Here's How Real Security Systems Should Be Designed

Author: Carlton Purvis, Published on Nov 13, 2013

One of the best books in our industry is Mary Lynn Garcia's Design and Evaluation of Physical Protection Systems where she expertly argues for rigorous security designs rather than the all too common technique of throwing up devices and hoping to deter adversaries. In this special interview, we speak with Garcia about her approach and how to practically apply it.

Security System Golden Formula

*** ******* *** * **** ******** ******, ***** ** ******** in *** ****, **** ********* **** ****:

********** *** ****** ***** **** ** ***** ** ******** ** asset. * ******** ****** ****** **** *** *********** ** ********* high ****** *** *** ***** ** ** ******** **** ****** to ***** ** ************ ********** **** ** *******. *** ***** design ********* ** **** "***** ******* ********* ** *** ********* (i.e., ******** **** ** ******* ** ***** **** *********** ** detection ********** ***'* ***** ********* **********)," *** ****. 

** ****** **** *** ***** *** ************ **** **** **** formula *** *** ************* *** **** ** **** **** *** size **********.

Know *** ***** *** *** ****** ** *******

“** ** * **** **** ********** *** **** ** **** at **** ******* *** ***** ** **** *** *** **** of ********* **** *****,” *** ****. * **** **** ********** clearly ******* *** ***** *** *** ****** ** ******* *** the ************ ** ****** ******* ** **** *****.

Know *** *** ** ****** *** **

“***** ** * ************ ******* *** ******** *** *** ******* you *** ****** ** ***** ... *** **** ** **** at *** *********** ** ****, **** *** **** ** ****** the ********* **** *** ****** ** ** ****** ***** **** asset*** **** **** ****** *** **** ** ******** *** *** for **,” *** ****.

Why ********** ** *** ******

****** ******* ** ************ ****** ** ******** *******, *** ************* ****** *** **** ** ********** ** **** keep ****** ****. “********** ** * ************* ****, *** **** adversaries *** **** ********* ** ******** ******** ** **** *** not ** ****** ******* *********,” *** ****. * **** ******** system ******* ** ***** ****** ** **** ** ********* ***, she ****, *** ***’* ***** ** * ******’* ****** ***** to ***** **** ** ******* ** **** **********.

“** *** ****** **** ** ********* **** * ****** ** a ***** ** *** *** *** *** **** ** ** harder ** ** ********** ... **** **** ******* ***** *** effectiveness ** **** ******** ******. ** ***’** *** ******** **** time **** *****, *** ** **** ** **** *** ****** [to ****** ********* **** *******],” *** ****. "** *** ****** picture, ***'** *** ******** ********** ********." **** *** *** ****** to * ****, *** ****, *** ** **** ****** ** society ** * *****. 

Where ************ ******* *** ** **** *******

****** ************** ***** * ***** **** ** **** *******, *** ** is ** ***** ***** ****** *** ************ *******. *** ******** cameras *** ** **** *** *********, **** ** *** ***** of ******** ******* ***** **** ******* ***** *** ****, *** says. 

** ***** ** ***** ************ ******* ***? “** ***** * role *** ** ** *** ****** ** ********** * *** to * **** **** ***** ... *** **** *********** **** assets, ** *** ***’* ****** ** **** ***** *****’* ** ****** ** ** *** ** ** ******** that ** ** ***** ** ** ****, **** **** ******** system *** ******,” *** ****.

*** **** * ************ ****** *** ** ******* *** ***** assets **** ** ************ *** ****** ** ****. *** ******** footage **** ******* *********** ** *** *** ** *** *** and ******** ******* ***** **** *** **** ** ************ *** person.

* ******’* **** ***** ***** ** ****** ** ************* *** recovery. ******* **** *** * **** ********* ******** **** ****** up **** ***** ******** ***** *** *********, *** ****.

“**** * **** ***** *********, *’* ******* ***** ******* * sensor **** * ****** *** ******** **** ** * ***** operator,” *** ****. “***** *** ** ** ***** ******* ********** *** *** ******** ** ******* ********* ********* *** ***** is * ******* **** ****** ** **. *** ***** **** four ** ** ** ** ****** ******* ** * ****. Then * *** ******* ***** ******* ***** ***** **. ***’** asking * ***** ** ***** ** * ******* **** *** 20 ****** ** **. ******* ****, ‘*** **** *** ****** out ** ********* *** ** ***** ** *** ** *** do, **** **.’”

****** **********

"******** ***** **** * ****** *** ******* ** ** **** monitors *** ***** ** ******* ****** **** **** *************. ** course, **** ******* ** * *** ** ***** ******--*** **** movement ** ****** ***** ** *** *****, *** **** ******* there ** ** *** *****, ******** ** *** *****, **********, and **** ** *** ******* ** **** * ***," *** said. "** ********, *** ******** *** ******** ** **** *** monitor *** ***** ***** **** *** ** ************* ********** **** ** *** ****** ********, *.*., ***** ****'* ******** scenes ***** ******* ***** **-** *******. * **** * ****** article **** **** ******** ************* ******** ****** ** ** ******* or ****. ****** ***, ** ***'* **** ******** ** *** amount ** **** ** ******** ** ******** ** ***** ********." 

Rely ** ****** ********** *** ********* and ********

****** **** ************* **** ***** * *** ** **** ******** and ************* **** ***** * *** ** ***** ** ********** that**** **** *** ************* ** ********* ******* ********* ** ****** ***********.

“****** *** ******** * *** ** **** ****** ** **** up **** ************ *** ** **** ***** ********* ***** ** developed *** ** *** *’* *** ***** ** *** **** are ************ ********* ** *********,” *** ****. *** **** **** these *** ************ *** ********* ** ******** ********* *** *** enforcement ***** ******* * ****** **** **** * ****** *** “convinces **** **** **** ********** ** ***** ** ***** *** their ********.” **** ******* ** *** **** *** ********* ** evaluate **** ** *** ****** ***** ****.

**** ** *** ************ *** **** *** ******** *** ****** are ********* ******* *** ******* ******** ********** *** ** ********* ** ************* *** ************ **** *** *********** without ***** ****** ** *** *****. 

“*********** *** ******** * *** ** ***** ** ******** ********** ...What ** **** ** * ******** ******* *** ******** *********,” she ****. ****** **** * ***** ***** *** ***** ***** review ******* *** **** *********** ***** **** ****** *** **** didn't *** ***** *********** ***** ** ******* ** *** ********. 

********** *** ******** ****

******** *** * *** ** ********* *** ******** *** **** of *** **** **** *** ********** ** ******** ******. ****** says *** ****** ** *********** ** **** **** ****** *** help **** *********** *** * ****** ******, *** *** ******* people ** **** ******** ***** ** *************. ***** *** *** people ******** ** ********** ** ** * ******** ****** **** finding ** ****** ******** ** *** *******, *** ****.

How **** ******* *** ***** ** ******* ***********

******* ** ******’* **** ********** **** ****** **** *** *** type ** ****** **** **** ********* --******* ************* ***** **** ******** ********** ********* -- **’* ****** ** envision *** *** ******* ***** ****.

***** ********** *** ****** ***** * ****** ** ********* ******* for *********, **** ******** **** ***** ** ****** ** ****** to ***** ** ******** *** ***** *** ***** *** ******** contingent *** ********* ********.

** ***** *** *** **** ******* ***** ***** ** ******* places **** ****** ********* *** ***-***-*** ****** -- ****** ***** significant ******** *** *** ** ******, *** *** ************ *** little ******* **** ******** **** ** ***** ******.

*** **** ************* ****** **** *** **** ** **** * person ******* ***** ** ****** *** ****** ** ******** *** ***** from *** *********. “** ** ***** *** ****** ** ******* ** get **** *** **** **** **** ** ******* ** ***** so *** ***** **** ** ***** ***** ********,” *** ****.

******** *** ***** **** *** ********* 

** * ***-***-*** ***** ********** **** ***** **** ********* ***** was *** ***** ** *** **** *********** * **** ********** ***** **** ***** *** *** ** enough ********* ** ************ ***** *** ********, **** ***** ******* from ******* ***** ** ********* *********. “**** *****’* ******* **********,” she ****. “****’* **** * ****** ********** ******.”

*** ***** ** * ***** ** ****** *** ** ****** how **** **** **** *** ******* ** ****** *** ********* what ****** *** ******* ** ********, *** ****. “** ***’** worried ***** **** *********, **** *** ***** ***. ** ***’** worried ***** ****** ******** *** ****, *** *********,” *** ****. Some ** *** **** ********* ******* ***** ******* ********* ******** that *** **** ** ****** ** *****. ** **** *****, a ******’* **** *** ** *** ***** **** ** **** at ****.

*** **** **** **** ********* *** *** *********** ******. 

"**** **** ******* **** **** **** **** **** $****, ** in *** *** *******, **** ***'* **** *****. **** ****** is * *** ***** *** ** ***** *** ** ***** data **** **** **** ** *****. ***, * ******* **** banks ***** *** ****** ** **** **** ****," *** ****. "Of ******, ** * ******* **** **** ***, **** ** armed *****, ***** ***** ** ******** ** ******, ** ***** case ** ******* * **** ****** *********** *****." 

