Lesson 3

The concept of Security

Learning Objectives

At the end of this chapter, the student will be able to:

● Define security;
● Explain the concepts of asset, risk, threat and vulnerability;
● Enumerate the categories of security; and
● Discuss the importance of private security in organizations.

Security is important to everyone. It is important to individuals such as

a homeowner who wants to protect valuable items in his house, a
parent who does not want her child to be harmed while in school,
an employee who wants to save for a comfortable retirement, or an
online shopper who wants to purchase a gadget via the internet.

It is also important to private companies such as a jewelry store that

keeps diamonds in storage, a law firm that holds incriminating
evidence against a drug lord, or an internet company that requires
personal information and passwords from its users. Of course, it is also
very important to governments that maintain military forces, use
intelligence services, legislate civil defense policies, and implement
emergency preparedness measures to serve and protect its citizens.

DEFINITION OF SECURITY
Lesson 3

The word secure is derived from the Latin securus which mean:

"safe" or "without care," or from se cura, wherein se means "free from

and cura means "care."

To be secure could mean many different things. It could means

being free from danger, risk, injury, fear, trouble, doubt or anxiety
Being secure could also refer to being dependable, strong, good,
impregnable or inviolable. Or simply, it could mean having peace of
mind.

Security can be defined as the degree of protection or resistance

against harm, danger, loss, and criminals. As a form of protection, t
includes structures and processes that provide or improve security as
a condition.

The Institute for Security and Open Methodologies (ISECOM) is an

open community and a non-profit organization that published in 200!
the Open Source Security Testing Methodology Manual (OSSTMM),
peer-reviewed manual of security testing and analysis. OSSTMM 3
was released in 2010, defining security with the following
explanation:

For a threat to be effective, it must interact either directly or

indirectly with the asset. To separate the threat from the asset is to
avoid a possible interaction. Therefore, it is possible to have total
(100%) security if the threat and the asset are completely separated
from each other. Otherwise, what you have is safety of the asset
which is provided by the controls you put on the asset or the degree
to which you lessen the impact of the threat.
Lesson 3

For example, to be secure from lightning, one must move to where

lightning can't reach such as deep in a mountain.

Threats which can't be separated from the assets must be

made safer so that their interactions and any effects from
interactions do little or no harm. In this same example, to be safe
from lightning, one must stay indoors during storms, avoid windows or
other openings, and use lightning rods on the roof.

Therefore, under the context of operational security, we call security

the separation of an asset and a threat and safety supplied).

Related Concepts

Understanding the concept of security requires further definition of

other related concepts such as asset, risk, threat and vulnerability.

An asset is anything tangible or intangible that is capable of being

owned or controlled to produce value. If it has positive economic
value,it is considered an asset. Or more simply, if its value can be
converted into cash, it is an asset (Sullivan & Sheffrin, 2003).

From a business perspective, here are some examples of assets:

Physical assets: These are tangible assets that have a physical form.
Examples include:

● Real estate properties: Buildings, land, warehouses, or offices

owned by the business.
Lesson 3

● Machinery and equipment: Manufacturing equipment,

vehicles, tools, or computers used in the business operations.
● Inventory: Products or raw materials that the business has in
stock to sell or use in production.

Financial assets: These are intangible assets that represent a claim

to future monetary benefits. Examples include:

● Cash and cash equivalents: Money held in bank accounts or

short-term investments.
● Accounts receivable: Amounts owed to the business by its
customers for products or services provided on credit.
● Investments: Stocks, bonds, or other securities owned by the
business.

Intellectual property: These are intangible assets that are created

through intellectual or creative efforts. Examples include:

● Patents: Exclusive rights granted to the business for an

invention or innovation.
● Trademarks: Distinctive symbols, logos, or names associated
with the business and its products.
● Copyrights: Rights granted to protect original works of
authorship, such as books, music, or software.

Goodwill: This is an intangible asset that represents the reputation,

customer loyalty, and brand value of a business. It is the difference
between the purchase price of a company and the fair market
value of its net assets.
Lesson 3

Risk is the uncertainty of financial loss, the probability that a loss has
occurred or will occur, the variations between actual and expected
results, or the possible occurrence of an undesirable event. The end
result of risk is loss or a decrease in value (Sennewald, 2003).

Cybersecurity Risk: In today's digital world, businesses face the risk of

cyberattacks, such as hacking, data breaches, or ransomware
attacks. The uncertainty of these events occurring represents the risk.
To mitigate this risk, businesses employ cybersecurity measures like
firewalls, encryption, regular software updates, and employee
training on safe online practices.

Fire Risk: Fire poses a significant risk to both residential and

commercial properties. The uncertainty of a fire breaking out
represents the risk. To mitigate this risk, fire safety measures are
implemented, such as installing smoke detectors, fire extinguishers,
sprinkler systems, and conducting regular fire drills.

Employee Security Risk: Businesses may face risks related to the

behavior and actions of their employees. This can include theft,
unauthorized access to sensitive information, or workplace violence.
The uncertainty of such events occurring represents the risk. To
manage this risk, organizations implement personnel security
measures, such as background checks, access control systems,
surveillance cameras, and employee training on security protocols
and ethical conduct.
Lesson 3

Threat and vulnerability are sometimes interchangeably used with

risk.

A threat is anything that could adversely affect assets; it can be

classified into natural hazards (such as floods), accidents (chemical
spills), or intentional acts (domestic or international terrorism).

A threat refers to anything that has the potential to harm or

negatively impact assets. It can be categorized into different types:

Natural Hazards: These are threats that arise from natural events or
disasters. Examples include floods, earthquakes, hurricanes, wildfires,
or severe weather conditions. These events can cause damage to
property, disrupt operations, and pose risks to the safety of people.

Accidents: Accidental threats are unplanned events that can lead

to harm or damage. For example, a chemical spill in a factory, a fire
caused by electrical faults, or a transportation accident involving
hazardous materials. Accidents can result in injuries, property
damage, environmental pollution, and other negative
consequences.

Intentional Acts: Intentional threats involve actions that are

deliberately carried out with the intention to cause harm or
disruption. This includes acts of terrorism, vandalism, theft, or
cyberattacks. Intentional threats can target individuals,
organizations, or society as a whole, and they can have severe
consequences in terms of loss of life, destruction of property, or
disruption of critical infrastructure.
Lesson 3

Vulnerability means weakness, flaw, or virtually anything that may

conceivably be exploited by a threat; examples are holes in a
fence, an out-of-date key system or the introduction of a computer
virus (Sennewald, 2003).

Inadequate Security Measures: If a building or property lacks proper

security measures like locks, alarms, or surveillance systems, it
becomes more vulnerable to potential threats like theft or
unauthorized access.

Lack of Disaster Preparedness: If a business or individual is

unprepared for natural disasters or accidents, such as not having
emergency plans, evacuation routes, or backup systems, their
vulnerability to the associated threats increases.

Weaknesses in Information Systems: In the digital age, vulnerabilities

in computer networks, software, or data storage systems can make
organizations more susceptible to cyberattacks or data breaches.
Lack of regular software updates, weak passwords, or insufficient
data encryption can all contribute to vulnerabilities.

Categories of Security

The concept of security is so wide that categorization is necessary for

better understanding and analysis. The three main categories
covered in this book include:

1. Physical Security - pertains to all physical barriers employed or

installed to secure assets
Lesson 3

2. Personnel Security - refers to the procedure followed, inquiries

conducted, and criteria applied to determine the work suitability of
a particular applicant or the retention of a particular employee

3. Document and Information Security - refers to policies, regulations,

doctrines, and practices enforced to safeguard the contents and
integrity of any classified information or document from compromise
or loss

The three main categories enumerated above will be discussed

more lengthily in Part Two of this book.

Political security is another category that relate to social relationships

involving governments or entities that hold authority or power. This
includes issues of security in the public, national or international level,
as enumerated below.

1. Public security refers to the way governments are ensuring the

protection of its citizens, organizations and institutions against threats
to their well-being, as well as maintaining the general security and
peace in public places. This includes security against problems that
have a direct impact on people's lives, such as gang violence,
cybercrime, or trafficking of illegal drugs and firearms.

2. National security is the requirement to maintain the survival of a

state through the use of economic power, diplomacy, and political
power. Security threats include military foes from other nations, big
drug cartels, or even national disasters that cause severe
environmental damage.
Lesson 3

3. International security consists of the measures taken by nations

and international organizations to ensure mutual survival and safety.
Examples of measures are military actions and diplomatic
agreements.

In the private sphere, security can be even further categorized, as

shown below.

1. Industrial security is a form of physical security involving industrial

plants and business enterprises. This involves the safeguarding of
personnel, processes, properties and operations.

2. Bank and armor security involves the protection resulting from the
application of various measures which safeguards

cash and assets in storage, in transit, or during transaction

3. Hotel security involves using various measures of protection for the

guests, personnel properties and functions in hotels, restaurants, bars
and clubs.

4. V.I.P. security involves the protection of top-ranking officials of the

government, visiting persons of illustrious standing and foreign
dignitaries.

5. Operational security involves the protection of processes, formula,

patents and industrial and manufacturing activities from espionage,
infiltration, loss, compromise or infringement.

6. Communication security involves the safeguard resulting from the

application of different measures which prevent or delay the enemy
Lesson 3

or unauthorized person from gaining information through

communication including transmission and cryptographic.

7. Mall/ commercial security is the degree of protection against

danger, loss, and crime inside malls. As a form of protection, it refers
to systems, structures and processes that provide or improve mall
security as a condition.

Security Management in Organizations

Security management has become an essential feature of

corporate activity; there is almost no organization without a team
dedicated to managing issues of security. We usually see shopping
malls, entertainment venues and banks policed by private armies
which we call security guards. The presence of these uniformed staff
represents the company's ability to respond to or deter threats. This,
however, is only part of the security measures employed by
companies against threats posed by opportunistic criminals, its rival
organizations, or even its own saboteur employees. Other security
measures may include the installation of CCTVs, sophisticated alarm
systems, policies against workplace bullying and harassment,
employee screening, emergency planning, and other measures that
enable individuals and organizations to carry on with their business
free from danger.

Indeed, security has a policing function in organizations. In fact,

illegal practices in the workplace have become an established
theme in criminology studies. These crimes involve not only the
robberies and shootouts inside malls or kidnappings in schools that
we hear in the news. It involves high-stakes corporate crimes such as
Lesson 3

tax evasion and money laundering, fraud, bribery, workplace

harassment, or even those similar to street crimes such as thieves
sneaking inside offices.

With corporate crime becoming a growing area of concern, the

increasing role of private security in crime prevention is becoming
more evident. This further highlights the need for increased
competence and professionalism among security personnel so that
they can effectively play their important role of risk prevention and
management in the organization. This new breed of uniformed
individuals who are armed with education and training, equipped
with reliable and highly technical gadgets, and well-informed with
their moral and ethical obligations has now taken over the business
of ensuring the security of the most important assets of organizations.
 PHYSICAL SECURITY
Learning Objectives

At the end of this chapter, the student will be able to:

● Define physical security;

● Explain the purpose and advantages of physical barriers;
● Explain the three lines of defense and enumerate examples;
● Illustrate protective alarm sensors; and
● Characterize protective lighting and enumerate examples.

Physical security refers to a logical set of tangible elements and

measures adopted to prevent unauthorized access to
equipment, facilities, materials, documents, and personnel.

The objective is to protect these assets from damage,

compromise and loss. In short, it is a system of barriers placed
between the potential intruder and the object to be protected.
For example, a fence can slow down an intruder, sensors can
send alarms, and protective lighting can make the intruder
visible to patrolling security personnel.

There is a wide variety of factors to consider in ensuring

physical security. Measures include safeguards such as lighting,
fences, lock and key systems, personnel identification and
visitor control. Other factors to consider may refer to the nature
of the target or the asset being protected. It could be a physical
object like very expensive jewelry, a non-physical object like the
formula for San Miguel Beer, a human object like the chief
justice or a group of high-profile tourists vacationing in
Boracay, or even a structure like the Malacañang Palace.
Principles of Physical Security
In considering the appropriate security measures, the following
principles should be considered.

1. The type of access necessary depends on the number of

variable factors, thus, may be obtained in different ways.
2. There is no such thing as an impenetrable barrier.
3. The installation of a barrier varies from another.
4. There is defense in barrier depth.

Factors in Selecting Security Safeguards

The following are factors that should be considered in

determining the physical security needs of a facility (Fay, 2006).

1.Site Characteristics

Selection of safeguards can be influenced by the nature of the

site such as the size, layout, utilities, internal activities and
assets in the site. Other factors may include company
philosophy and workforce culture.

2. Environment

This refers to the area surrounding the facility. A bank inside a

large commercial complex in Makati City will require safeguards
different from those required for an exclusive beach resort in an
island in Cebu or a factory of fireworks in an isolated area in
Bulacan. For example, the bank may opt for electronic locks and
sensors, the resort may require a specially secured boat access,
and the fireworks factory may go with a perimeter fence.

3. Forces of Nature

Also, at play in the selection of safeguards are the environment's

climate, weather, and natural forces. Certain detection sensor
devices may not work well in extreme temperatures and are
vulnerable to floods and earthquakes.

4. Crime

Crime patterns must be considered in selecting the necessary

countermeasures, Decisions should be preceded by a risk
assessment that includes a study on the nature, intensity, and
repetitiveness of criminal acts that have occurred in or near the
facility during the recent past.

Terrorism is also an important factor for certain facilities that

may be considered targets of terrorist groups such as airports,
tourist destinations, research laboratories and government
buildings.

Physical Barriers
A barrier is a natural or manufactured obstacle to the
movement of persons, animals, vehicles, or materials. It defines
physical limits to and delays or prevents penetration of an area
(POA Publishing LLC,2003).

It is impossible to build a barrier that cannot be compromised.

A clever and determined intruder with plenty of time, money and
imagination can quite possibly penetrate any structural barrier.
Hence, intelligently designing layers of barriers is considered an
effective measure to ensure physical security. The idea is to
cause as much delay as possible by designing a series of layers,
or concentric circles, so that highly protected assets are within
a configuration of multiple barriers.

A concentric protection of a high-security facility allows for

several rings of barriers, as explained by John J. Fay in his book
Contemporary Security Management:
 “...The overall security scheme features several rings of
security that in the abstract look like a shooting target.

The outermost ring, which is at or on the far edge of the

perimeter, might be a clear zone in which the approach of
an intruder or intruder force can be seen by human and/
or electronic means. The next ring might be a wall or fence,
and then another wall or fence. Supplementing the walls or
fences might be guard posts, patrols, detection sensors,
CCTV cameras, and security lighting. The next ring might
be sentry-protected and electronically controlled doors to
a building or a complex of buildings.

Within the building might be another ring of security

consisting of access-controlled exclusion areas, and yet
another ring within the exclusion areas might consist of
safes, vaults, and similar containers, inside of which might
be motion-detection devices. The theory operates on the
simple premise that an attempted intrusion will have a
lesser chance of success when multiple layers of protection
stand in the way." (Fay, 2006)

Advantages of Physical Barriers

1. Physical barriers become a psychological deterrence when
a potential intruder is discouraged from accessing a
facility because the barriers appear to present difficulties.
2. Actual difficulty in getting through physical barriers.
3. Reducing the cost of security staffing by substituting
barriers for people and placing security posts in locations
that complement barriers.
Purpose of Physical Barriers
1. To control the movement of people and vehicles into, out
of, and within the facility.
2. To segregate or compartmentalize sensitive areas.
3. To provide physical protection to objects, materials, and
processes of critical nature.

General Types of Physical Barriers

1. Natural Barriers include bodies of water, mountains,
marshes, ravines, deserts, or other terrain that are difficult
to cross.
2. Structural Barriers are man-made barriers such as fences,
walls, floors, roofs, grills, bars, roadblocks, or other physical
means. A structural barrier physically and psychologically
deters or discourages the undetermined, delays the
determined and channels the flow of authorized traffic
through entrances.

Other Types of Physical Barriers

1. Human Barriers

The guard force as a human barrier is the key element in

any security system. Without it, all other protective devices -
mechanical, electrical or electronic - would be useless. The
electric device may sound the alarm, the CCTV may spot the
culprit, or the micro-computer may trigger a red button as a
sign of intrusion, but it is the guard who will respond and
initiate the needed security action.

2. Animal Barriers

The most common of animal barriers are dogs known as

the K-9 team. The number of dogs to be used relies on the size
and kind of installation being secured. The most popular breed
is the German shepherd. If trained correctly, the K-9 can detect
even hidden drugs and firearms, thus, their prevalent use in
sensitive entrances like airports, malls and public transport
such as the MRT.

Among rural residences, another effective animal barrier is

the goose barrier. It is common knowledge that geese are not as
ferocious as dogs, but they can easily call the attention of their
owners at the first sign of a would-be intruder through their
loud hissing sound.

First Line of Defense: The Perimeter Barrier

The usual starting point in assessing risk at a facility is the
perimeter. The major purpose of the perimeter as a barrier is to
deny access or exit of unauthorized persons.

Purpose of the Perimeter Barrier

● To define the boundary of the property to be secured
● To create a physical and psychological deterrent to
unauthorized entry
● To delay intrusion, thus facilitating the apprehension of
intruders
● To assist in a more efficient and economical employment of
guards
● To facilitate and improve the control of pedestrian ana
vehicular traffic

Types of Perimeter Barriers

1. Wire Fences (Solid or Full-View)
1.1 Chain Link Fence

● Must be constructed of 7-foot material excluding top

guard.
● Must be of 9-gauge or heavier
● Mesh openings are not to be larger than 2 inches per side
● Should be a twisted and barbed selvage at top and bottom
● Must be securely fastened to rigid metal or reinforced
concrete
● Must be reached within 2 inches of hard ground or paving
● On soft ground, must reach below surface deep enough to
compensate for shifting soil or sand.

1.2 Barbed Wire Fence

● Standard barbed wire is twisted, double-strand,

● 12 gauge wire with 4-point barbs spaced at an equal
distance apart
● Must be less than seven feet high, excluding top guard
● Must be firmly affixed to post not more than six feet apart
● The distance between strands must not exceed 6 inches
and at least one wire will be interlaced vertically and
midway between posts.

1.3 Concertina Wire Fence

● Standard concertina barbed wire is a commercially

manufactured wire coil of high strength steel barbed wire
clipped together at intervals to form a cylinder.
● Opened concertina wire is 50 feet long and 3 feet in
diameter

1.4 The Top Guard

● A top guard is an overhead of barbed wire along the top of

the fence, facing outward and upward at an approximately
45-degree angle.
 ● Top guard supporting arms will be permanently affixed to
the top of the fence posts to increase the overall height of
the fence at least one foot.
● Three strands of barbed wire spaced 6 inches apart must
be installed on the supporting arms.

1.5 Clear zones

● A clear zone of 20 feet or more should exist between the

perimeter barrier and exterior structure, parking areas
and natural or man-made features.
● A clear zone of 50 feet or more should exist between the
perimeter barrier and structures within the protected
areas except when a building wall constitutes part of the
perimeter barrier.

2. Building Walls
Walls, floors, roofs or their combinations serve also as
barriers and must be of such construction to provide uniform
protection just like the wire fencing.

Masonry walls' height must be the same that of the chain

link and surmounted by the barbed wire top guard, if the height
of the masonry is less than the prescribed, additional chain link
as "topping" is placed to attain the minimum requirements. Walls
can be made of stone slabs with posts at regular intervals to
prevent the wall from collapsing.

3. Bodies of Water
Bodies of water like rivers, lakes, marsh, ponds or other
bodies of water forming part of the wall, building or fencing
should never be considered an adequate natural perimeter
barrier. Additional security measures like wire fence, concrete
walling, security patrolling and floodlighting at night may be
necessary for the portion of the perimeter.
Second Line of Defense: Building Exteriors
Building surfaces such as walls, ceilings, floors and roofs
are not constructed primarily as security barriers, but they have
the potential to deter penetration. The following is a list of
building exteriors and their construction and vulnerability, as
discussed in the Asset Protection and Security Management
Handbook (POA Publishing LLC, 2003).

Roofs
The roof usually has sheathing placed over the rafters;
often horizontal wooden boards placed flush on the rafters.
Sheathing may be covered with felt or other insulating material,
and these foundation layers covered with shingles, metal sheet,
tar paper, tile or other weather-resistant material.

Exterior Walls
Exterior walls may be similarly constructed, with sheathing
placed diagonally on vertical studs and covered with sheathing
paper. This is usually topped with an exterior material such as
stucco, or siding composed of overlapping horizontal boards or
vinyl siding. Exterior surfaces of buildings constructed of such
materials as brick, concrete block, stone block, cinder block or
reinforced concrete offer greater resistance to penetration than
those made of wood.

Concrete Structures
An ordinary concrete building wall, because of its rugged
and formidable appearance, may give the impression that it
offers good protection against penetration, but may not.
Standard poured concrete or concrete block walls are utilized
to support structural loads or are used as curtain walls to
enclose spaces between load bearing walls, but are not
normally designed to prevent or delay penetration. Concrete
walls that are six inches or less in thickness are vulnerable to
penetration with hand tools and small amounts of explosives.

For example, bolt cutters can be used to cut the small-size

reinforcing bars (rebar) — usually number four or less —
sometimes used in four-inch-thick concrete walls. Four-inch
concrete walls are not load bearing, are used principally to
curtain spaces between columns, and offer little protection
against even moderate force.

Eight-inch-thick, reinforced concrete walls are found in all

types of structures. They are load bearing and cannot easily be
penetrated with hand tools alone. However, small amounts of
explosive, supplemented by hand tools can quickly penetrate
them. Walls thicker than eight inches are usually found in vault
construction.

Standard concrete block walls, without reinforcing

material, are easily penetrated with hand tools, power tools or
explosives. The strength of these walls can be increased
materially by filling the hollow cores with concrete or by
installing rebar.

Floors
Wooden floors normally have flush sheathing covering the
joists diagonally. This surface may then be covered with
building paper and flooring such as tile, cork, rubber, linoleum,
or wood.

Floors may also be constructed of poured concrete, which

may be reinforced with steel rods. A concrete floor may be used
without any covering or may be covered with wood, tile,
linoleum, or carpet. The floor may be a concrete slab poured
directly onto the ground, or it may be on a foundation, raising it
above the ground and leaving a space underneath for an
intruder to penetrate the floor surface.

Interior Walls
Interior walls and ceilings may be constructed of lath and
plaster.

However, prefabricated sheets and panels of material such

as plasterboard have become, in recent years, a popular
method of interior wall and ceiling construction. The joining
edges of the material are sealed with paper or fabric tape and
are then sealed with a plaster covering. After installation,
surfaces constructed of such material resemble plaster. Plywood
or other types of wooden paneling may also be used and are
usually attached to the studs or rafters. The vertical joining
edges may be covered by narrow wooden strips.

Ceilings
Ceilings may be covered with acoustic or decorative tile. It
is a common modern building technique to construct ceiling
plenums. that do not have security barriers between rooms and
areas. As a result, an intruder who can gain access to the
plenum space can work from there to achieve access to rooms
or spaces below.

Doorways
Doorways, including the frame, jambs and stops, are
constructed of either wood or metal. Doorways are of two
general applications: personnel and vehicular.

Personnel doorways, in both outer and inner building walls,

may be single or double. They are usually fastened by hinges to
the door jamb on one side and equipped with a latch and
perhaps a lock on the other side. Sliding doors and folding
doors may also be used. Folding personnel doors are ordinarily
installed in the interior of a building and are often intended to
deny visual rather than physical access.

Vehicular doorways may also serve as entrances and exits

for personnel. Double doors are often used because of the size
of the openinge. They may be hinged on the outside on jamb
edges and secured with a locking device where the inner edges
of the doors meet in the center. Siding or rolling doors, single or
double, may also be used. They may move horizontally or
vertically on tracks or rollers. Folding doors that fold in hinged
sections are another option. Regardless of the design or the
size, doors have weaknesses.

A door is often much weaker than the surface into which it

is set. Sometimes, the door is hollow core, or constructed of
comparatively thin wooden or glass panels between the rails
and stiles, and the panels may be easy to remove.

The door frame may also be a weak spot if it is not properly

installed. If the frame is wood, it is usually installed by nailing
the doorjamb to the wall studs, after which the doorstop is
nailed to the jamb. If this installation is not correctly done, the
piece-by-piece construction may allow thin shims or levers to be
inserted so that the lock bolt can be disengaged. In addition,
most doors are installed by a carpenter, not a locksmith.
Carpenters are generally more concerned with the swing of the
door rather than the effective function of the locking
mechanism.

An all-metal door does not cause such a problem if properly

installed.

However, the door frame must be of sufficient strength that it

will not allow the door to be pried out of the frame or allow the
bolt in the lock to be released.

If not correctly installed, hinges may contribute to the

weakness of a door. For example, if hinges are surface mounted
so the mounting screws or hinge pins are exposed on the
exterior surface of the area being protected, intruders can
quickly remove the screws or pins and gain entrance by opening
the door from the hinged side and replace the door as they
leave. There would be no evidence of penetration if the removal
and replacement were done carefully. Hinges should be
installed so that the screws are concealed, and the hinge pins
are on the interior. The hinge pins can also be welded or flanged
to prevent removal. Surface-mounted hinges are sometimes
installed with bolts extending through the door. Removal of
these bolts is possible even from the bolt head side if sufficient
pull is exerted. The threaded end of the bolt can be peened to
eliminate this hazard.

Windows
Windows are designed to provide ventilation, natural
illumination or visual access through a wall, or any combination
of the three. Most windows are equipped with clear glass and
can often be opened to provide access. Other windows, in areas
where it is necessary to deny visual access, are glazed with
frosted, pebbled or other opaque or translucent glass. Picture
windows or those installed in air-conditioned buildings are
permanently fixed in place. While they allow illumination and
visual access, they do not open to provide ventilation.

The weakest area in a window is usually the glass. An

intruder can easily cut out a section with a glass cutter, or the
glass may be covered with tape so it can be broken without the
broken pieces falling and causing noise. Because of the innate
vulnerability of glass to penetration, two products have been
developed to discourage forcible entry. One type, a
polycarbonate, is constructed of plastic material, while the
other has a special plastic laminate sandwiched between two
pieces of glass. Both products are highly resistant to impact
and give the appearance of ordinary glass. However, the
laminated glass is about twice the cost of tempered glass; the
plastic is a bit less costly than the laminated.

If they are not strengthened, standard windows may be the weak

link in the barrier protection in a structure. Because most
standard windows can be penetrated with hand tools in less
than a minute, additional protection, such as protective
coverings, grills or mesh, may be required for proper protection.

Other Openings
In addition to doors and windows, a wide variety of other
openings in the roof, walls and floor may require consideration.
These include openings for shafts, vents, ducts or fans; utility
tunnels or chases for heat, gas, water, electric power and
telephone; sewers and other types of drains; and other small
service openings.

Various techniques and material can be used to give

added protection to surface openings.

Expanded metal, wire fabric and fencing may be utilized.

Steel bars or grills may be used to protect glass-paneled
windows or doors. Such bars should be spaced no more than
five inches apart. If they are round, their diameter should be at
least 1/2 inch; if they are made of flat steel, they should be at
least 1 × 1/4 inch in size. Steel grills that have 1/8 × 2-inch mesh
offer good protection. Both bars and grills must be securely
fastened so they cannot be pried loose; and if possible, they
should be installed on the interior surface.

If a door needs to be strengthened, it can be covered on

the inside with 16-gauge sheet steel, attached with screws.
Sound-reducing baffles can be installed in ducts to protect a
room or area from unauthorized listening.
Wire mesh, expanded metal or metal grills can be used to
secure chases and tunnels, locked in place to permit removal, if
necessary.

Third Line of Defense: Interior Controls

Establishing interior controls not only maximizes the
efforts of security guards. Such measures also allow or deny
access to facilities or areas within the facility, as well as track
the identity and times of entry and exit.

There are a variety of techniques to control access to the

interiors of a high-security facility. These may include
identification systems, commercial telephone services,
inter-communications, two-way radios, call boxes, paging and
recall systems, or even the more sophisticated coded card
system access. Other examples are enumerated below.

Locks
Installing locks on doors is the easiest line of defense
inside a facility.

It is the simplest way to impose physical restraint as well as

grant entry. It is the most widely used physical security device,
yet it is hardly foolproof. However, locks can also be vulnerable
to physical force. A key-operated lock can be picked, or its keys
can be duplicated illegitimately. Below are factors to consider in
using locks (Vellani, 2007).

1. Locks are only as good as the door, jambs, and walls

around them. A lock is therefore useless if an intruder can
simply kick a weak door to access a facility.
 2. Key management is important when dealing with a
complete lock system. It is important to make sure that only
authorized personnel can obtain or make a key to the lock.
3. All locks can be compromised by an expert in a very short
period of time. It is therefore wise to use locks together with
other security measures and as part of an overall physical
protection system.

Telephone Entry Systems

Telephone entry systems are commonly used in apartment
buildings and condominiums. They are typically located outside
the building, with a panel, handset, and touchpad. Each tenant
has a special entry code that a visitor dials. The tenant may
then release the door lock by pressing a designated key on the
residence phone. For added security, some systems add a CCTV
camera in the entry lobby with small monitors provided to each
occupant (POA Publishing LLC, 2003).

Identification System
Controlled entry into a business facility usually begins with
the identification of the person entering:

The identity of employees or visitors can be determined through

the following types of identification verification and access
control.

1. Guards can personally recognize or inspect the

identification of employees or visitors, and then formulate
a judgment of that person's validity.
2. Card reader systems can compare the coded identification
cards with computer records for authorized personnel
verification.
 3. Biometric readers can use a person's physical property
(such as retinal pattern or fingerprint) to gain entry

Protective Alarms Sensors

Different types of protective alarms installed indoors or
outdoors complement and supplement physical barriers. These
systems are designed to alert security personnel to completed
or attempted intrusion into an area, building or compound.

Types of protective alarm systems include local alarm

system, auxiliary system, central station system and proprietary
system. These can serve the purpose of either substituting
other security measures for economic reasons or supplement
these security measures to provide additional controls.

Sensors can detect when an intruder penetrates the

facility's boundary. It can also "sense" unexplained presence
within a zone or in close proximity to a protected object. When
the intrusion is detected the sensors are calibrated to activate
and cause an alarm to be sounded or a signal to be sent to a
monitoring station of a protected facility (Fay, 2006).

Sensors can perform three main functions. They can detect

intruders, such as when it reacts to the intruder's motion, sound,
or body heat. They can also open a portal, such as when it
validates the inputted card key to open a door. Finally, a sensor
can turn on a device, such as when it reacts to movement and
automatically turns on security lights.

Sensors are more economical compared to the cost of

labor. They are accurate and reliable when properly installed,
calibrated and serviced. However, the reliability of detection
depends on several factors such as an intruder's size, speed,
strength and direction of movement and distance to the sensor.
The intruder who uses very slow & stealthy movements in the
right direction will make it difficult for the sensor to detect his
presence.

Protective Lighting
Protective lighting is designed to illuminate the perimeter
barrier and the outside approaches of an area. A threat cannot
be detected, either by camera or in person, if there is no light.
Lighting can also serve as deterrence since a threat is more
likely to attack an asset in relative darkness than in bright light.

Purpose of Protective Lighting

● To provide sufficient illumination to an area during hours

of darkness
● To improve visibility in order to easily spot, identify and
even apprehend intruders
● To present psychological fear
● To serve as deterrent to thieves, pilferer, trespasser, and
saboteurs

General Characteristics of Protective Lighting

● It is relatively inexpensive to maintain

● It may reduce the need for security forces
● It may provide personal protection for security forces by
reducing the element of surprise by the intruder
● It requires less intensity than working light

Types of Protective Lighting

1. The stationary luminary is the most common type consisting
of a series of fixed luminaries.
 ● The glare projection type produces bright white light with
its intensity focused on the intruder who is made highly
visible but unable to easily see what lies ahead. Glare
lighting also adds protection to security officers posted
behind the light source.
● Controlled lighting is focused on certain objects than the
background.

2. The standby lighting provides continuous illumination of a

protected area during the hours of darkness, but it can be
turned on manually or by special device or other automatic
means.

3. Movable lighting can be stationary or portable and consists

of manually operated searchlights. It may be lighted
continuously during hours of darkness or only as needed. It can
supplement or temporarily replace other types of security
lighting.

4. Emergency lighting is a standby lighting that can be utilized

in the event of electric failure, either due to local equipment or
commercial power failure. The power source of emergency
lighting is usually a backup generator or an arrangement of
batteries. Lamps mounted in a stairwell that automatically light
up during a fire fall into the emergency lighting category.
Lesson 4

HISTORY OF SECURITY
Learning Objectives

At the end of this chapter, the student will be able to:

● Trace the historical roots of security

● Discuss the history of security in the Philippine
● Security in Present Time

Historical Roots of Security

The historical roots of private security agencies can be traced

back to thousands of years when the protection of life and
personal property were up to the individual, and later on
passed to tribes, and then to cities.

In prehistoric times, man recognized the need to keep himself

safe from both known and unknown enemies such as animals,
other inhabitants, and the environment itself. He used different
methods to keep himself safe such as crafting weapons out of
stone and metal, building, fire to ward off animals, staying in
caves or tree houses, and even staying in the middle of the lake
for protection

The Greeks of the ancient period were the ones who organized
the first police force in city states which they termed polis. The
Romans. on the other hand, established the Praetorian Guards
known as vigiles who were tasked to be firefighters.

In the Middle Ages during their invasion of England, the French

formed a group of carefully selected men called shires or sheriff
to look after the peace and order of the different regions.

The greatest influence in the history of security came from

England. In 1655, Oliver Cromwell set up in England and Wales a
Lesson 4

police force that operated to capture and punish criminals. In

1748, London magistrate Henry Fielding introduced the concept
of crime prevention by organizing citizen patrols or watchmen
that not only chased criminals for felony and misdemeanor but
also served Fielding's purpose of preventing crime ahead of
time with their patrolling function.

Fifty years later, English Home Secretary Sir Robert Peel formed
the first formal police department.

During the colonial period in the United States, immigrants from

England, Ireland, and Scotland came to American shores
bringing with them this British approach to policing. At the time,
law enforcement officers had to deal with rampant crime in U.S.
cities and had little time and resources left to deal with the
protection of private property.

Hence, citizens who wanted protection for their private

properties had to depend on the armed immigrants who were
prepared to deal with criminals. This watchman form of security
was to become the carly version of private security practices
that endure to this day (Fay, 2006).

Security in Philippine History

During the pre-colonial period in the Philippines, the sovereign
monarchs called datu or lakan had servants called aliping
namamahay who acted as their watchman or protector.

The Spanish colonial government introduced the Guardia Civil

in the Philippines in 1868 to serve as the police force based on
the Civil Guard of Spain. They performed patrol functions in
cities and towns, organized operations for the suppression of
bandit groups, and imposed penalties for infringement of laws
and local ordinances.

The constable of the American colonial period in the Philippines

became the forebear of the present national police. During that
Lesson 4

time, a couple of constable officers were adequate to maintain

the peace and order in the town or sitio.

After World War II, the Indian national or the Bombay pioneered
as the watchman who protected a specific building or
commercial establishment.

Today, private security has a major role in the preservation and

protection of peace and order in the country. It complements
police efforts by providing additional security during
emergency responses and public events as well as safety
precaution and protection of property and assets.

Security in the Present Time

History shows how public law enforcement and private security
evolved from the same roots but eventually took different
directions.

The police served the public's interest while the security force
served private interests. As crime became a bigger problem
especially in urban areas, police departments who previously
looked down at private security are now beginning to see the
benefits of building a partnership with them. Now, police
functions that did not involve enforcement, arrests, or the use of
force inside workspaces are turned over to security. Traffic
control around large commercial properties and patrol
functions around private neighborhoods are also now often
provided by security officers (Fay, 2006).

With the advent of terrorism in countries around the globe, it

becomes more important to build a strong partnership between
the police who respond to terrorist acts and security officers
who respond on the private premises that they protect. This
collaboration should also involve leaders and enforcers in other
Lesson 4

fields such as firefighting, disaster management, emergency

medical treatment and public health.

This, of course, entails a strong support and commitment from

the national government.

Fast-paced technology, especially in the field of computer and

information technology is another issue affecting the security
industry.

Although such technology has become very helpful in the

security officer's work, it also has the negative effect of
replacing people. Just as human labor has been displaced by
machines in other industries, it also affects individual security
personnel who might become obsolete in the face of computer
assisted technologies.

With the combination of rising technology and the security

industry's rapid growth and recognition in organizations comes
the necessary improvement in the professionalism among
security officers.

bullet points summarization:

Historical Roots of Security:

Prehistoric times:
● Recognition of the need for personal safety from known
and unknown enemies.
● Methods of self-protection included crafting weapons,
building fires, staying in caves or tree houses, and seeking
refuge in the middle of lakes.
Ancient period:
● Greeks organized the first police force called "polis."
● Romans established the Praetorian Guards known as
"vigiles" for fire-fighting.
Lesson 4

Middle Ages:
● French formed a group called "shires" or "sheriffs" to
maintain peace and order in different regions during the
invasion of England.
England's Influence:
● Oliver Cromwell established a police force in 1655 to
capture and punish criminals.
● Henry Fielding introduced crime prevention through citizen
patrols or watchmen in 1748.
● Sir Robert Peel formed the first formal police department in
1829.
Security in the United States:
● British approach to policing brought by immigrants from
England, Ireland, and Scotland.
● Watchman form of security emerged due to limited law
enforcement resources.

Security in Philippine History:

Pre-colonial period:
● Monarchs had servants called "aliping namamahay" who
acted as watchmen or protectors.
Spanish colonial period:
● Guardia Civil introduced as the police force in 1868,
performing patrol functions and enforcing laws.
American colonial period:
● Constables maintained peace and order in towns or sitios.
Post-World War II:
● Indian nationals or Bombay pioneers served as watchmen
for specific buildings or establishments.
Lesson 4

Present role of private security in the Philippines:

● Complements police efforts in emergency responses,
public events, and protection of property and assets.

Security in the Present Time:

● Evolution of public law enforcement and private security:
● Police serve public interests, while security forces serve
private interests.
● Increasing partnership between police and security for
non-enforcement functions.
Collaboration in response to terrorism:
● Importance of police and security working together to
respond to terrorist acts.
● Involvement of leaders in firefighting, disaster
management, emergency medical treatment, and public
health.
Impact of technology:
● Advancements in computer and information technology
have both positive and negative effects on the security
industry.
● Technology can enhance security work but may also
replace human security personnel.
Professionalism in the security industry:
● Rising technology and industry recognition necessitate
improved professionalism among security officers.
Fundamentals of Security Management
Security management emerged as a differentiative
discipline in the second half of the 20th. Protection of assets
from loss always mattered to profit-making organizations, and
guards, regular patrols and watchmen were tasked to protect
private property from theft, fire, and vandalism based on early
payroll records.

The security industry continues to develop advanced and

better technology with military and civilian significance. Interest
in the field was also blooming. The industry development has
occurred because of the particular nature of security needs
within organizations.While all organizations require security
directors and

personnel per se. Frequently, the duties can be devolved to

others. Nonetheless, certain industries have security as a
requirement. Others see improved protection as a cost-effective
means of maintaining optimal operations.

Security Management Defined

Security Management is the proper utilization of resources
in a security organization in order to meet organizational goals
and objectives and to ensure their achievements. In another
sense, it is a broad field of management related to asset
management, physical security and human resource safety
functions. It entails the identification of an organization's
information assets and the development, documentation and
implementation of policies, standards, procedures and
guidelines.
 Management tools such as information classification, risk
assessment and risk analysis are used to identify threats,
classify assets and to rate system vulnerabilities so that
effective control can be implemented.

As a field in management, security management deals

primarily on asset protection, both from physical safety and
digital security. It is closely related to risk management aimed at
creating through various methods, procedures, guidelines and
standards of security solutions which help reduce identified
risks in an organization.

Security management is a systematic, repetitive set of

interconnected activities to ensure safe operation and thus
reduce the likelihood of risks. The key purposes are avoidance
of problems or negative phenomena such as threats and risks;
and avoidance of crisis or other problems which may cause
delay, harm or loss of assets.

The areas of physical and digital security management in

organizations for security management are:

1. Physical security
2. Property security including cash and valuables, buildings
security, security guards
3. Personal Security including human resources management
4. Information security, in terms of protection of the law or
contractually protected or valuable information
5. Computer security, in terms of use and set of hardware and
software, including special tools (e.g. protection, and
deployment tracking and interception)
6. Occupational safety and health, including fire
7. Fraud management and forensic auditing

In simple terms, security management is about using the

resources in a security organization in the best way
possible to achieve the goals of the organization. It
 involves taking care of things like protecting physical
assets, ensuring the safety of people, and managing
information within the organization. This is done by
identifying what needs to be protected, creating rules and
guidelines to follow, and using tools to assess risks and
vulnerabilities. The main focus is on keeping assets safe,
both in the physical world and in the digital space. Security
management is a set of activities that are done regularly to
make sure everything is running smoothly and to minimize
the chances of problems or risks occurring. The goal is to
prevent things like threats, crises, or delays that could
cause harm or loss to the organization's assets.

BASIC MANAGEMENT FUNCTIONS

According to Henri Fayol, there are five functions of
management relevant to security organizations. They focus on
the relationship between personnel and its management and
they provide points of reference so that problems can be easily
solved.

1. Planning - is looking ahead, drawing up a good plan of action.

This requires active participation of the entire organization.
With respect to time and implementation, planning must be
linked to and coordinated on different levels. Planning must take
the organization’s available resources and flexibility of
personnel into consideration as this will guarantee continuity.

2. Organizing- An organization can only function well if it is well

organized. Sufficient capital, staff and raw materials are in
placed so to build a good working structure. The organizational
structure with a good division of functions and tasks is of
crucial importance. When the number of functions increases,
the organization will expand both horizontally and vertically.
This requires a different type of leadership.
3. Commanding - giving of orders and clear working instructions
to employees so they would know exactly what is required of
them. Return from all employees will be optimize if they are given
concrete instructions with respect to activities that are carried
out by them. Commanding reflects effective communication
which gives integrity to decision making.

4. Coordinating - harmonization of activities in an organization

that leads to efficient function. It aims at stimulating motivation
and discipline within the different units in the organization.

importance. When the number of functions increases, the

organization will expand both horizontally and vertically. This
requires a different type of leadership.

5. Controlling - verifying whether the activities are carried out in

conformity with the plan. This requires establishment of
performance standards based on organizational objectives,
measuring and reporting on actual performance, and
standards, and taking corrective or preventive measures as
needed.

PRINCIPLES OF SECURITY MANAGEMENT

Security management is anchored on the principles of
management by Henri Fayol who, after years of study, was able
to synthesize 14 principles of management that serve as a
guideline for decision-making and management actions. They
are drawn up by means of observations and analyses of events
that managers encounter in practice.

These principles can be used to manage organizations and are

useful tools for forecasting, management, decision-making,
coordination and control.
 1. Division of Work - specialization of the workforce
increases their accuracy and speed. In practice, employees
are specialized in different areas and they have different
skills. Different levels of expertise can be distinguished
within the knowledge areas from generalist to specialist).

According to Henri Fayol, specialization promotes efficiency of

the workforce and increases productivity.

2. Authority and Responsibility - accompanying power or

authority gives the management the right to give orders to
the subordinates. This means that, in order to get things
done in an organization, management has the authority to
give orders to the employees. But of course with authority
comes responsibility. Authority and Responsibility -
accompanying power or authority gives the management
the means are or drie one things done nin

3. Discipline - is about obedience. It is often a part of the

core values of a mission and vision, in the form of good
conduct and respectful interactions.

4. Unity of Command - an individual employee should

receive orders from one manager and the employee is
answerable to that manager. If tasks and related
responsibility are given to the employee by more than one
manager, this may lead to confusion which may lead to
possible conflicts for employees.

5. Unity of Direction - is about focus and unity. All

employees deliver the same activities that can be linked to
the same objectives. All activities must be carried out by
one group that forms a team.

These activities must be described in a plan of action. Focus

areas are the efforts made by the employees and coordination.
 6. Subordination of Individual Interest - is about ethics.
Personal interests are subordinate to the interests of the
organization. The primary focus is on the organizational
objectives and not on those of the individual. This applies
to all levels of the entire organization, including the
managers.

7. Remuneration - the compensation of employees must be

sufficient to keep employees motivated and effective.
Motivation and productivity are close to one another as
far as the smooth running of an organization.
Remuneration could be non-monetary, such as a
compliment, more responsibilities, credits or in the form of
monetary consideration such as compensation, bonus or
other financial rewards.

8 Degree of Centralization- management and authority for

decision-making must be properly balanced in an
organization. This depends on the volume and size of an
organization including its hierarchy. Centralization implies
the concentration of decision-making authority at the top
management. Sharing of authorities for the
decision-making process with middle and lower
management is decentralization and that an organization
should strive for a good balance in this. concentration of
decision-making authority at the top management.
Sharing of authorities for the decision-making process
with middle and lower management is decentralization and
that an organization should strive for a good balance in
this.

9. Scalar Chain - Hierarchy presents itself in any given

organization.

This varies from top management to the lowest levels in the

organization. This principle states that there should be a clear
line in the area of authority from top to bottom and all
managers at all levels.

10. Order - employees in an organization must have the

right resources at their disposal so that they can function
properly in an organization. There must be a social order
where the work environment must be safe, clean and tidy.

11. Equity - employees must be treated kindly and equally.

Employees must be in the right place in the organization to
do things right. Managers they should ria and ya yan
imparaly.

12. Stability of Personnel Tenure - the deployment and

managing of personnel should be in balance with the
service that is provided from the organization.
Management strives to minimize employee turnover and to
have the right staff in the right place.

13. Initiative - employees should be allowed to express new

ideal ideas. This encourages interest and involvement and
creates added value for the company. Employee initiatives
are a source of strength for the organization.

14. Esprit de Corps - management should strive for the

involvement and unity of the employees.

Managers are responsible for the development of morale in the

workplace; individually and in the area of communication. Esprit
de corps contributes to the development of the culture and
creates an atmosphere of mutual trust and understanding.

LEVELS OF MANAGEMENT
The process of management is becoming complicated with
the growing complexities of business.
 This calls for a higher degree of skills and abilities. In view
of the technological features influencing the size and the scale
of modern enterprise, management cannot be a simple task
that can be performed by an individual or a few persons
interested therein as proprietors.

Hence, managerial functions are assigned to different

personnel all along the organization.

The levels of hierarchy of management with authority and

responsibility are categorized according to functions arranged
as follows: Top Management, Middle Management, and Lower
Management.

Top level management

Top level management is usually made up of Board of Directors.
However, in practice the Directors do not take part in the
day-to-day affairs of the organization.

But the task is generally entrusted to the Managing Directors or

General Managers. They are called Chief Executives and they
are responsible to carry out the ultimate Management is the
policy making body responsible for the overall direction and
success of all the activities of the company.

The principal functions of the top management are:

1. Determination of Objectives
2. Formulation of Policies
3. Long Range Planning and Strategy
4. Organizing for Action
5. Developing of Major Resources
6. Selecting Key Personnel
7. Coordination and Controlling
Middle Level Management
This level of management is concerned with the execution of the
policies and plans designed by the top management. Therefore,
the middle level management comprises departmental heads
and other executives. Though the top management forms the
head and brain of the organization, the personnel in the middle
management actually take part in the execution of the plans
and experience the difficulties involved in it. The principal
functions of the middle level management are.

1. Interprets the policies of the company

2. Prepare organizational set up in their department
3. Issue orders to the subordinates and others in their
department
4. Motivate the personnel for higher productivity
5. Collect reports and other information about the work
turned out in their perspective departments
6. Provide information and assist top management in revising
the plans to secure better performance.

Lower Level Management

This level of management refers to subordinate departmental
heads, foremen, office superintendents, supervisors, etc. They
come in direct contact with thẻ employees or workers. They
actually carry out the operation as per schedule. They are
designated as "leg work". They provide the essential link between
the worker and the management. The important functions up he
Potonnel in lower management can be summed up as follows:

1. Executing of the work entrusted to them,

2. Maintaining of the standard, quality and workmanship of
the product,
3. Eliminating wastage of material, time, etc.,
4. Maintaining strict discipline among the workers,
5. Preserving the morale of the workers
 6. Providing instructions and other information to the
workers and guiding them while in action

Elements of Security Management

Concerns and issues related to security are intertwined in all
areas of the life of an organization. Many of them are
considered and documented organizational and provided
within the respective area of the management system of the
organization. security of the organizations, by developing
integrated management systems for business security.

A Security Management System may be considered as that part

of the overall management system, based mainly on the quality
management system, that provides the structure to enable
identification potential threats to an organization and which
establishes, Implements, operates, monitors, reviews and
maintains all appropriate measures to provide assurance of the
effective management of the associated security risks.

The following elements of security management are inherent in

the management system:

1. Establish Security Management Framework

● Specify process purpose, scope, goals, and capabilities

● Define process conceptual models
● Determine and Identify process requirements, roles and
responsibilities
● Assign process responsibilities to organizations
● relationships to other processes
● Define measurements and controls
● Create project proposals
● Communicate and deploy framework
2. Produce and Maintain Security Policy

● Analyze findings
● Assemble and communicate security policy
● Assess business policies and plans
● Assess new technology
● Assess regulations and standards
● Define overall security objectives

3. Analyze Security Threats, Vulnerabilities and Risks

● Communicate results and recommendations

● Develop security recommendations
● Identify security threats
● Perform detailed risk and vulnerabilities
● Project potential fut3. Analyze Security Threats,
Vulnerabilities and : Communicate results and
recommendation• Assess regulations and standards
● Define overall security objectives

4. Classify Information Asset Security

● Create asset security classification scheme

● Identify security policy requirements on asset security
● Review asset inventory

5. Plan and Implement Security Practices

● Communicate security directives

● Complete security plan
● Initiate change request
● Review details of plan with stakeholders
● Define security infrastructure
● Define security plan procedures
● Define security plan schedule
● Monitor Change
6. Operate Security Protection Mechanisms

● Deny request
● Document security violation
● Initiate incident
● Monitor and detect for security violation
● Validate security request
● Provide access to authorized user
● Perform protection request

7. Monitor, Assess, Audit and Report Security

● Analyze request for information

● Define and build report
● Generate and communicate report
● Review active security controls
● Summarize Inconsistencies

8. Evaluate Security Management Performance

● Collect feedback
● Produce process measurements
● Research trends and best practices
● Review existing documentation
● Assess Process Execution
● Audit Process
● Assess process framework
● Collect evaluation results
● Produce gap analysis
● Recommend initiatives
● Complete evaluation
● Communicate to stakeholders
● Assess process framework
● Collect evaluation results
● Produce gap analysis
● Recommend initiatives
 ● Complete evaluation
● Communicate to stakeholders services in exchange, and
keep quality high for customer satisfaction.

RESOURCES FOR SECURITY MANAGEMENT

For any organization to succeed in achieving its goals or
objectives, it requires the utilization of available resources.

The 10 Ms of management are essential resources for

security management they are as follows:

1. Manpower - refers to people as resources. It is the most

important of all resources. It pertains to the workforces in all
levels of management, without them, all other resources are
unusable.

They are categorized as the managers and the employees.

2. Money - refers to financial resources. It is the driving force of

any business for the compensation or reward of the work force.
Any business enterprise of any nature and size needs a capital.

3. Machineries- refers to devices or tools needed in order to aid

the workforce do their activities with ease and simplification.
These include modern technologies and automations.

technologies and automations.

4. Materials - refers to raw materials as inputs to business

production they are processed into finished form and become
“products”

5. Methods - refers to standards and procedures used as

techniques of production. It can be systems that are put
together for the transformation of raw materials into usable
products, goods or services. Machines do not operate by
themselves without a system or procedure. materials into
usable products, goods or services.

6. Market- are interactions, social relations, and institutions for

trading of goods and services which form part of the economy.
It refers to “transactions” in motion, categorized as a consumer
market or industrial market.

7. Minute - refers to the management of time, the optimum time

that a worker needs to produce the highest quality of product
or service. It is called efficiency at work.

8. Morale- refers to motivation of people, the moving power to

act or exert to achieve desired goals or objectives. It is the
'secret weapon' of management of controlling and getting the
job done.

9. Matter - refers to data and information management. Data

refers to information that is translated into a form that is
efficient for movement or processing. They are used for
organizational program that manages the people, processes
and technology that provide control over the structure,
processing, and delivery. Information are also required for
management and business intelligence purposes.

10. Measurements- are internal control systems such as

preventive controls, detective and reactive controls, used to
gauge effectiveness. It encompasses the assessment of
performance and results achieved by employees and the entire
organization.

Security managers
Security managers are persons in the organization who are
responsible for monitoring the security operations for any
organization or company. They implement security policies,
regulations, rules and norms and make sure that the
environment in their organization is safe for employers and
visitors. These managers are required to hire new members for
the staff and delegate tasks and duties to them. One of their
main duties is to check and monitor the access control of the
people who are visiting the company. They perform many of the
following tasks:

1. Keeping track of different events.

2. Implementing security protocols
3. Creating emergency response procedures
4. Conducting security evaluations.
5. Supervising security staff members.

TYPES OF SECURITY MANAGERS

1. Functional Manager - one who is responsible for just one

organizational activity such as accounting, human resources,
sales,marketing, or production. Focus on technical areas of
expertise, use communication, planning and administration,
teamwork and self-management competencies to get work
done.

2. General Manager - one who is responsible for the operations

of more complex units for example, a company or division.
Oversee work of functional managers. Responsible for all the
activities of the unit and the need to acquire strategic and
multicultural competencies to guide organization

ESSENTIAL SKILLS FOR SECURITY MANAGERS

1. Communication skills
2. Physical fitness
3. Knowledge of security environments and hazards
 4. Excellent attitude
5. Interpersonal skills
6. Analytical skills
7. Leadership skills
8. Initiative and being proactive
9. Good negotiation skills
10. Being able to work with a team

VARIOUS STYLES OF SECURITY MANAGERS

The work force and other resources are managed by multiple
types of managers, with each having their n unique
management and leadership style, as follows:

1. The Visionary - one who listens to ideas and take note of what
they're trying to achieve. They Jump right in and help
brainstorm ideas with a team. They provide practical advice
and options for how their ideas turned into a reality.

2. The Coach - one who is like a sports coach, who bring high
levels of energy and discipline. He aims to bring high
performance into the workplace. He is highly people-focused
and views the success of the team as his own personal success.
He usually sets clear, realistic goals for performance and
discusses practical strategies on how the team can achieve
those goals.

3. The Sensitive Boss - bosses are workers and are determined

to create a workplace workers with the emotional well being of
their that is as harmonious and responsive to individual needs
as possible.

shared team activities, while minimizing stressful or confronting

situations.
4. The Democratic Boss - one of the easiest types of managers
to work with, democratic bosses are focused on open
collaboration within their teams and are underpinned by a
strong belief that the best outcomes are achieved by all parties
bringing their ideas to the table in pursuit of a common goal.
He contributes actively to team discussions and gave opinion
on new ideas.

5. The Commander - one who just wants the job to be done on

time and to the highest standards possible. Accordingly, one of
the most difficult management styles to work under, commander
bosses know exactly what outcomes they want from their team
and ensure that everybody knows about it. Commanders expect
strong discipline and speed from their team and may often
shout commands in very clear terms.

6. The Pacesetter - one who is highly energetic and will often do

their best to bring motivation to the team in the fast-paced
nature of modern economy. He is focused on winning the race
and winning it with pride. Similar in personality to commanders,
pacesetters can also be quite direct and demanding, expecting
the best From their team members and impatient if tasks fall
behind schedule.
 Bank Security Management

Security management in the banking industry is the

identification of an organization's assets (including people,
buildings, machines, systems and information assets), followed
by the development, documentation and implementation of
policies and procedures for protecting this assets.

On September 3, 2008, BSP Governor Amando Tetangco signed

BSP Circular 620, otherwise known as the Revised Rules on Bank
Protection. Among the Circular's main objectives included
provisions on bank protection are those requiring each bank to
adopt, an adequate security program commensurate to its size,
location, number of offices and business operations."

An organization like bank uses such security management

procedures as asset and information classification, threat
assessment, risk assessment, and risk analysis to identify
threats, categorize assets, and rate system vulnerabilities so
that they can implement effective controls like the following:

Loss Prevention
Loss prevention focuses on what your critical assets are and
how you are going to protect them. A key component to loss
prevention is assessing the potential threats to the successful
achievement of the goal. This must include the potential
opportunities that further the object (why take the risk unless
there's an upside?) Balance probability and impact determine
and implement measures to minimize or eliminate those threats.
Loss Prevention Program

INTERNAL LOSSES PREVENTIVE MEASURES

A. pilferage (stealing in Limit quantity of issued
small quantity over a resources or materials
long period of time)
B. Embezzlement (the taking Personalize transaction
of money or property Documentation
entrusted to their care)
C. shrinkage( a term for the Regular inventory
loss of inventory through (compartmentalization-individ
any means ual zone method)
D. Trade Secret (loss of Background Check
information through Exit interview
inadvertent disclosure) Exit Checklist

Exit interviews of resigned or retired bank employee is a

valuable tool which gives the employee the chance to list
grievances. Management learns of problems not previously
known.

Also remind employee of legal obligation to protect

confidential information.

Exit checklist helps reduce losses; employee has to return

company issued property.

Security risk management

Management of security risks applies the principles of risk
management to the management of security threats. It consists
of identifying threats (or risk causes), assessing the
effectiveness of existing controls to face those threats,
determining the risks' consequences), prioritizing the risks by
rating the likelihood and impact, classifying the type of risk and
selecting an appropriate risk option or risk response. In 2016 a
universal standard for managing risks has been developed in
The Netherlands.

In 2017 it was updated and named: Universal Security

Management Systems Standard 2017.

Types of risks:
External
● Strategic: like competition and customer demand...
● Operational: Regulation, suppliers, contract
● Financial: FX, credit
● Hazard: Natural disaster, cyber, external criminal act
Compliance: new regulatory or legal requirements are
introduced, or existing ones are changed, exposing
the organization to a non-compliance risk if measures
are not taken to ensure compliance

Internal
● Strategic: R&D
● Operational: Systems and process (HaR, Payroll)
● Financial: Liquidity, cash flow
● Hazard: Safety and security; employees and
equipment Compliance: Actual or potential changes
in the organization's systems, processes, suppliers,
etc. may create exposure to a legal
● or regulatory non-compliance.
Risk options:
Risk avoidance (Removal of target all together)
The first choice to be considered. The possibility of
eliminating the existence of criminal opportunity or
avoiding the creation of such an opportunity is always the
best solution, when additional considerations or factors
are not created as a result of this action that would create
a greater risk. As an example, removing all the cash from a
retail outlet would eliminate the opportunity for stealing
the cash-but it would also eliminate the ability to conduct
business.

Risk reduction (Minimizing potential loss to extent possible)

When avoiding or eliminating the criminal opportunity
conflicts with the ability to conduct business, the next step
is the reduction of the opportunity and potential loss to
the lowest level consistent with the function of the
business. In the example above, the application of risk
reduction might result in the business keeping only enough
cash on hand for one day's operation.

Risk spreading (Spreading target over large area as

possible.)

Assets that remain exposed after the application of

reduction and avoidance are the subjects of risk
spreading. This is the concept that limits loss or potential
losses by exposing the perpetrator to the probability of
detection and apprehension prior to the consummation of
the crime through the application of perimeter lighting,
barred windows and intrusion detection systems. The idea
 here is to reduce the time available to steal assets and
escape without apprehension

Risk transfer (Transfer the risk to someone else)

Transferring risks to other alternatives when those risks
have not been reduced to acceptable levels. The two
primary methods of accomplishing risk transfer are to
insure the assets or raise prices to cover the loss in the
event of a criminal act. Generally speaking, when the first
three steps have been properly applied, the cost of
transferring risks is much lower.

Risk acceptance (Risk is simply accepted Or Risk Retention)

All remaining risks must simply be assumed by the
business as a risk of doing business. Included with these
accepted losses are deductibles which have been made as
part of the insurance coverage.

The Three D's of Security

The basic theories of any security program are the following:

1. Denial

Denial takes the form of a physical security system (fences,

walls, gates, locks, doors etc.). When the access of any
criminal or intruder is denied, the area or object being
protected remains safe and secured.

2. Detection

Detection in security program refers to guards visibility

and omnipresence, This can be reinforced by electronic
 devices or intrusion detection equipment (eg Alarms, CCTV
camera)

3. Deterrence

Deterrence is a security program that can be both physical

and psychological.

a. Physical

It is when criminals or intruders are delayed in the

perpetration of crime because of physical security or
barriers such as fences, gates, walls, locked doors, watch
dogs, human guards, safe, vaults and etc.

b. Psychological

In psychological deterrence, the bank must appear to be

secured. The criminal is on defensive that he is certain and
aware to be identified and apprehended.

The prominent display of Power and Technology such as an

attentive and alert guards, CCTV cameras and time locks
will act as good psycho deterrent.

Security Policy Implementations

Intrusion detection

● Alarm device

Access control

● Locks, simple or sophisticated, such as biometric

authentication and keycard locks

Physical Security
 ● Environmental elements (ex. Mountains, Trees, etc.)
● Barricade
● Security guards (armed or unarmed) with wireless
communication devices (e.g., two-way radio)
● Security lighting (spotlight, etc.)
● Security Cameras Motion Detectors
● IBNS ( Integrated Banking Network System) containers
for cash in transit.

Procedures

● coordination with law enforcement agencies

● fraud management
● CPTED (Crime Prevention Through Environmental Design)
● Risk analysis
● Risk mitigation
● Contingency planning
Lesson 7

LEGAL CONTEXT OF SECURITY

Learning Objectives

At the end of this chapter, the student will be able to:

● Explain the right to security of person guaranteed by the

United Nations;
● Identify provisions in the Philippine Constitution that
guarantee the right to security; and
● Enumerate laws relevant to security management.

Man, instinctively protects himself and those he holds dear (may

it be property, freedom or loved ones) from danger or threat,
with or without help from others. This is the supreme law - the
law of self-preservation.

The principle of self-preservation, also known as the right of

self-defense, is a fundamental concept in legal systems that
recognizes an individual's inherent right to protect oneself from
harm. It is based on the idea that individuals have a natural
instinct to preserve their own lives and physical integrity.

Universal Declaration of Human Rights

The Universal Declaration of Human Rights, which was adopted

by the United Nations on 10 December 1948, guarantees such
instinct to protect in Article 3, which states that "Everyone has
the right to life, liberty and security of person" (United Nations,
1948, emphasis supplied).
Lesson 7

The International Covenant on Civil and Political Rights, a

multilateral treaty also adopted by the United Nations on 16
December 1966, further recognizes this right to security of
person in Article 9 (1), which states that:

"Everyone has the right to liberty and security of person.

No one shall be subjected to arbitrary arrest or detention. No

one shall be deprived of his liberty except on such grounds and
in accordance with such procedure as are established by law"
(United Nations Human Rights, 1966).

1987 Constitution of the Republic of the Philippines

The 1987 Constitution lays the foundation that protects the

Filipino citizens' right to security. Relevant sections of the
constitution are cited here to demonstrate specific provisions
that guarantee this right.

Section 4, Article II. The prime duty of the Government is to

serve and protect the people. The Government may call upon
the people to defend the State and, in the fulfillment thereof, all
citizens may be required, under conditions provided by law, to
render personal, military or civil service.

This section provides that all qualified citizens of the state,

including security personnel, may be required by law to render
personal military or civil service.

Section 1, Article III. No person shall be deprived of life, liberty,

or property without due process of law, nor shall any person be
denied the equal protection of the laws.

This section provides that due process of law should be

observed all the time. It is unlawful to deprive a person his life
or property without undergoing proper inquiry, trial or even
judgment.
Lesson 7

Section 2, Article III. The right of the people to be secure in the,

persons, houses, papers, and effects against unreasonable
searches a seizures of whatever nature and for any purpose
shall be inviolable, t no search warrant or warrant of arrest shall
issue except upon probes cause to be determined personally by
the judge after examine under oath or affirmation of the
complainant and the witnesses he m produce, and particularly
describing the place to be searched and persons or things to
be seized.

Section 9, Article III. Private property shall not be taken for putt
use without just compensation.

Being the rightful owner, it is the right of the person to keep

ownership of his property subject to limitations imposed by the
government plans to take a private property for public use,
compensation should be extended to the private owner.

Section 16, Article XII. The Congress shall not, except by genes
law, provide for the formation, organization, or regulation of pr
corporations. Government-owned or controlled corporations
may created or established by special charters in the interest of
the cons good and subject to the test of economic viability.

THE REVISED PENAL CODE OF (ACT 3815)

Applicable provisions of Act No. 3815 or "An Act Revising the

Penal Code and Other Penal Laws," otherwise known as the
Revised Penal Code (December 8, 1930) regarding crimes against
persons (Title Eight of the Code), personal liberty and security
(Title Nine of the Code), an property (Title Ten of the Code) have
bearing on the individual's rigi to security and the private
security industry.
Lesson 7

Private Security Agency Law (RA 5487 as amended)

Republic Act No. 5487 or "An Act to Regulate the Organization

and Operation of Private Detective, Watchmen or Security
Guards Agencies," is amended by Presidential Decree No. 11 on
October 3,

1972. In this law, the security guards, watchmen, private

detectives and the security officers are considered as force
multipliers of the Philippine National Police (PNP) because of the
role they play in times of disaster or calamities. The chief of the
PNP or the mayor of a certain municipality or city may deputize
them to assist the PNP in the performance of the police duties
for the duration of such emergency disaster or calamity.

Private security personnel are called Protection Specialists

because in the present concept, law enforcement and crime
prevention are not solely charged to the PNP. The five-pillar
concept in criminal justice system calls for the involvement of
the private sector and the community to which much of the
success of law enforcement depends.

Private security forces play a vital role in this regard as they are
a potent force in crime prevention. They have contributed to the
improvement of peace and order and the protection of lives and
properties in all areas of the country

The scope of the law covers originally promulgated and newly

introduced rules and regulations designed to professionalize
the security industry. Revisions were made to make the security
business a more credible and reliable sector in our country.
New provisions include the rule on the utilization of security
personnel in certain types of services, The training program for
private security personnel was also expanded in order to
develop skills and knowledge suitable to current and future
applications.
Lesson 7

Republic Act No. 5487, also known as “The Private Security Agency Law,”
regulates the organization and operation of private detective, watchmen,
or security guards agencies in the Philippines. Here are the key points from
RA 5487:

1. Scope of the Act:

○ The law governs the organization, operation, business, and
activities of private detective agencies, watchmen, or security
guards agencies.
○ It applies to both natural persons and juridical persons (such
as corporations or partnerships) engaged in these services.
2. Definitions:
○ Person: Includes both natural and juridical persons.
○ Private Detective Agency: Conducts detective work for hire,
reward, or commission.
○ Private Detective: Non-police personnel who perform detective
work.
○ Watchman or Security Guard: Provides personal service to
secure residential or business establishments.
○ Watchman or Security Guard Agency: Recruits, trains, and
provides watchmen or security guards.
3. Eligibility to Organize a Security or Watchman Agency:
○ Filipino citizens or corporations/partnerships with at least
₱5,000 capital (100% Filipino-owned) can organize such
agencies.
○ Operators/managers must be at least 25 years old, college
graduates, and of good moral character.
○ Disqualifications include dishonorable discharge, mental
incompetence, drug addiction, and habitual drunkenness.
4. Firearm Possession:
○ Watchman or security agencies can possess firearms after
meeting requirements set by the Chief, Philippine Constabulary.
○ Firearms must not exceed .45 caliber, and each firearm is
allowed for every two watchmen or security guards.
○ Riot guns or shotguns may be carried when necessary for
security purposes.
Lesson 7

Presidential Decree No. 1919 (Amending RA 5487 and PD 100)

Presidential Decree No. 1919 amended further The Private

Security Agency Law on April 28, 1984 with the following changes:

● Defining watchman or security guard to include those from

government entities.
● Specifying the employment of a minimum of 200 and a
maximum of 1,000 licensed security guards for any private
security agency.
● Specifying 30 to 1,000 company guards for company guard
forces.

Presidential Decrees No. 11 and No. 100 (Amending RA 5487)

Presidential Decrees No. 11 and No. 100 (Amending RA 5487)

Presidential Decree No. 11 amended The Private Security Agens

Law on October 3, 1972, while Presidential Decree No. 100
amende the same law on January 17, 1973.
 PHYSICAL SECURITY
Learning Objectives

At the end of this chapter, the student will be able to:

● Define physical security;

● Explain the purpose and advantages of physical barriers;
● Explain the three lines of defense and enumerate
examples;
● Illustrate protective alarm sensors; and
● Characterize protective lighting and enumerate examples.

Physical security refers to a logical set of tangible elements and

measures adopted to prevent unauthorized access to
equipment, facilities, materials, documents, and personnel.

The objective is to protect these assets from damage,

compromise and loss. In short, it is a system of barriers placed
between the potential intruder and the object to be protected.
For example, a fence can slow down an intruder, sensors can
send alarms, and protective lighting can make the intruder
visible to patrolling security personnel.

There is a wide variety of factors to consider in ensuring

physical security. Measures include safeguards such as
lighting, fences, lock and key systems, personnel identification
and visitor control. Other factors to consider may refer to the
nature of the target or the asset being protected. It could be a
physical object like very expensive jewelry, a non-physical
object like the formula for San Miguel Beer, a human object like
the chief justice or a group of high-profile tourists vacationing
in Boracay, or even a structure like the Malacañang Palace.
Principles of Physical Security
In considering the appropriate security measures, the following
principles should be considered.

1. The type of access necessary depends on the number of

variable factors, thus, may be obtained in different ways.
2. There is no such thing as an impenetrable barrier.
3. The installation of a barrier varies from another.
4. There is defense in barrier depth.

1. Access depends on variable factors: In a bank, the level of

access to different areas or resources will vary based on
factors such as employee roles, customer access, and the
sensitivity of the information. For example, bank tellers may
have access to cash drawers and customer account
information, while security guards may have access to
restricted areas like vaults. The access control system should
be designed to grant appropriate access privileges based on
these factors.

