So we're going to move into section 15 and we're going to shift topics because we're going to shift to the Implementation and Management of Physical Security. Now, the primary goal of a physical protection program is to control access to the facility. In its own way, it will make a contribution to the preservation of our confidentiality, integrity and availability elements for all of the information and the other resources and assets within our organization. Now, when it comes to what a physical security system strives to do, bearing in mind that its job is to protect the facility and its occupants, it needs to have tasks, configuration elements, even physical attributes that will do the following things so that we can assure our occupants that the system, the building, etc., the grounds are safe.

The first thing is to deter. Deter a possible assailant from committing whatever act they may be contemplating. Should they decide that deterrence has failed, and they're going to go ahead with it, we need to have layered defenses that will delay their ability to cause damage as long as possible, giving us time to mount a response. Almost in parallel with their attempt to cause whatever damage they seek to, is a detection function, and that, of course, triggers our ability to respond. As the detection is done, as the assailant continues to attempt to cause the damage that he does, we need to assess at every instant what is happening, so that the response that is formulated can be appropriate to that.

In the physical security room, defense in depth, is a practice that has been around for millennia. This is a layered barrier designed to put in multiple layers of defenses between the attackers and the goal that they seek. In this layered design, there are advantages because each layer is different than the one on either side of it, requiring of the attacker different kinds of skills, different knowledge, different levels of determination and talent in order to circumvent them. And by building our defense in depth in this way, we make this much more difficult for an attacker to get through in the end. 

One of our layers, of course, will be access control. Access control generally ensures that only authorized personnel are permitted inside the controlled area, and, of course, there will be a mechanism to that effect. Persons subject to this control will include employees, visitors, customers, vendors and the general public if the general public is allowed to be around. One form that this frequently takes is a type two authenticator. A something that you have in the form of a card. Some cards will have a magnetic stripe. Some cards will be of the proximity type where no contact but passing the card through a field is how it activates it. And the smart cards, sharing information through a system that reads it and processes it and then allows or denies access.

Even while we have access controls that allow or deny the penetration of our system, our facility, we have to have ways of monitoring this activity. The most common of which is Closed Circuit TV. But it isn't just TV, there are cameras, recorders, various types of switches, keyboards and monitors that will allow every action in the physical environment to be viewed and recorded so that if it ever comes into play, it can be reviewed. This is a highly flexible method of surveillance and monitoring, and it contributes its quality of recording to preserving evidence as well.

Now, it's obvious that Closed Circuit TV provides surveillance. The viewing of the live action allows us to assess what is going on. The mere presence - the knowledge of it being present - provides a deterrent effect to those contemplating causing some sort of damage or problem. And in the recording of all of this, our video resource provides the ability to capture evidence for later usage. And we have various forms, we have external and we have internal. The external monitoring can make use of infrared sensors, microwave, a coaxial strain sensitive cable sometimes called a PIDAS fence (P-I-D-A-S), lighting and cameras, monitoring displays that support all the surveillance. There may be guards, guards and guard dogs, and then some sort of alarming system to let us know when something is seriously wrong.

Now, all of these external monitoring capabilities are passive in the sense that they themselves cannot respond. In each case, a human response will be required thus underscoring the necessity of having some sort of guard type of a function. As a complement to the external monitoring, we have internal monitoring. These make use of things like card readers, a balanced magnetic switch, various forms of acoustic sensors. They couldn't use infrared linear beam sensors or passive infrared. There can be the automatic request to exit, walking through an ultrasonic beam, detecting your presence and then opening the door. We have various forms of dual technology sensors and various types of badge controls. But like most of the things that we have in the external sensing, these two will require human response in the event that something amiss is detected.

There are various forms of portals, safeguards at our points of internal access. Here you see various pictures: doors, turnstiles, mantraps, a two-stage airlock-type entry, and then, of course, the common keys and the various lock types, and then safes. These are used in conjunction with the various internal sensors that you saw on the previous slide. And together, they have a deterrent and a delay and a denial type of activity that they perform.