Background: **** **** ******

**** **** ****** ******* ** **** **** ****** ******** ************ where *** *** * ********* ***** ****** ** *** ******** and ********** ******. ********* *** ** ** ********** *** *** **** ************* ****** ********** ********, **** ** *** ******** ******* *** **** ************* *** does ********** **********.

Comments (8)

I have been a big fan of the book for years, as it is an intellectually rigorous treatment of security design, which is extremely rare.

I still remain unconvinced about how to apply this to 'regular' facilities where the cost or logistical changes to make this work (detect soon enough, delay long enough for response to arrive) is infeasible for most.

That said, I do think the thought process is very valuable when trying to incremental improve systems (whether it's improving detection or looking for ways to delay attackers or using technology to speed up response, etc.).

I'll throw in my "2 cents" as a technology integrator, not just as a security integrator.

As most of us already know, lighting can be a deterrant. One of the technologies we always recommend as part of our overall security strategy is to have some kind of lighting control system respond to alarm systems. Not only does this help to scare away would-be criminals, but it also improves the ability for cameras to capture high-quality images (in a well-lit environment).

I'll illustrate with an example:

One of our clients has had a number of attempted robberies at their shop. We were called in after the second attempt to beef up security. We accomplished this by installing a comprehensive alarm system, a surveillance system, and a lighting control system. While this may seem expensive, the lighting control system consisted of one main processor and one RF light switch that controlled the main lights in the shop.

On the third robbery attempt, the perps smashed the front door glass. The acoustic glass break sensor triggered the alarm, the siren turned on, and the lights came on. The cameras were able to record the premises with full light, at 3 am, and the perp ran off with nothing.

Daniel, that's good feedback and underscores one of the tensions between the formula for maximum security facilities and 'regular' ones.

In maximum security ones, it is reasonable to assume that deterrence will not be enough and that if someone does choose to attack, that the attack must be stopped (i.e., terrorists trying to blow up a nuclear power plant) because the results are too catastrophic to accept.

However, in 'regular' ones, like your shop, deterrence does have value plus the owner is likely willing to accept some theft occurring rather than adding more severe / significant security measures that would be hard to economically justify.

Daniel and John, this may sound like a small point, but I would classify the activation of lighting as a a response action, rather than a deterrent. A deterrent would have prevented the attempt in the first place. The lighting was activated in response to the attempt, and in this case the total response was fully effective.

A few years ago I met a laundromat owner, who that year had bought a laundromat in a not-so-good neighborhood. He was new in our country, and it was one of the few businesses he could afford.

He installed a single PTZ camera and loudspeaker, electronic door control, all with remote control from his smart phone. The camera's home position was a wide view, but he could zoom in on faces if need be. Every time the door opened, he'd be alerted.

If some troublemakers appeared on the scene, over the loudspeaker he'd say something like, "Hey you in the blue jacket, you and your friends are on camera and if you don't leave, security and the police will be here momentarily. We already have your pictures."

He could spin the camera to look out the window, and if the troublemakers were still hanging around, he'd lock the door and make his calls.

This was an under-$1,000 system, but effective. At night he'd keep the door locked when customers were inside. They could let themselves out, or push a doorbell to alert him. The doorbell was also a customer service feature.

WIthin three months of his purchasing the business, it was booming—whereas it was dying before due to customers feeling unsafe. The previous trouble with vandalism was eliminated.

He now owns a number of similar laundromats, a success made possible by implementing security and service features that were "just right" for his business locations and customers.

John is right about the financial challenge faced by "regular" businesses. Customers must understand the security risks, and designers must understand the specifics of the business, in order to come up with an acceptable and effective solution.

Great article and topic!

Ray, that is a good story, but I think an uncommon circumstance where the owner is willing and able to dedicate his full time attention, remotely or while there, at almost any hour of the day. Certainly not a sustanaible solution as his business grows, unless he has enough trusted (often family) associates to help out.

Daniel

That's a good plan of attack for a small business which I have never seen implemented on my end of Law Enforcement other than a few high risk government and military sites. I would say that the addition of the light trigger is simple and used so little to never in the general business community that the shock value among common crooks is quite high.

Maybe not seen in the business community much but both my neighbors have some sort of light trigger on their property.

I know only because they will go off (on!) a hundred times a night during a severe thunderstorm, thereby causing the motion detection of my system to trigger a hundred events as well.

I'm afraid of implementing a camera based lighting trigger myself because of the fear of starting some sort of lighting feedback oscillation...

I'm almost not joking about that last bit.

