The most effective way for an organisation to protect itself against national security threats is to use a combination of physical, personnel and people, and cyber security measures. For example an expensive swipe-card and PIN access control system is of little use if there are inadequate checks on who is given a pass in the first place. It will also fail if the system can be remotely accessed or bypassed.

CPNI’s protective security advice to the organisations that deliver the UK’s essential services is based on this principle. Multi-layering the different measures will provide the best mixture of deterrence and detection, and help to delay any attack.

More information about the range of advice from CPNI and partners is available in the sections below.

Appropriate and proportionate

Any procedures, measures and investments put in place must be appropriate and proportionate for that specific situation. Every location, even within the same organisation, will be different and so the security requirements will change accordingly with locally identified threats and vulnerabilities. Implementing the wrong measures may prove costly, unnecessarily disruptive and may even alienate staff. Careful planning and specialist advice will always be necessary.

As a general guide, the following principles should be central to any decisions:

  • It is not possible to protect everything so prioritise the areas to protect.
  • Measures should be proportionate to the threat.
  • Do not let the cost exceed the value of the asset being protected.
  • Security is more cost effective when incorporated into longer-term planning.

Before taking any decisions, a full risk assessment should be undertaken within each individual location to understand the various threats and vulnerabilities and their potential impacts to help identify the most appropriate security response.

Crime Reduction Officers – who can be contacted through the local police service – can provide advice about general crime prevention. Organisations with a particular concern about being a target for terrorism should also make contact with their local Counter Terrorism Security Advisers.

  • Physical Security

    Effective physical security of an asset is achieved by multi-layering the different measures – known as ‘defence-in-depth’.

    More Information

  • Personnel and People Security

    Personnel and People Security is the system of policies and procedures which seek to mitigate the risk of workers (insiders) exploiting their legitimate access to an organisation’s assets for unauthorised purposes.

    More Information

  • Cyber Security

    Effective protective security depends on the use of a variety of measures to detect, deter and delay any attack. Cyber security measures should form part of a multi-layered approach that includes physical and personnel/people security.

    More Information