150 Things You Should Know about Security [2 ed.] 0128094850, 9780128094853

Table of contents :
Cover
150 Things You Should Know about Security
Copyright
Dedication
Preface
1
150 Things You Should Know about Security
1. Crime Prevention Through Environmental Design Strategies
2. Six Additional Crime Prevention Through Environmental Design Strategies
3. A New Role for Law Enforcement: Support of Community Development
Crime Prevention Through Environmental Design Assessments10
4. Environment
5. Target Hardening
6. Deterrents
Introduction
The Security Officer
Category A
CPTED target-hardening principles
Category B
7. Crime Prevention Through Environmental Design: Care and Maintenance
8. Questions to Be Answered During a Crime Prevention Through Environmental Design Assessment
Surrounding Neighborhood
Perimeter and Points of Entry
Vehicular Travel Routes and Parking Facilities
Pedestrian Travel Paths and Gathering Areas
9. Some Benefits of Crime Prevention Through Environmental Design Planning Activities
10. Use of Information
11. Defensible Space Principles12
The Concept
Space
12. Examples of Strategies in Action
13. How to Increase Security Through Building Design13
Natural Surveillance
Natural Access Control
Wayfinding
Territorial Reinforcement
Parting Thoughts
14. Windows and Window Shutters
Defensive Measures
Windows
Entrances
15. How to Design a 5-Year and 10-Year Security Plan
A Security Master Plan
The First 5 Years
Technology
Training
How Do You Prioritize Your Solutions
Outdoor and Building Perimeter Security
Indoor Security
Consider Additional Security Solutions if Appropriate
The Next 5 Years
16. After Crime Prevention Through Environmental Design and Community-Oriented Policing Services (Situational Prevention)
17. Access Control Cards: Twenty-Three Things You Should Know
18. Body Cameras for Law Enforcement and the Private Sector27
Testing and Evaluating Body-Worn Video Technology in the Los Angeles Police Department
How to Maintain the Data and Flagging Videos to Be Kept
Chain of Custody
Data Security
Auditing
Deletion
Non-evidentiary Footage
19. Social Media
20. Bullycide
What Is Bullycide
21. Encryption Defined28
22. Cybercrime: What Security Directors Need to Know About Cyber Security29
23. Terrorism: Reinventing Security Performance
24. What Managers Need to Know
Introduction
Facility Manager Responsibilities
25. Seven Things You Need to Know about Soft Targets
Set Goals and Objectives
Identify Assets, Systems, and Networks
Assess Risks
Prioritize
Implement Programs
26. Helpful Hints From a Burglar36
27. Malicious Destruction of Property
Solution
Vandalism Is Not a Joke
28. Risk Assessment
Introduction
The Best Time to Conduct the Security Risk Assessment Survey
First Step
Developing Security Points
Positive and Negative Aspects of Making Recommendations
Positive Aspects
Negative Aspect
Community Reaction
Crime Analysis
29. Key Control and Badge Control
Guidelines for Key Control
Badges
Badges, Lock, and Key Controls
30. Digital Security Surveillance System
Video Surveillance Systems
Does Video Surveillance Prevent Crime
31. Lighting and Security
Streetlights
Lighting
Exterior Lighting39
Interior Lighting
32. Lighting Levels
33. Security Checklist From the Massachusetts Home Security and Crime Prevention Center40
Entrances
Entrances From Garage and Basement
Ground Floor Windows
Upper Floor and Windows
Basement Doors and Windows
Garage Doors and Windows
Protecting Personal Property
34. Top Ten Security Threats
35. The Audit
Introduction
Exterior Access Controls
Interior Access Control
36. Mail Services Security
37. Crime Analysis
Crime Analysis: Defined
Crime Analysis Data Needed
Data Collection
Predictive Policing
Crime Pattern Analysis
Times Have Changed41
38. Emergency Planning
Emergency Response
39. Fire and Life Safety
Fire Procedures
Administrative and Planning Phase42
General Physical Inspection Phase
40. Exterior Physical Characteristics: Perimeter Grounds43
41. Exterior Windows
Other Openings
42. Security Officers Checklist44
43. Safes45
44. Metal Theft
45. Master Planning: Physical Systems
46. Parking Lot Safety Issues
Public Parking Lots
Parking Lot Security
47. Physical Security Is Needed to Prevent Workplace Violence in the Health Care Environment
Risk Factors
Identifying and Assessing Workplace Violence Hazards
Patient, Client, and Setting-Related Risk Factors
Organizational Risk Factors
Possible Engineering Controls for Different Healthcare and Social Service Settings
Exit Routes
Metal Detectors: Handheld and/or Installed
Monitoring Systems and Natural Surveillance
48. Security Assessment Follow-Up
Residential Security
Security Aspects
49. Seven Things You Should Know About Physical Security Information Management 48
50. The Ten Basic Knowledge Areas for Crime Prevention, in the 21st Century
Description of Program
51. Ever Need a New Year’s Resolution How About Changing Your Passwords
52. Speed Bumps
53. BULLYING AND LIABILITY FOR SCHOOLS
Liability
Fast Facts57
54. Police Massachusetts School Bus Driver Drunk in Crash
Another Instance
Conclusion
55. Security Officer Responsibilities
Recommended Qualifications of a Security Officer
Twenty-One Tips for Contract Security Officer Success58
Do
Don’t
Ensuring Quality
Do
Don’t
How to Ensure Effective Contracts
Do
Don’t
Hiring and Training
Do
Don’t
56. Emergency Planning and Development59
Why Emergency Planning
The Primary Goals
Risk Assessment
Threat Scenarios
Stages of Emergency Planning
Planning Basics
Advance Planning
Types of Emergencies: Natural and Man-Made
Natural Disasters
Man-Made Disasters
Man-Made Disasters: Fire
57. Seven Basic Types of Protective Lighting
Protective Lighting
Security Lighting Sources
Goals of Security Lighting
58. Things You Need to Know about Soft Targets
Introduction
59. The “Ultimate Security Cookbook” and the Future Trends
The Future of Physical Security
60. Ten Steps to Reduce Risk
61. ASIS Standards and Guidelines62
62. Safe Citizen and Law Enforcement Encounters63
63. The Art of Training
Visual Aids
Introduction
Lecturing Versus Teaching
Controlling the Class
Handouts
Planning
Voice Control
Nervousness
Recording Devices
Ending Your Presentation
64. Do Not Take Training Lightly
Why Do We Train
Training for Security/Protection Officers
65. Security/Protection Officers and Professionalism
66. The Importance of Professional Certifications: ASIS International and International Foundation for Protection Officers
67. Guard Houses/Guard Booths
68. Physical Security Expenses and Maintenance
69. Data Center and Server Security
70. Loading Dock and Chemical Storage Security
Loading Docks
Chemical Storage
Access Control
Security Surveillance Systems
Cabinets
71. The Six Most Critical Areas in a Storage Facility
72. Parking Facility Security71
Issues
How to Improve Lighting Brightness in Parking Garages
73. Emergency (Blue Light) Phones/Call Stations
74. Environmental Security
75. The Neighborhood and Fear of Crime
76. Designing Security and Site Layout
Designing for Security: a Checklist
77. Montreaux Document78
78. Access for Physically and Mentally Challenged
Review Process
79. Active Shooter/Active Assailant79
80. How to Respond When an Active Shooter Is in Your Vicinity80
Profile of an Active Shooter
How to Respond When Law Enforcement Arrives
Training Your Staff for an Active Shooter Situation
Components of an Emergency Action Plan
Components of Training Exercises
81. School Parking Lots and Garages81
82. Women as Investigators82
83. Preventing Identity Theft84
Federal Trade Commission Involvement
Steps to Take
84. Top 10 Crime Prevention Through Environmental Design Research and Best Practice Resources on the Web85
85. The Role of Security Practitioner
Community Participation Strategies
86. Physical Barriers
Design
87. Fire Safety Issues
88. Video Analytics and Thermal Cameras
Thermal Cameras
89. Design Out Crime/Designing for Security
Introduction
Identifying Objectives
Secure, Yet Welcoming
Fighting Crime by Design: a Secure Transition
Conclusion
Reference
90. Mass Notification Procedures
91. Occupational Safety and Health Administration Regulations88
Emergency Procedures and Security Operations
Sample AED Policy92
Purpose
Scope
Responsibility
Post-incident
Periodic Drills
Sample Fire Extinguisher Policy
Purpose
Responsibility
Training
92. Workplace Fire Safety
Building Fire Exits99
Portable Fire Extinguishers100
Emergency Evacuation Planning101
Fire Prevention Plan102
Fire Suppression System103
93. Security for Marijuana Farms and Dispensaries
94. Site Security During Construction
Something to Think About
95. Protection of Cultural Resource Properties: NFPA 909110
Museums, Libraries, and Places of Worship
96. Three Phases of Attack
97. Thirteen Steps to Avoid Becoming a Victim
Stop and Think!
98. Courtroom Testifying
99. Crime Prevention: Eighteen Terms You Should Know
100. Hazardous Materials111
101. Hazardous Materials: How They are Harmful to People
102. Informants112
103. Twenty Things You Should Know about the Legal Aspects of Security
104. The 3-D’s Approach to Crime Prevention Through Environmental Design
Designation
Definition
Design
Strategies in Action
105. Management Principles According to Bud Smith
Bud Smith
Conclusion
106. Crime Prevention Tips from the Greenville, NC, USA, Police Department114
107. Why Security Fails115
Do We Have Permission to Sue This
The Boss Does Not Get It
The Mish Mosh
The People Are Not Part of the Security Team
It Could Not Happen Here
We Do Not Really Know What Our True and Present Risks, Vulnerabilities, and Threats Are
Security Is Just Guards, Cameras, and Card Readers
The Horse Is out of the Barn Syndrome
The Shoe Bomber Theorem
Security Does Not Reflect or Support Our Special Culture and Values
108. Fifty Random Aspects of Physical Security That You Should Know: a Checklist
109. Emergency Manager Responsibilities
110. National Response Framework: Five Mission Areas
111. Emergency Planning Best Practices
Emergency Planning Best Practices117
Plan Development and Primary Considerations
Why Emergency Planning
Threat Scenarios
Stages of Emergency Planning
Planning Basics
Advance Planning
112. National Fire Protection Association
113. Organization and Administration
114. Organization and Planning
Organization
Planning
115. Outsourcing for a Security Practitioner
116. Paper Shredders
117. General Personnel Security
Employee Screening
Common Omission on Application
Questions You Cannot Ask in an Interview
Interview
118. Personnel Security: Twenty-Five Things You Should Know
119. Ten Things You Should Know about Fraud
Introduction
120. Physical Access Control
Basics of Access Control
121. Physical Security: Ten Things You Should Know
122. Glazing (Bullet-Resistant and Burglary-Resistant Glass)
123. Privacy in the Workplace
Intrusion or Necessity126
124. Product Contamination
Proprietary Security
Basics of Organization: the Vocabulary
125. REENGINEERING, Downsizing, and Rightsizing: Twenty-Five Things You Should Know
126. Retail Security
127. Retail Security Management
128. Risk Analysis
Security Risk Management
Budgeting and Financial Justification
Risk Factors128
129. Robots as Security Devices
Product and Service129
Autonomous Data Machines
K3 and K5 Features
Knightscope Security Operations Center
130. The Role of Risk Manager
131. Crimes Defined130
132. Safe Schools
133. Security Assessments
134. Biometrics Using Hand Geometry
135. Security Management
Why Is Professionalism Important in Security
Why Is Security Not Widely Accepted as a Profession
136. Protection of Sensitive Information
137. Transportation Security
138. Setting Specifications and Getting Bids for Security Components
139. Sexual Harassment
140. Sexual Harassment in the Schools
141. Stalking
Elements
142. Stress on the Job
Stressors
Changing Attitudes
Turnover
143. The Use of Force by Private Citizens
144. Freedom of Information Act
145. Travel Security
146. Physical Entry and Access Control
Doors
Door Numbering System
Minimum Standards
147. Letter and Parcel Bombs
148. Liaison: Twenty-Five Things You Should Know
149. AMBER Alerts
150. Emerging Trends in Security
Conclusion
Appendix 1
Women in the Security Profession: A Practical Guide for Career Development1
The Future of Women in Security: Developing a Strategy for Success2
The Security Industry
Professionalism
Workplace Bullying
Women in the Security Profession
Education and Professional Development
Industry Experience
Membership in ASIS International
Professional Certifications
Networking
The Value of Networking
Mentoring
Success in the Security Industry
Appendix 2
The Top 10 Things You Should Know About Security in Places of Worship
Index
Back Cover

Citation preview

150 Things You Should Know about Security Second Edition

Lawrence J. Fennelly, CPOI, CSSI Marianna A. Perry, M.S., CPP, CPOI

Butterworth-Heinemann is an imprint of Elsevier The Boulevard, Langford Lane, Kidlington, Oxford OX5 1GB, United Kingdom 50 Hampshire Street, 5th Floor, Cambridge, MA 02139, United States Copyright © 2018 Elsevier Inc. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions. This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein). Notices Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility. To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein. Library of Congress Cataloging-in-Publication Data A catalog record for this book is available from the Library of Congress British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library ISBN: 978-0-12-809485-3 For information on all Butterworth-Heinemann publications visit our website at https://www.elsevier.com/books-and-journals

Publisher: Candice Janco Acquisition Editor: Candice Janco Editorial Project Manager: Hilary Carr Production Project Manager: Punithavathy Govindaradjane Designer: Matthew Limbert Cover Image Credit: Karen Camilovic with Camilovic Creative Typeset by TNQ Books and Journals

I have three sons, Larry, Bill, and Stephen and wish to dedicate this book to them. My wife and I love them dearly. They are not only our children but also our best friends. We are a close family who support one another and laugh a lot together. Sad, but many people don’t have this type of family bond. Lawrence J. Fennelly This book is dedicated to law enforcement officers and security professionals who work hard every day to keep people safe and protect our way of life. Thank you. Marianna A. Perry

Preface This book is the second in a series of the “150 books.” The first was Physical Security: 150 Things You Should Know. You are probably thinking that it would be difficult to come up with 150 items, but it really was not that hard. We included ASIS Standards, Underwriters Laboratories (UL), and National Fire Protection Association (NFPA) Guidelines, and also Occupational Safety and Health Administration (OSHA) material, because all these topics affect security and need to be included in a holistic approach to security vulnerabilities. Today, we routinely recommend light-emitting diode lighting, which is energy efficient. Years ago, when conducting assessments, we both remember struggling to have high-pressure sodium lighting installed because the common misperception was that this type of lighting killed trees and plants. Clearly, we realized that people needed to be educated about good security practices, especially lighting. Times are changing and technology is moving us forward at an incredible pace. When we say, “150 Things You Need to Know,” we understand that there are more than 150 things that security practitioners need to know and be aware of. This book presents information in an easy-to-read format and covers a variety of topics. Each section of this book has been carefully placed for your review. Security does not have to be complicated, but it does have to be specific. We have added only one item in the appendix, which is a chapter from Sandi Davies book, Women in the Security Profession: A Practical Guide for Career Development, titled, The Future of Women in Security: Developing a Strategy for Success. We feel that this work has some useful information for security professionals. It is our intent to motivate everyone in the security profession to strive for higher levels of awareness and preparedness for the years ahead. This is the responsibility of all of us who are a part of the security profession and who must deal with the questions of where we are leading the discipline and how the role of security will support the organizations of the future. Lawrence J. Fennelly Marianna A. Perry

xiii

150 Things You Should Know about Security 1. CRIME PREVENTION THROUGH ENVIRONMENTAL DESIGN STRATEGIES There are seven overlapping strategies in crime prevention through environmental design (CPTED):    1. Natural access control 2. Natural surveillance 3. Territorial reinforcement 4. Image and/or maintenance1 5. Activity program support2 6. Target hardening3 7. Geographical juxtaposition (wider environment)4    Access control and surveillance have been the primary design concepts of physical design programs. At the outset of the CPTED program, access control and surveillance systems—pre-existing as conspicuous concepts in the field of CPTED—received major attention. Access control and surveillance are not mutually exclusive classifications since certain strategies achieve both and strategies in one classification typically are mutually supportive of the other. However, the operational thrust of each is distinctly different, and the differences must be recognized in performing analysis, research, design, implementation, and evaluation. Access control is a design concept directed primarily at decreasing crime opportunity. Access control strategies are typically classified as organized (e.g., security officers), mechanical (e.g., locks, lighting, and alarms), and natural (e.g., spatial definition). The primary thrust of an access control strategy is to deny access to a crime target and to create a perception of risk in offenders. Surveillance is a design concept directed primarily at keeping intruders under observation. Therefore the primary thrust of a surveillance strategy is to facilitate observation, although it may have the 1 PM

Cozens, G Saville, D Hillier. Crime prevention through environmental design (CPTED): a review and modern bibliography. Prop Manage 2005;23(5):328–56. 2 Ibid. 3 Ibid. 4 Ibid. 150 Things You Should Know about Security. http://dx.doi.org/10.1016/B978-0-12-809485-3.00001-6 Copyright © 2018 Elsevier Inc. All rights reserved.

1

2

150 Things You Should Know about Security

effect of an access control strategy by effectively keeping intruders out because of an increased perception of risk. Surveillance strategies are typically classified as organized (e.g., police patrol), mechanical (e.g., lighting, locks, and alarms), and natural (e.g., windows) (Photos 1–3).

PHOTO 1 Photo shows examples of good natural surveillance.

PHOTO 2 Photo shows examples of good natural surveillance.

1.  Crime Prevention Through Environmental Design Strategies

PHOTO 3 Photo shows examples of good natural surveillance.

Traditionally, access control and surveillance, as design concepts, have emphasized mechanical or organized crime prevention techniques while overlooking, minimizing, or ignoring attitudes, motivation, and use of the physical environment. More recent approaches to physical design of environments have shifted the emphasis to natural crime prevention techniques, attempting to use natural opportunities presented by the environment for crime prevention. This shift in emphasis led to the concept of territoriality. The concept of territoriality (elaborated most fully to date in the public housing environment) suggests that physical design can contribute to a sense of territoriality. That is, physical design can create or extend a sphere of influence so that users develop a sense of proprietorship—a sense of territorial influence—and potential offenders perceive that territorial influence (Photo 4).

3

4

150 Things You Should Know about Security

PHOTO 4 Photo shows a medium-height fence to establish territorial space and also has good window design.

At the same time, it was recognized that natural access control and surveillance contributed to a sense of territoriality, making it effective for crime prevention. Natural access control and surveillance will promote more responsiveness by users in protecting their territory (e.g., more security awareness, reporting, reacting) and promote greater perception of risk by offenders.

2. SIX ADDITIONAL CRIME PREVENTION THROUGH ENVIRONMENTAL DESIGN STRATEGIES Defensible Space: This concept was developed in the public housing environment. It is similar to CPTED strategies (Crowe 1999). Environmental Security differs from CPTED in that it uses a broader range of crime control strategies including social management, social media, target hardening activity, support, and law enforcement. Situational Crime Prevention which incorporates other crime prevention and law enforcement strategies in an effort to focus on specific crime problems. Results and objectives:    • Reduce violent crime • Reduce property crime • Displacement of crime • Eliminate the threats and risk • Reduce the likelihood of more incidents • Eliminate vulnerabilities and protect assets   

3.  A New Role for Law Enforcement

Risk Management is defined5 as the process by which an entity identifies its potential losses and then decides what is the best way to manage these potential losses. CPTED landscape security principles:    1. For natural surveillance cut back bushes to a height of 3 ft. 2. Cut back the tree branches to 8 ft from the ground. 3. Chain link fence height 7 ft plus three strands of barbed wire.6 4. Height of a stone wall—8 ft. 5. A least 10 ft of clear space on both sides of the fence and wall.7 6. Psychological deterrence: results when lighting leaves a potential intruder fearful that he or she will be detected, identified, and/or apprehended.

3. A NEW ROLE FOR LAW ENFORCEMENT: SUPPORT OF COMMUNITY DEVELOPMENT Public/private sector partnerships enhance public safety by sharing information, making the community more aware of threats and involving them in the problemsolving process. Collaboration is a key word for partnerships because all partners must recognize that their goals or missions overlap and they work together to share resources and achieve common goals. The added value of public– private sector partnerships is the cross-transfer of skills, knowledge, and expertise between the public and private sectors.8 In order for a partnership to be successful, each partner has to understand the value they will gain from participating. Successful partnerships involve partners that are committed to working together to achieve common goals—building the community. There are a number of compelling reasons for law enforcement to be involved in CPTED aside from the formulation of partnerships:    1. CPTED concepts have been proven to enhance community activities while reducing crime problems. 2. CPTED concepts are fundamental to traditional law enforcement values, in terms of helping the community to function properly. 3. CPTED requires the unique information sources and inherent knowledge of the community, which is endemic to the law enforcement profession. 4. CPTED problems and issues bear a direct relationship to repeat calls or service and to crime-producing situations. 5. CPTED methods and techniques can directly improve property values, business profitability, and industrial productivity, thereby enhancing local tax bases.    5 Ibid. 6 LJ

Fennelly. The chain link fence manufacturers institute as stated in loss prevention and crime prevention handbook. 5th ed. 2012. p. 311. 7 JF Broder, CPP. Risk analysis and the security survey. 3rd ed. Elsevier; 2006. 8 http://it.ojp.gov/documents/d/fusion_center_guidelines.pdf.

5

6

150 Things You Should Know about Security

Law enforcement agencies, regardless of their size, must be involved formally in the review and approval process of community and business projects. Their participation must be active and creative, rather than passive and reactive. Moreover, any such involvement should not expose the agencies involved to possible litigation, since it is the role of law enforcement in CPTED to provide additional information on concerns that may not have occurred to the persons who are responsible (and qualified) for making changes to the environment. The expression, “Pay me now, or pay me later,” conveys the idea that the early involvement of a knowledgeable law enforcement agency in the conceptualization and planning of community projects can lead to improvements in the quality of life and to reductions in the fear and incidence of crime. This early involvement is one of the most cost-effective methods of crime prevention.9

CRIME PREVENTION THROUGH ENVIRONMENTAL DESIGN ASSESSMENTS10 During a CPTED assessment, the following CPTED principles should be focused on:    Natural surveillance Natural access Territoriality reinforcement Image and/or maintenance Order maintenance Activity program support Geographical juxtaposition    Be sure that you notice positive attributes of the area while identifying the needed changes or improvements. Logically organize your observations and recommendations.

4. ENVIRONMENT The conceptual thrust of a CPTED program is that the physical environment can be manipulated to produce behavioral effects that will reduce the incidence and fear of crime, thereby improving the quality of life. These behavioral effects can be accomplished by reducing the propensity of the physical environment to support criminal behavior. Environmental design, as used in a CPTED program, is rooted in the design of the human/environment relationship. It embodies several concepts. The term environment includes the people and their physical and social surroundings. However, as a matter of practical necessity, the environment defined for demonstration purposes is that which has recognizable territorial and system limits. 9 TD

Crowe, LJ Fennelly. Crime prevention through environmental design. 3rd ed. Elsevier Publishers; 2013. 10 www.popcenter.org/tools/cpted/.

5.  Target Hardening

The term design includes physical, social, management, and law enforcement directives that seek to affect positively human behavior as people interact with their environment. Thus, the CPTED program seeks to prevent certain specified crimes (and the fear of them) within a specifically defined environment by manipulating variables that are closely related to the environment itself. The program does not purport to develop crime prevention solutions in a broad universe of human behavior but rather solutions limited to variables that can be manipulated and evaluated in the specified human/environment relationship. CPTED involves design of physical space in the context of the needs of legitimate users of the space (physical, social, and psychological needs), the normal and expected (or intended) use of the space (the activity or absence of activity planned for the space), and the predictable behavior of both legitimate users and offenders. Therefore in the CPTED approach, a design is proper if it recognizes the designated use of the space, defines the crime problem incidental to and the solution compatible with the designated use, and incorporates the crime prevention strategies that enhance (or at least do not impair) the effective use of the space. CPTED draws not only on physical and urban design but also on contemporary thinking in behavioral and social science, law enforcement, and community organization.

5. TARGET HARDENING The emphasis on design and use deviates from the traditional target hardening approach to crime prevention. Traditional target hardening focuses predominantly on denying access to a crime target through physical or artificial barrier techniques (such as locks, alarms, fences, and gates). Target hardening often leads to constraints on use, access, and enjoyment of the hardened environment. Moreover, the traditional approach tends to overlook opportunities for natural access control and surveillance. The term natural refers to deriving access control and surveillance results as a by-product of the normal and routine use of the environment. It is possible to adapt normal and natural uses of the environment to accomplish the effects of artificial or mechanical hardening and surveillance. Nevertheless, CPTED employs pure target hardening strategies, to test their effectiveness either compared with natural strategies or when they appear to be justified as not unduly impairing the effective use of the environment. As an example, a design strategy of improved street lighting must be planned, efficient, and evaluated in terms of the behavior it promotes or deters and the use impact of the lighted (and related) areas in terms of all users of the area (offenders, victims, and other permanent or casual users). Any strategies related to the lighting strategy (e.g., block watch or neighborhood watch, 911 emergency service, police patrol) must be evaluated in the same regard. This reflects the comprehensiveness of the CPTED design approach in focusing on both the proper design and effective use of the physical environment. Additionally, the concept of proper design and effective

7

8

150 Things You Should Know about Security

use emphasizes the designed relationship among strategies to ensure that the desired results are achieved. It has been observed that improved street lighting alone (a design strategy) is ineffective against crime without the conscious and active support of citizens (in reporting what they see) and of police (in responding and conducting surveillance). CPTED involves the effort to integrate design, citizen and community action, and law enforcement strategies to accomplish surveillance consistent with the design and use of the environment.

6. DETERRENTS INTRODUCTION We recently started looking into deterrents. For example, are security officers and video surveillance systems a deterrent? Our findings were that a lot has been written on closed-circuit television in England and Canada, whereas not as much has been written on security officers. We also know from talking to our peers, other security practitioners, and law enforcement knowledge from working on the street as to what works and what are the deterrents. Disbelievers will say show me the data or you did not use enough data. Either way, it is time you started thinking about it. I have seen stores with about 100 cameras inside and 25 outside. Now that is a heavy cost to the wallet, but if they were not saving the company money and preventing theft, they never would have been purchased. Even with 125 cameras, there is still a certain degree of theft for a variety of reasons stated later. Anyone who steals an item with the camera focusing on the same item or area is said to be stupid, and we know a lot of stupid people get caught.

THE SECURITY OFFICER By definition, the job of a security officer is “serving to deter—relating to deterrence.” We were in a large building complex recently; as we walked we passed an armed security officer outside a bank and a security officer inside the lobby who greeted us. “Where are you folks going today,” he said. The security officer called upstairs, confirmed the appointment, used his access control card for the elevator, and then returned to the security desk. Once programed, the elevator only went to the assigned floor. Great security, we were thinking, because deterrents and physical security were working together smoothly.

Category A • Security surveillance system used to prevent crime in private and public locations • CPTED principles and concepts • Defensible space principles and concepts

7.  Crime Prevention Through Environmental Design

• Situational crime prevention principles and concepts • Lighting that meets standards and design by increased visibility • Displacement of crime • Biometrics and access control to specific areas

CPTED target-hardening principles • Signage • Padlocks and door locks and peepholes • Intrusion alarms and signage of alarms • Bollards or barricades closing down streets and controlling access

Category B • Security officers armed and unarmed in private and public locations. Individuals who perform an observation or formal to informal function, i.e., hotel door man, bus drivers, tickets sellers or ticket takers, train conductors. • Police officers in uniform and armed security who may deduce that a crime is about to be committed and deter the incident with their presence. • Security officer patrolling the parking lots of hotels, hospitals, and retail locations; protecting corporate assets; and protecting customers. • “Guardian angels” patrolling streets, neighborhoods, and subways.

7. CRIME PREVENTION THROUGH ENVIRONMENTAL DESIGN: CARE AND MAINTENANCE Finally, care and maintenance allows for the continued use of a space for its intended purpose, as well as contributing to territorial reinforcement. Deterioration and blight indicates less concern and control by the intended users of a site and a greater tolerance of disorder. Proper maintenance protects the public health, safety, and welfare in all existing structures, residential and non-residential, and on all existing premises by establishing minimum standards, best practices, as well as a master plan. Maintenance is the responsibility of the facilities manager, owners, and occupants. Furthermore, the effort to achieve a balance between design for crime prevention and design for effective use of environments contributed to the shift in focus from organized and mechanical strategies per se to natural strategies. This was because natural strategies exploited the opportunities of the given environment both to naturally and routinely facilitate access control and surveillance, and to reinforce positive behavior in the use of the environment. The concept reflects a preference, where feasible, to reinforce existing or new activities, or to otherwise reinforce the behavior of environment users so that crime prevention flows naturally and routinely from the activity being promoted. The conceptual shift from organized and mechanical to natural strategies has oriented the CPTED program to develop plans that emphasize natural access control and surveillance and territorial reinforcement (Photo 5).

9

10

150 Things You Should Know about Security

PHOTO 5 Photo shows a camera on the roof, plus lighting.

Although conceptually distinct, it is important to realize that these strategy categories tend to overlap in practice. It is perhaps most useful to think of territorial reinforcement as the umbrella concept, being composed of all natural surveillance principles, which in turn is composed of all access control principles. It is not practical to think of territorial reinforcement, natural surveillance, and access control as independent strategies because, for example, access control operates to denote transitional zones, not necessarily impenetrable barriers. If these symbolic or psychological barriers are to succeed in controlling access by demarcating specific spaces for specific individuals, potential offenders must perceive that unwarranted intrusion will elicit protective territorial responses from those who have legitimate access. Similarly, natural surveillance operates to increase the likelihood that intrusion will be observed by individuals who care but are not officially responsible for regulating the use and treatment of spaces. If people observe inappropriate behavior but do nothing about it, then the most carefully planned natural surveillance tactics are useless in terms of stopping crime and vandalism (Photo 6).

8. QUESTIONS TO BE ANSWERED DURING A CRIME PREVENTION THROUGH ENVIRONMENTAL DESIGN ASSESSMENT • Are there casual natural surveillance opportunities? If not, can they be added? • Is there sufficient lighting for all vehicular and pedestrian pathways and activity areas used during hours of darkness? (Photo 7) • Is there sufficient activity lighting indoors and is it supplemented by sources of natural light? Is there emergency lighting? • Is access managed? If not, what combination of strategies could be used to better manage access?

8.  Questions to Be Answered During a Crime Prevention

PHOTO 6 Photo shows a driveway to an apartment building that reflects poor security caused from the overgrowth of vegetation.

PHOTO 7 Photo shows poor security caused from overgrowth. Do you see the light in the middle of the vegetation?

• Are all spaces designated and delineated for specific use? If not, can they be? • Are there conflicts between uses? • Is there sufficient capacity? Is crowding creating tension, fear, or potential dangers? • Are there expressions of pride and ownership (territoriality)? Can they be increased?

11

12

150 Things You Should Know about Security

• Are all areas well maintained—kept clean and functional with no needed repairs or replacements? If not, when were they last maintained? • Are rules of conduct communicated? Enforced? • Are there supporting activities that enhance surveillance, access management, and social order? If not, can they be added? • Are the grounds easy to navigate? Is it easy to understand where you are at any given point? Is it obvious which path or direction you need to take to arrive at a desired location? • Does the landscaping enhance the ability to read the site? Does it provide shade and buffering where needed? Does it provide an esthetic quality? Is it accessible? Is it healthy and well maintained? Is it a problem? • How do the site users behave? Is there respect for the environment? Are there areas where tensions and disorder are common? • Is there graffiti or are there other signs of vandalism? • Is there video surveillance? If so, are they placed in prime locations? Are there other means of surveillance? • Are there successful CPTED applications already in place? If so, take note and use them as positive examples.11

SURROUNDING NEIGHBORHOOD • Adjacent land uses • Condition of adjacent streets and properties • Traffic patterns and volumes on adjacent streets • Pedestrian crossing safeguards (marked crossings, traffic lights) • Recommendations for improvements

PERIMETER AND POINTS OF ENTRY • First impressions on approaching the site/location • Walls and/or fencing • Type, location, hours of operation, and users • Special staff and/or visitor access points • Sign(s) that identify the site/location, welcome visitors, and provide information about special visitor parking and entry • Signs and/or maps to guide visitors to special parking and entry • Signs and/or pavement markings to guide vehicles • Surveillance opportunities from interior spaces • Landscaping and cleanliness (Photo 8) • Lighting • Recommendations for improvements   

11 http://cptedsecurity.com/cpted_design_guidelines.htm.

8.  Questions to Be Answered During a Crime Prevention

VEHICULAR TRAVEL ROUTES AND PARKING FACILITIES • Motor vehicle traffic patterns, including bus and student drop-off/pick-up loops in school applications (Photo 9) • Signs and/or maps to guide visitors to appropriate parking and entry locations • Sign(s) to identify visitor parking • Surveillance of parking lots from interior spaces • Lighting • Recommendations for improvements   

PHOTO 8 Photo shows an area behind an apartment building that needs to be cleaned up and indicates that the residents have no regard for the property.

PHOTO 9 Photo shows pavement markings to guide vehicles and pedestrian crosswalk markings.

13

14

150 Things You Should Know about Security

PEDESTRIAN TRAVEL PATHS AND GATHERING AREAS • Pedestrian routes to and from building(s) • Pedestrian crosswalk markings or designated pedestrian routes • Signage, landscaping, and/or landmarks to guide pedestrians • Surveillance of walkways and exterior corridors • Formal and informal gathering areas • Lighting • Recommendations for improvements

9. SOME BENEFITS OF CRIME PREVENTION THROUGH ENVIRONMENTAL DESIGN PLANNING ACTIVITIES In addition to dealing with the reduction of crime and fear problems, other benefits of CPTED planning include the following:    • Treatment of crime problems at various environmental scales. The CPTED process for identifying crime/environment problems, selecting CPTED strategies, and initiating, implementing, and evaluating anti-crime projects can be applied to entire neighborhoods or types of institutional settings within a city, such as secondary schools, or the process can be applied equally well to a small geographic area or to one particular institution. • Integration of prevention approaches. The CPTED principles are derived from an opportunity model of criminal behavior that assumes that the offender’s behavior can be accounted for by understanding how, and under what circumstances, variables in the environment interact to induce crime. Once an assessment of the opportunity structure is made, appropriate strategies can be designed and integrated into a coordinated, consistent program. • Identification of short- and long-term goals. Comprehensive broad-based programs like CPTED have ultimate goals that may take years to accomplish. Unlike CPTED, however, many programs fail to develop short-term or proximate goals and adequate ways to measure their success. The CPTED approach includes an evaluation framework that details proximate goals relating to increased access control, surveillance, and territorial reinforcement. The rationale is that the ultimate program success is directly related to its success in achieving the proximate goals. • Encouragement of collective responses to problems. The CPTED emphasis is on increasing the capacity of residents to act in concert rather than individually. Strategies are aimed at fostering citizen participation and strengthening social cohesion. • Interdisciplinary approach to urban problems. An explicit policy of interdisciplinary teaming ensures effective cooperation among diverse city departments such as public works, social services, economic development, and police. Each participant benefits from exposure to the responsibilities, jurisdiction, and skills of the others.

10.  Use of Information

• Encouragement of better police/community relations. A key strategy is to coordinate law enforcement and community service activities with the result of improving police/community relations and developing an anti-crime program that does not solely depend on enforcement agencies. • Development of security guidelines and standards. CPTED programming can lead to the creation of security criteria for newly constructed or modified environments to avoid planning and design decisions that inadvertently provide opportunities for crime. • Assistance in urban revitalization. Through its impact on physical, social, and economic conditions, CPTED can be instrumental in revitalizing communities, including downtown areas. Once business leaders, investors, and other citizens perceive that a comprehensive effort is underway to reduce crime and fear, there will be an improvement in community identity and cohesiveness. • Acquisition of development funds. The incorporation of CPTED into existing programs can provide additional jurisdiction for awarding grants, loans, and community development funds. • Institutionalization of crime prevention policies and practices. CPTED projects can create a local management capability and expertise to maintain ongoing projects. This capability can be incorporated into existing citizen organizations or municipal agencies.

10. USE OF INFORMATION It goes without saying that all important decisions should be based on good information. Especially where the design and use of the physical environment is at stake, it is imperative that at least five basic types of information be collected and used. Unless a rational basis is used to make informed decisions, the same mistakes that generated the original problem will continue to be made. The five basic types of information needed for good CPTED planning are crime analysis information, demographic information, land use information, observations, and resident or user interviews. This information does not have to be sophisticated. It exists in a fundamental form in every community or location. Moreover, unless it can be presented in its most basic form, it is of little value. For instance, very little can be done with a statistical measure that says burglaries are up by 5%. Much more can be done with a crime map that shows a clustering of burglaries in a specific block. Even more can be done when one finds that the burglar used an alleyway as his approach to a series of related offenses because it afforded a good cover for his vehicle. The other bits of information that are needed should be available in simple, usable formats. Following is a simple guide to each type of information:    • Crime analysis. This type of information is available in every police department; it is obtained by plotting offenses on a wall map and organizing the information on crime reports for the major purpose of identifying patterns of criminal activity. There are two basic types of patterns: geographic and similar offense.

15

16

150 Things You Should Know about Security

• Demographic: This is information that describes the nature of the population for a given city, district, or neighborhood. It is available through city planning departments, or the city manager’s or mayor’s office. Another source of this type of information is the Census Bureau and the city and county data books that may be found in most public libraries. • Land use: City planning departments, zoning boards, traffic engineering councils, and local councils of government have information and maps that describe and depict the physical allocations and uses of land. Simple wall maps with colored sections showing residential areas, commercial areas, industrial areas, parks, schools, and traffic flows can be of immeasurable assistance in understanding the physical setting. Natural boundaries and neighborhoods are easier to visualize on such maps, especially in relation to land use and pedestrian and traffic flows. • Observations: It is very helpful to conduct either formal or informal visual reviews of physical space to get first-hand knowledge of how, when, and by whom that space is used, and where problems may arise. • Environmental cues are the key to normal user and offender behavior. • Observations may include pedestrian/vehicle counts, on- and off-street parking, maintenance of yards and fences, the degree of proprietary behaviors prohibited by residents and/or users, the presence of either controlling or avoidance behaviors, and other potential indicators of territorial concern such as the percentage of window blinds drawn in homes and businesses overlooking parks or schools. • Resident or user interviews: This source of information is needed to balance the other data sources. People’s perceptions of where they feel safe and where they feel endangered often vary from the locations on crime maps where the most offenses occur. It is vital to determine the residents’ or users’ perceptions and extent of identity with the surrounding space, what affects their behavior or reactions as they move about, and what they think the needs are. Any attempt to skip the basics in favor of more complex forms of information gathering or analysis often obscures the picture. Professionals often suppress the active participation of residents or space users by relying on complex modes of analysis. This is dangerous because it can cause some very basic ideas or explanations to be overlooked. It is axiomatic that very little good will be accomplished without the full and active involvement of the users of space.

11. DEFENSIBLE SPACE PRINCIPLES12 THE CONCEPT All defensible space programs have a common purpose: they restructure the physical layout of communities to allow residents to control the areas around their homes. This includes the streets and grounds outside their buildings and the lobbies and 12 O Newman. Creating defensible space. U.S. Department of Housing and Urban Development, Office

of Policy Development and Research; April 1996.

12.  Examples of Strategies in Action

corridors within them. The programs help people preserve those areas in which they can realize their commonly held values and lifestyles. Defensible space relies on self-help rather than on government intervention, and so it is not vulnerable to government’s withdrawal of support. It depends on resident involvement to reduce crime and remove the presence of criminals. It has the ability to bring people of different incomes and race together in a mutually beneficial union. For people with low income, defensible space can provide an introduction to the benefits of mainstream life and an opportunity to see how their own actions can better the world around them and lead to upward mobility. Over the past 25 years, Oscar Newman has been using defensible space technology to enable residents to take control of their neighborhoods, to reduce crime, and to stimulate private reinvestment. We have been able to do this while maintaining racial and economic integration. The process has also produced inexpensive ways to create housing for the poor, often without government assistance.

SPACE When spaces have a clear boundary that signal they belong to someone else, less crime and vandalism will occur. In a study of low-cost urban housing developments Newman (1972) found that when areas had no clear symbols of ownership, they were more likely to be vandalized than when they had well-marked boundaries. Supportive evidence is also provided in a study that observed that cars and other vehicles were vandalized and stripped of parts where they were parked in inner city Philadelphia (Ley and Cybriwsky, 1974). It was found that more vandalism took place near abandoned houses, vacant lots, and public places such as warehouses and schools than in areas with signal territorial ownership. Here’ is a question for you. “Are you more careless in the way you treat your own property other than a friend’s property?” In effect, people tend to respect properties that can be identified as having a conscientious owner rather than properties whose owner cannot be easily identified.

12. EXAMPLES OF STRATEGIES IN ACTION There are hundreds of examples of CPTED strategies in practice today. In each example, there is a mixture of the three CPTED strategies that is appropriate to the setting and to the particular security or crime problem. Some of the examples were created in the direct application of CPTED concepts. Others were borrowed from real-life situations. The common thread is the primary emphasis on naturalness— simply doing things that you already have to do, but doing them a little better. Some examples of CPTED strategy activities are:    • Providing clear border definition of controlled space • Providing clearly marked transitional zones that indicate movement from public to semi-public to private space

17

18

150 Things You Should Know about Security

• Relocating gathering areas to locations with natural surveillance and access control, or to locations away from the view of would-be offenders • Placing safe activities in unsafe locations to bring along the natural surveillance of these activities to increase the perception of safety for normal users and risk for offenders • Placing unsafe activities in safe spots to overcome the vulnerability of these activities with the natural surveillance and access control of the safe area • Redesignating the use of space to provide natural barriers to conflicting activities • Improving scheduling of space to allow for effective use and appropriate critical intensity • Redesigning space to increase the perception or reality of natural surveillance • Overcoming distance and isolation through improved communications and design efficiencies

13. HOW TO INCREASE SECURITY THROUGH BUILDING DESIGN13 CPTED is a method used in security planning that focuses on design, placement, and the way the building is used as a means to increase security in an esthetically pleasing manner (Photo 10).

PHOTO 10 Photo shows a wide view of natural surveillance. Photo credit: Thinkstock.

13 International

4:30 a.m. PT.

CPTED Association. http://www.cpted.net. By Sarah E. Ludwig CSO, January 6, 2016

13.  How to Increase Security Through Building Design

“CPTED tends to provide a purposeful sense of orderliness in developing a security program,” says William Nesbitt, president of SMSI. “It’s geared at trying to not only have an effective security program, but to have that program be perceived as being effective. It has to do with both the appearance and the perception.” CPTED principles can vary from place to place and firm to firm, but the three that are fairly standard are natural surveillance, natural access control, and territorial reinforcement. These principles, although most easily used when designing a new building, can be used in virtually any type of building or scenario, new or existing.

NATURAL SURVEILLANCE “Doing a lighting study is one of the most important pieces of the Natural Surveillance principle,” says Toby Heath, electromechanical specialist at ASSA ABLOY. “That involves measuring the light output every 10 ft throughout parking lots and the perimeter of a building.”14 Since the illuminance from light bulb starts degrading as soon as you install it, chances are good that the existing lighting is not particularly safe if it has been around for a while, says Heath. “One of the biggest things that people don’t understand is that you have to look at light uniformity, which is the difference between the lightest and the darkest spot. You want to have certain thresholds so that when people are driving by or people are in the building, they can actually see what’s happening,” states Toby Heath.15 “The 3-7 rule is an important component of natural surveillance as well,” says Heath. This means that all landscaping around the perimeter of the facility should be no taller than 3 ft for shrubs and plants and there should be no foliage below 7 ft for trees. This leaves a clear view of people, making criminal activity easier to spot. Heath says not following the 3-7 rule is a common oversight at facilities because people do not realize that landscaping obstructions may cause points of vulnerability.16 “The idea of surveillance in and of itself has a deterrent value,” says William Nesbitt, security expert. “For example, having parking lots adjacent to a building with no obstruction to the view no matter what floor you’re on may cause criminals to pause. For schools, putting the bike rack near classroom windows where it can be seen deters thieves,” Nesbitt says. “Making sure windows are unobstructed and clear is another component, particularly in a public space,” says Heath. “K-12 schools are a big violator because teachers like to put artwork up on the windows,” he says. “You need two-way visibility so people can look in and you can look out.”17

14 Lighting

the way to energy savings. Retrieved from: http://www.assaabloy.com/en/com/press-news/ news/2015/assa-abloy-hospitality-shanghai. 15 Ibid. 16 Ibid. 17 Honeywell Building Solutions. Retrieved from: http://www.assaabloy.com/en/com/press-news/news/ 2016/honeywell-building-solutions-integrates-seos-technology-into-its-new-mobile-access-app/.

19

20

150 Things You Should Know about Security

NATURAL ACCESS CONTROL “It’s really important to minimize the points of entry to a building to one, for visitors as well as employees,” says Heath. “It’s completely inconvenient, but there’s always that balance between security and convenience to find your sweet spot.” In a related matter, all doors should be inspected to make sure that they close completely and by themselves. Having open doors creates huge vulnerability points.

WAYFINDING Wayfinding is also hugely important in the quest for natural access control, both Heath and Nesbitt say. “It’s really important because as buildings get older, obviously there are renovations, improvements and additions. Within hospitals, departments move around all the time over the course of years and places can be marked incorrectly or not at all,” says Heath. “Having people coming into your facility and not being able to find where they’re going is a catalyst for a crime of opportunity.” For new buildings, “designing sidewalks and entryways with not just a sign, but inviting you to go in a certain direction” employs this principle of natural access control,” Nesbitt says. “In some hospitals you sometimes see where they have different colored lines that help people find their way. All of these things can be done through design.”

TERRITORIAL REINFORCEMENT “Territorial reinforcement basically tells you where your property begins. There is no defining property line, so to speak, so if you give cues as to where the property is and what’s under your control and maybe some signage, it helps you establish the foundational basis that you have control over this piece of land from this point inward and it’s not common area,” says Nesbitt. Changing the way that areas around and inside the facility are used is one aspect of territorial reinforcement. “Over time, some places get used more than others. People go to certain areas and some areas are avoided,” Heath says. “It’s important to be aware of where those areas are because obviously the opportunity for crime is way higher in the non-used areas.” Putting safe activities in unsafe places helps. “An unused space could have a bench or a winding walkway or nice shrubbery, something to invite the public to use that space, which forces the crime out of the area. It’s a slow migration. You want to reinforce that the whole territory is a safe place,” says Heath. “Natural landscaping is also a big part of territorial reinforcement and of CPTED,” Heath says. “Buildings that once had beautiful shrubs and landscaping often don’t keep up maintenance or landscaping gets cut in the operational budget. Putting that back in place and creating that delineation of public to private space is a big deal,” says Heath.

14.  Windows and Window Shutters

PARTING THOUGHTS Understand CPTED principles thoroughly. “Don’t substitute CPTED for traditional methodologies,” warns Nesbitt. “CPTED provides harmony between the more traditional methods and human behavior. It takes a little study to understand it, but the more you do, the more you will come up with ways to apply it that are unique to your situation.” Flexibility is key to the successful use of CPTED. “Security is hugely situational. There is no universality. Everything is about reducing the probability of things happening, since we can’t stop them from happening,” Nesbitt says. “Something may pop up that causes you to need to change the environment. Using CPTED principles will make any security program that much more effective than it would be without.” For more information about CPTED, visit the website of the International CPTED Association at: http://www.cpted.net.

14. WINDOWS AND WINDOW SHUTTERS There are several types of window glass:    • Annealed glass—breaks into large shards that can cause serious injury, and building codes may restrict its use where there is a high risk of breakage and injury, such as door panels and fire exits. • Tempered glass—is treated to resist breakage. Building codes require tempered glass for safety reasons because when the glass breaks, it fragments into small pieces rather than shards. • Wired glass—provides some resistance against large objects, but may still shatter. It is often required for certain windows by fire codes, which is the primary purpose of most wired glass. • Laminated glass—is composed of two sheets of ordinary glass bonded to a middle layer or layers of plastic sheeting material. When laminated glass is stressed or struck, it may crack and break, but the pieces of glass then to adhere to the plastic material. It should be noted that for laminated glass to be effective, it should be installed in a frame secured to the structure. It is also the preferred glass type for mitigating blast forces. It will aid in the protection of building occupants from glass shattering in the event of an explosion. • Bullet-resistant or burglar-resistant glass—provides stronger resistance to attack. It is laminated and consists of multiple plies of glass, polycarbonate, and other plastic films to provide many levels of ballistic resistance.    The roll-up window shutters on the building that are lowered for protection after business hours effectively protect the building from a criminal attack through the windows (Photos 11–13).

21

PHOTO 11 Photo shows roll-up shutters.

PHOTO 12 Photo shows a secure roll-up window shutter over a window.

PHOTO 13 Photo shows how a roll-up window shutter housing may be used to access unsecured windows on the second floor.

14.  Windows and Window Shutters

DEFENSIVE MEASURES 1. D  oors (front, rear, basement, and garage): The first important item is to install dead bolts on all entry doors. A cylinder dead bolt with a 1-in projecting bolt, made of hardened steel, should be utilized. This lock should be used in conjunction with a standard entry knob lock. Viewing devices with a wideangle lens on entry doors is also standard to prevent unwanted intrusions into the home. 2. Doors with glass in them: The back door is one of the burglar’s favorite entryways. Most rear doors are made partly of glass, and this is an open invitation to a burglar. This type of door must have a double cylinder dead bolt for protection. This type of lock requires a key to open it from the inside as well as the outside, because most burglars break the glass and try to gain entry by opening the locked door from inside. 3. Sliding glass doors: These entries should be secured so they cannot be pried out of their track. Also, you can prevent jimmying of your door by putting a “Charley bar” made from wood or metal and cut to size and placed in the track when the door is closed. A different type of “Charley bar” or security bar can also be installed with hardware to secure the door when it’s closed and then raised from inside to open the movable panel (Fig. 1).    Bulkheads should also be included as part of your overall security package and secured with square bolt or dead bolt locks.

FIGURE 1 A "Charley Bar" can be attached to a sliding glass door for added protection against intrusion. From AMSCO 2015 Window & Door Catalog, Amsco Company, Inc.

23

24

150 Things You Should Know about Security

Eyebolt

FIGURE 2 Securing double-hung windows with an eyebolt. From New York Police Department.

WINDOWS Windows come in a variety of shapes, sizes, and types, each of which presents a different type of security problem. Windows provide an inviting entryway for a burglar who does not like to break glass because the noise may alert someone. On doublehung sash-type windows, drill a hole through the top corner of the bottom window into the bottom of the top window. Place a solid pin into the hole to prevent the window from being opened (Fig. 2). Keyed window latches may also be installed to prevent the window from being opened. In addition, grilles and grates may be installed over extremely vulnerable accesses.

ENTRANCES Any opening through which a human body can pass is an entrance. Front doors, basements, patio doors, garages that have access to the house, and windows on the second floor are all entryways to burglars. No one way is more important to protect than another.

15. HOW TO DESIGN A 5-YEAR AND 10-YEAR SECURITY PLAN A SECURITY MASTER PLAN A Security Master Plan will outline the organization’s security philosophy, strategies, goals, programs and processes. This document is critical to forming a 5-year business

15.  How to Design a 5-Year and 10-Year Security Plan

plan that outlines the risks as well as the mitigation plans.18 Security has to become a part of the overall business operation of the organization with not only “buy-in” from upper management but also “participation.” Consider also the reporting structure of the security department itself and who the security reports to within the organization. The idea is to drive security from the top of the organization. This is important because to meet security goals, upper management must budget funds each year to complete your 5-year plan.

THE FIRST 5 YEARS All security programs, regardless of the type of complex or operation, should have policies, rules, regulations, and procedures “to prevent unauthorized persons, from entering, to prevent the unauthorized removal of property, and to prevent crime, violence, and other disruptive behavior.”19 The overall objective of the security program is to protect people and property. In your complex, do not forget to include the parking garage or your surface parking lots. Emergency blue light phones can be installed in surface parking lots and/or intercom systems in your parking garage. The lighting survey as a part of the overall security risk assessment may recommend additional lighting, and if light-emitting diode (LED) lights are installed, it may provide a return on investment (ROI) as well as be designated as a “green” complex. Ensure that exterior lighting, parking area lighting, and exterior security surveillance systems are included in your 5-year plan because this is not an inexpensive project. It is important to effectively budget for security upgrades or implementation. Access control will be addressed as a part of the security risk assessment, so ensure that there are procedures in place for people (employees, visitors, vendors, and contractors) and vehicles, to enter the complex property. Take into consideration that if you currently do not have an access control system for employees and are using a “paper-and-pen” system for visitors, vendors, and contractors, be sure to budget for an electronic (card, fob, or biometric) access control system in your 5-year plan. All security plans should have countermeasures in place to address each vulnerability identified in the security risk assessment. Address concerns at the perimeter of the complex property to include such items as fencing, gates, access control, security officers, video surveillance, and lighting and then address concerns at the perimeter of the building(s) to ensure that there is adequate access control in place (locking doors and windows, video surveillance, and intrusion detection) and ensure that your access control meets National Fire Protection Association (NFPA) 101: Life Safety Code requirements.20

18 TD

Giles. How to develop and implement a security master plan. Florida: Auerbach Publications; 2009. 19 Objectives of a security program. In: High-rise security training course. Oakland, CA: American Protective Services; 1990. p. 17. 20 National fire protection standards: codes and standards. Retrieved at: http://www.nfpa.org/codesand-standards/all-codes-and-standards/list-of-codes-and-standards?mode=code&code=101.

25

26

150 Things You Should Know about Security

Also, consider that if you currently have analog cameras, you should have a process in place to replace them with a total Internet protocol (IP) integrated system and increase the storage limits for video surveillance. A good process to follow is to replace the cameras as they become non-operational and/or budget to gradually replace all cameras within a specific amount of time. This may be possible to be accomplished in your 5-year plan, depending upon the number of cameras on the complex property. Intrusion detection should be upgraded to provide protection, not only to the perimeter of building(s) in the complex but also to sensitive areas within each building. Security officers can be proprietary or contract, or a combination of both, but you. All the security components that you put in place should have the capability to expand as more security measures are added to the overall security system. Budget for each of these countermeasures by getting estimates from at least three vendors, and also ensure that you have an integrator that can interface each of your security measures so they can communicate with each other. In other words, avoid having stand-alone or “silos” in your security system. It is common to budget to increase security in increments to achieve a system that addresses all vulnerabilities identified in the security risk assessment.

TECHNOLOGY People who do not understand the shortcomings of technology may many times experience a false sense of comfort and security. Two examples of this are as follows:    1. Access control systems: many times these are not operational and there is no process in place to ensure operability and it results in interference with business operations. 2. Video surveillance systems: at times are over-rated, misunderstood, and create vulnerabilities, but government operations, the public, businesses, schools, company leaders, and politicians demand it, as a crime-solving tool, only to find that there is no process in place to monitor, store, and ensure operability. Technology is not the answer to security, but should be considered as one component in an overall security program.    There needs to be the right mix of people and technology in order for your overall security plan to be effective. This brings us to an interesting question, “Does video surveillance prevent crime?” Throughout the world in the majority of public places, the activities of people are being recorded. We have come to accept this as a part of everyday life. In 2014, research sponsored by the Campbell Collaboration21 analyzed 44 studies that measured whether video surveillance helped to reduce crime in parking lots, housing developments, and on public transportation systems. The researchers found that 21 The

Campbell Collaboration. Does video surveillance deter crime? Retrieved from: http://evidencebasedliving.human.cornell.edu/2014/10/03/does-video-surveillance-deter-crime.

15.  How to Design a 5-Year and 10-Year Security Plan

video surveillance systems were most effective in parking lots. The research indicated that video surveillance:    • Decreased crime by 51% in parking lots • Decreased crime by 23% on public transportation systems • Resulted in no or a minimal decrease in crime in other public settings22    One thing that is important to note is that we do not know whether or not there was signage in the parking lots and public transportation systems. This brings us to another interesting question, “Was it the actual cameras or the signage that resulted in the decrease of crime in parking lots and on public transportation systems?” We also do not know the level of lighting at the research locations. Regardless of the research (and much is being conducted on this topic), consider video surveillance as just one component in your overall security plan, but ensure that it is integrated or interfaced with other security measures. Emergency preparedness and management should be a part of your security master plan. You may find it easier to divide emergencies into internal and external situations.23 For example, an internal incident may be workplace violence or an active shooter or an assailant, but an external incident may be a tornado or earthquake. Your emergency management plan should have procedures for a variety of emergency incidents. Regardless of the situation, it is important to have table-top exercises and full-scale exercises with first responders to test your emergency procedures. The Federal Emergency Management Agency (FEMA) has emergency planning exercises in the Private Sector Division24 of their website and the Occupational Safety and Health Administration (OSHA)25 has information to help any industry prepare for emergencies and develop response procedures. Remember to include business continuity, critical infrastructure, and identification of theft and cybercrime in your emergency plan. Designate employees who will respond in an emergency situation and ensure that they know their responsibilities. The security department will be a critical part of coordinating these exercises with first responders, so training is a must.

TRAINING One of the most overlooked aspects in the majority of organizations is training. The reason that most companies do not adequately train their employees is time and money. Many times, management fails to see the value of training and may see it only as a non-revenue-generating item in the budget. These same companies will spend millions of dollars on hardware and software, but fail to provide training to 22 Ibid. 23 LJ

Fennelly. Handbook of loss prevention and crime prevention. MA: Elsevier Publishers; 2012. planning exercises. Retrieved from: https://www.fema.gov/emergency-planningexercises. 25 Emergency preparedness and response. Retrieved from: https://www.osha.gov/SLTC/emergency preparedness. 24 Emergency

27

28

150 Things You Should Know about Security

their employees. Lack of training in the security industry can be very expensive. It may cause the business to fail, or worse yet, cost someone their life. In the end, the cost of training is outweighed by the ROI that it provides. The real question is whether the organization wants to make a small investment in training now or possibly have a much larger cost at a later time. “An ounce of prevention is truly worth a pound of cure.”26

HOW DO YOU PRIORITIZE YOUR SOLUTIONS? After completing a thorough security risk assessment of your complex, administration/ management should review the findings to set priorities and discuss budget and strategies, even for low-cost or no-cost solutions. A good security integrator will work closely with the administrators/management and complex security personnel to make sure that they are addressing security concerns as a collaborative effort, and not as a cookie-cutter experience. Many times, a combination of low-cost and no-cost security solutions coupled with products and services can diminish complex security risks. The following are some recommended solutions for increasing indoor and outdoor security for complexes with similar areas of concern:

OUTDOOR AND BUILDING PERIMETER SECURITY • Cut back trees and shrubbery, reduce clutter, and install more lighting to significantly reduce the areas available to hide outdoors. • Fence in specific areas on the complex, especially playgrounds and sports fields on school campuses, to keep unwanted visitors off school grounds and out of isolated areas. This is especially effective for complexes that are adjacent to high-traffic areas where unexpected visitors may be more likely to trespass. • Keep an open lane between parked cars and fenced areas to increase visibility on the grounds while decreasing places available to hide.

INDOOR SECURITY • Keep hallways and stairwells free of clutter to send a message that those areas are not abandoned, and therefore are not available as places to hide. • Ensure that doors are not propped open and that windows are locked at all times so that visitors to the complex use the main entrance. Make sure administration/ management keeps a record of all visitors. • Have a security/courtesy desk at the main entrance where visitors sign in and out of the building and receive visitor credentials. This helps to properly identify visitors to and keep track of their time and their destinations in the building.    26 Why companies should train their employees? Retrieved from: https://www.linkedin.com/pulse/why-

companies-should-train-employees-andrew-sharer.

16.  After Crime Prevention Through Environmental Design

CONSIDER ADDITIONAL SECURITY SOLUTIONS IF APPROPRIATE • A security risk assessment also may expose the need for equipping the campus/ property with other security systems, including video surveillance or other physical solutions. • The overwhelming majority of complex owners/managers say that they use security cameras to monitor facilities. Video surveillance cameras can provide an extra set of eyes to monitor parking lots, building and fence perimeters, gates, and storage facilities. • Some systems have software-based video analytics to trigger incident-driven alerts, as appropriate. Whether someone is trying to climb a fence or enter a campus/property in an unauthorized manner, these analytics can trigger alarms and notify local law enforcement or on-site security of potential breaches. • Third-party monitoring services also can report suspicious activity to local law enforcement, either around the clock or only at specific times for high-risk security scenarios, such as a basketball game on a school campus or any after regular business hours event, and can supplement the on-the-ground efforts of security officers and administrators/management. • In addition to video surveillance, a variety of other cost-effective solutions can be used on complex properties. New outdoor emergency communication systems are available that use intelligible voice technology to provide warnings and real-time information to people in endangered areas. • The systems can use specialized speaker technology that can be heard clearly for up to a quarter mile and can broadcast live or recorded messages to the entire campus/property. If there is an emergency at an outdoor activity, such as a football game on a school campus, everyone will be notified immediately.

THE NEXT 5 YEARS Why do security plans change? Standards, guidelines, regulations, and best practices in the security industry, along with frequent and high-impact incidents that have occurred may be reasons for change. New buildings and acquired property, buildings or property that have been sold, modifications to existing structures, mergers, audits, a crisis, and changes in the budget all may be reasons for change. Be cognizant of the potential changes.

16. AFTER CRIME PREVENTION THROUGH ENVIRONMENTAL DESIGN AND COMMUNITY-ORIENTED POLICING SERVICES (SITUATIONAL PREVENTION) COPS stands for community-oriented policing services. Both CPTED and COPS programs have been around for years. Both have been implemented by thousands of communities and have been very effective.

29

30

150 Things You Should Know about Security

So, what is the next program after CPTED and COPS? After a degree of research and discussion we feel that this program is situational prevention. So what is situational prevention? Situational prevention includes opportunity-reducing measures that:    1. Are directed at highly specific forms of crime. 2. Involve the management, design, or manipulation of the immediate environment in as systematic and permanent a way as possible. 3. Increase the effort and risks of crime and reduce the rewards as perceived by a wide range of offenders.    A detailed classification of such measures includes: “target hardening” of the complex, with more sophisticated forms of technology including intrusion detection systems and video surveillance, law enforcement using breathalyzers and radar used to detect speeding, surveillance of specific locations where employees park, subway or parking garages security concierge, and known problem areas; using vandalresistant designs and materials in schools and other public facilities; block watch, neighborhood watch, “defensible space,” and other attempts to capitalize on the natural surveillance provided by members of the public; and some less easily categorized measures such as improved coordination of public transportation with pub closing times and the separation of rival soccer fans in different enclosures at the stadium (Clarke, 1992). Situational prevention is a proven concept. We believe it to be the future of our profession and strongly suggest you look into it.

17. ACCESS CONTROL CARDS: TWENTY-THREE THINGS YOU SHOULD KNOW 1. When presenting a card or physical feature to a reader or scanner, the card is authenticated and a physical feature (such as a fingerprint) is verified. 2. The three most commonly used credential technologies are: a. Magnetic stripe b. Wiegand c. Proximity 3. A credential reader is similar in concept to a disk drive on a personal computer because it reads the information found on the credentials and passes that information to a computer for final processing. 4. Although readers can be used for a variety of computerized applications, electronic card readers (EACs) must have tamper-resistant mountings. 5. The three most common ways to apply an image to a card are: a. Lamination, using a regular photo or a polaroid b. Dye sublimation, using a digital image captured by a computer c. Digital storage in a smart card chip, using a digital image captured by a computer

17.  Access Control Cards

6. Two standard card sizes are: a. CR-80 (2.125″ tall × 3.375″ wide × 0.03″ thick) b. CR-60 (2.375″ tall × 3.25″ wide × 0.03″ thick) 7. The primary difference between the two standard card sizes are: a. The CR-80 is the most universal and can fit in both insertion and swipe readers b. The CR-60 can fit in all swipe readers, but requires a special insertion reader 8. Twelve EAC credential types are: a. Bar-coded cards and objects b. Barium ferrite cards c. Biometrics d. Hollerith e. Infrared cards f. Keypads g. Mixed technology h. Magnetic stripe cards i. Optical cards j. Proximity cards and objects k. Smart cards l. Wiegand cards 9. Bar-coded credentials are easy to create and not very secure because they are very easy to duplicate and often used in conjunction with other credential technologies. 10. Barium ferrite cards are considered to be somewhat obsolete in the light of newer technologies. However, they cannot be easily duplicated and are very secure. Encoding must be done at the factory rather than at the user’s site. They can be erased or distorted by strong magnetic fields and can wear out over time. 11. Biometrics is used when an exceptionally high level of security is required and works by associating unique physical characteristics with personal identity. 12. Hollerith cards are based on holes punched in cards through which a pattern of light or electrical current can pass. Although the basic hole pattern can be easily changed as needed, once issued the cards themselves are easy to duplicate and are not regarded as being highly secure. 13. Infrared cards use bar code technology: a. The bar code is embedded in the card itself, is not visible to the human eye, and cannot be duplicated. b. Encoding must be done at the factory rather than at the user’s site. c. These cards are not affected by magnetic fields and can have a very long life. 14. Keypads provide a miniature keyboard; they are durable and reasonable in price. User personal identification numbers can be stolen if care is not taken to hide the key pad entry from the view of casual onlookers. 15. Magnetic stripe cards are the most widely used cards in the world; they are inexpensive, can be encoded at the user’s site, and carry an adequate amount

31

32

150 Things You Should Know about Security

of alphanumeric information. They are affected by strong magnetic fields and wear out depending on the frequency of use. Magnetic stripes are often used with other technologies, such as keypads. 16. Coercive force ratings indicate the strength of a magnetic force required to erase magnetic material. Low ratings mean that the magnetic material is fairly easy to erase. High ratings means that the material is more protected from stray magnetic fields. 17. Mixed technology cards provide several technologies on one card. These cards allow retrofitting of older systems. They are more cost effective and allow more information to be contained on a single card. This technology reduces the number of cards a person might need in a single facility (such as in a college). 18. Optical cards are the latest in technology, are very expensive, must be encoded at the factory, are very secure being similar to CD-ROM disks, and can hold a great deal of information. 19. Proximity cards and tokens are dropping in price and growing in popularity; they transmit information via unique radio waves to a reader that can be “invisibly” buried in a wall. Some can be customized at the user’s site. 20. Two types of proximity cards or tokens are: a. Active: Depending on the battery power, they transmit information over distances of 1–100 ft. Active proximity cards often take the form of tokens, which form a case large enough to hold the lithium battery. b. Passive: Transmits information between 1 and 30 in. They are usually very thin cards similar to magnetic stripe cards. 21. Smart cards have a computer chip-embedded within the card, which can carry an enormous amount of user-created information as well as security. Three types of smart cards are: a. Memory only b. Memory circuits with some hard-wired security logic c. Full-fledged microcomputers 23. Wiegand cards are based on highly secure, patented technology that transforms a metal alloy wire into having magnetic action. This action causes the wire to quickly change polarities based on magnetic attraction and produce a discrete electrical pulse. Although popular and regarded as very secure, these cards must be encoded in a factory and require a longer lead time when compared with other technologies.

18. BODY CAMERAS FOR LAW ENFORCEMENT AND THE PRIVATE SECTOR27 No security book would be complete without the discussion of body cameras. The cost of body cameras is between $250.00 and $500.00 each, which is reasonable when compared to the numerous tangible and intangible issues after an 27 The

use of body-worn cameras by law enforcement. Retrieved from: https://cops.usdoj.gov/pdf/ taskforce/submissions/Madhuri_Grewal_Testimony.pdf.

18.  Body Cameras for Law Enforcement and the Private Sector

incident occurs. Suspicions, leave with or without pay, cost of lawyers, and cost of reputation are all things to consider after something occurs. Some sources quote a 90% reduction in complaints against police officers when body cameras are utilized. The technology is here and going forward, it will be a part of the uniform. Body cameras are predicted to lower the number of use-of-force incidents across the board. All of the Maryland State Police troopers are fitted with body cameras from day one. Body cameras have quickly become a hot-button issue for law enforcement and policy makers, and now they are poised to become a private security and insurance issue, too. There is certainly a chance for increased liability with the use of body cameras among private security officers, but in the long run, it may be a boon to insurers, according to security officer companies the people they protect (Tory Brownyard, 2015).

TESTING AND EVALUATING BODY-WORN VIDEO TECHNOLOGY IN THE LOS ANGELES POLICE DEPARTMENT In 2014, the National Institute of Justice funded the Los Angeles Police Foundation to conduct an evaluation of body-worn video technology in the Los Angeles Police Department. Researchers will study how body-worn video technology is used in the field and its impact on police–citizen behavior and on crime. The study will address a number of questions that fall into the following five general categories:    • Using body-worn video technology • Privacy concerns • Police legitimacy and changes in police services • Crime reduction • Use of advanced analytics    Among the sources of data that researchers will use are information on citizen complaints, use-of-force and crime. They also will conduct interviews and surveys with officers and interviews with citizens, per the National Institute for Justice. Most body cameras operate well up to 300 ft away with 1,080-pixel resolution at 30 frames per second. AEE Technology, Inc. reports that technology changes so fast that we now have a body camera that supports interphone/intercom equipment, such as walkie-talkies, allowing pairing with those communication devices. Following are the latest features for body cameras:    • Up to 720-pixel high-definition (HD) video capture • Rugged IP-54 rating • 130  degree view • Automatic recording feature • Built-in Global Positioning System (GPS) and WiFi • Smartphone integration   

33

34

150 Things You Should Know about Security

HOW TO MAINTAIN THE DATA AND FLAGGING VIDEOS TO BE KEPT The following types of footage should be automatically flagged for retention:    • Those involving use-of-force; • Incidents leading to detention or arrest; or • Where either a formal or an informal complaint has been registered. • Any subject of a recording should be able to flag the recording for retention, even if not filing a complaint or initiating an investigation. • Police department personnel should also be able to flag a recording for retention if they have a basis to believe police misconduct has occurred or have reasonable suspicion that the video contains evidence of a crime. • If useful evidence is obtained during an authorized recording, the recording should be retained in the same manner as any other evidence gathered during an investigation.

CHAIN OF CUSTODY • The chain of custody must be clearly preserved and recorded. • Policies should clearly describe the responsibility of the officer to turn in and download recorded footage, except for certain clearly defined incidents, such as officer shootings or use of force, in which case the officer’s supervisor should take physical custody of the camera. • Data should be downloaded at the end of each shift. Data should be properly categorized according to the type of event captured: if the camera recorded a law enforcement–related event, it should be tagged as “evidentiary;” if not, it should be tagged as a “non-event.” • Safeguards should be designed to prevent deletion by individual officers. Policies should clearly state where data are to be stored.

DATA SECURITY The method of storage must be safe from data tampering or unauthorized access, both before uploading and downloading. Third-party vendors must be carefully vetted.

AUDITING There must be effective audit systems in place and clear policies on who may access the data and when.    • An agency’s internal audit unit, not an officer’s direct chain-of-command, should conduct random review of footage to monitor compliance with the program. • Policies should specifically forbid personnel from accessing videos for any other use than those specifically authorized by the policy, such as personal use

19.  Social Media

and/or uploading to social media websites. Policies should contain specific measures for preventing access for personal use (such as built-in audits to accurately trace who has accessed the system). • Agencies should collect statistical data concerning camera usage, including when video footage is used in criminal prosecutions and when it is used in internal affairs matters. Agencies should conduct studies evaluating the financial impact of camera programs, including the cost of purchasing equipment, cost savings (including legal fees in defending lawsuits), and complaints against officers. • Agencies should conduct periodic reviews to assess the efficacy of their bodyworn camera programs.

DELETION To protect privacy, videos should be deleted after the elapse of a specified period of time. Policies should clearly state the length of time data is to be retained.

NON-EVIDENTIARY FOOTAGE The retention period of non-evidentiary footage should be measured in weeks, not years. Most existing policies retain such footage between 60 and 90 days.

19. SOCIAL MEDIA Social Media has transformed how culture works. Digital crowds have become powerful cultural innovators. Douglas Holt, Harvard Business Review, 2016.

We are not only in the digital technology age but also in the age of social media. Our culture has been affected by this phenomenon. Many managers jump online before they even brush their teeth! Social media has helped to bind groups and communities together. We have more linked-in security groups online than we ever knew existed, and this group culture has expanded with active participants. It was recently reported on television that children who are on social media for over an hour become depressed (Comcast News). For the Security Cultural Community, the groups discuss issues, books, events, and knowledge. They ask questions, seek answers, and seek certifications. Leaders and leadership strategies are developed. Consultants get a boost, and audiences are formed. Some may call this crowd culture. Webinars and conferences are promoted online, and so are presenters. Security companies offer a wide variety of online white papers touting their latest technology and use this as a means of promoting their brand of products. Professional public relations firms are busier than ever because a new media outlet is now available to them.

35

36

150 Things You Should Know about Security

We are seeing this person and that person with 5 million followers! In less than a year, the ASIS International School Safety and Security Council twitter account developed over 4000 followers, and the group is becoming larger each month! But what is the ultimate goal? What are the long-term objectives? Where will all of the growth come from? Moving ahead strategies will be developed taking the social media culture to the next level. Since we are talking about social media, we would be remiss to not mention some things about online safety. We all can use a few reminders on Internet safety.

20. BULLYCIDE With so many recent cases of suicide being talked about in the media, it leaves many wondering about the new term bullycide. This new term, bullycide, is a hybrid of bullying and suicide to explain when someone takes their life as a result of being bullied. There are many teens who face bullying every day whether it be at school, around their neighborhood, in public places, or online. Cyberbullying has taken the concept of physical bullying to a whole new level, which is why many researchers believe it is often responsible for cases of bullycide. With many teens taking their lives after being bullied by fellow peers either in school or on the Internet, it leaves parents, teachers, and their friends wondering what can be done to prevent bullycide.

WHAT IS BULLYCIDE? The correct definition to this question is bullycide is suicide caused from the results of bullying. Children and teens who are bullied live in a constant state of fear and confusion in their lives. Many feel that the only way to escape the rumors, insults, verbal abuse, and terror is to take their own life. Bullycide is clearly a serious issue. There are several different reasons that ultimately can lead to bullycide including    • Being constantly physically and emotionally bullied • Experiencing constant physical and emotional pain • Having to continually relive an embarrassing moment over and over that is regularly brought up by peers as a method of torment • Being the victim of bullying by an authority figure like apparent teacher, coach, or other adult • When the victim of bullying has no other friends to rely on for support or encouragement while being bullied regularly

21. ENCRYPTION DEFINED28 Encryption is a process of replacing clearly written text language (clear text) with a substitute of mixed up characters (or even pixel of an image) so that the meaning of the text is concealed. The intended recipient of the text is concealed. The intended 28 T

Norman. Integrated security systems design. MA: Butterworth-Heineman; 2007.

23.  Terrorism: Reinventing Security Performance

recipient will have a key to unlock the clear text from the garbled letters, numbers, or pixel so that the message can be read.

22. CYBERCRIME: WHAT SECURITY DIRECTORS NEED TO KNOW ABOUT CYBER SECURITY29 Security directors today must know, first and foremost, that their company will be a victim of a cyber attack. These attacks will be both complicated and costly. The company should be prepared to preserve digital forensics, conduct investigations, provide notification to a broad range of parties, comply with state and federal compliance obligations, and prepare for what could be potential litigation. Did I mention that there may be a need to plan for possible credit monitoring, crisis management, and of course, defending all actions to the board of directors? The security director’s most important job is to communicate, to the board of directors or the chief executive officer (CEO), that information security should be established and maintains a high profile. Be prepared to ensure that auditing and regulatory compliance is not only visible but also the highest priority. Security directors are obligated to understand cyber security and to keep it as a priority. It is crucial to gain allies in various departments such as audit, business continuity, infrastructure, compliance, and financial, because they will help make the case that a cyber attack is an enterprise-wide issue. Security directors who are educated in information security and understand the threats are better able to plan for information technology (IT) security budgeting and training programs and appropriately design physical security and IT security. It will be critical for them to know how they should react to a cyber attack and the steps to take. The security director must understand the new reality facing board of directors across the country, with the emerging cyber security threats, the potential liability, and the probability of government enforcement actions.

23. TERRORISM: REINVENTING SECURITY PERFORMANCE Sometime ago we wrote that security assessments should be conducted at times of crisis. We have seen terrorist attacks in Paris; Germany; San Bernardo, CA; and Brussels. We have also seen the threat levels increase in these areas. Here are some questions for you. What have you done recently to increase your security program? An assessment? Requested additional training? Requested that additional doors be secured? During these times of crisis, it is our recommendation that you also increase your level of protection and awareness. As the national threat levels go up, so should not yours? 29 Black

IS. Permission to reproduce; 2017.

37

38

150 Things You Should Know about Security

Security measures must get improved and updated. Conducting annual or monthly security reviews and improving security at your site will fuel overall improvements. At times, security needs “a shot in the arm.” Increase the rounds made by your security officers within your complex. This is not an added cost, but you have improved your coverage. Check all alarms and make sure they are working properly. Ensure that all cameras are properly recording.

24. WHAT MANAGERS NEED TO KNOW INTRODUCTION In civil litigation, expert witnesses testify as to whether or not an act was foreseeable. One element of foreseeability is whether or not the area or the property had prior criminal activity. In many cases, the answer is “yes,” and therefore, the owner or manager of the property is put on notice that it is likely that additional crimes may occur in the future and action must be taken to mitigate the risks and keep people safe. This same premise can be applied to soft targets. Is the area vulnerable or “at risk” because of prior criminal activity or crime trends or is there an increase in a particular type of crime that has occurred in similar environments? Examples of soft target locations include:    • Colleges and universities • Schools, pre-K to 12 • Retail outlets and shopping malls • Hospitals • Hotels and motels • Casinos • Restaurants • Sporting events • Theaters and concerts • Houses of worship    When we say managers, we are referring to:    • Local, state, and federal law enforcement • Local, state, and federal government officials • Hospital, school, and university public safety departments • Security directors and security account managers • Emergency managers • Emergency responders • Hospital board members • School principals • School board members • Local education committees • College and university leaders • Campus groups and associations

24.  What Managers Need to Know

• Risk managers and IT managers • Facilities managers • Nursing managers • Hospital and campus safety stakeholders • Managers of retail stores and malls • Leaders of faith-based organizations • Theater, sporting event, and concert managers

FACILITY MANAGER RESPONSIBILITIES As part of the emergency response plan, your facility managers should:    • Implement and understand site security procedures. • Institute security access controls (e.g., keys, security system pass codes). • Key fobs, door codes. • Distribute critical items to appropriate managers/employees, including: • Pocket-sized floor plans in break-glass cabinets. • Keys and other access control measures • Facility personnel lists and mobile telephone numbers. • Daily schedules. • Assemble crisis kits containing: • Radios tested and rotated batteries and chemical light sticks. • Floor plans. • Employee roster and emergency contact numbers. • Appropriate first aid kits. • Flashlights. • Activate the emergency notification system when an emergency situation occurs; as well as a backup plan. • Ensure that the facility has at least two evacuation routes. • Coordinate with the facility security department to ensure the physical security of the location, as well as the alternate routes. • Advise, according to plans and protocols, and if in higher education, timely Clery notification. • Secure doors. • Order area supervisors to immediately direct all personnel (employees, customers, visitors, vendors, etc.) in their area to evacuate the facility if it can be done safely and with caution. • If an evacuation is not possible, go to the nearest restroom. Lock the door, turn off the lights. Follow protocols. • Keep personnel as calm as possible and try to notify 911 (using cell phones or telephones) of your location, the number of occupants, and his or her status. Turn all cell phones to silent! • Remain in the room until an appropriate all-clear signal is given or law enforcement arrives. • Prepare an incident report documenting personal observations.

39

40

150 Things You Should Know about Security

• Post evacuation routes in conspicuous locations throughout the facility. • Place up-to-date and secure removable floor plans near entrances and exits for emergency responders. • Include local law enforcement and first responders during training exercises. • The training must be as realistic as possible. • Encourage law enforcement, emergency responders, special weapons and tactics (SWAT) teams, canine teams, and bomb squads to train for an active shooter scenario at their locations. • Foster a respectful workplace. • Beware of early indications of potential workplace violence and follow appropriate protocols as trained for the specific situation.30    The shootings at the Inland Regional Center in San Bernardino, CA, USA, on December 2, 2015, by Syed Rizwan Farook and Tashfeen Malik where 14 were killed and 22 were injured will certainly raise concerns about hiring practices and the relationships between employer, employee, and coworkers.31 We have conducted research on this topic because we are frequently asked the question, “Do you think these incidents are going to increase or decrease in frequency?” As we hear about more and more incidents nationwide, it does appear as though they are becoming more frequent. The findings establish an increasing frequency of incidents annually. During the first 7 years included in the study, an average of 6.4 incidents occurred annually. In the last 7 years of the study, that average increased to 16.4 incidents annually. This trend reinforces the need to remain vigilant regarding prevention efforts and for law enforcement to aggressively train to better respond to—and help communities recover from—active shooter incidents.32 The findings also reflect the damage that can occur in a matter of minutes. In 64 incidents where the duration of the incident could be ascertained, 44 (69.0%) of 64 incidents ended in 5 minutes or less, with 23 ending in 2 minutes or less. Even when law enforcement was present or able to respond within minutes, civilians often had to make life and death decisions, and, therefore, should be engaged in training and discussions on decisions they may face.33

25. SEVEN THINGS YOU NEED TO KNOW ABOUT SOFT TARGETS 1. N  ever say, “It can’t or will never happen here.” 2. The Sandy Hook School shooting was over in about 6 minutes and 26 people were killed. 30 M

Fagel. Active shooter. VA: ASIS International Publishers; 2015.

31 http://www.latimes.com/local/lanow/la-me-ln-san-bernardino-shooting-live-updates-htmlstory.html. 32 Ibid. 33 Active shooter incidents. Retrieved from: http://www.fbi.gov/news/stories/2014/september/fbi-releases-

study-on-active-shooter-incidents/pdfs/a-study-of-active-shooter-incidents-in-the-u.s.-between2000-and-2013.

25.  Seven Things You Need to Know about Soft Targets

3. P  erceived injustices and stereotypes have a powerful effect on the psyche of individuals. For example, the families of the nine people who were killed at an AME Church in Charleston, SC, USA, in June 2015 publicly stated that they forgave the shooter, Dylann Roof, when he appeared in court. 4. Shooters plan and assess how he or she will do it (the act) and how he or she plans to escape. In the aforementioned case of the shooting in the AME Church, the shooter was at the church for an hour (supposedly praying) before he opened fired on the community. When he was captured, the shooter, Dylann Roof, said, “I almost backed out because everyone was so nice at the Church.” (It should be noted that he was found guilty at his trial.) 5. Soft target hardening 101—is it possible to harden your target? In some cases, the perpetrators have been insiders or have had help from insiders. In her book, Soft Target Hardening, Dr. Jennifer Hesterman asks the question, “What is the cost of not protecting our people?” 6. Consider these six points as you develop your defense: a. The terrorists will first select or identify a vulnerable soft target. b. The terrorists will determine the method of attack. c. They will conduct detailed surveillance of the target to measure security forces. d. They will assess target vulnerability and select the site or move on to another. e. After site selection, a second round of surveillance will be conducted. f. Finally, the operation will be scheduled and the attack conducted.    Do not encourage criminal activity or a terrorist attack by becoming a soft target. The most effective way to avoid indicating that you are a soft target is to remain at a high level of situational awareness. The sad truth today is that walking down a street on the way to a ball game in a downtown setting may place you in the middle of a battleground in a split second. Your ability to recognize and perceive potential threats while going about routine activities will make the difference. Do not deny your gut feelings. As we all know, many good arrests made by law enforcement on the streets come from a gut feeling or intuition and then most importantly, acting upon that feeling or suspicion. “Situational awareness and the apparent readiness of that person indicate whether or not they are a hard target or soft target is crucial,” states Sgt. Glenn French, a 22-year veteran with the Sterling Heights (Mich.) Police Department.34 The Six-Step, National Infrastructure Protection Plan (NIPP) Risk Management Framework of the Commercial Facilities (CF) Sector provides an excellent starting point to protect your assets. We have included the Homeland Security Guidance here.35

34 www.policeone.com/law-enforcement-news-06-30-15. 35 www.dhs.gov/xlibrary/assets/nipp-ssp-commercial-facilities-2010.pdf.

41

42

150 Things You Should Know about Security

SET GOALS AND OBJECTIVES The Commercial Facilities Sector-Specific Plan (CFSSA) uses sector goals that define specific outcomes, conditions, endpoints, or performance targets as guiding principles to collectively constitute an effective risk management posture.

IDENTIFY ASSETS, SYSTEMS, AND NETWORKS The identification of assets and facilities is necessary to develop an inventory of assets that can be analyzed further with regard to criticality and national significance. Because of the diverse nature of assets within the CF Sector, the CFSSA works with the Department of Homeland Security (DHS) Infrastructure Information Collection Division (IICD) to identify and validate these assets. In addition to its collaboration with the IICD, the sector also identifies assets through interaction with trade associations and corporate owners and operators.

ASSESS RISKS The CF Sector approaches risk by evaluating consequence, vulnerability, and threat information with regard to a terrorist attack or other hazard to produce a comprehensive, systematic, and rational assessment.

PRIORITIZE The CF Sector Coordinating Council (SCC) and the CFSSA have found that it is not appropriate to develop a single, overarching prioritized list of assets for the CF Sector. Instead, assets are categorized by using a consequence methodology that allows the CFSSA to drive sector-wide protection efforts.

IMPLEMENT PROGRAMS Given the size and diversity of the CF Sector, there is no universal solution for implementing protective security measures. The owners and operators of CF Sector facilities implement the most effective protective programs based on their own assessments. Protective programs address the physical, cyber, and human dimensions.

26. HELPFUL HINTS FROM A BURGLAR36 During both the holiday and vacation seasons, it’s important give extra attention to protecting yourself against crime. There’s pressure to procure amongst both law-abiding citizens and criminals, alike. During vacations, many people act like they don’t have a care in the world and focus only on rest and relaxation. They are not concerned about being a victim of crime and are many times careless. During the holiday season, shoppers are everywhere and gifts are in plain sight in your cart, the

36 Helpful hints from a burglar. Retrieved from: http://chameleonassociates.com/burglar-helpful-hints/.

26.  Helpful Hints From a Burglar

backseat of your car, and in your home. Indeed, statistically, during the months of November and December, shoplifting, car break-ins, fraud and burglary all increase. The following helpful hints from a burglar’s point of view are therefore worth forwarding: • You’re right: I won’t have enough time to break into that safe where you keep your valuables. But if it’s not bolted down, I’ll take it with me. • Sometimes, I carry a clipboard. Sometimes, I dress like a lawn guy and carry a rake. I do my best to never, ever look like a crook. • Yes, I really do look for newspapers piled up on the driveway. And I might leave a pizza flyer in your front door to see how long it takes you to remove it. • Avoid announcing your vacation on your Facebook page. It’s easier than you think to look up your address. • To you, leaving that window open just a crack during the day is a way to let in a little fresh air. To me, it’s an invitation. • Of course, I look familiar. I was here just last week cleaning your carpets, painting your shutters, or delivering your new refrigerator. • Hey, thanks for letting me use the bathroom when I was working in your yard last week. While I was in there, I unlatched the back window to make my return a little easier. • Those yard toys your kids leave out always make me wonder what type of gaming system they have. • If it snows while you’re out of town, get a neighbor to create car and foot tracks into the house. Virgin drifts in the driveway are a dead giveaway. • If decorative glass is part of your front entrance, don’t let your alarm company install the control pad where I can see if it’s set. That makes it too easy. • A good security company alarms the window over the sink and the windows on the second floor, which often access the master bedroom, and your jewelry. It’s not a bad idea to put motion detectors up there too. • It’s raining, you’re fumbling with your umbrella, and you forget to lock your door. That’s certainly understandable. But understand this: I don’t take a day off because of bad weather. • I always knock first. If you answer, I’ll ask for directions somewhere or offer to clean your gutters. (Don’t take me up on it.) • Do you really think I won’t look in your sock drawer? I always check dresser drawers, the bedside table, and the medicine cabinet. • Here’s a helpful hint: I almost never go into kids’ rooms.

Twelve additional tips to help you avoid to be the victim of a burglar:    1. Do not advertise your absence by allowing newspapers and mail to accumulate; have a close neighbor bring in your mail and cancel the newspaper. 2. Do not hide keys outside the house. Because everyone knows it is within the 15 ft radius of the door. 3. Do not leave blinds or curtains closed if you are away for some time or leave the same light ON day after day. 4. Do not forget to inform police of your absence and address while you are on holidays, and to advise your insurance company if the house will be unoccupied for longer than your policy allows. 5. Do not leave mail piling up; go to the post office and have them hold on to your mail. 6. Do not rely on outdated locks or locks that have numbers listed on the bottom of the lock. Fit modern deadlocks on all outside doors. 7. Do not leave ladders and tools around for thieves to use; consider securing all windows locked and secure.

43

44

150 Things You Should Know about Security

8. Do not go out without locking all doors and windows of the house, garage, and outbuildings. 9. Do not forget to arrange for a neighbor to collect free delivery newspapers, park a car in your drive, and mow the lawn if away of a long period of time. 10. Do not let shrubs grow beyond window level; they should be cut to a height of 3 ft tall because they can provide hiding places. 11. Do not forget to switch on external lighting at dusk and leave on as usual if out for the evening. Consider installing a timer switch for internal and exterior lights. 12. Do not forget to keep a record—make, model, serial number, and photograph—of all the valuables kept at home.

27. MALICIOUS DESTRUCTION OF PROPERTY Malicious destruction of property is a crime. In the last couple of years, churches in the south have been burned to the ground, Jewish Synagogues have been attacked with graffiti, and tombstones in cemeteries knocked over. These are just a few of the items that make the paper. Following is a list of several daily occurrences that you do not see in the paper:    • A sign knocked down. • Windows broken in a complex. • Car windows smashed and nothing stolen. • Trash cans tipped over. • Mail boxes broken. • Motor vehicle tires slashed or antennas broken. • Internal graffiti (men’s/ladies’ room). • Problems at schools ranging from all of the above to computer and textbook damage. • Public phones broken. • Lights broken. • Door knobs broken. • Alarm components broken. • Fences cut. • Tombstones in cemeteries defaced.

SOLUTION 1. Call police or security and file a report every time you have an incident. 2. Physical property should be repaired within 24 hours. 3. Take pictures of graffiti. 4. Hang posters on bulletin boards that address this problem. 5. Develop a policy that addresses this issue, spelling out your guidelines. 6. Request from the police additional coverage of your property.   

28.  Risk Assessment

VANDALISM IS NOT A JOKE What fun does a person get in breaking a window or damaging a piece of property or equipment? Sometimes, it is a grudge, vengeance, or perhaps a sickness! There are actually several victims when vandalism occurs. Property must be repaired, so there is a financial cost. Damages may be covered by insurance, and your premiums will be affected. If a person is apprehended and arrested, his family becomes a victim of the act also. They may be charged or held responsible depending on their knowledge or age of the offender(s).

28. RISK ASSESSMENT INTRODUCTION A security risk assessment survey is a critical on-site examination and analysis of a place, which may be an industrial plant, business, home, or public or private institution to ascertain the present security status, identify deficiencies or excesses, determine the protection needed, and make recommendations to improve the overall security. Your survey or audit must include the external and internal complex, as well as the identification of threats, controls, level of risk, and your completed risk assessment, which should include risk analysis, risk identification, and risk evaluation. It is interesting to note that a definition of crime prevention as outlined by the British Home Office Crime Prevention Program—“the anticipation, recognition and appraisal of a crime risk and the initiation of action to remove or reduce it”—could, in fact, be an excellent description of a security survey. The only difference, of course, is that a survey generally does not become the “action” as such but rather a basis for recommendations for action. This definition can be divided into five components and analyzed so that its implications can be applied to the development of a working foundation for the security surveyor:    1. Anticipation: How does the anticipation of a crime risk become important to the security or crime prevention surveyor? Obviously, a primary objective of a survey is the anticipation or prevention aspects of a given situation—the pre- or before concept. Thus, an individual who keeps anticipation in the proper perspective maintains a proper balance in the total spectrum of security surveying. In other words, the anticipatory stage could be considered a prognosis of further action. 2. Recognition: What does an individual need to conduct a survey of the relationships between anticipation and appraisal? Primarily, the ability to recognize and interpret what seems to be a crime risk becomes an important skill a security surveyor acquires and develops.

45

46

150 Things You Should Know about Security

3. A  ppraisal: The responsibility to develop, suggest, and communicate recommendations is certainly a hallmark of any security survey. 4. Crime risk: As defined in this text, a crime risk is the opportunity gained from crime. The total elimination of opportunity is most difficult, if not improbable. Therefore the cost of protection is measured in (1) protection of depth and (2) delay time. Obviously, the implementation of the recommendation should not exceed the total (original or replacement) cost of the item(s) to be protected. An exception to this rule would be human life. 5. The initiation of action to remove or reduce a crime risk: This section indicates the phase of a survey in which the recipient of the recommendations decides whether to act, based on the suggestions (recommendations) set forth by the surveyor. In some cases, the identification of security risk is made early in a survey, and it is advisable to act on the recommendation prior to completing the survey.    The responsibility to initiate action based on recommendations is the sole duty of the recipient of the survey. This is to suggest that the individual who receives the final evaluation and survey is the individual who has commensurate responsibility and authority to act. Remember a security risk analysis is a more in-depth study, including risk management, analysis of risk factors, environmental and physiological security measures, and analysis of crime patterns, fraud, and internal theft. It is a process of assessing threats and risk and the formulation of strategies to minimize the risk and achieve security.

THE BEST TIME TO CONDUCT THE SECURITY RISK ASSESSMENT SURVEY Most security professionals and security directors agree that a survey is most effective after a crisis within the corporation, after a breaking and entering or major larceny, after major changes in physical infrastructure or their operational process, or on request from auditors. There are times when a merchant, hoping to get something for nothing, calls the crime prevention officer in the town to conduct such a survey, when in reality there is no intention of spending a dime for improvement. A security professional conducted a detailed security survey on a factory warehouse and office building. The recipient of the survey followed only one of his recommendations, which was to leave a light on over the safe in the back room of his warehouse. The owner had completely disregarded recommendations such as hardware improvements on doors, windows, and skylights. Unfortunately, thieves returned and almost put him out of business. Why conduct a security review? There are several reasons:    1. To identify what needs to be protected. 2. To ascertain current risk/security management needs. 3. To determine the threats and the risk and vulnerability of an organization’s assets. 4. To ensure that the security management plan combats identified threats in a cost-effective and proactive manner.   

28.  Risk Assessment

FIRST STEP These three examples clearly show the degree of security one can obtain by trying to plan a security package. I stated these examples because your first step in conducting a security survey is an interview with the individual to whom you turn over your report. During this interview, you form an appraisal on the degree of protection required. Sometimes, you may have to state all three recommendations in a report. At other times, you must be conscious that you may force the receiver of your report to accept less security than you suggest because you did not thoroughly and clearly explain your security points.

DEVELOPING SECURITY POINTS Like most professionals, we need tools to do an effective job. The following are suggested to assist you when conducting your surveys: tape measure, floor plans, magnifying glass, flashlight, camera with flash, small tape recorder, screwdriver, penknife, pencil, pad of paper, and surveyor’s wheel. Your survey is conducted systematically so that the recipient can follow your recommendations in some kind of order. Start with the perimeter of the building. Once inside the building, start at the basement and work your way to the attic. Do not be afraid to be critical of the area that you are in. This is what the recipient wants. Consider taking photos of the various buildings that are to be inspected; this will aid you with your report and inspection. After you have done several surveys, you will develop a style of putting them together and they become easy. There is software available for security surveys, and these have their place; however, it is not necessary to purchase the software to complete the security survey/audit. Also, consider a review of all standards, guidelines, regulations, as well as NFPA and OSHA items pertaining to assessments.

POSITIVE AND NEGATIVE ASPECTS OF MAKING RECOMMENDATIONS In making your recommendations for security improvements, you must consider the consequences of your suggestion in the event the property owner implements it. Negative as well as positive aspects are involved. Take, for example, a housing complex that has a high crime rate from outsiders and within. Your recommendation is, “Build a 10-foot high fence around the complex.”

Positive Aspects Crime is reduced—the environment can be designed so that the individual considering a criminal act feels that there is a good chance to be seen by someone who will take action and call the police. Another meaningful positive aspect is the fear of crime, and if present, it also must be addressed. Vandalism is less—the target of attack can be made to appear so formidable that the person does not feel able to reach the target. It adds to the physical esthetics of the area through environmental design.

47

48

150 Things You Should Know about Security

The visual impact is negative—this ensures the property of the residents, adding to their secure environment. Limiting the number of points of entry and establishing access control primarily decreases crime opportunity and keeps out unauthorized persons.

NEGATIVE ASPECT A fortress environment may create more of a psychological barrier than a physical one. It is socially undesirable and yet replicated throughout our country at an increasing rate.

COMMUNITY REACTION This cannot be disregarded. Furthermore, vandalism at the time of early installation should be considered. Get the residents, occupants, employees, etc., involved in the early planning process. Consciousness of fear may develop by those tenants whose apartments face the fence; but as the tenants come and go, it will eventually be accepted. All fences are subject to being painted by groups with a cause. Consider using cyclone fencing or other see-through fencing to discourage visible graffiti from being applied to the fence. An eye-pleasing architectural CPTED feature would be to recommend stones, gardens, terraces, etc., to improve the physical appearance and avoid the stigma of a fortress environment.

CRIME ANALYSIS It is not necessary for you to be a statistician, but the more you know about and understand the local crime problems, the better equipped you are to analyze the potential crime risk loss in surveying a business or a home. Crime analysis collection is simply the gathering of raw data concerning reported crimes and known offenders. Generally, such information comes from crime reports, arrest reports, and police contact cards. This is not to say that these are the only sources available for collecting crime data. Police reports, security officers’ reports, reports from the fire department, Googling the location on the Internet, and newspapers are all sources available to obtain added data. The analysis process as applied to criminal activity is a specific step-by-step sequence of five interconnected functions: crime data collection, crime data collation, data analysis, dissemination of analysis reports, and feedback and evaluation of crime data. Crime analysis of the site you survey supplies you with specific information to enable you to further harden the target in specific areas where losses have occurred. It is a means of responding “after the fact,” when a crime has been committed.

29.  Key Control and Badge Control

29. KEY CONTROL AND BADGE CONTROL Whether a place has physical keys or electronic locks, key control is an extremely important inclusion in a crime prevention or security survey. Check whether the clients are in the habit of picking up physical and electronic keys from employees upon their termination and if they have an accurate record of who has which keys. Within a few short minutes, you should realize whether or not there is a problem. Almost every company has some sort of master key system, because many people must have access to the building without the inconvenience of carrying two dozen keys around every day. Master keys are required for company executives, middle managers, and the security department, as well as the maintenance department.

GUIDELINES FOR KEY CONTROL 1. Purchase a large key cabinet to store and control the many keys in your possession. 2. Two sets of key tags should be furnished or obtained with the new key cabinet: one tag should read “file key, must not be loaned out,” and the second tag should read “duplicate.” The key cabinet should be equipped with loan tags, which identify the person to whom a key is loaned. This tag is to be hung on the numbered peg corresponding to the key that was used. 3. Establish accurate records and files listing the key codes, the date the key was issued, and who received it. Ensure also that the electronic card keys are used properly and that data are captured and recorded. 4. Have each employee sign a receipt when he or she receives a key. 5. All alarm keys should be marked and coded. 6. A check should be made of what keys are in the possession of guards and staff. 7. Do not issue keys to any employee unless absolutely necessary. 8. Only one person should order and issue keys for the complex. 9. Change the key cylinder when an authorized key holder is discharged for cause. Furthermore, discharged or retired employees should produce keys previously issued at the time of termination. 10. Periodic inspections should be made to ensure that possession of keys conforms to the record of issuance. These periodic inspections should be utilized to remind key holders that they should immediately notify you of any key loss. 11. The original issue of keys and subsequent fabrication and reissuance of keys should ensure that their identity is coded on the keys so that the lock for which they were manufactured cannot be identified in plain language.    Electronic key control is also important. It is suggested that you have a program in place to delete badges of termed employees and be sure this topic is included in your policies and procedures.

49

50

150 Things You Should Know about Security

Badges Badges are just like keys; they open doors. Like keys, badges are supposed to be collected when an employee separates from the company or the organization. This should be common sense, but it does not happen. We conducted an assessment for a company that had 1,050 employees, but had 1-525 active badges in the system.

Badges, Lock, and Key Controls Objective: To determine whether badges, lock, and key program controls are adequate to deter and detect misuse. These requirements are only applicable to facilities where there is exclusive control of all keys providing access to space. Approach: Review the latest version of the security manual related to lock and key controls.

30. DIGITAL SECURITY SURVEILLANCE SYSTEM The term closed-circuit television has been replaced by digital security surveillance system.

