There are three types of Security Countermeasures: Hi-Tech, Lo-Tech, and No-Tech. These three must be used in combination to create a layered and effective security program.
No single security countermeasure is effective against all threat scenarios. Access Control Systems, in particular, are a type of “controlled vulnerability” as each access control portal is a hole in the security boundary.
hi tech systems
Hi-Tech systems include all electronic systems. Typically these include Alarm/Access Control Systems, Video Systems, Communications Systems, Integrated Security Systems, Specialized Detection Systems, and Computerized Systems.
Hi-Tech systems serve to automate repetitive functions, monitor continuously without error, and report to and facilitate communication and coordinated response by security staff.
Increasingly, Hi-Tech systems are used to handle vast amounts of information that could never be handled cost-effectively by humans. Examples of these include intelligent video analytics that analyze a video scene evaluating human activity for unwanted behaviors and integrated systems that use multiple credential methods (such as a card reader and facial recognition), automated weapons screening, and package X-ray screening to allow entry to a high security area via an automated portal.
Although there is an increasing focus on Hi-Tech systems in Security Programs, they should be the last element considered. Lo-Tech and No-Tech elements form the basis for an effective Security Program and Hi-Tech elements amplify the capabilities of the Lo-Tech and No-Tech elements. No matter how elegant an Integrated Electronic Security System may be, they cannot substitute for a solid security program based upon physical (Lo Tech) and procedural (No Tech) countermeasures.
Lo-Tech
Lo-Tech elements are physical security elements that are usually among the most cost effective security measures any organization can employ. Lo-Tech elements include such things as Locks and Barriers, Lighting, Fencing, Signage, Other Physical Barriers, and Crime Prevention Through Environmental Design (CPTED) measures. CPTED is an architectural discipline that involves creating architectural spaces that encourage appropriate behavior and discourage inappropriate behavior. It comprises three basic elements:
• Territorial Reinforcement
• Natural Surveillance
• Natural Access Control
Lo-Tech elements are effective because in most cases they represent a single one-time investment that works daily without fail. Lo-Tech elements can be used to funnel people to controlled access points, alert visitors to security policies, prevent entry to unauthorized people, provide a deterrent, and stop intruders cold with unexpected barriers.
No-Tech
No-Tech elements are those security elements that have no technology:
• A Comprehensive Risk Analysis
• Policies and Procedures
• Security Guard Programs
• Security Awareness and Training
• Law Enforcement Liaison
• Investigations
• Dogs and other non-technology related programs
No-Tech elements are among the most effective due primarily to their active nature. No-Tech elements are the parts of the security program that users notice most. Every interaction with a Security Officer is somehow memorable; the same cannot be said for every interaction with a card reader. Users are more likely to criticize or complain to or about their interactions with Security Officers than their interactions with technology.
Mixing Approaches
Successful Security Programs mix Hi-Tech, Lo-Tech, and No-Tech countermeasures to achieve an effective and cost-effective program. Each element has its strengths and weaknesses, and each element has its own effect on the organization’s business culture. By mixing Hi-Tech, Lo-Tech, and No-Tech approaches, a security program is more likely to achieve repeatable desired results.
Layering Security Countermeasures
Layering means that an asset is protected by multiple layers of countermeasures from the outside in. To get to a valuable asset such as the Information Technology Server Room, a threat actor must encounter a number of security elements, each one a risk to his success. The more layers, the less likely it is that a threat action will succeed for types of security countermeasures.
Layers should use mixed technology approaches. At the outside, the threat actor encounters the outer fence, then lights, then perimeter sensors, then cameras, then the building boundary, then door/window detection, then more cameras, then motion alarms, then the department perimeter with its alarms and access control and cameras, and finally, the controls in the Server Room. The threat actor will encounter all of these countermeasures on the way out as well, further reducing the likelihood of a successful exit and unnoticed escape for types of security countermeasures .
References :
- ELECTRONIC ACCESS CONTROL by Thomas Norman
see also :