CHAPTER ASIS POA, Vol. 2, Sect. 12.12.2
David P. Cribbs, CPP, PSP | dpcribbs@gmail.com
PAGE 155 /223
PHYSICAL SECURITY
Security Officers
• Purpose…
– A human being is needed if the post requires the ability to

• Discriminate among events, persons, circumstances, or physical objects based on complex and varying criteria
• Conduct rational dialogue with people face-to-face and discern next actions based on such communication
• Use physical force or the threat of physical force to restrain one or more persons
• Exercise judgment to determine a logical course of mental or physical activity in response to random circumstances
• Provide reports detailing their activities on an ongoing basis
– A security officer post is any location or combination of activities for which a trained
human being is necessary, and includes three key concepts
1) A location or combination of activities
2) Necessary human being
3) Training and competence to accomplish the required activities
– Private security personnel tend to view behavior in terms of whether it

threatens the interests of the client
• What constitutes the interests of the client is not always clear or consistent
PAGE 156 /223
PHYSICAL SECURITY
Security Officers
• Statistics…
– Security officers represent the largest segment of security sector employees and are the largest cost element in
the majority of security operating budgets
– Personnel costs are generally the largest item in the operating budget of a security department
– Private security outnumbers law enforcement in the U.S. by 3 to 1
– As of 2006, about 85% of all critical infrastructures in the United States were already protected by private
security personnel
– The U.S. Department of Labor forecast that security officer jobs would increase by 14% between 2008 and
2018, faster than the average growth rate for all occupations
– The security staffs of the U.S. increased by 13% after 9/11/01, and had risen
to 1.1 million employees by 2002
• About 55% of these were employed by contract agencies
• About 6 out of 7 of these were full-time workers
• Many of the remaining were off-duty police officers
– Hallcrest reports
• Compares the U.S. security industry to public law enforcement
• Determined that security personnel greatly outnumber police officers
PAGE 157 /223
PHYSICAL SECURITY
Security Officers
• Deployment…
– Structures of security operations
• Vertical model
– "Hierarchical model"
– Authority starts at the top
• Shamrock model
– Three leaf shamrock
– Leaf 1: professionals, managers, skilled technicians
– Leaf 2: third-party suppliers
– Leaf 3: part-time and temporary workers (flexible)
• Network model
– "Flattened", "horizontal", or "open" model
– Connections between employees and multiple supervisors
– Security department itself is networked to other departments
ASIS POA, Vol. 3, Sect. 1.9.1 - 1.9.3
– Preferred terminology for security personnel

• Security officers
• Protection officers
• Loss prevention officers
– Security officers are best used as part of a complete protection plan, not as a stand-alone resource
• Because they are expensive, their use should be evaluated periodically
– The deployment of security officer personnel must be guided by rational and objective business criteria
PAGE 158 /223
PHYSICAL SECURITY
Security Officers
• Deployment (continued)…
– Assignment of security officers range across the following environments

• Public
• Semi-public
• Private
– The number of officers required for a facility is determined by several factors, including
• Physical complexity and size of the facility
• Number of employees
• Nature of work
• Number of entrances (and hours they are open)
• Value and amount of assets being protected
• Number of patrols needed
• Number of escorts and special assignments needed
– A 24/7 post requires a minimum of 4.2 officers (168 hours @ 40 hour shifts)
• 4.5 to compensate for sick, vacation, and holiday leave
– Most enterprises do not carry special liability insurance for officers because they are covered by the provisions
of a commercial liability policy
PAGE 159 /223
PHYSICAL SECURITY
Security Officers
• Deployment (continued)…
– A detailed analysis of post and time requirements includes

• Identification of each post by type—such as fixed, vehicular, or foot location—and post number
• Start and stop times for each shift of operation, by day
• Number of officers required for each shift and each day
• Any special personnel requirements listed by shift if applicable
• Names of any personnel who are not assigned to the post
– Calculating the average sick time taken by the

proprietary security officer force over a two-year
period provides a basis for estimating sick days
in future years
– Planned overlapping of shifts is one way to

schedule additional personnel at peak
periods without overtime
PAGE 160 /223
PHYSICAL SECURITY
Security Officers
• Basic functions…
– Control of entrances and movement of pedestrian and vehicle traffic

– Patrol of buildings and perimeters
Diverting officers from security tasks to
– Escort of material and personnel miscellaneous services erodes the facility protection
– Inspection of security and fire exposures program
– Monitoring of assets from a central control facility ASIS POA, Vol. 3, Sect. 1.4.8
– Emergency response
– Dealing with disturbed people
– Special assignments
– Where personal recognition for access-control

purposes is required, under low-density queuing, a
remote operator could control three or four access
points
PAGE 161 /223
PHYSICAL SECURITY
Security Officers
• Rank and authority…
– The efficiency of the security force depends on the adequacy and skill of its supervisors
– Security officer supervisors are selected on the basis of their knowledge of the job and demonstrated
administrative and leadership abilities
– The current trend is to abandon the military or paramilitary model and organize along
supervisory lines used by businesses
– Some people are antagonistic toward anyone in an enforcement position

• Well-trained officers who are courteous, act with restraint, and use good judgment can overcome
such resistance
• Officious or careless security officers may harm the protection program
• If an employee refuses to cooperate with an officer who has performed his or her duty properly, the
uncooperative employee should be referred to a supervisor for disciplinary action
– Dealing with disturbed people requires sensitivity

• The goal is to prevent harm from the person’s acts and to control the person with a minimum of
injury, discomfort, or embarrassment
• Written policies on this subject are highly recommended
• Considerations
– Bringing the person into custody and eliminating the immediate danger (most important)
– The legal liability of the participating security forces and the enterprise if injury or other harm results
– The legal liability of the security forces and the enterprise if the disturbed person is not restrained and then injures others
– Employee/community/public/media relations, as they may be affected by the conduct of security officers
• Economic concerns, such as liability, should not exclusively determine the response to disturbed persons
– The existence of written policy will help reduce liability
PAGE 162 /223
PHYSICAL SECURITY
Security Officers
• Regulation…
– ASIS private security officer guidelines recommend state regulation of the
following for private security firms
– Background investigations
– Training and continuing education
– Insurance
– Licensing
– Oversight bodies
• The guidelines further recommend the following selection criteria for security officers
– Criminal history
– Education
– Citizenship
– Fingerprinting
– Photographs
– Drug screening
– Other personal information related to the applicant
– In general, state and local regulations tend to use the following categories to license security companies
• Security officers; proprietary officers are often exempt. This category typically includes armored car personnel
• Armed versus unarmed security officers
• Private investigators; executive protection personnel, if addressed, may fall under this category
• Alarm companies
• Guard dogs; animals specifically trained for drug or bomb detection are typically regulated by a separate government division
• Polygraph operators
• Consultants
• Process servers
• Locksmiths • Bouncers
• Repossession agents • Motorcade escorts
• Claims adjusters • Special police
PAGE 163 /223
PHYSICAL SECURITY
Security Officers
• Regulation (continued)…
– Requirements that may be specified in state security regulations, with the most common listed first
• Age, citizenship, and experience standards
• Good character
• Lack of felony or specified misdemeanor convictions
• Lack of material omissions or falsehoods in the application
• Lack of previous conviction for operating without a license
• Not being a public law enforcement officer
• Not having been dishonorably discharged from U.S. military service
• Lack of current mental illness
– Jurisdictions use two different methods for regulating security activity

1) Requiring the licensing of the primary controlled business - the individual or corporate applicant must typically apply for and
obtain a license before engaging in the regulated activity
2) The second method applies to the licensing or registration of employees of the business other than those named on the
original application
– Efforts to regulate the entire security industry suffer from a lack of uniform momentum. Despite calls for
regulation in the 1970s, 1980s, and 1990s, little regulation has been instituted
PAGE 164 /223
PHYSICAL SECURITY
Security Officers
– Federal regulatory efforts (mostly failed)
• Security Officers Employment Standards Act of 1991. Introduced by then-Senator Al Gore, it attempted to
introduce basic hiring and training requirements for the security industry. The bill was killed
• Security Officers Quality Assurance Act of 1992. Introduced by Representative Matthew Martinez of California, this
legislation, now dead, broke new ground by proposing that regulations apply to all security personnel, whether
employed by security contractors (thus contract security officers) or other employers (proprietary security officers)
• Private Security Officer Quality Assurance Act of 1993. Introduced by Representative Matthew Martinez of
California, this bill did not pass either, but like its predecessors, its intent was to require states to ensure the quality
of security services and the competence of private security officers. Compliance with the bill was to be a
requirement for eligibility to receive certain federal funds
• Private Security Officer Quality Assurance Act of 1995. Introduced by Representatives Bob Barr of Georgia and
Matthew Martinez of California, this never-passed bill was intended to expedite state reviews of criminal records
of applicants for private security officer employment. The bill also suggested employer licensing, classroom
and in-service training, and state reciprocity. The bill was characterized as a “Sense of Congress,” meaning it
would not be binding even if passed but that Congress thinks it is a good idea. Sought to address
delays in obtaining AFIS results
• Law Enforcement and Industrial Security Cooperation Act of 1996. This never-passed bill was
intended to create a commission to encourage cooperation between public sector law enforcement agencies and
private sector security professionals to control crime
• Private Security Officer Employment Authorization Act of 2004. This law, enacted as Section 6402 of the
Intelligence Reform and Terrorism Prevention Act of 2004, authorizes a fingerprint-based check of state and
national criminal history records to screen prospective and current private security officers. The bill is intended to
provide security employers with access, through the states, to the FBI national criminal history record database. It
requires written consent from employees before such searches and employee access to any information received,
and it establishes criminal penalties for the knowing and intentional use of information obtained through criminal
history record searches for purposes other than determining an individual’s suitability for employment as a private
security officer. In practice, the states have been very slow to establish systems to facilitate this process
PAGE 165 /223
PHYSICAL SECURITY
Security Officers
– Recommendations resulting from the 1972 Rand Report on private security in the U.S.
• Government regulation should be applied as uniformly as possible
• Regulation should be at the state level
• Directors and managers of in-house security services as well as owners and managers of contract security services should be
licensed
• All employees of both proprietary and contract security organizations should be registered by the state
• Each licensee and registrant should meet minimum standards or qualifications (which could vary among types of licensees and
registrants)
• State regulatory agencies should conduct background investigations of each applicant for a license or registration (i.e., for all
security employees, proprietary and contract), including a criminal records check and prior employment verification for a
period of seven years
• All new applicants for licensing and registration should have completed high school or its equivalent or must pass a special
literacy test
• Experience in private security should be required before a license is granted.
A bachelor’s degree (or higher) should be permitted to substitute for some of the
experience requirement. Law enforcement experience may be a substitute for the
security experience requirement
• Licensees should meet a minimum bond or insurance requirement
• State agencies should require minimum training programs for all types of private
security personnel
• Separate training programs should be required for different security positions,
such as guard, investigator, polygraph operator, and central station alarm responder
PAGE 166 /223
PHYSICAL SECURITY
Security Officers
– Rand Report… (continued)
• Instructors’ schools should be accredited by the state regulatory agency
• Currently employed security personnel should be given one year to meet the training requirements
• Private security personnel should be prohibited from carrying concealed firearms while on duty. Company-furnished weapons
should remain on company property during off-hours
• Statutory liability should be imposed on private security businesses for weapons abuses by their employees against private
citizens
• Regulatory agencies should have the authority and resources to spot-check private security records and operations
• Local police and insurance companies should forward to the regulatory agency any information coming to their attention
involving major complaints or incidents involving security personnel
• Prior criminal convictions related to potential abuses in private security should be a basis for denying registration or licensing
• Evidence obtained by illegal search by private individuals should be subject to
suppression either on a per se basis (as is the case for evidence illegally seized by law
enforcement personnel) or ad hoc, with the judge or magistrate weighing the equities
• Uniformed private security personnel should be forbidden to engage in interrogation
or interviewing
• Jurisdictions should regulate the color and style of private security uniforms, as well
as the use of police titles by private security personnel
• Any firm hiring the services of an independent security contractor should be held liable
for any negligent failure to control the contract staff
• The federal government should consider funding a research center to evaluate the
effectiveness of private security personnel. Its findings should be included in an
overhauled statistical reporting system to be maintained by the insurance industry
PAGE 167 /223
PHYSICAL SECURITY
Security Officers
• Qualifications…
– The essential personal attributes for a private security officer are
• Good character • Knowledge of the job
• Proper behavior and ability to handle people • Education
• Neat appearance • Ethics
– Security officer character

• Honest | Courageous | Alert | Well-disciplined
– Security officer behavior

• Courtesy | Restraint | Interest
– Security officer code of ethics

• Respond to the employer’s professional needs
• Exhibit exemplary conduct
• Protect confidential information
• Maintain a safe and secure workplace
• Dress to create professionalism
• Enforce all lawful rules and regulations
• Encourage liaison with public officers
• Develop good rapport within the profession
• Strive to attain professional standards
• Encourage high standards of officer ethics
– In addition to the mental ability to complete administrative tasks and make judgments,
the security officer must also have the physical ability to observe, listen, report, and
function in emergencies
PAGE 168 /223
PHYSICAL SECURITY
Security Officers
• Qualifications (continued)…
– Minimum criteria for private security officers
• 18 years of age (unarmed); 21 years of age (armed)
• Armed personnel must comply with U.S. Public Law 104-208 Section 658 (known as the Lautenberg amendment), which
forbids anyone convicted of domestic violence (felony or misdemeanor) from possessing a firearm or ammunition
• Possess a valid state driver’s license (if applicable)
• No conviction, guilty plea or nolo contendere to
– A felony
– A misdemeanor involving moral turpitude, acts of dishonesty, acts against governmental authority (including the
use or possession of a controlled substance within a seven-year period)
– Any crime in any jurisdiction involving the sale, delivery, or manufacture of a controlled substance
• No declaration by any court to be incompetent by reason of mental disease or defect (unless the declaration
has been removed or expunged)
• Subject to a state criminal record check and FBI criminal history check before permanent employment
– Criteria for non-regulated security officer employment (proprietary officers)

• High school education or equivalent
• Military discharge records (DD 214)
• Mental and physical capacity to perform the duties for which they are being employed
• For armed applicants, successful completion of a relevant psychological evaluation to verify
they are suited for the duties for which they are being considered
• U.S. citizen legal alien (federal law)
– These actions must be taken before arming any private security officer
• They must furnish information about all prior employment
• The employer should make a reasonable effort to verify the last seven years of employment
history, and check three personal references
• They must pass a recognized preemployment drug-screening test
PAGE 169 /223
PHYSICAL SECURITY
Security Officers
• Training…
– Competency refers to an individual’s ability, skills, and qualifications to perform the necessary duties
– The seeds of today’s security officer training efforts can be seen in the development of apprenticeships, formal
and informal training efforts, government and private studies, and training guidelines and standards
– It is good practice to provide a set number of pre-assignment training hours at the contract agency’s expense
• Such an arrangement may help reduce turnover by making the agency bear the cost of training replacements
– Recommendations for the communication and training process of security officers

• Base training on needs | Recognize individual differences | Maximize motivation
• Take the learner's viewpoint | Provide timely feedback | Expect ups and downs
• Remember follow-up | Learn to instruct
– The quality of assets protection is a direct function of local training and local supervision
– The quality of the service provided by a contract agency is directly related to the quality of local supervision
and local training
– Unless officers are properly trained and closely supervised, they may not
provide the protection required
PAGE 170 /223
PHYSICAL SECURITY
Security Officers
• Training (continued)…
– Shift supervisors
• Train and direct the shift officers
• Are front-line managers
• Are the key to mentoring, staff turnover, and employee satisfaction
– Training occurs when

• A supervisor observes the ongoing performance of an officer and provides feedback in response to situations that were not
correct or where the officer appeared unsure or confused
• When new material is introduced that requires familiarization by the individual officer or the entire shift
• When new security personnel are introduced to the site
– To accomplish training objectives, the supervisor must visit each guard post
• A better alternative—unless prohibited by collective bargaining terms—is to have the
supervisor perform some post relief
– Without post-specific training, security officer effectiveness is reduced and

raises a question of the actual need for the post
– Supervisors themselves need special training in

– Management
– Human relations
– Interpersonal communication skills
– Labor and criminal laws
– Emergency response
• This training should be available prior to promotion to supervisor to the greatest extent possible
– It should also be continuous while the supervisor occupies a supervisory position.
ASIS POA, Vol. 3
PAGE 171 /223
PHYSICAL SECURITY
Security Officers
– An initial period of general security instruction should be given as soon as the officer reports for duty.
Instruction on specific duties can be given as the duties are assigned
– The two reasons for testing the security operations program are to identify residual risks and identify necessary
changes within the organization
– The quality of training is directly proportional to the quantity of training

– Hallcrest Report I (1985, Cunningham & Taylor) found that contract security firms had inadequate employee
selection and training standards
• Misrepresentation of these standards to clients was a significant source of discontent
The key to effective guard use is training - ASIS POA, Vol. 2, Sect. 10.2
PAGE 172 /223
PHYSICAL SECURITY
Security Officers
• Evaluation…
– The lack of evaluation of security officers causes problems at salary review time
– A partial solution is the regular assessment and recording of officer performance by

supervisors after every post visit, including at least the following items
• Personal appearance and condition of the officer

• Physical condition of the post
• Availability and condition of all required personnel and post equipment, including post orders
• Quality of officer response to training questions or situations
• Quality of officer response to actual situations arising at post during the visit
PAGE 173 /223
PHYSICAL SECURITY
Security Officers
• Arming…
– One of the greatest liabilities an organization faces involves issuing deadly weapons to security officers
• Some think when a contract security vendor is properly contracted, most of the liability is shifted to the vendor
– Legal actions usually involve anyone remotely associated with a situation
• Payment for vendor services indicates acceptance of the vendor’s management style and practices; thus, crucial policies and
protocols should be prescribed by the organization that employs the vendor
– The decision whether to arm an officer should be based on the existence of one of these conditions
• There is a greater danger to life safety without the weapon
• The officer may reasonably be expected to use fatal force
– Facility management assumes several responsibilities for armed officers
• Proper training of the officers to be armed
• Selection of the appropriate firearms and ammunition
• Proper maintenance of the firearms by a qualified gunsmith
• Maintenance of records of the foregoing actions
• An adequate level of liability insurance
– Other considerations regarding use of deadly weapons
• Conditions when weapons may be issued
• Persons who get a weapon, and the type of weapon and ammunition issued
• Quality and reliability of the weapon at time of issue, and repair and
maintenance of the weapon by a qualified armorer
• Accountability for the specific weapon and its ammunition, and specified
training with the weapon
• Conditions when weapons may be used, and safety precautions
for the issuance and carrying of weapons
• Return or surrender of the weapon when not required for authorized use
• Secure storage for weapons when not in use (weapons unloaded,
separated from ammunition, locked in approved container)
• Accurate records of each of the preceding points
– Use of non-lethal weapons should also be covered in policy statements
PAGE 174 /223
PHYSICAL SECURITY
Security Officers
• Contract vs proprietary…
– Contract security: Third party employer of officers
• Less expensive (most prominent advantage)
• Pool of replacement workers typically readily available
• No need for customer to deal with vacations, sick time, discipline, hiring/terminations
• Wider range of expertise available
• Some insulation from liability
• Higher turn-over, potentially lower quality, sometimes less well-trained, not as loyal
– Proprietary security: Directly-employed officers

• More direct control of personnel selection, screening, training, supervision
• Generally considered more loyal, less turn-over, better quality
• More expensive
• Must deal with discipline, salary determinations, vacations, sick time, etc.
– Hybrid security: Direct-employed officers oversee contract officers; also called

the "principal-agent" relationship
– Contract security firm representatives usually reduce costs to sell their service
• Low-bid contractors may often lower quality to compensate for the lower price
• It is the responsibility of the customer to develop detailed bid specs that clearly
identify requirements, including wages, benefits, and performance expectations
• Helps avoid low-bid, poor-performance results
– Turnover costs—due to advertising, interview time, background checks, hiring,

new employee processing, and training—generally run >=25% annual salary
PAGE 175 /223
PHYSICAL SECURITY
Security Officers
• Reports…
– From the first day on the job, security personnel should realize their observations, reports, or findings, coupled
with their demeanor and their ability to articulate events, may be the key to the verdict in a trial immediately or
years after an event, even if they have left the job
• Every security incident should be treated as if it could result in a courtroom appearance
– Security reports and logs are admissible in legal proceedings as entries made in
the regular course of business and are therefore exceptions to the evidentiary
rule against hearsay
• The admissibility is pertinent in litigation, arbitration, or administrative matters in which

the entry is the only evidence of the event. To qualify, the report or log must
– Be regularly maintained
– Be maintained by a person as part of his or her regular duties
– Record an event of which the recorder had personal knowledge or which was reported to
the recorder by one who had personal knowledge and a duty to report
PAGE 176 /223
PHYSICAL SECURITY
Security Officers
• Reports (continued)…
– Report forms that force positive statements are better than those that expect the officer to formulate a
narrative
– The central report document is the security log

– Whether manual or electronic in format, security logs generally fall into two classes: the main or control log and
the individual post log
– Information developed by the officers is frequently not communicated to management,

which could be attributed to several factors
• Individuals drawn to security may be action-oriented, not word-oriented

• Information that is reported may not appear to be acknowledged or acted on
• The report process may not encourage careful fact processing
• The organization may lack the infrastructure needed for data collection
– A source of security officer dissatisfaction is the apparent failure of management

to read reports and logs. Security managers should read reports and logs in a
timely manner, acknowledge items of significance,
and arrange for corrective action
PAGE 177 /223
PHYSICAL SECURITY
Security Officers
• Policy and procedure…
– Written instructions must be reinforced through personal communication

– Failure of security personnel to follow operating procedures could lead to lawsuits over
• Failure to adhere to duty guidelines (officers engage in conduct beyond their established duties)
• Breach of duty (officers engage in unreasonable conduct)
• Proximate cause (the officer was the immediate cause of injury to a victim)
• Foreseeability (refers to events, especially those that could cause loss, harm, or
damage, that the officers or management could have determined were likely to happen)
– Post orders are the most important written instructions for the security force, and
• Express the policies of the protected enterprise
• Summarize required officer duties
• Avoid the problems of word-of-mouth instructions
• Provide a basis for site-specific training
– Post orders are based on standard operating procedures (SOPs), which should be site-specific
PAGE 178 /223
PHYSICAL SECURITY
Security Officers
• Policy and procedure (continued)…
– Post orders should be developed with the following criteria in mind
• Each order deals with a single subject
• Each order is as brief as possible
• Each order is written in simple, easy-to-understand terms
– A few other considerations are as follows
• An officer with a 12th-grade education (or less) should not be expected to read and understand the professional language or
jargon of someone with an advanced education
• Reading time is inversely related to reading comprehension – the longer it takes to read a passage, the less likely it will be
accurately understood or remembered.
– Reading time is a function of both the structure of the passage and the reading skill of the individual
• The use of vocabulary should emphasize plain meaning and avoid jargon, nuances, and ambiguity
• Orders are indexed in detail
• Post orders should be available at each guard post and kept current and accessible. They are the vital link between the
requirements of the client and the ability of the security officer to effectively meet those requirements
• Post orders require a coordinated effort – care must be taken to ensure no contradictory orders are in use

GENERAL PATROL RECEPTION GSOC ERT
PAGE 179 /223
PHYSICAL SECURITY
Security Officers
• Fatigue…
– In part, vigilant performance is an expectation requiring nurturing and opportunity

– Individuals awake for more than 17 hours are likely to reach a dangerous level of mental fatigue
– Frequent rotations of officers in monotonous and demanding environments, like a control center, can help
alleviate officer fatigue
– The most effective way to maintain officer vigilance is to systematically rotate the security officer’s duties, at
two- to four-hour intervals, between fixed posts and roving patrol (both foot and mobile) assignments
– Officers’ schedules should allow for meaningful rest,

including at least two nights of unrestricted sleep
between shift changes, and limitations on days worked
consecutively and hours worked per shift
PAGE 180 /223
PHYSICAL SECURITY
Security Officers
• Fatigue (continued)…
– A few of the problems associated with automation and human monitoring are
• Increased monitoring load for the operator with concomitant attention lapses
• High degree of operator responsibility with little to do
• Loss in manual skill proficiency by the operator
• Out-of-the-loop problems for the operator
• Automation replacing human pattern recognition abilities with less competent sensors
• Creation of the “cry wolf” syndrome whereby a high false alarm rate causes the operator to ignore
indications of system malfunction so that malfunction rates detected drop nearly to zero
• Inadequate displays that do not support optimal operator performance and do not allow
for individuals’ differing abilities to remain vigilant
• Automation problems being misdiagnosed so that erroneous corrective
measures are taken
• Failure to recognize subtle vigilance problems until after a large
number of automation-related accidents
PAGE 181 /223
PHYSICAL SECURITY
Security Officers
• Fatigue (continued)…
– Principles for mitigating security officer fatigue effects
• Principle 1: Shift lag. Use a shift plan that maintains human circadian entrainment to the local, 24-hour light/dark cycle.
Usually, rapidly rotating plans are better at this than slowly rotating plans
• Principle 2: Shift length. Use a shift length of no more than eight hours, with the exception of using a 12-hour shift length for
jobs with low physical and emotional work stresses
• Principle 3: Night shifts. Schedule minimal consecutive night shifts in the shift plan, preferably no more than three in a row
• Principle 4: Recovery. Schedule 24 hours of recovery (not “time off”) after each night shift
• Principle 5: Weekends. Schedule the maximum number of free days on weekends
• Principle 6: Days off. Schedule at least 104 days off per year (equal to 52 weekends)
• Principle 7: Equity. Provide all workers with equal demands for long duty days, night work, and weekend
work, as well as equal access to good-quality time off and weekends off
• Principle 8: Predictability. Ensure that the schedule is so easy to understand that workers may
apply simple arithmetic to predict their actual work and free days well into the future
• Principle 9: Good-quality time off. Schedule long, contiguous periods of time off;
operationally, this translates into three or more consecutive days off
PAGE 182 /223
PHYSICAL SECURITY
Security Officers
• Contracting for security services…
– The first step in contracting for security officers is to determine the organization's contracting rules, then
• Buyer beware
• Properly evaluate the needs of the organization to be protected
• Acquire information and know the state of the art
• Analyze the advantages and disadvantages of each service
• Avoid panic decision making
– Three criteria to consider when choosing a guard contractor

• Consistent performance
• Prompt, efficient and positive response to client concerns
• Competitive pricing
– Clients should look for agencies that can substantiate a

lower-than-average turnover rate
– Factors affecting guard agency performance

• Poor scheduling
• Lack of adequate supervision
• Limited opportunities for advancement
• Little or no recognition
– The most important aspect required to ensure adequate guard agency performance is a genuine commitment
to partnership with the client
– The more specific and detailed the information a client provides, the greater the likelihood of getting quality
service at a competitive price
PAGE 183 /223
PHYSICAL SECURITY
Security Officers
• Contracting for security services (continued)…
– Solicitation summary
• Gives vendors as much information as possible to produce comprehensive proposal packages, and contains
– Statement of purpose that identifies the tasks to be performed by the security personnel
– Client contact person
– Particulars regarding the bidders’ conference
– Letter of intent for vendors
– Proposal submission requirements
– Modification or withdrawal of proposals
– Post-opening withdrawals
– Late proposals, withdrawals, or modifications
– Bidders’ right of appeal
– Payment policies
– Amendments to the RFP
– Details of any proposed discussion between vendor and client
– Procurement rules
– Challenges based on unfairness
PAGE 184 /223
PHYSICAL SECURITY
Security Officers
– Building the Scope of Work (SOW) for contract guard services is based on
• Examination of the site
• Layout of facilities
• Building design
• Internal business processes
• Corporate culture
• Security objective
• Contract length
– The SOW should state

• Security tasks
• Days and hours of performance
• Total number of hours to be worked
– The SOW is combined with the following in the RFP

• General and special orders (post orders)
– Post orders should be written by the client!
• Proposed operating agreement
– Contract security service agencies generally prefer a standard agreement, which may be vague and written to limit their liability
– The agreement should reflect the client’s unique security requirements, rather than be generic or standard
• Diverging from generic agreements requires extra effort but can lead to a more customized service of higher quality, resulting in greater
satisfaction
• Another approach is to develop a detailed specification document to describe clearly and accurately the standards of performance to which
the contracting parties are held
– The willingness of an agency to tailor its agreement to explicit client specifications should be a key selection criterion; it is also an
indicator of the agency’s philosophy toward customer service and even of its future performance
ASIS POA, Vol. 3, Sect. 5.1.2, 5.2.1
PAGE 185 /223
PHYSICAL SECURITY
Security Officers
– Customers should specify hourly pay rates rather than allowing bidding guard agencies to do so
• Significant disparities can lower morale and job satisfaction, increase turnover, and eventually erode security service levels
• As a general guideline, the lowest wages received by the contract security officer should at least equal the entry wages paid to
the proprietary positions
• Security managers facing bureaucratic purchasing functions should be sure that they—and not the purchasing staff—set the
contract compensation policy
– The agency should itemize billing rates, such as

• Hourly wages officers receive
• General and administrative costs (overhead) (can be itemized if needed)
• Profit
• If needed, overhead costs can be itemized. Periodically auditing invoices to this
level of detail can be very enlightening
– Criteria for consideration in RFP proposals for guard services

• Compliance with submission deadline
• Spelling, grammar and accuracy
• Customized vs. standard template
• Provision of all requested details
• Quality of the proposal
• Promptness of officer licensing
• Training provided
• Staff experience in the industry
PAGE 186 /223
PHYSICAL SECURITY
Security Officers
– Supervisory roles are generally determined by the number of personnel at the site (or total hours)
• If officers work more than 400 hours per week, the contracting organization should hire its own (proprietary) security
supervisor
– Seven measures on which contract security companies can be assessed (at minimum)
1) Employment and reference checks
2) Psychological testing (where allowed)
3) Polygraph testing (where allowed)
4) Minimum qualifications at local jurisdiction level
5) Management qualifications
6) Selection process for officers
7) Turn-over / tenure / seniority
– Incentive pricing options

• Paying higher-then-average salaries
Proprietary personnel should avoid directly • Paying for recruitment expenses
supervising contract personnel to reduce • Rewarding compliance with maximum turnover limits
employment issues [("co-employment")]
PAGE 187 /223
PHYSICAL SECURITY
High Rise Security Issues
• Definition…
– Generally, a high-rise structure extends higher than the maximum reach of available fire-fighting equipment
• Set variously between 75 and 100 feet, or approximately 7-10 stories
• The exact height of a high-rise is specified by local fire and building codes
• In such facilities, fires must be fought from inside the building rather than from outside
• Urban area, accessible from public streets, mixed occupancy, public assembly areas, retail spaces, and conventional office use
• Concepts…
– Open buildings. Access is typically unrestricted at the building entry level as well as to individual floors. There
may be an unrestrictive security or concierge desk to assist visitors and others
– Closed buildings. Access to elevator banks is controlled and visitors are managed
– Hybrid buildings. For a major tenant, one or more elevator banks may be controlled while other elevator banks
to other floors are open
– Multi-mode: Operations controls vary according to time of day, traffic, occupancy level, or day of week
• Business hours: Regular mode of building security
• Intermediate hours: 1-2 hours before and after regular business hours, possibly some hours on Saturday, entry doors are open
but visitors may be subject to stricter controls
• Off-hours or after-hours: Nighttime, weekends and holidays, higher levels of security are maintained and building entry doors
are locked, requiring access permissions to enter
PAGE 188 /223
PHYSICAL SECURITY
• Access control…
– Three access control classes of space in a high rise

1) Public access
2) Leased spaces
3) Maintenance spaces
– The number of personnel requiring access to maintenance spaces is small;

minimum access controls for these spaces include
• Conventional locks on doors
• Controlled key issuance
• Intrusion alarm (distinctive)
• Communication with those entering the spaces and the security control room
– Maintenance spaces in high rises include

• Mechanical rooms and floors
• HVAC rooms
• Electrical, telecommunication and IT rooms
• Other utility rooms and spaces
• Elevator rooms and pits
– Sensitive spaces should be grouped together in the same group of floors,

serviced by a single set of elevators, allowing more control over access
• Be cautious of "cross-over" floors
PAGE 189 /223
PHYSICAL SECURITY
• Access control (continued)…
– Floor control can be accomplished several ways in a high rise
• Programmable elevators
• Elevator cabs with card readers
• Escorts for visitors
• Employee awareness of piggybacking and tailgating
• Turnstiles at the ground floor elevator bank
• Controlled elevator landings (with or without reception)
– Two factors control how building stairwells are secured

1) Local fire and building code requirements
2) Whether inter-floor movement of building occupants via stairwells is allowed
– Service or freight elevators pose special problems in all high-rise structures because they often serve all levels
of a building
• If they are self-service, the entire building security program may be compromised unless the service cars are
– Programmed not to access sensitive floors without special arrangements
– Locked at hoist-away doors on sensitive floors
– Locked at service vestibule or lobby doors, where applicable
– Service elevators also offer an opportunity for unauthorized movement of property from or between accessible
floors, which can be addressed by
• Assigning an operator to the service elevators
• Making service elevators available only on request to Security
• Avoiding use of service elevators by regular traffic
PAGE 190 /223
PHYSICAL SECURITY
• Access control (continued)…
– If use of stairwells is allowed, they should have access controls and intercoms connected to Security
– High-tower-function mortise locks

• Energized and locked at all times
• Access control is accomplished by a key or reader
• Power is controlled by fire system: doors immediately unlock yet remain closed and latched, protecting the stairwell from
smoke and fire
– Suggestions for the overall lock program of a high-rise structure

• Use interchangeable or removable core locks
• Limit use of a single control or a grand master key
• Use multiple controls and multiple masters
• Establish multiple key blanks
• Set up zones
• Maintain strict master key control
• Keep control of zone master keys
• Limit access to control keys and combinations
• Pay particular attention to exterior doors
• Maintain lock quality and complexity of combination schemes
PAGE 191 /223
PHYSICAL SECURITY
• Life Safety…
– The first step in assuring life safety is to comply with local building and fire codes applicable to
the structure
• The first priority in life safety systems is fire detection
• High rise fire detection systems must pinpoint the floor and location of the potential fire, which may require
the supplemental use of other devices, personnel or procedures
– Some codes prohibit the fire alarm system from performing any function other than fire life
safety and further prohibit the use of any component or device that has not been approved for
fire life safety applications
• Depending on local authorities, this may preclude the use of fire alarm systems to monitor or control security
devices
• It may also preclude the use of a security system to monitor or control a fire life safety device
– When sprinklers are present, the chances of dying in a fire and property loss per fire are cut by
one- to two-thirds, compared to fires reported to fire departments where sprinklers are not
present
– When sprinklers do not produce satisfactory results, the reasons usually involve one or more of
the following
1) Partial, antiquated, poorly maintained, or inappropriate systems
2) Explosions or flash fires that overpower the system before it can react
3) Fires very close to people who can be killed before a system can react
PAGE 192 /223
PHYSICAL SECURITY
• Life Safety (continued)…
– Standpipe systems can significantly improve the efficiency of manual firefighting operations by
eliminating the need for long and cumbersome hoses
– Water is the primary extinguishing agent in most high-rises, but others may be
• Dry chemical and wet chemical systems (used mainly for restaurant hoods, ducts, and cooking appliances
found in kitchens and cafeterias)
• Carbon dioxide, halon and halon replacement systems (used in electrical switchgear rooms and in
computer and data processing installations)
– The most significant factors affecting life safety in high-rise structures are
• Early detection and precise location of incipient hazards
• Reliable communications throughout the structure and with outside agencies
• Assurance of safe escape routes
• Prompt application of appropriate control measures
• Fire extinguishment
• Containment or replacement of contaminated air
• Shutoff or filtration of drinking water
• Containment and removal of explosives
PAGE 193 /223
PHYSICAL SECURITY
• Security and Intrusion Detection…
– The "layered security" approach applies to normal facilities is
• Outer ring: Property boundary, or perimeter
• Middle ring: Building walls
• Inner ring: Interior controls
– Layered security for a high rise

• Outer ring: Building walls
• Middle ring: Access to elevators and stairs
• Inner ring: Individual floors
– Protection measures in a high rise should involve a cooperative effort between the building owner and manager
and the tenants themselves
– Selective site hardening of a building can be accomplished with these building materials, typically involved
during construction, not later when the cost is substantially higher and the install more difficult
• Standard masonry
• Blast-resistive reinforced concrete
• Sheet metal
• Polycarbonates
• Acrylic material
• Compressed fiberglass
• Ballistic fabrics
• Bullet-resistive glass
• Window films
• Hardening and controlling the elevator lobby and stairwell doors is less expensive than hardening individual offices or spaces
PAGE 194 /223
PHYSICAL SECURITY
• Security and Intrusion Detection (continued)…
– It is important to have a central location within the high-rise structure where the security systems and
equipment can be monitored and controlled
• No attempt should be made to use the system control center in any way other than as a dedicated facility
– Monitoring personnel are sometimes expected to handle both the system demands and the spot demands of persons passing the area
– The theoretical savings achieved by requiring that operators

attend to other fixed-post duties may cause inattention to
system-monitored events of far greater loss consequence
• Such an arrangement also exposes the system control to

compromise or attack
– If the system has been properly designed, ideally the

monitoring and control station should be the most secure
location in the structure
PAGE 195 /223
PHYSICAL SECURITY
• Security and Intrusion Detection (continued)…
– Intrusion alarms should be used on stairwell doors where non-emergency use is not allowed
• Where stairwell doors are generally locked against re-entry, it is appropriate to dispatch a security officer to the floor of the
alarm and another to the stairwell one floor above the alarmed floor
– Fresh air intakes should not be overlooked in the protection plan, as these are vulnerable to airborne
contaminants
• A grille or baffle should be installed at a 90 degree angle to the air intake to eliminate direct access to the intake, and the unit
should be fitted with intrusion alarms
• Mounting air intakes well above ground is a superior security solution
– The most dangerous or critical points for attack against telecommunications lines in a high rise are located at
points after all the building services are connected with one or two main trunk cables, still in the structure
• All access points to the cables should be protected
– Since communications within a high rise can be cut to upper floors by severing the cables in common riser
areas, alarm signal and communications systems should be distributed so that localized points can operated
independently even with communications with a central control panel or processor has been disrupted
PAGE 196 /223
PHYSICAL SECURITY
• Video Surveillance…
– Typical high rise camera locations
• Critical entry or exit areas
• Pedestrian access points operated remotely
• Access points at which access control devices are installed
• Passenger and service elevators
• Sensitive interior spaces
• Vehicle entrances and exits
• Covert surveillance areas
The number of security personnel in a high rise

depends on the type of occupancy and activities
– Monitoring of cameras requires

• Output from each camera is displayed at all times unless it can be alarm-controlled
• Arrangement of the monitor screens to permit rapid visual analysis by a trained observer
• A means for bringing any particular camera of immediate interest to a monitor screen in the direct field of
view of the operator
• The capability for permanently recording the display from one or more cameras, as needed, and for
identifying the recorded material by camera location and clock time
PAGE 197 /223
PHYSICAL SECURITY
Dogs in Security
• History of dog use…
– The Greeks and Romans used large, mastiff-type dogs with armor and
blade-studded leather collars during warfare
– After the discovery of gunpowder, dogs were used in military operations
primarily as sentries, scouts, messengers and guards for prisoners and
supplies
– During World War II, the U.S. military used about 10,000 dogs
– Today, armed forces throughout the world continue to use dogs for many
tasks
– The organized use of dogs for law enforcement dates back to at least 1899
when the town of Ghent, Belgium, established a law enforcement training
program for dogs
• By 1906, police were using 50 to 60 dogs in that city
– Around 1910, dogs were used by law enforcement agencies in England and
Germany
– By 1956, the Baltimore Police Department began an experimental program,
pioneering the law enforcement use of dogs in the United States
– Dogs are now in regular use in law enforcement agencies around the world
PAGE 198 /223
PHYSICAL SECURITY
Dogs in Security
• Breeds…
– There are 150 breeds of dogs classified into eight classes

1) Sporting 2) Hound 3) Working 4) Terrier
5) Toy 6) Non-sporting 7) Herding 8) Miscellaneous
– Security typically uses Working and Herding dogs

• What matters most is the overall drive of the individual dog once it has been trained for security work
• Dogs in the Working group are bred to perform such jobs as

– Guarding property -- Pulling rescue sleds -- Performing water rescues
• Breeds in the Working group

– Akita -- Alaskan malamute -- Bernese mountain dog -- Boxer
– Bull mastiff -- Doberman pinscher -- Great Dane -- Great Pyrenees
– Rottweiler -- Greater Swiss Mountain Dog -- Saint Bernard -- Komondor
– Samoyed -- Kuvasz -- Siberian Husky -- Mastiff
– Standard Schnauzer -- Newfoundland -- Portuguese Water Dog
PAGE 199 /223
PHYSICAL SECURITY
Dogs in Security
• Breeds (continued)…
– Dogs in the Herding group share a great ability to control the movement of
other animals, and include
• Australian sheepdog • Border collie • German shepherd

• Australian shepherd • Bouvier des Flandres • Old English sheepdog
• Bearded collie • Briard • Puli
• Belgian Malinois • Canaan dog • Shetland sheepdog
• Belgian sheepdog • Collie • Welsh corgi
• Belgian Tervuren
• Uses…
– Common protection functions for which dogs may be trained in

private security operations
• Aggressive attack
• Building searches
• Detection of explosives and incendiary accelerants
(substances that boost fires)
• Drug detection
• Guarding or holding a person in a location
• Protection or patrol of areas, with or without handlers
• Tracking
PAGE 200 /223
PHYSICAL SECURITY
Dogs in Security
• Uses (continued)…
– The usual assets protection tasks for which dogs are selected and trained include these
• Protection of an area with a handler

• Protection or patrol of an area alone, without a handler
• Guarding or holding a person in a location
• Aggressive attack
• Tracking
• Detection of drugs, explosives, accelerants, and other substances
– A dog working with a handler (a dog team) is commonly used

in these applications
• Foot and vehicular patrol

• Apprehension
• Tracking
• Building and area search
• Parking lot surveillance
• Personnel and funds escort
• Crowd control
• Substance detection
• Maintenance of custody
PAGE 201 /223
PHYSICAL SECURITY
Dogs in Security
• Qualifications…
– Dogs fall into one of three main Sensitivity groups

• Oversensitive (reacts excessively, difficult to train, unreliable, may have to do with the dog's history)
• Undersensitive (difficult to motivate, may not respond to commands, may not interpret affection as reward)
• Moderately sensitive (normal sensitivity to sound and touch, responds well to commands, ideal for protection work)
– Aggressiveness categories
• Over-aggressive (difficult to train, may bite others than the aggressor, continues to react after
aggressor is gone)
• Under-aggressive (cowers or hides when approached by aggressor, difficult or impossible to
train)
• Moderately aggressive (easiest to train, ideal for protection use, becomes alert to aggressor,
suspicious, and is eager to move towards the aggressor)
– Willingness refers to a dog’s

• Response to commands
• Attitude when carrying out duties
• Reaction toward learning new duties
– A dog is ranked high in willingness if it continuously responds to a

given command in an effort to fulfill it, even though reward or correction
cannot be easily perceived as being immediate
• A dog that must constantly be coaxed or admonished is considered an unwilling worker
• A dog may be willing to play, but not to work or train
PAGE 202 /223
PHYSICAL SECURITY
Dogs in Security
– To qualify for protection work, a dog should – The most popular protection breeds in the U.S.
• Be 'middle-sized' • German shepherd (better when correctly bred - no
– German shepherd: 24 - 26" in height, 75 to 90 lbs inbreeding)
– Doberman pinscher: 25 - 28" in height – Intelligent, faithful, responds well to training
• Have even temperament – Keen sense of smell
• Be inquisitive and intelligent – Strong; 500-600 lb/sq in bite force, enough to break a
• Be courageous (bold but not ferocious, not shy); never human arm
retreat – The breed has been 'watered down' by poor breeding
• Have 'hardness', or a willingness to overcome practices
challenges • Doberman pinscher
– Bred from a mix of German shepherd, Rottweiler,
• Have vitality and strength
black and tan terrier, and German pinscher
• Be any color
– Compact, muscular, powerful
• Respond well to training at about twelve months of age – Great endurance and speed
• Usually be male (not monorchid); females if spayed – Energetic, fearless - attacks without care for its own
• Not necessarily be purebred, but not be a shelter dog safety
• Not have been with the breeder for ASIS POA, Vol. 6, Sect. 1.4.1
more than 12 months
PAGE 203 /223
PHYSICAL SECURITY
Dogs in Security
– In security, a dog’s senses of smell and hearing are most important; sight and touch are less so
– During the imprinting stages of training, a dog must be taught to rely on smell instead of sight, especially when
teaching building searches
– Dogs should be conditioned to use the fastest and easiest means of satisfying their basic needs
– A dog’s ability to detect scents is often described as being more than 100 times greater than that of humans
• A trained dog can sense an intruder’s airborne scent more than 250 yards away
• Dogs can distinguish between odors that seem identical to humans
– A dog's hearing is superior to humans' in range and pitch

• The upper frequency limit of the dog is about twice that of human beings, reaching 30,000 Hz or more
– In general, a dog’s vision cannot be compared favorably with that of the normal human
• It is widely held dogs are colorblind and their visual clarity is weak
• The ability of dogs to detect movement is significant
PAGE 204 /223
PHYSICAL SECURITY
Dogs in Security
• Training…
– Dogs are more intelligent than most other animals, except humans and non-human primates
• A dog’s intelligence is gauged in terms of how quickly he learns a command,
retains it, and his drive to follow it
• A vocabulary of about 20 words is normal, but some can respond to 100
• A dog may be deemed highly intelligent if it learns quickly by experience (unusual)
• Some dogs learn quickly but are difficult to train because they sulk or are stubborn
• Some dogs respond only to a handler they like
• Individual dogs differ in how much they want to please their pack
– Two basic drives are prevalent in dogs used for security tasks
• The hunt drive
– Must be present to accomplish both detection and protection work
– Through training, the drive can be channeled to help the dog pursue and locate other items, such as drugs or lost children
– Due to their natural predator ability, dogs can be trained to attack humans without regard to their own safety
• The pack drive

– When domesticated, the dog adopts humans as pack members and defends the pack, as well as the territory the pack occupies
– The optimal canine is one with equal hunt and pack drives
– Through training, a dog’s natural drive is coupled with the desire for a reward
• Dogs should be conditioned to use the fastest and easiest means of satisfying their basic needs
ASIS POA, Vol. 6, Sect. 1.2.1, 1.2.2
– Dogs with little energy are difficult to train; over-energetic dogs can be trained to control their behavior
PAGE 205 /223
PHYSICAL SECURITY
Dogs in Security
– Unlike most animals, a dog does not always require food rewards to work or train
• Kindness, shown by oral praise or a casual caress, is usually enough to motivate the dog
• More than any reward, the dog wants the approval of its handler—probably because of the pack instinct
• A friendly and trusting relationship is the motivation needed to train the dog to become highly efficient
• A tangible reward should not be routinely given after a dog has executed a command properly
– Most common training methods (not every dog responds to the same method)
• Positive reinforcement (praise) tailored to the dog’s specific predominant drives
• Compulsion (negative corrections) through the handler’s voice or with equipment such as a shock collar
• Inducement (balls, toys, companionship, or food)
– Harsh disciplinary actions do not succeed in teaching a dog tasks

• i.e. beating, scolding, refusing to speak, locking up, or refusing food
• They depress the animal and cause an unacceptable disposition
• When such punishments are frequently repeated, the dog loses
confidence in, and fears, the handler
– A dog should never be corrected for clumsiness,

slowness in learning, or because of an inability to
understand what is expected
– Anthropomorphism: Attributing human

characteristics to animals
PAGE 206 /223
PHYSICAL SECURITY
Dogs in Security
– Because of the restrictions on time and the effort needed to keep skills at the optimal level, generally a dog
should be trained specifically for protection or detection, not both
– A single dog is generally not trained to detect both drugs and explosives for two reasons
1) The possibility of confusing the dog in an actual search
2) The need for an aggressive search method when searching for

drugs, and a passive one for bombs and explosives
– A detection dog must have continuous, daily

training to maintain peak proficiency—perhaps two
hours per day
• Basic training for detection work runs six to eight weeks,

plus one or two weeks more to train a detection team
• It takes about nine months to a year before a handler

and a dog become highly effective together in pursuing
the more difficult detection challenges
PAGE 207 /223
PHYSICAL SECURITY
Dogs in Security
– Patrol dog training
• Trainer works with dog 4-12 weeks, and with dog and handler together for 2 weeks
• Trainer prefers dog to live with handler; cost is $4k - $5k (plus the dog)
– Detection and recovery dog training

• Can be combined with patrol training; highly specialized
• 4-8 weeks; costs range from $1,000 to $5,000
– Guard or compound dog training

• 2 weeks; may be conducted at the intended site; costs range from $1,000 to $1,500
– A dog taught with a handler knows to attack w/o command only when a violator escapes or attacks the handler
• Escorting handler is 10 ft behind and 2 ft right of the violator; the dog is off-leash to the left, directly behind the violator
– Dogs used in the private sector should be given brief refresher training at least monthly
PAGE 208 /223
PHYSICAL SECURITY
Dogs in Security
• Detection…
– Dogs are the most efficient method for detecting drugs, explosives, and accelerants in most situations
– The detection reliability of a well-trained dog exceeds 95%
– Detection is demanding and often boring for the dog because of long work periods without detecting a scent
• A detection dog can normally work effectively for twenty to sixty minutes
• If a search continues for a long time, the dog may become tired and lose interest
• If the dog loses interest and the handler cannot motivate it to continue, it must be given a break
• Noise and activity in an area may distract the dog
– A single dog can be trained to patrol, protect areas, and detect substances, but usually substance detection
becomes a specialty because of the necessary training time
– A detection dog is usually fitted with a special leather collar so when

the collar is placed on the dog, it knows it is going to work
ASIS POA, Vol. 6, Sect. 1.4.4, 1.5, 1.5.1
– Cue: Encouragement of the dog to alert

(should be avoided)
PAGE 209 /223
PHYSICAL SECURITY
Dogs in Security
• Detection (continued)…
– Dogs can search

• A 50 yard corridor of lockers in about two minutes
• A vehicle in about 1.5 minutes
• 125 packages in about seven minutes
• 50 boxes in about three minutes
– Open area detection searches

• Started downwind
• Quartering method, or grid, search
– Building detection searches

• Drafts can cause problems
• All distractions, especially people, should be removed
• For buildings and areas, the dog is most effective off-leash so it is not restricted and can search a larger area in less time
– Vehicle detection searches

• Starts from downwind side, works clockwise
• Dog may have difficulty showing alert pose in confined area of a vehicle
• Under the engine compartment is the most difficult area of a vehicle to search
– Aircraft detection searches

• Similar to building searches
• All power must be switched off
• Interior: doors closed, power off
PAGE 210 /223
PHYSICAL SECURITY
Dogs in Security
– Drugs
• Typical scent-masking substances for drugs
– Perfume
– Gasoline
– Formaldehyde
• Typical false alerts for drugs
– Oregano
– Alfalfa
– Parsley
– Spices
– Any substance containing acetic acid can cause a false alert for heroin
• The average drug dog will detect the presence of a half-ounce (14 g) of marijuana or a
small amount of opium in a vehicle, a package, luggage, or a room of reasonable size
– Accelerants
• Dogs have been used to detect accelerants since 1987
• The value of the dog is its ability to discriminate between pyrolysis products (fire debris)
normally found at a fire and pyrolysis products containing an ignitable liquid
• Labrador retrievers are especially adept at this type of detection
• The dog can be 95% accurate
• Training is accomplished with 50% evaporated gasoline
• Dogs can also be used to detect accelerant scents from onlookers, in an effort to
identify the arsonist who has remained behind
• Dogs significantly reduce the time required to perform a fire investigation
PAGE 211 /223
PHYSICAL SECURITY
Dogs in Security
– Explosives
• Explosives that can be detected by dogs
– Commercial dynamite (gelatin, TNT – trinitrotoluene)
– Smokeless powder
– C-4 plastic explosive
– Black powder (powder form, time fuse, safety fuse) and black powder substitutes
– Detonating cord (PETN [polyerythrytoltetranitrate]-based)
– Detonating cord containing RDX (cyclotrimethylene trinitramine)
– Binaries (such as Kinepak)
– Blasting agents
– Cast boosters
– Composition-B
– Emulsions and slurries
– Water gels
– Plastic explosives (such as Semtex)
– Tetryl
– Improvised explosives (ANFO [ammonium nitrate and fuel oil], chlorates, nitrates)
• Items that can cause false alerts in detection dogs (for explosives)
– Nitroglycerin pills or containers
– Back of television (nitrocellulose shellac)
– Blackboard chalk labels (nitrocellulose shellac)
– Grease pencils (nitrobenzene)
– Shoe polish (nitrobenzene or nitrotoluene)
– Pure glycerin (similar to nitroglycerin)
– Maraschino cherries (benzaldehyde)
PAGE 212 /223
PHYSICAL SECURITY
Dogs in Security
• Tracking…
– A tracking or trailing assignment (leasing the dog team) generally costs $1,500 - $2,000 for 24 hours
– Protection dogs are usually not specifically trained in tracking
– To search for a person who missing for some time, a dog specifically trained for such work should be obtained
– A dog can track better in grass and brush because human scent adheres well to those surfaces
– Paved or gravel areas and overpowering scents such as smoke, chemicals, fertilizer, burned grass, or spilled oil
and gasoline impede a dog’s tracking ability
– Human scent remains longer on cool, moist ground and dissipates rapidly in direct sunlight,
on extremely dry ground, and in excessive rain
– Damp sand can hold a scent for 12 hours in favorable weather
– Scents in vegetation and moist air, moderate winds, and no sun

last up to 24 hours (less than 3 hours for the opposite)
– 1.5" or more snow and rain downpours obliterate scents
– Higher temperatures reduce scents faster (early mornings

or late afternoons are best)
– Humidity improves scents

ASIS POA, Vol. 6, Sect. 1.4.4, 1.5, 1.5.1
PAGE 213 /223
PHYSICAL SECURITY
Dogs in Security
• Tracking (continued)…
– Scent cannot pass through trees, bushes, large rocks, and high grass, but must go over, under, or around them
– Perspiration is the most distinctive scent in humans

• Individuals who have been drinking emit a different scent that disagrees with the dogs
• Much perspiration is generated by feet; the scent escapes through shoes and clothing (majority of scent trails are left by feet)
– Tracking dogs can also smell the difference in the turned-up ground and crushed plants
– A trained dog in a boat can scent a person under the water and breathing through a tube
– Dogs with flat noses, such as the mastiff, boxer, and bulldog, are generally not as well suited for tracking
– Housedogs do not make optimal tracking dogs; their smell is diminished by the artificial environment
– Training a dog for tracking and trailing takes about two years and
can usually be done only by an expert
ASIS POA, Vol. 6, Sect. 1.4.4, 1.5, 1.5.1
– Before starting a pursuit, a dog should be fresh and not be excited

• Fresh water can be poured over the nose to wash away dust particles
• The tracking dog's leash is about 10 yards in length

PAGE 214 /223
PHYSICAL SECURITY
Dogs in Security
• Protection…
– During a protective escort, the protected person should be in front of the dog and handler when on foot, and in
the back seat of a vehicle with the dog and handler in the front seat
• Care…
– Feeding, environment, and health care are critical factors in maintaining a healthy, effective dog
• Feeding…
– A dog requires 36 nutrients to remain in good health
• While carnivorous, dogs also need vegetables and cereals
• Like humans, dogs require carbohydrates, fats, proteins,
vitamins and minerals
– Average daily food requirements of dogs

• 150 lb dog: 5.25 lbs of food
• 100 lb dog: 4 lbs of food
– Dogs should be fed once per day, no longer than 20-30 minutes
– Dogs should be trained to refuse food from strangers
– In the United States, if a dog food label indicates the food is “balanced” or “complete,” it meets or exceeds the
standards established by the American Association of Feed Control Officials (AAFCO)
PAGE 215 /223
PHYSICAL SECURITY
Dogs in Security
• Environment…
– Considerations in dog kenneling
• Noise
– Kept to a minimum to ensure dog gets enough rest
– Average sound level <75db per 24 hours
– 150-200 yards from residential or commercial areas
– Natural barriers around kennel to reduce noise and distractions
• Drainage
– Kennels should be above ground on a raised platform with slope underneath
– Drainage must be independent for each kennel to reduce cross contamination
• Water supply
– Approved for human consumption to avoid disease
• Fire protection
– One extinguisher per 2500 sq. ft (class A, water)
• Lighting, ventilation, heat
– Adequate lighting for safe operations at night
– All openings and ventilation must be able to be closed
– Ideal temperature, in general, is between 60 to 75 degrees
Fahrenheit (40% humidity)
• Area around the kennel
– 8' chain link fencing around dog runs - roofed for dogs that
can climb - appropriate signage on the fencing
• Sanitation
– Thoroughly cleaned every day, disinfected periodically
– Droppings should be removed often to avoid contamination,
and always before washing down the kennel
• Maintenance
– Inspect kennel every day, including water containers
• Feeding area
– Clean food preparation area
– Food/water containers cleaned daily
PAGE 216 /223
PHYSICAL SECURITY
Dogs in Security
• Grooming…
– Grooming is essential for the care of the dog, but also aids in bonding
• Daily (preferably)
• Bathing is not part of the normal grooming routine, but necessary occasionally (not excessively)
• Should include inspection of all parts of the dog for indications of illness or injury
– Symptoms of abnormality in a dog's eyes

• Reddish or yellowish discoloration of the membranes and whites of the eyes
• Paleness of the eye membranes
• Whitish or yellowish discharges from the eyes
• Cloudiness or other discoloration of the clear portion of the eyes
• Puffiness of the eyelids
• Partial or complete closure of the eyelids
• Membranes covering more of the cornea than is normal
– Vertical ear canal: The portion of a dog's ear that can be seen
– Horizontal ear canal: Deeper section of the dog's ear that can't be seen
– Indications of abnormality in a dog's ears

• Reddish, swelling, or large discharge in the ear canal
• Foul odor coming from the canals
• Shaking of the head or holding head to one side
• Holding the ear flap down or twitching the ear
• Scratching or pawing at the ear
• Evidence of pain when the ear is touched
ASIS POA, Vol. 6, Sect. 1.3.2, 1.3.3
PAGE 217 /223
PHYSICAL SECURITY
Dogs in Security
• Grooming (continued)…
– Symptoms of abnormality in a dog’s nose
• Persistently dry and dull nose
• Watery, yellowish, or red-tinged discharge
• Sneezing, snorting, and pawing at the nose
– Symptoms of illness in a dog's mouth

• Paleness of the gums
• Sores
• Persistent drooling
• Bloody saliva
• Foul breath
• Gagging or pawing at the mouth
– In cold weather, long-haired dogs should have their paw-hair clipped to ease snow removal and cleaning
• Rock salt and other chemicals can be irritating to the pads of the paws
• If the dog works in areas where ice melting compounds are used, the paws should be thoroughly
rinsed and dried after contact to avoid irritation
PAGE 218 /223
PHYSICAL SECURITY
Dogs in Security
• Grooming (continued)…
– Indications of skin abnormality
• Reddening
• Scabbing
• Persistent scratching
• Shedding that is abnormal for the season or climate
• Loss of hair in one or more spots
• Dryness
• Loss of pliability
– Callus: The area on the outer side of the dog's elbows that is hairless
and thick-skinned, usually about an inch in diameter
– Dogs usually keep their nails at the proper length so the tips of the
nails do not touch the ground when they stand
• Any overly long, broken, or split nails must be given attention
• Handlers should not neglect the nails on the dewclaws—the innermost
claws—since they are not worn down by contact with the ground and may
grow until they curve back into the dog’s leg

http://dog-muzzles-store.co.uk/
PAGE 219 /223
PHYSICAL SECURITY
Dogs in Security
• Healthcare…
– Normal dog temperature ranges is 101 to 102 degrees Fahrenheit

– Common dog diseases
• Canine distemper: Highly contagious, usually fatal, virus-borne (viral), prevented by immunization, airborne transmitted
• Infectious canine hepatitis: Virus-borne, usually young dogs, prevented by immunization, slow recovery, transmitted
through urine
• Leptospirosis ("lepto"): Bacteria-based, inter-species transmission, transmitted through urine, often spread by rodents
• All three diseases include the following symptoms

– Dry nose
– Elevated temperature
– Loss of appetite/weight
– Depression/loss of energy
– Diarrhea/vomiting
– Coughing and thick discharge from eyes/nose
– Muscle stiffness, convulsions
– One of the best indications of a dog’s health is its attitude

PAGE 220 /223
PHYSICAL SECURITY
Dogs in Security
• Healthcare (continued)…
– Rabies: Inter-species transmission through saliva/bites, fatal within ten days of symptoms if not treated, effects
central nervous system, symptoms show in humans 3-6 weeks after bite, includes the following symptoms
• Sudden change in temperament
• Indiscriminate snapping and biting
• Excitement
• Difficulty in swallowing water or food
• Blank expression
• Slack jaw
• Excessive drooling from the mouth
• Paralysis and coma and ultimately death
• Rabid wild animals often lose their fear of humans and domestic animals
– Lyme disease: Spread most often by ticks, mimic's flu-like symptoms or

chronic arthritis, can lead to joint damage, heart and kidney problems,
can be prevented by immunizations
• Disease caused by a "spirochete" transmitted through the tick bite
• Appears in humans to be as simple as the flu or as serious as Alzheimer’s,
and untreated can lead to joint damage and heart and neurological problems
• Normally appears in mid-Atlantic, Northeast, North Central, and Pacific coastal regions of the U.S.
• Greatest chance of infection: May through September
• Not all ticks carry Lyme disease, and quick removal of a tick reduces chances of transmission
– Diseases not preventable through immunizations

• Upper respiratory infections
• Pneumonia
• Gastroenteritis
• These diseases include symptoms similar to canine distemper, infectious canine hepatitis, and leptospirosis
PAGE 221 /223
PHYSICAL SECURITY
Dogs in Security
• Healthcare (continued)…
– Most dog parasites are detrimental to the dog's health, and some can spread diseases to humans
• External parasites
– May be present in great numbers before symptoms show
– Ticks may live up to a year without a host; lice and mites must be on a host to live
– Fleas are the primary cause of tapeworm among dogs
– Biting lice eat skin tissue and sucking lice suck blood
– The dog scratching at ears and cocking its head may indicate the presence of ear mites
– Mange mites live in the dog's skin
• Demodectic mange (red mange) is common in short-haired dogs, includes small areas of hair loss, red/irritated appearance
• Sarcoptic mange (scabies) includes severe itching, irritation, hair loss, can be transmitted to humans
• Internal parasites
– Hookworms live in the dog's intestines, and are among the most harmful internal parasites, 1/2 to 3/4' long, suck blood, can be
swallowed or penetrate the dog's skin to infest it, includes symptoms of pale mouth/eye membranes, loose/bloody stools, weight loss
– Roundworms live in the dog's intestines, 2-8" long, rob the dog of nutrients, cause vomiting, diarrhea, weight loss, coughing
– Whipworms live in the dog's intestines, in between the size of hookworms and roundworms, cause diarrhea, weight loss, pale
mouth/eye membranes
– Tapeworms have many segments and a head, are long and flat like a ribbon, attach to the walls of the intestines, transmitted when
the dog eats fleas or an infected animal, cause diarrhea, loss of appetite/weight and unnoticeable symptoms
– Heartworms live in the heart and lungs of the dog, larvae are called microfilaria that transmit to other animals by being pulled from
the dog's blood by mosquitoes, interfere with heart functions and cause coughing, weight loss, difficulty in breathing, quick loss of
energy
– Non-infectious diseases in dogs

• Arthritis
• Bloating
• Chronic kidney disease
• Allergies
PAGE 222 /223
PHYSICAL SECURITY
Dogs in Security
• Liability…
– Dogs can be viewed as weapons, and as such, can result in criminal liability if caused to attack without
justification
– Dogs can cause civil liability by
• Threatening a person
• Attacking a person
• Causing an accident that causes damages or injury
– Civil liability may arise when the dog is on or off duty
– A dog can be considered dangerous or vicious if the owner or controller knew or should have known of the
dog’s vicious propensities
• A person who controls or possesses a vicious animal must exercise

due care to prevent that animal from causing harm or injury to
innocent people
• A protection dog that has attacked or caused injury in the past—

irrespective of whether the object of the attack was innocent—
is likely to be considered a vicious animal, even if the dog is
trained to be aggressive only on command
• Currently, most cases hinge not on whether the dog was

vicious but on whether its use in the circumstances
constituted reasonable force
PAGE 223 /223
PHYSICAL SECURITY
Dogs in Security
• Liability (continued)…
– A dog can be used to detain a trespasser in a similar manner as the property owner could
• Reasonable force could be used to stop the trespass
• An attack of a trespasser that is unprovoked may constitute unnecessary force, resulting in liability for the handler and
property owner (vicarious liability)
• If the trespasser was seriously injured because he provoked the dog, there would be no liability
– Under the common law doctrine of vicious animals, a provocation that caused the animal to attack would be enough to remove the
animal from the class characterized as vicious
• If the trespasser can prove a true fear that the dog was going to attack, a reasonable defense would be permitted, and the
trespasser may be determined not to have provoked the dog, and the attack may be determined excessive force
– Precautions to avoid liability

• Select the right dog
• Use a qualified trainer and recommended methods
• Control the dog at all times when innocent persons may be harmed
• Ensure notice is given of the dog's presence
• Assume the dog will be considered dangerous/vicious in future litigation
• Maintain adequate liability insurance

PAGE 224 /223
PHYSICAL SECURITY
Practice Test 48 QUESTIONS
• Question 01: Which of the following is NOT one of the systems design
processes?
A. Delivery and maintenance
B. Installation
C. Procurement
D. Design and documentation
E. Planning and assessment
PAGE 225 /223
PHYSICAL SECURITY
• Question 01: Which of the following is NOT one of the systems design
processes?
A. Delivery and maintenance
B. Installation
C. Procurement
D. Design and documentation
E. Planning and assessment
PAGE 226 /223
PHYSICAL SECURITY
• Question 02: What are the three, primary uses of video surveillance systems?
A. Detection, recording, and assessment
B. Monitoring, assessment, and investigation
C. Assessment, documentation,

and investigation
D. Monitoring, investigation, and

review
PAGE 227 /223
PHYSICAL SECURITY
• Question 02: What are the three, primary uses of video surveillance systems?
A. Detection, recording, and assessment
B. Monitoring, assessment, and investigation
C. Assessment, documentation,

and investigation
D. Monitoring, investigation, and

review
PAGE 228 /223
PHYSICAL SECURITY
• Question 03: Which of the following drawing types are chart-like

representations of complete subsystems, such as CCTV or access control?
A. Risers
B. Elevations
C. Plans
D. Schematics
E. Details
F. Hardware schedules
PAGE 229 /223
PHYSICAL SECURITY
• Question 03: Which of the following drawing types are chart-like

representations of complete subsystems, such as CCTV or access control?
A. Risers
B. Elevations
C. Plans
D. Schematics
E. Details
F. Hardware schedules
PAGE 230 /223
PHYSICAL SECURITY
• Question 04: In general, how much more light do color cameras require than
black and white cameras?
A. The same amount
B. Twice as much
C. Three times as much
D. Four times as much
PAGE 231 /223
PHYSICAL SECURITY
• Question 04: In general, how much more light do color cameras require than
black and white cameras?
A. The same amount
B. Twice as much
C. Three times as much
D. Four times as much
PAGE 232 /223
PHYSICAL SECURITY
• Question 05: What resolution is the Common Interface Format (CIF)?
A. 176 x 120 (0.003mp)
B. 352 x 240 (0.08mp)
C. 704 x 480 (0.3mp)
D. 1408 x 960 (1.3mp)
PAGE 233 /223
PHYSICAL SECURITY
• Question 05: What resolution is the Common Interface Format (CIF)?
A. 176 x 120 (0.003mp) (1/4 CIF)
B. 352 x 240 (0.08mp) (CIF)
C. 704 x 480 (0.3mp) (4CIF)
D. 1408 x 960 (1.3mp) (16CIF)
PAGE 234 /223
PHYSICAL SECURITY
• Question 06: The quality of assets protection is a direct function of _________

and ____________.
A. Personnel efficiency and technology effectiveness
B. Skill and education of personnel
C. Local training and supervision
D. Management support
PAGE 235 /223
PHYSICAL SECURITY
• Question 06: The quality of assets protection is a direct function of _________

and ____________.
A. Personnel efficiency and technology effectiveness
B. Skill and education of personnel
C. Local training and supervision
D. Management support
PAGE 236 /223
PHYSICAL SECURITY
• Question 07: What two basic drives are prevalent in dogs used for security
tasks?
A. The protective and loyalty drives
B. The inquisitive and pack drives
C. The protective and hunt drives
D. The hunt and pack drives
PAGE 237 /223
PHYSICAL SECURITY
• Question 07: What two basic drives are prevalent in dogs used for security
tasks?
A. The protective and loyalty drives
B. The inquisitive and pack drives
C. The protective and hunt drives
D. The hunt and pack drives
PAGE 238 /223
PHYSICAL SECURITY
• Question 08: CPTED landscaping guidelines dictate that shrubs should be kept
to a height no greater than ________ and tree limbs should be trimmed up
to ________ in height to promote surveillance.
A. 36 inches, 6 feet
B. 24 inches, 10 feet
C. 32 inches, 8 feet
D. 48 inches, 9 feet
PAGE 239 /223
PHYSICAL SECURITY
• Question 08: CPTED landscaping guidelines dictate that shrubs should be kept
to a height no greater than ________ and tree limbs should be trimmed up
to ________ in height to promote surveillance.
A. 36 inches, 6 feet
B. 24 inches, 10 feet
C. 32 inches, 8 feet
D. 48 inches, 9 feet
PAGE 240 /223
PHYSICAL SECURITY
• Question 09: An entry control subsystem is part of the…
A. Access control system
B. Detection system
C. Visitor management system
D. Personnel control system
PAGE 241 /223
PHYSICAL SECURITY
• Question 09: An entry control subsystem is part of the…
A. Access control system
B. Detection system
C. Visitor management system
D. Personnel control system
PAGE 242 /223
PHYSICAL SECURITY
• Question 10: How many officers are required to fill a 24/7 post?
A. 4.0
B. 4.2
C. 5.0
D. 5.5
PAGE 243 /223
PHYSICAL SECURITY
• Question 10: How many officers are required to fill a 24/7 post?
A. 4.0
B. 4.2
C. 5.0
D. 5.5
PAGE 244 /223
PHYSICAL SECURITY
• Question 11: Which of the following is not one of the three security
deficiencies associated with master keying a lock?
A. Effective master key accountability
B. Key duplication
C. Manipulations are easier
D. Additional maintenance
PAGE 245 /223
PHYSICAL SECURITY
• Question 11: Which of the following is not one of the three security
deficiencies associated with master keying a lock?
A. Effective master key accountability
B. Key duplication
C. Manipulations are easier
D. Additional maintenance
PAGE 246 /223
PHYSICAL SECURITY
• Question 12: What percentage of the total capital security systems installation
expense is typically representative of maintenance and warranty cost?
A. 6%
B. 11%
C. 16%
D. 21%
PAGE 247 /223
PHYSICAL SECURITY
• Question 12: What percentage of the total capital security systems installation
expense is typically representative of maintenance and warranty cost?
A. 6%
B. 11%
C. 16%
D. 21%
PAGE 248 /223
PHYSICAL SECURITY
• Question 13: What is the simplest method of line supervision in an Alarm

Communication and Display (AC&D) system?
A. Minimizing the permissible variance in circuit value
B. Using quasi-random pulses, which must be recognized by the control equipment
C. Utilizing an end-of-line (EOL)

resistor at the sensor
Using shifts in the

transmission frequency
PAGE 249 /223
PHYSICAL SECURITY
• Question 13: What is the simplest method of line supervision in an Alarm

Communication and Display (AC&D) system?
A. Minimizing the permissible variance in circuit value
B. Using quasi-random pulses, which must be recognized by the control equipment
C. Utilizing an end-of-line (EOL)

resistor at the sensor
Using shifts in the

transmission frequency
PAGE 250 /223
PHYSICAL SECURITY
• Question 14: Which of the following is NOT a typical purpose of a barrier?
A. Psychological deterrent
B. Prevents intrusion
C. Channels authorized traffic
D. Explicitly defines territorial

boundaries
E. To prevent views of the facility
F. To prevent placement of

listening devices
PAGE 251 /223
PHYSICAL SECURITY
• Question 14: Which of the following is NOT a typical purpose of a barrier?
A. Psychological deterrent
B. Prevents intrusion
C. Channels authorized traffic
D. Explicitly defines territorial

boundaries
E. To prevent views of the facility
F. To prevent placement of

listening devices
PAGE 252 /223
PHYSICAL SECURITY
• Question 15: In access control, a Type I error rate is…
A. False rejection of a valid user
B. Pass-through rate of more than 500 milliseconds
C. False acceptance of an invalid

user
D. None of the above
PAGE 253 /223
PHYSICAL SECURITY
• Question 15: In access control, a Type I error rate is…
A. False rejection of a valid user
B. Pass-through rate of more than 500 milliseconds
C. False acceptance of an invalid

user
D. None of the above
PAGE 254 /223
PHYSICAL SECURITY
• Question 16: Of the three main characteristics of intrusion sensor performance,

which of the following is NOT one?
A. False Alarm Rate (FAR)
B. Nuisance Alarm Rate (NAR)
C. Probability of detection (PD)
D. Vulnerability to Defeat
PAGE 255 /223
PHYSICAL SECURITY
• Question 16: Of the three main characteristics of intrusion sensor performance,

which of the following is NOT one?
A. False Alarm Rate (FAR)
B. Nuisance Alarm Rate (NAR)
C. Probability of detection (PD)
D. Vulnerability to Defeat
PAGE 256 /223
PHYSICAL SECURITY
• Question 17: Interior application sensors are divided into three categories.
Which of the following is NOT one of these categories?
A. Perimeter sensing
B. Boundary-penetration
C. Interior motion
D. Proximity sensors
PAGE 257 /223
PHYSICAL SECURITY
• Question 17: Interior application sensors are divided into three categories.
Which of the following is NOT one of these categories?
A. Perimeter sensing
B. Boundary-penetration
C. Interior motion
D. Proximity sensors
PAGE 258 /223
PHYSICAL SECURITY
• Question 18: How much light is required at a pedestrian entry point?
A. 0.5 fc
B. 1.0 fc
C. 2.0 fc
D. 5.0 fc
PAGE 259 /223
PHYSICAL SECURITY
• Question 18: How much light is required at a pedestrian entry point?
A. 0.5 fc
B. 1.0 fc
C. 2.0 fc
D. 5.0 fc
PAGE 260 /223
PHYSICAL SECURITY
• Question 19: What percentage of the population cannot be enrolled in an eye

pattern recognition biometric reader due to blindness or other eye issues?
A. 1%
B. 2%
C. 4%
D. 6%
PAGE 261 /223
PHYSICAL SECURITY
• Question 19: What percentage of the population cannot be enrolled in an eye

pattern recognition biometric reader due to blindness or other eye issues?
A. 1%
B. 2%
C. 4%
D. 6%
PAGE 262 /223
PHYSICAL SECURITY
• Question 20: When selecting a video system, use a ________ approach instead
of a components approach
A. Performance
B. Prescriptive
C. Systems
D. Integration
PAGE 263 /223
PHYSICAL SECURITY
• Question 20: When selecting a video system, use a ________ approach instead
of a components approach
A. Performance
B. Prescriptive
C. Systems
D. Integration
PAGE 264 /223
PHYSICAL SECURITY
• Question 21: Which of the following is NOT one of the three categories of
access control?
A. Manual
B. Machine aided
C. Person-controlled
D. Automated
PAGE 265 /223
PHYSICAL SECURITY
• Question 21: Which of the following is NOT one of the three categories of
access control?
A. Manual
B. Machine aided
C. Person-controlled
D. Automated
PAGE 266 /223
PHYSICAL SECURITY
• Question 22: What are the two classes of locks?
A. Mechanical and electronic
B. Electromechanical and electromagnetic
C. Mechanical and

electromechanical
D. Key-operated mechanical and

PIN-operated electronic
PAGE 267 /223
PHYSICAL SECURITY
• Question 22: What are the two classes of locks?
A. Mechanical and electronic
B. Electromechanical and electromagnetic
C. Mechanical and

electromechanical
D. Key-operated mechanical and

PIN-operated electronic
PAGE 268 /223
PHYSICAL SECURITY
• Question 23: Which of the following is NOT one of the biggest causes of
vulnerabilities in a Physical Protection System (PPS)?
A. Improper component selection
B. Improper installation and maintenance
C. Improper operation
D. Improper integration
E. Improper repair
PAGE 269 /223
PHYSICAL SECURITY
• Question 23: Which of the following is NOT one of the biggest causes of
vulnerabilities in a Physical Protection System (PPS)?
A. Improper component selection
B. Improper installation and maintenance
C. Improper operation
D. Improper integration
E. Improper repair
PAGE 270 /223
PHYSICAL SECURITY
• Question 24: Which of the following is not one of the major components of a
lighting system?
A. Lamp (bulb)
B. Luminaire (fixture)
C. Wiring
D. Mounting hardware
E. Electrical power
PAGE 271 /223
PHYSICAL SECURITY
• Question 24: Which of the following is not one of the major components of a
lighting system?
A. Lamp (bulb)
B. Luminaire (fixture)
C. Wiring
D. Mounting hardware
E. Electrical power
PAGE 272 /223
PHYSICAL SECURITY
• Question 25: An effective PPS combines the following into an integrated

system:
A. Electronic, mechanical, and mixed technologies
B. People, technology, and procedures
C. Hardware, software, and

policy
D. Awareness, preparedness,

and response
PAGE 273 /223
PHYSICAL SECURITY
• Question 25: An effective PPS combines the following into an integrated

system:
A. Electronic, mechanical, and mixed technologies
B. People, technology, and procedures
C. Hardware, software, and

policy
D. Awareness, preparedness,

and response
PAGE 274 /223
PHYSICAL SECURITY
• Question 26: CPTED is the design or redesign of a venue to reduce crime

opportunity and fear of crime through what three methods?
A. Natural, artificial, and personal means
B. Natural, mechanical, and procedural means
C. Public, private, and mixed

space usage
D. Automated, mechanical, and

manpower resources
PAGE 275 /223
PHYSICAL SECURITY
• Question 26: CPTED is the design or redesign of a venue to reduce crime

opportunity and fear of crime through what three methods?
A. Natural, artificial, and personal means
B. Natural, mechanical, and procedural means
C. Public, private, and mixed

space usage
D. Automated, mechanical, and

manpower resources
PAGE 276 /223
PHYSICAL SECURITY
• Question 27: The normal temperature of a dog is…
A. 96.5 – 97.5 degrees Fahrenheit
B. 98.0 – 99.0 degrees Fahrenheit
C. 100 - 101 degrees Fahrenheit
D. 101 - 102 degrees Fahrenheit
PAGE 277 /223
PHYSICAL SECURITY
• Question 27: The normal temperature of a dog is…
A. 100 - 101 degrees Fahrenheit
A. 101 - 102 degrees Fahrenheit
PAGE 278 /223
PHYSICAL SECURITY
• Question 28: Which of the following is NOT a way of classifying intrusion

sensors?
A. Passive or active
B. Covert or overt
C. Line-of-site or terrain following
D. Volumetric or point
E. Application
F. High or standard security
PAGE 279 /223
PHYSICAL SECURITY
• Question 28: Which of the following is NOT a way of classifying intrusion

sensors?
A. Passive or active
B. Covert or overt
C. Line-of-site or terrain following
D. Volumetric or point
E. Application
F. High or standard security
PAGE 280 /223
PHYSICAL SECURITY
• Question 29: Layered security for a high rise building includes which three,
general layers?
A. Building walls (outer), access to elevators and stairs (middle), and
individual floors (inner)
B. Property perimeter (outer),

building walls (middle), and
C. Public space (outer),

semi-private space (middle), and
private space (inner)
D. Lobby (outer), elevator

bank (middle), and individual
floors (inner)
PAGE 281 /223
PHYSICAL SECURITY
• Question 29: Layered security for a high rise building includes which three,
general layers?
A. Building walls (outer), access to elevators and stairs (middle), and
B. Property perimeter (outer),

building walls (middle), and
C. Public space (outer),

semi-private space (middle), and
private space (inner)
D. Lobby (outer), elevator

bank (middle), and individual
floors (inner)
PAGE 282 /223
PHYSICAL SECURITY
• Question 30: Even though it can vary depending on the threat vehicle, the
optimum vehicle barrier height is…
A. 24”
B. 30”
C. 36”
D. 48”
PAGE 283 /223
PHYSICAL SECURITY
• Question 30: Even though it can vary depending on the threat vehicle, the
optimum vehicle barrier height is…
A. 24”
B. 30”
C. 36”
D. 48”
PAGE 284 /223
PHYSICAL SECURITY
• Question 31: What are the three main components of an analog video system?
A. Camera, transmission cable, and monitor
B. Camera, lens, and mount
C. Camera, recorder, and monitor
D. Camera, switcher, and monitor
PAGE 285 /223
PHYSICAL SECURITY
• Question 31: What are the three main components of an analog video system?
B. Camera, lens, and mount
C. Camera, recorder, and monitor
D. Camera, switcher, and monitor
PAGE 286 /223
PHYSICAL SECURITY
• Question 32: Cost and power of a two-way radio system is determined by all
but which of the following?
A. Distance required to communicate
B. Barriers in the transmission path
C. Signal interference in the area
D. Model of radios
PAGE 287 /223
PHYSICAL SECURITY
• Question 32: Cost and power of a two-way radio system is determined by all
but which of the following?
A. Distance required to communicate
B. Barriers in the transmission path
C. Signal interference in the area
D. Model of radios
PAGE 288 /223
PHYSICAL SECURITY
• Question 33: A statement of work (SOW) for security officer services should
state all but which of the following?
A. Security tasks
B. Days and hours of performance
C. Who should fill each position
D. Total hours to be worked
PAGE 289 /223
PHYSICAL SECURITY
• Question 33: A statement of work (SOW) for security officer services should
state all but which of the following?
A. Security tasks
B. Days and hours of performance
C. Who should fill each position
D. Total hours to be worked
PAGE 290 /223
PHYSICAL SECURITY
• Question 34: PPS includes…
A. Personnel and weapons
B. Personnel and communications
C. Personnel and procedures
D. Personnel and technology
PAGE 291 /223
PHYSICAL SECURITY
• Question 34: PPS includes…
A. Personnel and weapons
B. Personnel and communications
C. Personnel and procedures
D. Personnel and technology
PAGE 292 /223
PHYSICAL SECURITY
• Question 35: Which camera can see in perfect darkness with no light source?
A. Black and white
B. Night vision
C. Thermal
D. Infrared
PAGE 293 /223
PHYSICAL SECURITY
• Question 35: Which camera can see in perfect darkness with no light source?
B. Night vision
C. Thermal
D. Infrared
PAGE 294 /223
PHYSICAL SECURITY
• Question 36: Which of the following is NOT one of the three CPTED security
zones?
A. Unrestricted
B. Mixed use
C. Controlled
D. Restricted
PAGE 295 /223
PHYSICAL SECURITY
• Question 36: Which of the following is NOT one of the three CPTED security
zones?
A. Unrestricted
B. Mixed use
C. Controlled
D. Restricted
PAGE 296 /223
PHYSICAL SECURITY
• Question 37: Which type of system test is conducted in alternating phases of

testing and evaluation to allow for validation of the tests and corrective
actions?
A. Pre-delivery or factory acceptance tests
B. Site acceptance tests
C. Reliability or availability tests
D. After-acceptance tests
PAGE 297 /223
PHYSICAL SECURITY
• Question 37: Which type of system test is conducted in alternating phases of

testing and evaluation to allow for validation of the tests and corrective
actions?
A. Pre-delivery or factory acceptance tests
B. Site acceptance tests
C. Reliability or availability tests
D. After-acceptance tests
PAGE 298 /223
PHYSICAL SECURITY
• Question 38: What is the most important measure of an Alarm Communication

and Display (AC&D) system?
A. The reliability of the transmission medium
B. The usability of the system to the operator
C. The accuracy of the configured

sensor protocols
D. How well it quickly and clearly

communicates alarm data from
sensors to the system operator
PAGE 299 /223
PHYSICAL SECURITY
• Question 38: What is the most important measure of an Alarm Communication

and Display (AC&D) system?
A. The reliability of the transmission medium
B. The usability of the system to the operator
C. The accuracy of the configured

sensor protocols
D. How well it quickly and clearly

communicates alarm data from
sensors to the system operator
PAGE 300 /223
PHYSICAL SECURITY
• Question 39: Communications by laser can be utilized in security systems for up

to what distance (line of site – LOS)?
A. 4 miles
B. 20 miles
C. 1000 feet
D. 328 feet
PAGE 301 /223
PHYSICAL SECURITY
• Question 39: Communications by laser can be utilized in security systems for up

to what distance (line of site – LOS)?
A. 4 miles
B. 20 miles
C. 1000 feet
D. 328 feet
PAGE 302 /223
PHYSICAL SECURITY
• Question 40: A security officer post is any location or combination of activities

for which a trained human being is necessary. Which of the following is NOT
one of the three key concepts of this approach?
A. A location or combination of activities
B. Necessary human being
C. Necessary equipment
D. Training and competence to

accomplish the required activities
PAGE 303 /223
PHYSICAL SECURITY
• Question 40: A security officer post is any location or combination of activities

for which a trained human being is necessary. Which of the following is NOT
one of the three key concepts of this approach?
A. A location or combination of activities
B. Necessary human being
C. Necessary equipment
D. Training and competence to

accomplish the required activities
PAGE 304 /223
PHYSICAL SECURITY
• Question 41: Lighting ratios in parking lots should not exceed…
A. 2:1
B. 4:1
C. 6:1
D. 1:1
PAGE 305 /223
PHYSICAL SECURITY
• Question 41: Lighting ratios in parking lots should not exceed…
A. 2:1
B. 4:1
C. 6:1
D. 1:1
PAGE 306 /223
PHYSICAL SECURITY
• Question 42: The efficiency of the security force depends on…
A. The integration of technology with manpower
B. The proper selection of security officers
C. The appropriateness of training
D. the adequacy and skill of its

supervisors
PAGE 307 /223
PHYSICAL SECURITY
• Question 42: The efficiency of the security force depends on…
A. The integration of technology with manpower
B. The proper selection of security officers
C. The appropriateness of training
D. the adequacy and skill of its

supervisors
PAGE 308 /223
PHYSICAL SECURITY
• Question 43: Whether manual or electronic in format, security logs generally

fall into what two classes?
A. Daily and roll-up reports
B. Incident and rolling logs
C. Event logs and operational logs
D. The main log and the post log
PAGE 309 /223
PHYSICAL SECURITY
• Question 43: Whether manual or electronic in format, security logs generally

fall into what two classes?
A. Daily and roll-up reports
B. Incident and rolling logs
C. Event logs and operational logs
D. The main log and the post log
PAGE 310 /223
PHYSICAL SECURITY
• Question 44: Which camera can see in perfect darkness but requires a light
source outside the visible spectrum?
B. Night vision
C. Thermal
D. Infrared
PAGE 311 /223
PHYSICAL SECURITY
• Question 44: Which camera can see in perfect darkness but requires a light
source outside the visible spectrum?
B. Night vision
C. Thermal
D. Infrared
PAGE 312 /223
PHYSICAL SECURITY
• Question 45: CPTED strategies include management and maintenance,

legitimate activity support, and compartmentalization – but in addition, and at
a more basic level, these strategies include…
A. Natural access control, natural surveillance, and natural territorial reinforcement
B. Mechanical space protection,

personnel assignment, and
technology backbone
C. Architectural design, natural

enhancements with protective
undertones, and space
ownership
D. Natural access control, zone

reinforcement, and personnel
awareness
PAGE 313 /223
PHYSICAL SECURITY
• Question 45: CPTED strategies include management and maintenance,

legitimate activity support, and compartmentalization – but in addition, and at
a more basic level, these strategies include…
A. Natural access control, natural surveillance, and natural territorial reinforcement
B. Mechanical space protection,

personnel assignment, and
technology backbone
C. Architectural design, natural

enhancements with protective
undertones, and space
ownership
D. Natural access control, zone

reinforcement, and personnel
awareness
PAGE 314 /223
PHYSICAL SECURITY
• Question 46: What are the three main components of a digital video system?
B. Camera, PC/software, and recorder
C. Camera, digital transmission

medium, and PC/software
D. Camera, switch, and

PC/software
PAGE 315 /223
PHYSICAL SECURITY
• Question 46: What are the three main components of a digital video system?
B. Camera, PC/software, and recorder
C. Camera, digital transmission

medium, and PC/software
D. Camera, switch, and

PC/software
PAGE 316 /223
PHYSICAL SECURITY
• Question 47: Of the eight classes of dogs, which two are typically used in
security?
A. Sporting and hound dogs
B. Working and herding dogs
C. Non-sporting and working dogs
D. Toy and terrier dogs
PAGE 317 /223
PHYSICAL SECURITY
• Question 47: Of the eight classes of dogs, which two are typically used in
security?
A. Sporting and hound dogs
B. Working and herding dogs
C. Non-sporting and working dogs
D. Toy and terrier dogs
PAGE 318 /223
PHYSICAL SECURITY
• Question 48: Safes less than what weight are considered “portable?”
A. 250 lbs
B. 500 lbs
C. 750 lbs
D. 1000 lbs
PAGE 319 /223
PHYSICAL SECURITY
• Question 48: Safes less than what weight are considered “portable?”
A. 250 lbs
B. 500 lbs
C. 750 lbs
D. 1000 lbs

Cert Review, CPP, 2018, Domain 5

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cert Review, CPP, 2018, Domain 5

Uploaded by

Copyright:

Available Formats

A Comprehensive Study Guide for the

CERTIFIED PROTECTION PROFESSIONAL (CPP)

Study Guide for the

ASIS GDL FPSM-2009, Sect. 1.2

• Crime Prevention Through Environmental Design (CPTED)…

ASIS GDL FPSM-2009, Sect. 3.1.1

– CPTED is a crime prevention theory grounded in environmental

• Carefully designed places such as buildings, parks, parking lots,

– At its core, CPTED is based on common sense, and a heightened

– When designing new or renovating existing

• Local crime prevention officers

ASIS POA, Vol. 2, Sect. 3.1

• The CPTED approach focuses on…

• Methods for implementing CPTED…

– Broken Windows Theory

– Types of CPTED security zones

– The territoriality of desired site users is

– More legitimate users = more natural

– Deterrence is achieved through measures that potential

ASIS POA, Vol. 2, Sect. 3.2.4

– For the security professional, CPTED is a set of management tools targeting

– Whenever possible, security planning should begin during site selection

– CPTED is intended to be integrated throughout the construction process

– Typical design implications related to people in a new building

• What can the users do in the building? (tasks, recreation, work)

• When do the users arrive and leave? (shifts or other patterns)

• Where can users go in the building? (horizontal, vertical)

• How can the users get there? (access methods, circulation)

– Questions to be answered relative to information stored or managed in a new building

• How transportable and transferable is the information?

• When is the information accessible or vulnerable (and for how long)?

• Where is the information accessible or vulnerable?

• How can the information legitimately and illegitimately be acquired or compromised?

• Eliminate potential hiding places near the facility

• Eliminate lines of vehicular approach perpendicular to building

• Minimize the number of vehicle access points

• Eliminate or strictly control parking beneath facilities

• Locate parking as far from the building as practical,

• Illuminate the building exterior

• Secure access to power or heat plants, gas mains,

ASIS POA, Vol. 2, Sect. 3.2.7

• Campus borders are poorly defined

• Informal gathering areas are out of sight

• The building layout produces isolated spots

• Bus loading conflicts with car traffic

• Student parking lots are farthest from the building

• Street parking by students creates conflict with

• Parking areas are obscured by plantings

• Locker areas create confusion and facilitate the

• The overuse of corridors creates blind spots

• Restrooms are located away from supervision

ASIS POA, Vol. 2, Sect. 3.2.5

– Landscaping considerations in CPTED

• Plants’ growth rates and maintenance requirements must be considered

– Lighting for security should be from the tops of trees downward

• Open-walled, upper levels to allow natural surveillance and permit

• Egress-only exterior pedestrian doors

• Three foot or higher shrubs/trees should be 10 to 15 feet from the structure

• One vehicle entry/exit should be used if possible (based on traffic volume)

• The use of multiple vehicle entries/exits requires attendant booths,

• Pedestrian pathways should pass attendant booths for natural surveillance

• Booths should have 360 degree visibility, and a means of communication

• No public restrooms, but if necessary, should be within view of the booth

• Round instead of square columns (visibility)