C

the ability to trigger lights to turn on with an alarm is easier now than ever before... many alarm companies have integrated zwave into the panels making it easier for the installer to provide the feature... tbis can be done by changing out an existing switch or adding a plug in module... this is typically less expensive than the previous way of having an electrician connect a relay into a lighting circuit...

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

ISS VMS / Video Analytics Company Profile on Aug 16, 2018
Who is ISS? In the past few months, they had one of the craziest ISC West promo items in years. Then, they hired industry veteran and ex-Dahua...
Dahua Ban Response: NOT Chinese Government Owned on Aug 08, 2018
Dahua has responded to the US Congress passing a US government ban on Dahua and Hikvision's products. While Dahua offered the now standard...
Hikvision Admits Ban To Become Law on Aug 03, 2018
Hikvision has admitted they expect the US government ban to become law as soon as this month. In a new 'Special Bulletin' to dealers, Hikvision...
Hikvision Drops ASIS / GSX, Ex-Dahua ISS CMO Takes Advantage on Aug 02, 2018
The fallout of the Ban Bill has begun and it is hurting the already beleaguered ASIS GSX show next month. Mega-exhibitor Hikvision has now...
US Congress Passes Bill Banning Dahua and Hikvision on Aug 02, 2018
The bill banning US government use of Dahua and Hikvision products has been passed by both chambers of Congress (House vote, Senate vote). The US...
US SAFETY Act Examined Amid Vegas Shooting Lawsuit on Jul 25, 2018
Creating an international controversy, MGM Resorts has sued shooting victims, despite or perhaps because the Las Vegas gunman used the MGM-owned...
AI Startup Anyvision Raises $28 Million Led By Bosch on Jul 20, 2018
Anyvision is the most ambitious heavy-spending video surveillance startup in many years. And, now, the startup has raised $28 million led by...
IFSEC Competitor The Security Event Launches, Same Week As ISC West on Jul 02, 2018
IFSEC is facing competition. Led by an ex-IFSEC head, partnered with mega-exhibitor Essen and hosted in IFSEC's old city, Birmingham, "The...
ASIS GSX Show Struggling Getting Exhibitors on Jun 26, 2018
The show formerly known as ASIS, now GSX, is less than 3 months away. And it is struggling to get exhibitors to go back to Las Vegas, just...
IFSEC 2018 Final Show Report on Jun 20, 2018
IPVM attended the IFSEC show for the first time this year. The Chinese took over the show, centered on Hikvision, flanked by Dahua, Huawei and a...

Most Recent Industry Reports

Alexa Guard Expands Amazon's Security Offerings, Boosts ADT's Stock on Sep 21, 2018
Amazon is expanding their security offerings yet again, this time with Alexa Guard that delivers security audio analytics and a virtual "Fake...
UTC, Owner of Lenel, Acquires S2 on Sep 20, 2018
UTC now owns two of the biggest access control providers, one of integrator's most hated access control platforms, Lenel, and one of their...
BluePoint Aims To Bring Life-Safety Mind-Set To Police Pull Stations on Sep 20, 2018
Fire alarm pull stations are commonplace but police ones are not. A self-funded startup, BluePoint Alert Solutions is aiming to make police pull...
SIA Plays Dumb On OEMs And Hikua Ban on Sep 20, 2018
OEMs widely pretend to be 'manufacturers', deceiving their customers and putting them at risk for cybersecurity attacks and, soon, violation of US...
Axis Vs. Hikvision IR PTZ Shootout on Sep 20, 2018
Hikvision has their high-end dual-sensor DarkfighterX. Axis has their high-end concealed IR Q6125-LE. Which is better? We bought both and tested...
Avigilon Announces AI-Powered H5 Camera Development on Sep 19, 2018
Avigilon will be showcasing "next-generation AI" at next week's ASIS GSX. In an atypical move, the company is not actually releasing these...
Favorite Request-to-Exit (RTE) Manufacturers 2018 on Sep 19, 2018
Request To Exit devices like motion sensors and lock releasing push-buttons are a part of almost every access install, but who makes the equipment...
25% China Tariffs Finalized For 2019, 10% Start Now, Includes Select Video Surveillance on Sep 18, 2018
A surprise move: In July, when the most recent tariff round was first announced, the tariffs were only scheduled for 10%. However, now, the US...
Central Stations Face Off Against NFPA On Fire Monitoring on Sep 18, 2018
Central stations are facing off against the NFPA over what they call anti-competitive language in NFPA 72, the standard that covers fire alarms....
Hikvision USA Starts Layoffs on Sep 18, 2018
Hikvision USA has started layoffs, just weeks after the US government ban was passed into law. Inside this note, we examine: The important...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact