×

Building

Definition

Building covers:

  • Any structure containing critical functions essential to the operation of the asset
  • Access points into any structure (portals, wall, doors, windows and roofs)
  • Any structure containing information sensitive to the asset, and which would have  significant security implications to that asset or sector if compromised

Principles

Deter

  • Dissuade an adversary from conducting an attack through the use of robust visible security measures; and/or creating uncertainty around security measures (particularly within a building) to frustrate the planning of an attack
  • Utilise effective security communications and signage to amplify the effectiveness of security measures 
  • Minimise the profile of the asset such that other non-critical areas are more appealing

Examples

  • Describe the use of effective security measures and a culture of security within the workforce on the corporate website without disclosing any details useful for attack planning
  • Limit the details of the function of the building and the location of sensitive assets on the corporate website and on signage within the building

Detect

  • To identify threat or attack behaviours at every stage of an attack – planning, reconnaissance, deployment
  • Initiate an appropriate response to a threat or attack as early in the attack timeline as possible
  • Detect the loss of information or assets which have been moved off site
  • Identify unauthorised intrusions into access controlled areas within the building

Examples

  • Forming strong relationships with the local community to increase the likelihood of detecting hostile reconnaissance 
  • Use intrusion detection systems on the outer fabric of the building to ensure detection occurs at the earliest opportunity
  • Use an access control system to zone the building minimising access to the most sensitive areas and detect where intrusion(s) have taken place

Delay

  • Utilise the building structure and associated protective security furniture/measures to maximise the delay to an asset
  • Maximise the time required for an adversary to penetrate through the building and reach critical assets through the use of multiple varied protective security technologies and structures 

Examples

  • Strengthen the building fabric, create multiple approved security layers (walls, portals, floors, locks) between the building fabric and the asset
  • Ensure that different measures are used in the path to the asset and that the information on these layers is appropriately protected

The following pages provide more information on the protective security measures which can be used to achieve the protective security principles above. Considering the impact a measure has on Deter, Detect and Delay is important to ensure the measures are complementary and all three Ds have been covered.