Building

Definition

Building covers:

  • Any structure containing critical functions essential to the operation of the asset
  • Access points into any structure (portals, wall, doors, windows and roofs)
  • Any structure containing information sensitive to the asset, and which would have  significant security implications to that asset or sector if compromised

Principles

Deter

  • Dissuade an adversary from conducting an attack through the use of robust visible security measures; and/or creating uncertainty around security measures (particularly within a building) to frustrate the planning of an attack
  • Utilise effective security communications and signage to amplify the effectiveness of security measures 
  • Minimise the profile of the asset such that other non-critical areas are more appealing

Examples

  • Describe the use of effective security measures and a culture of security within the workforce on the corporate website without disclosing any details useful for attack planning
  • Limit the details of the function of the building and the location of sensitive assets on the corporate website and on signage within the building

Detect

  • To identify threat or attack behaviours at every stage of an attack – planning, reconnaissance, deployment
  • Initiate an appropriate response to a threat or attack as early in the attack timeline as possible
  • Detect the loss of information or assets which have been moved off site
  • Identify unauthorised intrusions into access controlled areas within the building

Examples

  • Forming strong relationships with the local community to increase the likelihood of detecting hostile reconnaissance 
  • Use intrusion detection systems on the outer fabric of the building to ensure detection occurs at the earliest opportunity
  • Use an access control system to zone the building minimising access to the most sensitive areas and detect where intrusion(s) have taken place

Delay

  • Utilise the building structure and associated protective security furniture/measures to maximise the delay to an asset
  • Maximise the time required for an adversary to penetrate through the building and reach critical assets through the use of multiple varied protective security technologies and structures 

Examples

  • Strengthen the building fabric, create multiple approved security layers (walls, portals, floors, locks) between the building fabric and the asset
  • Ensure that different measures are used in the path to the asset and that the information on these layers is appropriately protected

Mitigate

  • Use of building protection measures to minimise the impact of any attack whilst considering the potential of any measures to add to the effect of an attack
  • Ensure access points are suitably protected and can be rapidly secured

Examples

  • Where glazing is used as part of building fabric careful consideration must be given to the selection of materials to minimise hazards posed during an attack
  • Access control systems configured to lock down access points from the security control room

Response

  • Determine what response is required at your building and access points to the range of threats that your site faces and ensure measures are tied into the response
  • Where appropriate exercise response plans with relevant stakeholders, ensuring your lockdown procedures and the protections afforded are understood
  • Consider the ability of a response force to access an incident, including where the incident has affected access points
  • The response to an incident must consider whether invac/evacuation is the most appropriate

Examples

  • Reception has clear procedures for alerting security control room to an incident in reception enabling deployment of appropriate response
  • Use of internal CCTV to track an intruder and direct security officers

The following pages provide more information on the protective security measures which can be used to achieve the protective security principles above. Considering the impact a measure has on Deter, Detect and Delay is important to ensure the measures are complementary and all three Ds have been covered.

 

 

 

Did you find this page useful? YesNo
Thank you for your feedback. If you have any further suggestions on how this information can be made even more useful to improve your experience, feel free to share details below.
Thank you for your feedback. Sorry to hear that you haven't found this information useful. Please help us improve your experience and share how we can make this information more useful for you.