- Something which does not rely on protective security measures from a perimeter or building, for example a gas valve or communications mast.
- Minimise the awareness of the asset within the organisation and the local area
- Dissuade adversaries from conducting an attack by emphasising the likelihood of failure and capture
- Project a sufficiently hostile view of the environment to an adversary so as to make an attack difficult or too unachievable to progress
- Ensure that only those who need to know have information on the location and purpose of the asset
- Use health and safety signage to dissuade adversaries from interacting with the asset, emphasising the likelihood of death or serious injury before an attack could be completed
- To identify threat or attack behaviours at every stage of an attack – planning, reconnaissance, deployment
- Initiate an appropriate response to a threat or attack as early in the attack timeline as possible
- Place intrusion detection systems outside the asset perimeter to ensure detection at the earliest opportunity
- Monitor the asset and the area beyond using CCTV to identify potential hostile reconnaissance
- Maximise delay through the use of approved security measures
- Limit the information on security measures and use multiple varied protective security measures
- Take measures to minimise the impact of an attack on the asset
- Approved security measures will provide quantifiable delay times and using multiple types will increase the tools required to successfully defeat them
- Shutting down assets might lessen the impact of any attack enabling a more rapid recovery from any attack
The following pages provide more information on the protective security measures which can be used to achieve the protective security principles above. Considering the impact a measure has on Deter, Detect and Delay is important to ensure the measures are complementary and all three Ds have been covered.