Concept of security
Security is multidimensional; nevertheless, the concept of security can be defined when a practice domain or context has been articulated. Security practice areas encompass many domains, such as the law, military, public security, and homeland security, to private security. With so many practice areas, alignment with the nature of security requires a broad approach considering international systems, security of nations, security of groups, and the security of individuals. In addition, security has to be considered from an objective, subjective, and symbolic perspective. Such duality in nature and the diversity of practice areas allows many theories and ideas to support a definition of security, from Maslow’s hierarchy of human needs to the management of risk. One such definition is security science, which is an emerging academic discipline that brings together many concepts into a structured body of knowledge. Security science, at its most simplistic, includes security management, security principles, the built environment, and security risk management.
Security management can apply a systems theory approach, which develops and defines the security management plan using inputs, transformation within functions, and deliverable outputs. A system is considered to be an organized collection of components that integrate and operate at their optimum level, without decay. Inputs include strategic and tactical alignment, leadership, governance, accountability, ethics, culture, sustainability, and resilience. Security transformation comprises knowledge categories, such as security risk management, business continuity, physical security, and personnel and technical security, with supporting management and business knowledge. Security managers should be a business manager first supported by security knowledge, with the ability to plan, organize, staff, lead, and control the security function.
There are a number of methodologies when designing security management plans, such as risk-based, quality assurance, governance, and strategic security management frameworks. What method is used will depend on the type, complexity, size, expectations, and culture of the organization. Resilience is an important component in achieving strategic security within the business environment, although resilience is more of a philosophy that is supported by security and other departments. The security manager should develop effective security governance within corporate governance, and implement controls using metrics and performance management. Finally, security decay should be considered in any security management plan.
Security risk management
Risk can be considered uncertain exposure to perceived harm within a social context. Therefore, risk management requires a structured process for decision-making, although any form of risk management can only estimate likely outcomes and not predict the future. The International Standards Organisation ISO 31000:2009 provides a generic risk management process, a default process that can be adjusted to suit the task. Risk management should follow defined stages to establish the context, assess and treat the risk, and provide communication and monitoring. Risk assessment uses the concepts of consequence and likelihood. Consequence is the primary element in risk assessment, more weighted than likelihood because individuals can better picture an outcome of an event. Security risk management is unique from more generic risk management processes. Security risk management still retains the ISO 31000:2009 approach at its core, but integrates threat assessment, criticality assessment, and vulnerability. Perception and culture are significant factors in risk management, where psychometric risk highlights the importance of dread, control, and trust, and cultural risk provides group understanding. In addition, trust supports whether a risk is accepted or not. Nevertheless, to achieve effective security risk management requires the process to achieve a consensual outcome across the stakeholders.
The built environment refers to human-made structures that provide and support human activities, ranging in scale from residential houses on a local street to major city megastructures. Furthermore, the built environment encompasses the landscape we have modeled to better suit our purpose, from agriculture, manufacture, production, the supply chain, and transportation. The built environment is a material, spatial, and cultural product that has been developed by people for their living, working, and leisure.
The built environment is the interdisciplinary field that incorporates the design, construction, management, and use of our human-made surroundings and the effect it has on human activities, as an interrelated system. The planning of the built environment must consider the needs of humans to function in these artificial surroundings. The impact on the health of the population in the built environment needs to be considered, including the feeling of safety. The design, implementation, and management of security in the built environment have the function of producing actual and perceived safety.
Security integrates, interacts, and has interdependencies within the built environment, in particular, with buildings that are managed by facility managers. Although facility management operates in a discrete practicing domain to security, there has to be a clear understanding of roles and responsibilities.
Physical security describes the physical measures to protect people of an organization, prevent unauthorized access to facilities, and protect assets against sabotage, vandalism, and theft. Approaches to the protection of assets, are defense-in-depth (DiD) and crime protection through environmental design (CPTED). The routine activity theory is an appropriate model for supporting DiD and CPTED in the protection of assets. This approach requires an available target, a motivated offender, and the absence of an authority figure. The function of barriers is through deterrence, detection, delay, and response, and these functions are achieved by employing psychological, electronic or technological, physical, and procedural barriers. Types of perimeter barriers and attacks on these barriers are present, together with appropriate standards for the resistance to attack. Other barriers such as walls and glazing surfaces are important in terms of resistance to physical and ballistic attacks.
The relevance of security technology to security design principles will enhance the quality of the protection provided by a security management plan, and therefore present an effective strategy for the protection of assets. However, an understanding of the principles and concepts of the security technologies will allow the appropriate integration of barriers and technologies to prevent intrusion into restricted areas. This, has made us consider a variety of theories applying to the application of security detections systems, including critical path analysis and universal element conceptual mapping to protect the assets of an organization. The types and functions of security technologies, and in particular sensing systems to detect the presence of unauthorized persons, have been considered in terms of the issues associated with the use of security technology. These systems include intrusion detection, perimeter detection, open-ground detection, and laser intrusion detection systems. The importance of testing security detection systems has been stressed by several scientists of our department, as a function of reliability and validity of the technologies in a defense-in-depth strategy. A model for testing security technology in both the laboratory and the environment is proposed for clients.
Integrated identification technology
The management of integrated ID security technology is an important function for organisations and national infrastructure facilities. The protection of people, information, and materials is crucial for national security to be achieved. The management of the technology for detection, recognition, and identification is an essential process in the determination of the security plan for the protection of these assets. The application of access control and CCTV to a facility’s security barriers is a structural design concept for the security of facilities. The concept of authorization of people to gain access to zones within an organization is the overriding principle for detection, recognition, and identification. These processes need to be managed to determine the authorization status of individuals, both within and external to an organization.
The credentials of codes and cards have been appropriate for acceptance of authorization in a secure facility. However, the development of smart cards and also biometric identification has extended the reliability and validity of the status of authorization. The application of biometric signatures to the identity of an authorized person has increased the level of confidence in identification. Nevertheless, challenges to the biometric approach through scams and attacks has necessitated the selection of biometric traits, and initiated the development of multimodal biometric configurations to maintain credibility.
The development of intelligent CCTV has enhanced the capability of surveillance in the protection of assets. Although CCTV has been thoroughly applied for several decades, the negative aspects of this form of surveillance have been addressed through enhancement of intelligence in the CCTV system. By applying active analysis into the decision-making modules within CCTV, it is possible to develop systems that will automatically detect, recognize, and identify persons before they gain access to a secure facility. Intelligent CCTV also has the capability of detecting abandoned bags, liaisons between people, tracking people and vehicles, tracking people entering exit ways, and identifying individuals in crowds. Thus, the development of intelligent CCTV has become an important technology to manage in the protection of assets in national infrastructure facilities.
The importance of information in the development of a security management plan is crucial in terms of the form and function of knowledge. Knowledge management is a tool for the effective application and dispersal of information within an organization, and within the security management department. Thus, the application of knowledge management involves strategies and practices applied in an organization to consolidate the corporate understanding of information of the entity. That is, the entire organization including the security management department will benefit from effective collection, processing, and distribution of knowledge.
Security intelligence is a process of gathering and analyzing data and information about adversaries who pose a threat to an organization and its assets. An application of the intelligence cycle to known adversaries will allow relevant intelligence and knowledge to affect the development of the security management plan.
The counter production process of espionage is an application of intelligence to seek information from nations and organizations. Vetting is an information gathering task to assure an organization that individuals exhibit trust and loyalty to the entity. These two opposing concepts are important in terms of the security of an organization and the protection of assets of the entity. The process of predictive profiling seeks to identify adversaries according to suspicious indicators as their behavioral profiles.
The future of security
The future of security science is considered as a developing discipline, increasing legislation and state control, greater professionalism, amalgamation of domains of security such as information technology and physical security, security management, security intelligence, and security technology.
The future development of security theories through security education, will enhance the professional capacity of the industry and determine a more secure environment for governments, organizations, and communities. Security is currently in a state of flux with regard to its progress as an emerging discipline. The trends and functions of the security industry to meet the needs of the community will be gained through enhanced professionalism, security education and training, progressive security management approaches, technological sophistication, industrial intelligence applications, and innovative business activity. The structure and management of future security organizations will demand professional security consultants and managers with enhanced managerial styles. Also, future security scientists, engineers, and technologists will need to be creative and innovative to maintain the lead in the protection of assets through technology.