Plan Ahead and Cut Your Losses

How to perform a site security survey and build a vulnerability/impact/risk matrix

Risk management is not about eliminating risk but managing it and being prepared to deal with security failures through resiliency. A site security survey and a vulnerability/impact/risk matrix can help integrators aid customers in reaching better business decisions relative to existing and new security video technology. After all, there is a diversity of potential security threats, including accidents involving employees and visitors, natural disasters, data loss, fraud, intellectual espionage, vandalism, threats to people, physical theft and brand and reputation attacks.

Many security operations already collect a myriad of data related to security incidents as well as link the data to specific security programs. They report and log:

- Number of security incidents in the past 12 months
- Types of security incidents
- Primary methods used in security incidents
- Likely sources of security incidents
- Security incidents' impact on the organization
- Estimated individual and total financial losses as a result of security incidents
- Manner in which the organization learned of security incidents
- Total downtime over the past 12 months as a result of security event

Depending on what comes out of the site security survey and then is applied to the vulnerability/impact/risk matrix, there may be the need and justification for spending on additional products and services.

Track what needs to be done

A site survey can make it easier to see exactly what needs to be done to control access and surveillance within and outside a facility. The survey provides a way to obtain answers and plan a course of action. Often, by focusing on the right actions, an enterprise can make major improvements at a cost lower than expected. A site survey will find out what is right and what is wrong with a facility's perimeter and internal physical security, including electronic access control, intrusion detection and security video.

One survey benefit is identifying security gaps. Without looking at the overall picture, security can fall into the trap of short-term fixes such as repairing an individual door that doesn't close properly or throwing up a camera based on increases of vandalism in a section of a parking lot. Putting out these fires may not do much to improve overall security nor help with a master plan of growing security systems in the right ways. A good survey will spot six elements:

Description of the facility or campus. Articulate a clear and concise understanding of the purpose of each facility and its integration to other buildings. The ability to secure a facility depends in large part on its function.

Existing systems. A comprehensive survey should note the location of every security component, such as card readers, cameras and intrusion detection devices.

Communications infrastructure. In these days of IP-based security systems, a comprehensive site survey should document the configuration, availability and capacity of existing communications networks. IT must play a survey role.

Regulatory requirements. In some instances, a site survey lets the security team compare the existing security program against regulatory and compliance requirements.

Power availability. The access and security video camera points surveyed need power. In addition, remote locations and new locations have power needs, too.

Site preparation. The survey team also should look for conditions that may impede or preclude the effective use of an electronic security system.

With that information written down, a survey tour will be more efficient. Armed with a clipboard of survey forms and digital camera, walk outside and around the various building perimeters to get a better understanding of how the enterprise is laid out from a security perspective. Think of it is an onion with an outer layer and inner layers leading into the center or multiple centers with the most important assets protected.

This content continues onto the next page...