2. No impenetrable barrier: While banks have robust security

measures in place, it's important to acknowledge that no system
is impenetrable. For instance, even with surveillance cameras,
alarms, and access control systems, determined criminals may
attempt to breach the security. Therefore, banks implement
additional measures such as security guards, panic buttons,
and silent alarms to respond quickly to potential security
breaches.

3. Different barriers for different installations: Banks have

various installations within their premises that require different
security measures. For instance, the lobby area where
customers interact with tellers may have access control systems
and video surveillance. On the other hand, high-security zones
like vaults or data centers may have additional layers of
security, such as biometric access controls, reinforced doors,
and intrusion detection systems.

4. Defense in barrier depth: Banks employ a layered security

approach to protect their assets. For example, a bank may
have multiple layers of security measures, including perimeter
security like fences or bollards, access control systems at
entrance points, security personnel stationed at strategic
locations, surveillance cameras monitoring key areas, and
vaults with reinforced doors and alarm systems. This multi-
layered approach deters potential criminals and makes it more
challenging for them to gain access to sensitive areas or assets.

By applying these principles in bank security, organizations

can create a comprehensive security framework that
addresses different access requirements, acknowledges the
limitations of security measures, tailors security measures to
specific installations, and implements a layered defense
strategy to protect valuable assets and minimize risks.

Factors in Selecting Security Safeguards

The following are factors that should be considered in

determining the physical security needs of a facility (Fay, 2006).

1.Site Characteristics
Selection of safeguards can be influenced by the nature of the
site such as the size, layout, utilities, internal activities and
assets in the site. Other factors may include company
philosophy and workforce culture.

When choosing security measures for a place, we need to

consider things like the size, layout, utilities, and activities that
happen there. For example, a big office building may need
security cameras and access control systems, while a small
store may only need a lock and alarm system.

2. Environment

This refers to the area surrounding the facility. A bank inside a

large commercial complex in Makati City will require safeguards
different from those required for an exclusive beach resort in
an island in Cebu or a factory of fireworks in an isolated area in
Bulacan. For example, the bank may opt for electronic locks
and sensors, the resort may require a specially secured boat
access, and the fireworks factory may go with a perimeter fence.

The area around a place also affects the security measures

needed. A bank in a busy city may need advanced locks and
sensors to protect against theft, while a beach resort on an
island may need security measures to control access to the
beach and ensure the safety of guests.

3. Forces of Nature

Also, at play in the selection of safeguards are the

environment's climate, weather, and natural forces. Certain
detection sensor devices may not work well in extreme
temperatures and are vulnerable to floods and earthquakes.
Natural factors like the weather and climate can impact
security measures. For instance, some security devices may not
work well in extreme temperatures, and flood-prone areas may
require extra protection against water damage.

4. Crime

Crime patterns must be considered in selecting the necessary

countermeasures, Decisions should be preceded by a risk
assessment that includes a study on the nature, intensity, and
repetitiveness of criminal acts that have occurred in or near the
facility during the recent past.

The type and frequency of criminal activities in and around a

place should be considered when selecting security measures.
This involves studying past crimes in the area to determine the
best ways to prevent and respond to them. For example, if there
have been break-ins at a facility, adding security cameras and
stronger locks may be necessary.

Terrorism is also an important factor for certain facilities that

may be considered targets of terrorist groups such as airports,
tourist destinations, research laboratories and government
buildings.

Certain places, like airports, tourist destinations, research

laboratories, and government buildings, may be potential
targets for terrorist attacks. It is important to consider this
threat and implement appropriate security measures, such as
enhanced access controls, surveillance systems, and
procedures to detect and respond to potential threats.
Physical Barriers
A barrier is a natural or manufactured obstacle to the
movement of persons, animals, vehicles, or materials. It defines
physical limits to and delays or prevents penetration of an area
(POA Publishing LLC,2003).

It is impossible to build a barrier that cannot be compromised.

A clever and determined intruder with plenty of time, money
and imagination can quite possibly penetrate any structural
barrier. Hence, intelligently designing layers of barriers is
considered an effective measure to ensure physical security.
The idea is to cause as much delay as possible by designing a
series of layers, or concentric circles, so that highly protected
assets are within a configuration of multiple barriers.

A concentric protection of a high-security facility allows for

several rings of barriers, as explained by John J. Fay in his book
Contemporary Security Management:

“...The overall security scheme features several rings of

security that in the abstract look like a shooting target.

The outermost ring, which is at or on the far edge of the

perimeter, might be a clear zone in which the approach of
an intruder or intruder force can be seen by human and/
or electronic means. The next ring might be a wall or fence,
and then another wall or fence. Supplementing the walls or
fences might be guard posts, patrols, detection sensors,
CCTV cameras, and security lighting. The next ring might
be sentry-protected and electronically controlled doors to
a building or a complex of buildings.

Within the building might be another ring of security

consisting of access-controlled exclusion areas, and yet
another ring within the exclusion areas might consist of
safes, vaults, and similar containers, inside of which might
 be motion-detection devices. The theory operates on the
simple premise that an attempted intrusion will have a
lesser chance of success when multiple layers of
protection stand in the way." (Fay, 2006)

Advantages of Physical Barriers

1. Physical barriers become a psychological deterrence when
a potential intruder is discouraged from accessing a
facility because the barriers appear to present difficulties.
2. Actual difficulty in getting through physical barriers.
3. Reducing the cost of security staffing by substituting
barriers for people and placing security posts in locations
that complement barriers.

Purpose of Physical Barriers

1. To control the movement of people and vehicles into, out
of, and within the facility.
2. To segregate or compartmentalize sensitive areas.
3. To provide physical protection to objects, materials, and
processes of critical nature.

General Types of Physical Barriers

1. Natural Barriers include bodies of water, mountains,
marshes, ravines, deserts, or other terrain that are difficult
to cross.
2. Structural Barriers are man-made barriers such as fences,
walls, floors, roofs, grills, bars, roadblocks, or other
physical means. A structural barrier physically and
psychologically deters or discourages the undetermined,
 delays the determined and channels the flow of authorized
traffic through entrances.

Other Types of Physical Barriers

1. Human Barriers

The guard force as a human barrier is the key element in

any security system. Without it, all other protective devices -
mechanical, electrical or electronic - would be useless. The
electric device may sound the alarm, the CCTV may spot the
culprit, or the micro-computer may trigger a red button as a
sign of intrusion, but it is the guard who will respond and
initiate the needed security action.

2. Animal Barriers

The most common of animal barriers are dogs known as

the K-9 team. The number of dogs to be used relies on the size
and kind of installation being secured. The most popular breed
is the German shepherd. If trained correctly, the K-9 can detect
even hidden drugs and firearms, thus, their prevalent use in
sensitive entrances like airports, malls and public transport
such as the MRT.

Among rural residences, another effective animal barrier is

the goose barrier. It is common knowledge that geese are not
as ferocious as dogs, but they can easily call the attention of
their owners at the first sign of a would-be intruder through
their loud hissing sound.

First Line of Defense: The Perimeter Barrier

The usual starting point in assessing risk at a facility is the
perimeter. The major purpose of the perimeter as a barrier is to
deny access or exit of unauthorized persons.
Purpose of the Perimeter Barrier
● To define the boundary of the property to be secured
● To create a physical and psychological deterrent to
unauthorized entry
● To delay intrusion, thus facilitating the apprehension of
intruders
● To assist in a more efficient and economical employment
of guards
● To facilitate and improve the control of pedestrian ana
vehicular traffic

Types of Perimeter Barriers

1. Wire Fences (Solid or Full-View)
1.1 Chain Link Fence

● Must be constructed of 7-foot material excluding top

guard.
● Must be of 9-gauge or heavier
● Mesh openings are not to be larger than 2 inches per side
● Should be a twisted and barbed selvage at top and
bottom
● Must be securely fastened to rigid metal or reinforced
concrete
● Must be reached within 2 inches of hard ground or paving
● On soft ground, must reach below the surface deep
enough to compensate for shifting soil or sand.

1.2 Barbed Wire Fence

● Standard barbed wire is twisted, double-strand,

 ● 12 gauge wire with 4-point barbs spaced at an equal
distance apart
● Must be less than seven feet high, excluding top guard
● Must be firmly affixed to post not more than six feet apart
● The distance between strands must not exceed 6 inches
and at least one wire will be interlaced vertically and
midway between posts.

1.3 Concertina Wire Fence

● Standard concertina barbed wire is a commercially

manufactured wire coil of high strength steel barbed wire
clipped together at intervals to form a cylinder.
● Opened concertina wire is 50 feet long and 3 feet in
diameter

1.4 The Top Guard

● A top guard is an overhead barbed wire along the top of

the fence, facing outward and upward at an approximately
45-degree angle.
● Top guard supporting arms will be permanently affixed to
the top of the fence posts to increase the overall height of
the fence at least one foot.
● Three strands of barbed wire spaced 6 inches apart must
be installed on the supporting arms.

1.5 Clear zones

● A clear zone of 20 feet or more should exist between the

perimeter barrier and exterior structure, parking areas
and natural or man-made features.
● A clear zone of 50 feet or more should exist between the
perimeter barrier and structures within the protected
areas except when a building wall constitutes part of the
perimeter barrier.

2. Building Walls
 Walls, floors, roofs or their combinations serve also as
barriers and must be of such construction to provide uniform
protection just like the wire fencing.

Masonry walls' height must be the same that of the chain

link and surmounted by the barbed wire top guard, if the height
of the masonry is less than the prescribed, additional chain link
as "topping" is placed to attain the minimum requirements.
Walls can be made of stone slabs with posts at regular intervals
to prevent the wall from collapsing.

3. Bodies of Water
Bodies of water like rivers, lakes, marsh, ponds or other
bodies of water forming part of the wall, building or fencing
should never be considered an adequate natural perimeter
barrier. Additional security measures like wire fence, concrete
walling, security patrolling and floodlighting at night may be
necessary for the portion of the perimeter.

Second Line of Defense: Building Exteriors

Building surfaces such as walls, ceilings, floors and roofs
are not constructed primarily as security barriers, but they
have the potential to deter penetration. The following is a list of
building exteriors and their construction and vulnerability, as
discussed in the Asset Protection and Security Management
Handbook (POA Publishing LLC, 2003).

Roofs
The roof usually has sheathing placed over the rafters;
often horizontal wooden boards placed flush on the rafters.
Sheathing may be covered with felt or other insulating material,
and these foundation layers covered with shingles, metal sheet,
tar paper, tile or other weather-resistant material.
Exterior Walls
Exterior walls may be similarly constructed, with sheathing
placed diagonally on vertical studs and covered with sheathing
paper. This is usually topped with an exterior material such as
stucco, or siding composed of overlapping horizontal boards
or vinyl siding. Exterior surfaces of buildings constructed of
such materials as brick, concrete block, stone block, cinder
block or reinforced concrete offer greater resistance to
penetration than those made of wood.

Concrete Structures
An ordinary concrete building wall, because of its rugged
and formidable appearance, may give the impression that it
offers good protection against penetration, but may not.
Standard poured concrete or concrete block walls are utilized
to support structural loads or are used as curtain walls to
enclose spaces between load bearing walls, but are not
normally designed to prevent or delay penetration. Concrete
walls that are six inches or less in thickness are vulnerable to
penetration with hand tools and small amounts of explosives.

For example, bolt cutters can be used to cut the small-size

reinforcing bars (rebar) — usually number four or less —
sometimes used in four-inch-thick concrete walls. Four-inch
concrete walls are not load bearing, are used principally to
curtain spaces between columns, and offer little protection
against even moderate force.

Eight-inch-thick, reinforced concrete walls are found in all

types of structures. They are load bearing and cannot easily be
penetrated with hand tools alone. However, small amounts of
explosive, supplemented by hand tools can quickly penetrate
them. Walls thicker than eight inches are usually found in vault
construction.
 Standard concrete block walls, without reinforcing
material, are easily penetrated with hand tools, power tools or
explosives. The strength of these walls can be increased
materially by filling the hollow cores with concrete or by
installing rebar.

Floors
Wooden floors normally have flush sheathing covering the
joists diagonally. This surface may then be covered with
building paper and flooring such as tile, cork, rubber, linoleum,
or wood.

Floors may also be constructed of poured concrete, which

may be reinforced with steel rods. A concrete floor may be used
without any covering or may be covered with wood, tile,
linoleum, or carpet. The floor may be a concrete slab poured
directly onto the ground, or it may be on a foundation, raising it
above the ground and leaving a space underneath for an
intruder to penetrate the floor surface.

Interior Walls
Interior walls and ceilings may be constructed of lath and
plaster.

However, prefabricated sheets and panels of material

such as plasterboard have become, in recent years, a popular
method of interior wall and ceiling construction. The joining
edges of the material are sealed with paper or fabric tape and
are then sealed with a plaster covering. After installation,
surfaces constructed of such material resemble plaster.
Plywood or other types of wooden paneling may also be used
and are usually attached to the studs or rafters. The vertical
joining edges may be covered by narrow wooden strips.

Ceilings
 Ceilings may be covered with acoustic or decorative tile. It
is a common modern building technique to construct ceiling
plenums. that do not have security barriers between rooms and
areas. As a result, an intruder who can gain access to the
plenum space can work from there to achieve access to rooms
or spaces below.

Doorways
Doorways, including the frame, jambs and stops, are
constructed of either wood or metal. Doorways are of two
general applications: personnel and vehicular.

Personnel doorways, in both outer and inner building walls,

may be single or double. They are usually fastened by hinges to
the door jamb on one side and equipped with a latch and
perhaps a lock on the other side. Sliding doors and folding
doors may also be used. Folding personnel doors are ordinarily
installed in the interior of a building and are often intended to
deny visual rather than physical access.

Vehicular doorways may also serve as entrances and exits

for personnel. Double doors are often used because of the size
of the openinge. They may be hinged on the outside on jamb
edges and secured with a locking device where the inner edges
of the doors meet in the center. Siding or rolling doors, single or
double, may also be used. They may move horizontally or
vertically on tracks or rollers. Folding doors that fold in hinged
sections are another option. Regardless of the design or the
size, doors have weaknesses.

A door is often much weaker than the surface into which it

is set. Sometimes, the door is hollow core, or constructed of
comparatively thin wooden or glass panels between the rails
and stiles, and the panels may be easy to remove.
 The door frame may also be a weak spot if it is not
properly installed. If the frame is wood, it is usually installed by
nailing the doorjamb to the wall studs, after which the doorstop
is nailed to the jamb. If this installation is not correctly done, the
piece-by-piece construction may allow thin shims or levers to
be inserted so that the lock bolt can be disengaged. In addition,
most doors are installed by a carpenter, not a locksmith.
Carpenters are generally more concerned with the swing of the
door rather than the effective function of the locking
mechanism.

An all-metal door does not cause such a problem if properly

installed.

However, the door frame must be of sufficient strength that it

will not allow the door to be pried out of the frame or allow the
bolt in the lock to be released.

If not correctly installed, hinges may contribute to the

weakness of a door. For example, if hinges are surface mounted
so the mounting screws or hinge pins are exposed on the
exterior surface of the area being protected, intruders can
quickly remove the screws or pins and gain entrance by
opening the door from the hinged side and replace the door as
they leave. There would be no evidence of penetration if the
removal and replacement were done carefully. Hinges should
be installed so that the screws are concealed, and the hinge
pins are on the interior. The hinge pins can also be welded or
flanged to prevent removal. Surface-mounted hinges are
sometimes installed with bolts extending through the door.
Removal of these bolts is possible even from the bolt head side
if sufficient pull is exerted. The threaded end of the bolt can be
peened to eliminate this hazard.

Windows
 Windows are designed to provide ventilation, natural
illumination or visual access through a wall, or any combination
of the three. Most windows are equipped with clear glass and
can often be opened to provide access. Other windows, in areas
where it is necessary to deny visual access, are glazed with
frosted, pebbled or other opaque or translucent glass. Picture
windows or those installed in air-conditioned buildings are
permanently fixed in place. While they allow illumination and
visual access, they do not open to provide ventilation.

The weakest area in a window is usually the glass. An

intruder can easily cut out a section with a glass cutter, or the
glass may be covered with tape so it can be broken without the
broken pieces falling and causing noise. Because of the innate
vulnerability of glass to penetration, two products have been
developed to discourage forcible entry. One type, a
polycarbonate, is constructed of plastic material, while the
other has a special plastic laminate sandwiched between two
pieces of glass. Both products are highly resistant to impact
and give the appearance of ordinary glass. However, the
laminated glass is about twice the cost of tempered glass; the
plastic is a bit less costly than the laminated.

If they are not strengthened, standard windows may be the

weak link in the barrier protection in a structure. Because most
standard windows can be penetrated with hand tools in less
than a minute, additional protection, such as protective
coverings, grills or mesh, may be required for proper
protection.

Other Openings
In addition to doors and windows, a wide variety of other
openings in the roof, walls and floor may require consideration.
These include openings for shafts, vents, ducts or fans; utility
tunnels or chases for heat, gas, water, electric power and
telephone; sewers and other types of drains; and other small
service openings.

Various techniques and material can be used to give

added protection to surface openings.

Expanded metal, wire fabric and fencing may be utilized.

Steel bars or grills may be used to protect glass-paneled
windows or doors. Such bars should be spaced no more than
five inches apart. If they are round, their diameter should be at
least 1/2 inch; if they are made of flat steel, they should be at
least 1 × 1/4 inch in size. Steel grills that have 1/8 × 2-inch mesh
offer good protection. Both bars and grills must be securely
fastened so they cannot be pried loose; and if possible, they
should be installed on the interior surface.

If a door needs to be strengthened, it can be covered on

the inside with 16-gauge sheet steel, attached with screws.
Sound-reducing baffles can be installed in ducts to protect a
room or area from unauthorized listening.

Wire mesh, expanded metal or metal grills can be used to

secure chases and tunnels, locked in place to permit removal, if
necessary.

Third Line of Defense: Interior Controls

Establishing interior controls not only maximizes the
efforts of security guards. Such measures also allow or deny
access to facilities or areas within the facility, as well as track
the identity and times of entry and exit.

There are a variety of techniques to control access to the

interiors of a high-security facility. These may include
identification systems, commercial telephone services, inter-
communications, two-way radios, call boxes, paging and recall
systems, or even the more sophisticated coded card system
access. Other examples are enumerated below.

Locks
Installing locks on doors is the easiest line of defense
inside a facility.

It is the simplest way to impose physical restraint as well as

grant entry. It is the most widely used physical security device,
yet it is hardly foolproof. However, locks can also be vulnerable
to physical force. A key-operated lock can be picked, or its keys
can be duplicated illegitimately. Below are factors to consider
in using locks (Vellani, 2007).

1. Locks are only as good as the door, jambs, and walls

around them. A lock is therefore useless if an intruder can
simply kick a weak door to access a facility.
2. Key management is important when dealing with a
complete lock system. It is important to make sure that
only authorized personnel can obtain or make a key to the
lock.
3. All locks can be compromised by an expert in a very short
period of time. It is therefore wise to use locks together
with other security measures and as part of an overall
physical protection system.

Telephone Entry Systems

Telephone entry systems are commonly used in apartment
buildings and condominiums. They are typically located outside
the building, with a panel, handset, and touchpad. Each tenant
has a special entry code that a visitor dials. The tenant may
then release the door lock by pressing a designated key on the
residence phone. For added security, some systems add a CCTV
camera in the entry lobby with small monitors provided to each
occupant (POA Publishing LLC, 2003).

Identification System
Controlled entry into a business facility usually begins with
the identification of the person entering:

The identity of employees or visitors can be determined

through the following types of identification verification and
access control.

1. Guards can personally recognize or inspect the

identification of employees or visitors, and then formulate
a judgment of that person's validity.
2. Card reader systems can compare the coded
identification cards with computer records for authorized
personnel verification.
3. Biometric readers can use a person's physical property
(such as retinal pattern or fingerprint) to gain entry

Protective Alarms Sensors

Different types of protective alarms installed indoors or
outdoors complement and supplement physical barriers. These
systems are designed to alert security personnel to completed
or attempted intrusion into an area, building or compound.

Types of protective alarm systems include local alarm

system, auxiliary system, central station system and proprietary
system. These can serve the purpose of either substituting
other security measures for economic reasons or supplement
these security measures to provide additional controls.
 Sensors can detect when an intruder penetrates the
facility's boundary. It can also "sense" unexplained presence
within a zone or in close proximity to a protected object. When
the intrusion is detected the sensors are calibrated to activate
and cause an alarm to be sounded or a signal to be sent to a
monitoring station of a protected facility (Fay, 2006).

Sensors can perform three main functions. They can

detect intruders, such as when it reacts to the intruder's motion,
sound, or body heat. They can also open a portal, such as when
it validates the inputted card key to open a door. Finally, a
sensor can turn on a device, such as when it reacts to
movement and automatically turns on security lights.

Sensors are more economical compared to the cost of

labor. They are accurate and reliable when properly installed,
calibrated and serviced. However, the reliability of detection
depends on several factors such as an intruder's size, speed,
strength and direction of movement and distance to the sensor.
The intruder who uses very slow & stealthy movements in the
right direction will make it difficult for the sensor to detect his
presence.

Protective Lighting
Protective lighting is designed to illuminate the perimeter
barrier and the outside approaches of an area. A threat cannot
be detected, either by camera or in person, if there is no light.
Lighting can also serve as deterrence since a threat is more
likely to attack an asset in relative darkness than in bright light.

Purpose of Protective Lighting

● To provide sufficient illumination to an area during hours

of darkness
 ● To improve visibility in order to easily spot, identify and
even apprehend intruders
● To present psychological fear
● To serve as deterrent to thieves, pilferer, trespasser, and
saboteurs

General Characteristics of Protective Lighting

● It is relatively inexpensive to maintain

● It may reduce the need for security forces
● It may provide personal protection for security forces by
reducing the element of surprise by the intruder
● It requires less intensity than working light

Types of Protective Lighting

1. The stationary luminary is the most common type consisting
of a series of fixed luminaries.

● The glare projection type produces bright white light with

its intensity focused on the intruder who is made highly
visible but unable to easily see what lies ahead. Glare
lighting also adds protection to security officers posted
behind the light source.
● Controlled lighting is focused on certain objects
rather than the background.

2. The standby lighting provides continuous illumination of

a protected area during the hours of darkness, but it can
be turned on manually or by special device or other
automatic means.

3. Movable lighting can be stationary or portable and consists

of manually operated searchlights. It may be lighted
continuously during hours of darkness or only as needed. It can
supplement or temporarily replace other types of security
lighting.

4. Emergency lighting is a standby lighting that can be utilized

in the event of electric failure, either due to local equipment or
commercial power failure. The power source of emergency
lighting is usually a backup generator or an arrangement of
batteries. Lamps mounted in a stairwell that automatically light
up during a fire fall into the emergency lighting category.
 PERSONNEL SECURITY

Refers to the procedure followed, inquiries conducted, and

criteria applied to determine the work suitability of a particular
applicant or the retention of a particular employee

Among the major threats confronting an organization are

crime and employee misconduct. In fact, internal theft
surpasses the losses that can be attributed to robberies, theft,
frauds and other criminal acts committed by outsiders. At the
same time, both substandard job performance and
inappropriate behavior of employees can result in potentially
lawsuits and loss of business.
It is the employer's duty to maintain a safe and secure
working environment. Employers conduct pre-employment
background checks of job applicants in order to protect
existing workers, guests, and the public from the harmful acts of
employees. Harmful acts committed by prospective employees
cover a wide number of criminal acts, such as murder, rape,
assault, and drug dealing, as well as safety violations that injure
and kill. Job applicants with a potential to commit harmful acts
can be filtered out of the hiring process through
pre-employment investigations.
An employee with legitimate access to corporate systems
also has the potential to wreck the organization's reputation by
simply using a USB memory stick or a webmail account to steal
confidential information. Personnel security measures can
prevent such kinds of employees from exploiting their legitimate
access to company assets for unauthorized purposes. Those
who seek to exploit their legitimate access are termed "insiders."
They can execute several forms of criminal activity, from minor
theft to terrorism. Company policies and procedures should be
put in place to try to minimize the risk.
Employees who may exploit their legitimate access for
unauthorized purposes may include rebellious individuals,
members of activist groups, journalists, competitors, those with
links to organized crime or even those involved in terrorism.
Through effective personnel security measures, the
organization will be better able to employ reliable people,
minimize the chances of staff becoming unreliable, and detect
suspicious behavior and resolve security concerns once they
emerge.
Many organizations use security measures solely in the
recruitment process, but personnel security should be
maintained throughout the time of employment. Although it is
the management and the human resource personnel who are
tasked to oversee the enforcement of proper employee behavior,
security personnel have an important role in developing the
necessary policies, standards, guidelines and procedures. They
should also assist in developing training programs that will help
the organization handle situations in case security incidents
occur.
The Centre for the Protection of National Infrastructure
(CPNI) is a government agency that protects the United
Kingdom's national security by providing protective security
advice. It has published guides on Pre-Employment Screening
(CPNI, 2011) and Ongoing Personnel Security (CPNI, 2010) to assist
UK-based companies in personnel security management. These
guides will be used here and adopted to the Philippine setting
to discuss key elements on personnel security.

Purpose of Personnel Security:

✔ To identify security measures in proportion to the risk

✔ To reduce the risk of employing personnel likely to present a
security concern

✔ To establish that applicants and contractors are who they

claim to be

✔ To close down opportunities for abuse of the organization's

assets

Pre-Employment Screening
Personnel security measures are usually undertaken
during the recruitment process. This is because companies
believe that it is better to spot dangerous or dishonest
individuals before they are hired. This means that the human
resource department should not simply trust the correctness of
information written in a very impressive resume. Hence, a
proper background employment screening on job applicants
must be carried out.
Apparently, companies in financial services have 'long
been carrying out such background checks, and only recently
have other industries followed. Such an interest could be
attributed to the rising instances of applicants who lie on their
job applications (Condon, 2010). Many of these lies might be
considered trivial, such as exaggerating the responsibilities of a
job role, or making educational qualifications look more
impressive. Nevertheless, these small lies are suspicious enough
when evaluating the character of a prospective employee who
will be handling high security functions if hired.
Through pre-employment screening the credentials of job
applicants and their preconditions for employment are verified.
These checks should establish whether the applicant has
concealed important information or otherwise misrepresented
himself. The objective is to collect information and use that
information to identify individuals who present security
concerns.
The pre-employment screening should include checks on
the following:

✔ Proof of identity and address

✔ Details of education and employment

✔ Criminal records check

✔ Financial check

✔ Checking of at least two-character references

PRE-EMPLOYMENT SCREENING POLICY CHECKLIST (CPNI, 2011)

1. Make pre-employment screening an integral part of the
recruitment process.
2. Ensure that applicants are informed in writing that any
offer of employment will be subject to the satisfactory
completion of pre-employment screening checks, whether
or not the individual has already been granted access to
the site.
3. Ensure that the screening processes are legally compliant
at all stages (including the wording of application forms).
4. Involve all the relevant departments in the organization,
and ensure they communicate and share data effectively.
5. Identify the specific office responsible for the pre-
employment screening process.
6. Incorporate specialist businesses into your strategy if
appropriate.
 7. Ensure that the application form requests all relevant
information, including consent for further checks, and
outlines your screening policies.
8. Establish decision making guidelines for consistent and
transparent judgments about information.
9. Have a clear understanding of the thresholds for denying
someone employment.
10. Be clear about how fake or forged documents will be dealt
with.
11. Collect data on the results of the pre-employment
screening process (e.g. incidence of false qualifications or
criminal record).

APPLICATION FORM
Using a standardized application form to be completed by job
applicants requires them to provide all relevant information and
confirm its correctness with a signature. The form should
include a provision that pre-employment screening will be
carried out. By signing the form, the applicant provides consent
for background checks to be undertaken. It should also include
a clear statement that lies of omissions are grounds to
terminate the hiring process or employment even if it is
discovered when the applicant is already hired. Such
statements in the standardized application form not only
protect the organization legally; they also serve as deterrent to
the applicant signing the document.

INTERVIEWS
The job interview portion of the application also helps in the
screening process because it provides an opportunity to
discuss the candidate's suitability for employment. This
interview is important because:
✔ A face-to-face discussion encourages applicants to be
honest.

✔ It allows the employer to clarify information in the application

form, ask for other information not covered in the
application form, and probe candidates about their
responses.

✔ It also provides a good opportunity to add to the overall

assessment of the applicant's reliability and integrity.

IDENTITY VERIFICATION
Verifying the applicant's identity is a critical measure in the
screening process. In fact, other measures in the screening
process should only come second after the applicant's identity
has been satisfactorily proven. The key is to verify that the
individual is not committing fraud by using false identities.
There are four main reasons why individuals use false
identities:

✔ To avoid detection - Individuals like crooks, terrorists or

wanted criminals may wish to remain anonymous or
undetected.

✔ For dishonest financial gain - This involves individuals who

have ill intentions to commit credit fraud or unqualified
applicants who falsify educational qualifications to obtain
employment.

✔ To avoid financial liability - This includes individuals who

have failed to pay debts and are avoiding financial liabilities.
✔ To legally obtain genuine documents - such as passports by
using false 'breeder' documents (ie. those documents
required to obtain passports, such as birth certificates which
can have few or no security features).
These reasons show how some individuals will claim false
qualifications in their resumes and application forms, possibly
to get unauthorized access into an organization's assets. These
also highlight the need to authenticate documents submitted
by the applicant and verify the information provided.
The purpose of verifying identity is to ascertain the
correctness of the information they have given about
themselves by:

✔ Determining that the identity is genuine and relates to a real

person.

✔ Establishing that the individual owns and is rightfully using

that identity.

One method of verifying identity, which is called the

paper-based approach, involves requesting original documents
such as those that corroborate the applicant's full name,
signature, date of birth and full permanent address. Ideally,
such documents should possess the following characteristics:

✔ Issued by a trustworthy and reliable source

✔ Difficult to forge

✔ Dated and current

✔ Contains the owner's name, photograph and signature

✔ Requires evidence of identity before being issued

A second method called the electronic approach involves

checking the applicant's personal details against external
databases. This method requires checking and
cross-referencing information from databases such as criminal
records or credit reference agencies. By searching for records
associated with the name, date of birth and address provided, it
is possible to build a picture of that individual's past and
current life. Tracking such history indicates that the identity is
more likely to be genuine. On the other hand, if searches result
in a history that lacks detail or depth, it is possible that the
identity is false.
When such database checks are able to confirm that the
identity does exist, it would also be necessary to test whether
the individual truly owns this identity by asking questions that
could corroborate information about the identity. Testing the
individual's knowledge of the identity is as important as
establishing that the identity exists to prevent the hiring of an
applicant who simply stole the identity of someone who is
actually qualified to perform an important position in the
organization.

QUALIFICATION AND EMPLOYMENT CHECKS

A qualification check involves the verification of
information regarding educational or professional
qualifications, while an employment check involves the
verification of the applicant's employment history in terms of
dates of employment and position. The purpose of such
confirmations on the applicant's qualifications and previous
employment is to help the employer in evaluating the
candidate's reliability and integrity. It also helps to discover
whether applicants are hiding negative information such as a
criminal record or dismissal from previous employment for
suspicious reasons.

The qualification check should confirm the following

information:

✔ The establishment attended

✔ Course dates

✔ Title of the course

✔ Grades/marks awarded

The employment check should verify the following information:

✔ Dates of employment

✔ Positions held

✔ Duties

✔ Salary

✔ Reason for leaving

✔ Any employment gaps

MEDIA SEARCHES
 Media searches involve the evaluation of an individual
based their online reputation. It includes searching for what
they say or what others say about them on the internet. This
could be a useful tool if the position to be filled up involves
access to sensitive material that the applicant might
compromise. For example, if the position requires working
closely with several TV and movie personalities, it would not be
ideal to hire an individual who enjoys heavy gossiping in social
media sites. on
Media searches can also help verify identity, confirm or
resolve concerns about suspicious behavior, or establish how
security aware the applicant is. An individual who posts photos
of drunkenness in parties and allows public viewing of such
photos could indicate poor judgment, especially if the position
being applied for involves working in a religious foundation or a
prominent conservative politician. Potential conflicts of interest
may also be identified, such as being personally related to the
owner of a competing business.
There are risks, however, in using media searches.
Employers might obtain information about someone with the
same name as the applicant. It is also possible that the positive
information available online were staged by the applicant in
order to appear qualified. Third party views or opinions about
the applicant are also not completely reliable, especially if these
cannot be verified to be true.

ONGOING PERSONNEL SECURITY DURING EMPLOYMENT

Personnel security is a system of policies and procedures
that manages the risk of staff or contractors exploiting
legitimate access to an organization's assets or premises for
unauthorized purposes. It is important to distinguish between
this and personal security, which seeks to reduce the risks to
the safety or well-being of individual employees.
PURPOSE OF ONGOING PERSONNEL SECURITY (CPNI, 2010):

✔ To minimize the likelihood of employees becoming a security

concern.

✔ To implement security measures in a way that is

proportionate to the risk.

✔ To reduce the risk of insider activity, protect the

organization's assets and, where necessary, carry out
investigations to resolve suspicions or provide evidence for
disciplinary procedures.

IMPORTANCE OF ONGOING PERSONNEL SECURITY

Insider activities are those that exploit an employee's
legitimate access to an organization's assets for unauthorized
purposes. This is a potential threat for organizations that could
have possibly hired terrorists, intelligence service agents,
discontented employees, or journalists and activists seeking to
damage the organization's reputation. Numerous companies
already had serious losses because of insider acts such as
fraud, theft, corporate espionage and even terrorism. But the
more common insider activities include those that involve
unauthorized disclosure of information and process corruption.
For example, a finance employee might be receiving money to
illegitimately alter an internal process in order to benefit certain
clients.
It is difficult to clearly establish an insider's motivation. It
could be a combination of factors such as political or religious
ideology, revenge, notoriety and financial gain or even fear or
coercion from an external pressure. An outsider seeking to gain
access might hire insiders to get a company's sophisticated
physical and IT security
An employee might not have malicious intentions initially
when hired, but attitudes change either gradually or in
response to events and circumstances. The employee who has
proven to be honest and dependable for a few years could
possibly change loyalties after acquiring sensitive information
about the organization.
As with physical security, so single set of countermeasures
can guarantee protection from serious threats. Ongoing
personnel security is critical to counter threats considering that
the human factor could quite possibly be the weakest link in the
organization's security chain.

SECURITY TRAINING AND AWARENESS

Security training and awareness programs provide an
opportunity for old and new employees to gain necessary skills
to perform their responsibilities within the organization's
security network. These programs may include the orientation
for new employees or other activities for existing employees
such as workshops, scenario-based role-plays, briefings,
intranet or magazine articles, posters, meetings, focus groups
or quizzes. The goal is to encourage them to accept personal
responsibility for security and equip them to make judgment
calls that procedures cannot always predict.
To achieve these objectives, trainers and security
personnel should consider the following points (CPNI, 2010).

✔ Encourage staff to see those in security as friendly and

approachable. Provide a contact number or email address
for reporting security concerns.
✔ Demonstrate unconditional support for the security policy
(particularly from management).

✔ Explain the organization's security policies openly. If there

are some areas that are more sensitive than others and
where access is restricted this should be clearly stated.

✔ Give employees a realistic picture of the threats to the

organization.

✔ Encourage cultures which resolve and correct rather than

focus on establishing blame. Avoid exaggerating the risks
and threats faced by the organization to gain more
credibility.

✔ Avoid making false claims about security to frighten

employees into compliance.

✔ Provide regular refresher trainings to incorporate new

security procedures in order to help maintain standards and
ensure that employees understand why these are important
to follow.

ADDRESSING BEHAVIORS OF CONCERN

Managers play a key role in addressing negative behavior
and ensuring that security measures are followed. Managers
sometimes fail to act on poor performance and this could
worsen the problem because other employees might become
dissatisfied for compensating on their co-worker's poor
performance. Another negative result is when employees
assume that poor performance is acceptable and follow that
example.
 If there is reason to be concerned about an employee'
performance or behavior, the manager may resort to an
informal interview to clarify or address issues to prevent the
problem getting worse. An informal interview can be initiated by
asking open questions like, "How have you been finding your job
lately?" or "how is the project going so far?" If there are serious
concerns, the manager could uncover innocent explanations
such as:

✔ Personal issues like marital problems, bereavement or illness

✔ Work difficulties which may be causing tension, such as

friction between colleagues, disillusionment, boredom or
dissent

✔ Possible conflicts of interest which may affect the employee's

engagement with their work, such as ethical concerns
If there is a clear breach of security policy or if further
evidence of wrongdoings emerges, those responsible for
personnel security should be informed so that they can conduct
further investigation.

CONTROLLING EMPLOYEE ACCESS

Organizations usually use access controls as physical
security measures against outsiders. Similar considerations
should be used to prevent or minimize the risk of individuals
with legitimate access engaging in insider activities.
One measure is to require employees to wear security passes.
There should be no exceptions, even for senior management,
security staff or visitors. When an individual gains access to
sensitive areas without an appropriate pass, employees are
encouraged to challenge this individual for suspicion of
security breach. In addition, the security system should be
periodically tested to ensure that personnel without the
appropriate pass will not easily gain access.

SCREENING FOR THE INSIDER THREAT

Insider attacks can cause significant damage to an
organization. Big organizations might rarely encounter threats
of insider activity, but they should nevertheless be prepared by
establishing an effective screening regime. There is no clear
pattern that can help detect insider threat because the
personality, motivation and behavior of insiders can be
extremely varied.
The insider could be the administrative assistant who
decided to exploit his access to expensive equipment once in
post, even though he had no prior intention of doing so. He
could be the public relations staff who was recruited by an
investigative journalist to take advantage of his access to
sensitive information that could destroy the organization's
reputation. He could even be the elevator maintenance crew
who is secretly connected to a terrorist group and deliberately
applied for the job with the intention to gain access to highly
secured areas in the office.
Screening employees to determine their vulnerability to, or
active involvement in insider activity involves identifying those
people who give cause for concern by demonstrating suspicious
behaviors or possessing individual vulnerabilities. After
identifying individuals who may give cause for concern, it is
important to find a way to resolve or manage those concerns. It
is important not to overreact but to take swift, proportionate
action in order to avoid any escalation. It is equally important
not to diagnose insider activity where none exists, so
organizational procedures should always be followed, to ensure
that the correct steps are taken in each instance (CPNI, 2010).
EXIT PROCEDURES
An employee who leaves an organization could possibly
have considerable knowledge about its assets, operations and
security vulnerabilities. If the reason for the employee's
departure is not amicable, he might maliciously give sensitive
information to the organization's competitor. A thorough
procedure on personnel departures is therefore critical to
ensure that appropriate actions are taken to protect the
organization without unnecessarily disrupting the relationship
with the departing employee. Standard procedures could
include changes in the combinations for secure cabinets,
termination of IT accounts, or changes in generic passwords
and remote access codes so that an employee will no longer
have access when he leaves the organization.
When an employee leaves, the organization cannot
guarantee his loyalty especially if he left feeling badly treated,
ignored or unappreciated. They would possibly not feel guilty
about damaging the organization or give away sensitive
company information. Exit procedures can be the appropriate
measure to limit this employee's propensity to be disloyal.
As soon as managers become aware that an employee is
leaving the company, they should assess and manage the risk
that this individual may pose. The manager should consider the
following:

✔ Is the employee leaving voluntarily or as the result of a

disciplinary process or redundancy?

✔ If the employee is not leaving voluntarily, what is the reason

for the dismissal?
✔ Where are they going to work for next? Would they be
working for the competitor?

✔ How sensitive is their role and their access to organizational

assets?

After assessing the risks, the following are the manager's

options depending on the employee's contract:

● Allow the employee to carry on working during their

contractual notice period and retain their usual access to
the organization's assets. This option could provide the
employee with an opportunity to abuse his access and
damage the organization and should therefore be used
only if there is no risk.
● Allow the employee to work their contractual notice period
but with reduced access to assets (for example, using
additional supervision or by allocating lower-level IT
access). This is generally considered the best course of
action. If an employee is leaving to work for a competitor, it
may be appropriate to remove his access to commercially
valuable information.
● Ask the employee to leave immediately - possibly under
supervision to prevent any unauthorized act while still on
the premises - and not to return for the duration of their
notice period. This could apply to employees who had
extremely sensitive positions. This is likely to cause ill
feelings with the employee and should therefore be
handled with caution.

Exit procedures should also include the return of all assets,

access tools and identifiers that belong to the organization.
These may include:

✔ Uniforms
✔ Security passes and/or identification cards

✔ Mobile phones

✔ Company credit cards

✔ Any unused personal business cards

✔ Keys to secure/storage areas

✔ Tokens for access to electronic systems

✔ Any books, papers or commercially sensitive documentation

✔ Laptops and other remote working equipment such as flash

drives

✔ Security containers such as security briefcases

The following additional steps should also be considered

to reduce the employee's access to assets:

✔ Selectively or completely blocking the employee's user-IDs to

prevent systems access

✔ Changing passwords to common systems

✔ Making sure that measures are in place to protect the

organization's electronic systems from malware or hacking

✔ Selectively or completely blocking the employee's security

pass to prevent physical access
✔ Changing door codes to common areas

✔ Changing combinations to storage areas, where the value of

the assets merits it

✔ Cancelling the employees signature authority, credit card

and expense accounts and ensuring that all relevant parties
are notified

✔ Where necessary, issuing instructions to security guards

regarding the employee's future access to the premises

THE EXIT INTERVIEW

By and large, the exit interview is done with employees
about to leave the company in order to help identify problems
contributing to employee turnover. The employee's experiences
and reasons for leaving may suggest needed changes and open
the eyes of the management to adopt a course of action that
will improve the morale, improve the working conditions and
increase efficiency. Expanding the questions by including
security questions can be an effective source of information
about loss.
As a security measure, the exit interview is an opportunity
to:

✔ Remind the employee of his obligations and organizational

codes of conduct concerning access to assets like
intellectual property.

✔ Obtain all passwords or encryption keys for files the

employee has been working on so that they can be changed
accordingly.
✔ Recover as many of the organizational assets, access tools
and identifiers as is reasonable at the time.

✔ Ask the employee if they have any comments/observations

about the strength (or weakness) of the security culture,
measures and procedures in place within the organization.