printer friendly version

Secure by Design

Rob Anderson’s new book, Secure by Design: A Guide to Residential Estate Security, is a very welcome and necessary handbook on the South African electronic security scene. Not since the 2013, third edition, publication of the Consumer Goods Council of South Africa’s Recommended CCTV Industry Guidelines, has there been a more useful guide.

Not only has the past decade seen a surge in reported crime, but the perceptions of crime in South Africa have also played an important role in the continued fast pace of the development of residential estates and in many areas of our country, ‘gated’ suburbs. This growth has, of course, seen a concomitant growth in the number of security services and products serving these markets.

The growth of the latter and the recent harsh economic realities of our country, have seen the blossoming of many registered and unregistered security service providers providing, at best, questionable levels of quality advice and service in the electronic security environment, which they offer at cut-throat prices; the Afrikaans idiom, ‘goedkoop is duurkoop’, springs to mind here.

Being an electrical engineer by profession, with more than 20 years in the security industry, Rob approaches his topic from a practical perspective; the guide’s content is almost equally split between ‘theory’ and ‘practice’. The aim of Secure by Design is to educate all parties, whether security service providers, homeowners, or body corporate board members and provides a good basis to do so.

Perhaps the best approach, in a review such as this, is to list some of the contents of the publication and hope that it elicits the desired level of salivation by the reader.

Secure by Design has three Parts, covering a rather comprehensive and delightful number of subject areas:

Part 1 – The Principles of Security Engineering

1.1. Basic Security Concepts

1.1.1. The Crime Triangle

1.1.2. Crime Prevention Through Environmental Design

1.1.3. Risk Assessment and the CPTED Audit

1.1.4. Intelligence and Information

1.1.5. Investigation and Reporting Tool (the 5W1H)

1.1.6. The 5 Ds in Security

1.1.7. The Game of Numbers

1.1.8. What is Cyber Security and why should we be worried?

1.2. The Generic Solution

1.2.1. Guarding Staff

1.2.2. Electronics

1.2.3. Data/Cyber Security

1.2.4. Intelligence

1.2.5. Monitoring and Control

1.2.6. Security Management

1.2.7. The Audit Process

1.2.8. Entrances and Access Control

1.2.9. Perimeters and Detection

Part 2 – A Guide to Control Rooms

2.1. A Structured Approach

2.2. Defining Requirements

2.3. Engineered Approach

2.4. Key Components and Technologies

2.5. The Control Facility Spaces

2.5.1. General

2.5.2. Equipment Room

2.5.3. Administration and Management Offices

2.5.4. The Control Room

2.5.5. The Desk and Workstation Layout

2.5.6. Drawings and Sketches

2.5.7. Disaster Management

2.6. Putting the Ideas into Practice

2.6.1. Finance

2.6.2. The Construction Project

2.6.3. The People

2.6.4. Staff Hierarchy

2.6.5. Interpretation of Data

2.6.6. Managing the Control Room

Part 3 – Putting Principles into Practice

3.1. The Risk Assessment

3.2. Developing a Security Plan and Operating Procedures

3.2.1. How to Make a Plan

3.3. Security Plan

3.4. The Emergency Response Plan

3.4.1. Possible Emergency Events

3.4.2. Emergency Plan Procedures Outline Templates

3.5. Medical Emergency

3.6. Fire Emergency

3.7. Bomb Threat Emergency

3.8. Hostage Emergency

3.9. Armed Robbery Emergency

3.10. Civil Unrest

3.11. Extreme Weather Emergency

3.12. Applying CPTED and Undertaking a CPTED Audit

3.12.1. Design Principles

3.12.2. Considerations

3.12.3. Understanding the Concepts

3.13. CPTED Audit Template

3.14. The Standard Orders and Procedures Document

3.15. Access Control Schedule

3.16. Security Audit Checklist

3.17. References

Most appealing for me is Rob’s drawing together the various elements of a well-thought-out security programme, with a focus on the risk assessment as the cornerstone. He looks at the three component aspects of a properly considered security risk management system – the three Ps: People, Products (technology) and Paperwork (risk assessment, plans, procedures, etc.) which inform the design and selection of appropriate risk mitigation measures. The failure of far too many security risk management programmes is rooted in the absence of a properly conducted security risk assessment and a siloed approach to implementing and managing the risk mitigation measures.

Another big plus for me is the short section ‘The People’, buried away about halfway through the guide. It would be great to see a bit more comprehensive guidance on this, as people failures are a large cause of electronic security systems failing to perform optimally. However, I understand in taking a dig at Rob, that people and engineers don’t always get on well together.

A further useful aspect is the provision of several document templates to aid those people establishing or wishing to improve the documentation of their security management system. In my experience, basing a set of procedures, etc. on a Quality Management System such as the ISO 9001 QMS standard, is very useful and enhances the level of the security service, if conducted properly.

It is very pleasing to see that the important aspect of cybersecurity and data/privacy is covered in this guide, because it is still ignored in far too many instances. However, I believe that a bit more space should have been given to the legal aspects, such as those contained in the Protection of Personal Information Act, No. 4 of 2013.

Indeed, perhaps a future edition could list the legislation which applies to electronic security and the data collected and stored by an estate’s security services and offer guidance as to whom, between the estate’s governing body, management and security service provider/s is responsible for which aspects of cybersecurity and data/privacy protection. Allied to this would be some guidance of the principles of ‘secure design’, given that many networked devices (IoT – Internet-of-Things) used in electronic security are still not sold with acceptable levels of built-in security.

Another opportunity for improvement in my view, would be to list in the References section, a comprehensive selection of relevant standards, such as those published by the various standards development organisations, for ease of reference.

The final analysis: A ‘must-have’ for those who have an interest in implementing or reviewing their electronic security systems as an integral aspect of their estate’s professionally run security risk management programme.

For more information on obtaining Secure by Design: A Guide to Residential Estate Security, got to www.robanderson.co.za

Bruce Robertson.

Bruce Robertson is a security governance and management consultant in the converged security field, with 35 years’ experience in the Police Crime Intelligence, corporate and private security environments (the latter in the EMEA context). He is a member of, inter alia, SABS/TC 0068 ‘Electrical and electronic security systems’ and SABS/TC 0001/SC 40 ‘IT Services Management and IT Governance’ (also serving as a SABS representative on ISO/IEC JTC 1/SC 40) and follows the activities of the major foreign regional and national standards development organisations in this regard. Bruce is a past chairman of the South African Institute of Security (SAIS).

Share this article:

Further reading: