printer friendly version

Getting the basics right from the start

Secure by Design is a term that has become so popular these days it is almost a cliché. But there is a real need for integrating security into all design processes, whether you are developing an application, a surveillance camera, access control reader, or even a simple sensor that sends bits of information from far away.

It is important to keep in in mind that to design a successful electronic security solution for any client, one has to understand the risks the client faces. These risks are the most important factors to keep in mind when designing any type of solution. The risks can vary from the location of the client’s premises to the type of goods being manufactured or services delivered and so forth. Additionally, one has to identify the type of threat the client has to deal with.

• Identify the risk.

• Accept the risk.

• Transfer the risk.

• Eliminate the risk.

• Mitigate the risk.

Once the client’s exact requirement has been established and proper site surveys have been done, the integrator can recommend the types of equipment and measures to implement. Proper network and equipment positioning, planning and drawings need to be done and cable routes must be identified. Thereafter, the installation can occur, and standard operating procedures implemented. Once the risk has been defined one can start with the solution:

• Identify assets to be protected.

• Layers of protection.

• Utilise mitigations and controls.

Planning the solution

At a basic level, the client’s risks can be identified as:

• Perimeter breaches.

• Building safeguarding.

• Internal breaches and/or IT security.

Perimeter

Perimeter access is defined as controlled or authorised access and unauthorised access. For controlled access, the client should already have a physical barrier, such as a wall or a type of fence in place. To enhance the controlled access, the client might require access control at the entrances, which then includes turnstiles and boom gates. These can be operated by a proper access control system, such as card and/or biometric readers and by implementing a visitor management system. Usually, these access points are manned.

Unauthorised access will not usually happen through the normal access points; however, it is possible to tailgate through booms and also force guards to provide access. To prevent unauthorised access, or at least be notified when it occurs, can be done by combining an electric fence system and a CCTV system with intelligent analytics as an early warning system. These systems need to be monitored by a control room, onsite or offsite, which are alerted by intelligent triggers generated by the various systems or a fully integrated system.

Building protection

As before, the client has to share the risks for the integrator to fully understand and develop a workable solution. Should illegal access to the building be detected, it means the perpetrator has already breached the perimeter, which means the risk is now internal. The implementation of electronic security must, in this case, focus inwards. A proper internal access control with CCTV must be installed to record staff access and movement.

Should the threat be external, the same basic rules used to safeguard the perimeter apply. The physical security, such as burglar proofing and security doors, need to be in place and complemented with access control measures and CCTV, which must make use of intelligent analytics and be properly monitored.

IT protection

Software and data are extremely valuable, consisting of intellectual property rights, pricing, client lists, etc. An IT specialist should be consulted for firewalls and other cybersecurity solutions to be implemented.

Share this article:

Further reading: