Whether through our book review page in each monthly issue of Professional Security magazine, the ‘spending the budget’ section, or new products or services pages, or news and case studies, we aim to provide our UK security manager, installer, consultant and specifier readers with ideas and opinions.
Security begins at the perimeter, whether with perimeter intrusion detection systems (PIDS for short) or gates and barriers and guardhouses, and fences. A useful source for advice is the official CPNI website. The Centre for the Protection of National Infrastructure advice covers cyber security, personnel and physical security, because one is no good without the others.
As for physical measures, as CPNI says, for most the recommended response will involve a sensible mix of general good housekeeping alongside appropriate investments in CCTV, intruder alarms and lighting that deter as well as detect – measures that will also protect against other criminal acts such as theft and vandalism and address general health and safety concerns. As for CCTV, CPNI says that it should form only part of a whole security system; it should not be used on its own. It cannot replace security staff, although it may permit a reduction in their number or their redeployment.
CPNI define personnel security as a system of policies and procedures which seek to manage the risk of staff (permanent, temporary or contract staff) exploiting, or intending to exploit, their legitimate access to an organisation’s assets or premises for unauthorised purposes. Although many organisations regard personnel security as an issue resolved during the recruitment process, it is a discipline that needs to be maintained throughout staff’s time in employment, CPNI point out. For instance, as individuals and organisations improve their physical and electronic defences, those wishing to gain access to premises or acquire sensitive information may attempt to exploit people within the organisation who already have legitimate access.
And as for cyber, CPNI provides a range of guidance documents and technical notes aimed at improving practices and raising awareness of current issues related to information security. Another official source of advice is CESG.