VIDEO SURVEILLANCE SYSTEMS Video surveillance is a valuable asset to any security package and an even more valuable tool if hooked up to a digital video recorder (DVR); analog video recorders are still used in some applications, but the merits of DVRs and IP video systems have trumped analog video system components. Video surveillance is a tool that provides an added set of “eyes” to your security program. Whether the video system is actively monitored or merely recorded for follow-up depends on the application and requirements for security. If this equipment is on the site you are surveying, it is your job to evaluate its operation and effectiveness:    1. Is it working properly? Is the video quality sufficiently clear to determine the identity of individuals or detect activity in the field of view? Are all the cameras working? Is the system set up for triggered events (e.g., on motion, door opening, or another dry contact prompt)? Are the pan-tilt-zoom cameras commissioned for a purpose (e.g., with preset camera view positions at critical areas)? Are privacy zones set up where appropriate? 2. How is it being monitored or recorded, and is the video data being saved for the appropriate number of days? Typically, 30 days of storage was the standard for analog video recorder applications; however, 90 days of storage has become the norm for digital video storage, with the capability to save video events on the digital storage permanently as required. You will find that auditors will want 90 days as a minimum to be available. 3. Are the camera fields of views placed where they will be most beneficial? 4. Are the lighting levels in the areas being video monitored sufficient for the setting, place, and activity to be detected? 5. Is the security recording hardware system secured in a locked cabinet or enclosure?   

31.  Lighting and Security

DOES VIDEO SURVEILLANCE PREVENT CRIME? This brings us to an interesting question, “Does video surveillance prevent crime?” Throughout the world in the majority of public places, the activities of people are being recorded. We have come to accept this as a part of everyday life. In 2014, research sponsored by the Campbell Collaboration,37 analyzed 44 studies that measured whether video surveillance helped to reduce crime in parking lots, housing developments, and on public transportation systems. The researchers found that video surveillance systems were most effective in parking lots. The research indicated that video surveillance    • Decreased crime by 51% in parking lots • Decreased crime by 23% on public transportation systems • Resulted in no or a minimal decrease in crime in other public settings38    One thing that is important to note is that we do not know whether or not there was signage in the parking lots and public transportation systems. This brings us to another interesting question, “Was it the actual cameras or the signage that resulted in the decrease of crime in parking lots and on public transportation systems?” We also do not know the level of lighting at the research locations. Regardless of the research (and much is being conducted on this topic), consider video surveillance as just one component in your overall security plan, but ensure that it is integrated or interfaced with other security measures.

31. LIGHTING AND SECURITY What would happen if we shut off all the lights at night? Think about it. Such a foolish act would create an unsafe environment. Senior citizens would never go out, and communities would have an immediate outbreak of theft and vandalism. Commercial areas would be burglarized at an uncontrollable rate. Therefore lighting and security go hand in hand. This example may seem far-fetched, but in fact, installation of improved lighting in a number of cities has resulted in decreased vandalism, decreased street crime, decrease in suspicious persons, decreased commercial burglaries, and, in general, a reduction in crime.

STREETLIGHTS Streetlights have received widespread notoriety for their value in reducing crime. Generally, streetlights are rated by the size of the lamp and the characteristics of the light dispersed. More specifically, four types of lighting units are utilized in street lighting. The most common, and oldest, is the incandescent lamp. It is the most expensive in terms of energy consumed and the number needed. As such, incandescent lighting is generally recognized as the least efficient and economical type of street lighting for use today. 37 Ibid. 38 Ibid.

51

52

150 Things You Should Know about Security

The second type of lighting unit, which has been acclaimed by some police officials as “the best source available,” is a high-intensity sodium vapor lamp. This lamp produces more lumens per watt than most other types. It is brighter and cheaper to maintain, and the color rendition is close to that of natural daylight. The third and fourth types of devices commonly used for street lighting are the mercury vapor and metal halide lamps. Mercury vapor lights have long life but are slow to fully illuminate and are generally dim lighting fixtures with little spread of the illumination beyond the light source. These are typically recommended for single structure locations such as a garage or back alley or access point to an infrequently used walkway. However, when high use of the property is expected, or it is imperative to observe who or what is using a property at a particular place, the lighting source frequently recommended is the metal halide light, which is bright white, with instant on, and provides great white color balance for video recording and human eye observation. This type of light is typically seen at new car lots and gas stations. Check for lighting standards and lighting levels for particular places one is inspecting: these can be obtained from Illuminating Engineering Society of North America (IESNA) and other standards-making bodies, and from place-specific professional associations (e.g., banking, hospital, health, multi-family housing, etc.).

LIGHTING Improved lighting provides another residential security measure. Although some studies documented crime reduction after improved lighting systems were installed, these studies typically have not accounted for displacement effects. Even if individuals living in a residence reduce the likelihood of a burglary by better lighting, they may only be displacing the burglary to another, less lit area.

Exterior Lighting39

1. Is the lighting adequate to illuminate critical areas (alleys, fire escapes, ground-level windows)? 2. How many foot-candles is the lighting on horizontal at ground level? 3. Is there sufficient illumination over entrances? 4. Are the perimeter areas lighted to assist police surveillance of the area? 5. Are the protective lighting system and the working lighting system on the same line? 6. Is there an auxiliary system that has been tested? 7. Is there an auxiliary power source for protective lighting? 8. Is the auxiliary system designed to go into operation automatically when needed? 9. Are the protective lights controlled automatically by a timer or photocells or is it manually operated? 39 H Victor, J O'Rourke, CPP. Appendix 3.B Physical Security Survey. Handbook of loss prevention and

crime prevention. 6th ed. 2012.

32.  Lighting Levels

10. 11. 12. 13. 14. 15. 16. 17.

 hat hours is this lighting used? W Does it use a switch box or boxes or is it automatically time secured? Can protective lights be compromised easily (e.g., unscrewing of bulbs)? What type of lights are installed around the property? Are they cost effective? Are the fixtures vandal proof? Is there a glare factor? Is there an even distribution of light?

Interior Lighting 1. 2. 3. 4.

I s there a backup system for emergency lights? Is the lighting provided during the day adequate for security purposes? Is the lighting at night adequate for security purposes? Is the night lighting sufficient for surveillance by the local police department?

32. LIGHTING LEVELS Below Are Recommended Illumination Levels for Example Areas, Location, or Task

Recommended Horizontal (fc)

Recommended Vertical (fc)

Ratio of Avgerage to Minimum

Facial identification Parking facilities on pavement Parking facilities gathering points Parking lots open spaces Parking lot likely loitering areas Park trails and walkways Major retail Parking lot Major retail low activity: entrance Convenience/gas station pump Convenience: sidewalks and grounds Convenience: store interior Schools: parking

N/A 6

0.5 to 0.8 0.5 to 0.8

4:1 4:1

5

0.5 to 0.8

4:1

3 1

0.5 to 0.8 0.5 to 0.8

4:1 4:1

0.6 3 5

0.5 to 0.8 0.5 to 0.8 0.5 to 0.8

4:1 4:1 4:1

6

0.5 to 0.8

4:1

3

0.5 to 0.8

4:1

10 3

0.5 to 0.8 0.5 to 0.8

4:1 4:1

Schools: sidewalks and footpaths

1

0.5 to 0.8

4:1

fc, foot-candle.

53

54

150 Things You Should Know about Security

33. SECURITY CHECKLIST FROM THE MASSACHUSETTS HOME SECURITY AND CRIME PREVENTION CENTER40 This checklist was put together to assist you with your risk assessment and lists 35 security checkpoints:

ENTRANCES 1. Are the doors of metal or solid wood construction? 2. Are door hinges protected from removal from outside? 3. Are there windows in the door or within 40 in of the lock? 4. Are there auxiliary locks on the doors? 5. Are strikes and strike plates securely fastened? 6. If there are no windows in the door, is there a wide-angle viewer or voice intercommunications device? 7. Can the lock mechanism be reached through a mail slot, delivery port, or pet entrance at the doorway? 8. Is there a screen or storm door with an adequate lock? 9. Are all exterior entrances lighted? 10. Can entrances be observed from the street or public areas? 11. Does the porch or landscaping offer concealment from view from the street or public area? 12. If the door is a sliding glass door, is the sliding panel secured from being lifted out of the track? 13. Is a Charley bar or key-operated auxiliary lock used on the sliding glass door? 14. Is the sliding door mounted on the inside of the stationary panel?

ENTRANCES FROM GARAGE AND BASEMENT 1. A  re all entrances to living quarters from garage and basement made of metal or solid wood construction? 2. Does the door from garage to living quarters have auxiliary locks for exterior entrance? 3. Does the door from basement to living quarters have an auxiliary lock operated from the living quarters’ side?

GROUND FLOOR WINDOWS 1. D  o all windows have key-operated locks or a method of pinning in addition to the regular lock? 2. Do all windows have screens or storm windows that lock from inside? 40 Massachusetts

Home Security and Crime Prevention Center. Retrieved from: http://www.safewise. com/home-security/ma.

33.  Security Checklist

3. D  o any windows open onto areas that may be hazardous or offer special risk of burglary? 4. Are exterior areas of windows free from concealing structure or landscaping?

UPPER FLOOR AND WINDOWS 1. D  o any upper floor windows open onto porch or garage roofs or roofs of adjoining buildings? 2. If so, are they secured as adequately as if they were at ground level? 3. Are trees and shrubbery kept trimmed back from upper floor windows? 4. Are ladders kept outside the house where they are accessible?

BASEMENT DOORS AND WINDOWS 1. 2. 3. 4. 5.

I s there a door from the outside to the basement? If so, is that door adequately secure for an exterior door? Is the outside basement entrance lighted by exterior light? Is the basement door concealed from the street or neighbors? Are all basement windows secured against entry?

GARAGE DOORS AND WINDOWS 1. 2. 3. 4.

I s the automobile entrance door to the garage equipped with a locking device? Is the garage door kept closed and locked at all times? Are garage windows secured adequately for ground floor windows? Is the outside utility entrance to the garage as secure as required for any ground floor entrance? . Are all garage doors lighted on the outside? 5

PROTECTING PERSONAL PROPERTY A number of programs have been developed throughout the country that are geared to aid the citizen to reduce losses in the community. A number of these programs include the following:    1. Operation Identification is a program started in 1963 in Monterey Park, California. This program encourages citizens to engrave their personal property with a state driver’s license number. 2. Bicycle registration and anti-theft program. Some communities have started a mandatory registration of bicycles as well as an educational program. The educational program identifies poor-quality locks used to secure bikes and provides instructions for properly securing a bike. 3. Auto–theft prevention is another educational program, which is generally implemented by the distribution of printed material and covered at community meetings. How many times have you seen a person keep the engine running while going into the store to buy milk? This is an example of giving the criminal an opportunity to commit a crime.

55

56

150 Things You Should Know about Security

4. N  eighborhood Watch: This program, initiated in 1971, encourages people to report suspicious circumstances in their neighborhoods to the police and familiarizes the citizens with crime prevention techniques to reduce criminal opportunity. Be alert for these suspicious signs: a. A stranger entering a neighbor’s house when the neighbor is not home b. Unusual noises, like a scream, breaking glass, or an explosion c. People, male or female, in your neighborhood who do not live there d. Someone going door-to-door in your neighborhood, if he or she tries to open the doors or goes into the backyard, especially if a companion waits out in front or a car follows close behind e. Someone trying to force entry into a home, even if wearing a uniform f. A person running, especially if carrying something of value    A person who sees anything suspicious should call the police immediately. Give the responding officers a physical description of the person and license plate number of the car. Even if nothing is wrong, such alertness is appreciated. Remember, research has shown that the value of these citizen participation programs tends to wane over time without some periodic booster activities and part-time paid coordination to keep the program operating effectively and consistently.    1. Security surveys: Many police departments today have trained crime prevention officers who can provide security survey assistance to residents, enabling the citizen to better protect the family, home, and environment. Security professionals as well as some auditors are available. 2. Citizen patrols: The citizen patrol can be viewed as part of the long historical tradition of vigilantism in this country, with all of the ambivalence present in that term. At present, where their numbers are reported to be increasing in a number of suburban communities and cities across the country, citizen patrols are seen ideally as performing a relatively simple and narrowly defined role—to deter criminal activity by their presence. Their function should be that of a passive guard—to watch for criminal or suspicious activity and alert the police when they see it. Drawing on information that exists about current citizen groups, the advantages of patrols over other protective measures include that they: a. Are relatively inexpensive. b. Perform a surveillance function effectively. c. Take advantage of existing behavior patterns. d. Can improve an individual’s ability to deal with crime. e. Contribute to other desirable social goals related to neighborhood cohesiveness and the provision of a desirable alternative to less acceptable activity.    In practice, however, patrols exhibit serious shortcomings:    a. The typical patrol is formed in response to a serious incident or heightened level of fear about crime. The ensuing pattern is cyclic: increased membership, success in reducing criminal activity at least in a specific area, boredom, decreasing membership, dissolution. As a result, patrols tend to be short-lived.

34.  Top Ten Security Threats

b. The passive role of a patrol is difficult to maintain without at least a paid part-time coordinator. c. The police are reluctant to cooperate with a patrol and may even oppose it. d. The patrol may aggravate community tensions. The principal problems of patrols relate to their inability to sustain the narrow, anti-crime role they initially stress. They may be an effective temporary measure to deal with criminal contagion in a particular area. Over the longer term, however, the inherent risks may outweigh the continued benefits. The proliferation of patrols in recent years is evidence that they fill a need, but it should be recognized that patrols are no substitute for adequate police protection.    Residential security can best be obtained by getting the facts on what you can do to secure the home, analyzing these facts, and arriving at a decision and implementing security measures.

34. TOP TEN SECURITY THREATS Following is the list of the top 10 security threats to most communities (listed in no order of priority), followed by some questions that companies may use to assess their vulnerability to each threat.    1. Staff members and staffing agencies: How confident are we that we are hiring bona fide people; do we carry out pre-employment screening? Do our suppliers and agencies carry out screening too? Who has access to our facilities? 2. Loss of data or information, cyber threats: How much of a concern are data breaches? Are we confident that our data, including those held by third parties, are secure? Are our systems secure, and who has access to them? 3. Extremism and terrorism, active shooter incident: How concerned are we by terrorist or extremist threats? Are we complacent, or have we carried out a reasonable assessment of the threats? 4. Lack of contingency or business continuity planning: Have we put contingency plans in place? Have we considered business continuity scenarios and communicated the plans to our employees? 5. Physical security: How confident are we that our access controls and physical security measures are robust? Do they prevent social engineering and break-ins? 6. Theft and fraud: Are we confident that we have preventative measures in place and processes to deal with events that may arise? 7. Lack of security awareness: Are employees aware of security? Do they change passwords, lock doors, and report issues? 8. Storage and disposal of data and information: Are we confident that access to sensitive data is controlled? Is secure storage available and used? Do we destroy confidential waste in accordance with relevant standards, such as the BS8470: 2006 Secure Destruction of Confidential Materials guidelines?

57

58

150 Things You Should Know about Security

9. Lack of training or competency: Do our staff members know what to do? Have they been trained in emergency procedures? Do they protect information? 10. Regulatory compliance. Do we employ illegal workers? How do we investigate any infiltrations or allegations of non-compliance? Is a site compliant with required reporting and controls from Sarbanes-Oxley, Health Insurance Portability and Accountability Act, International Standards Organization, Underwriters Laboratories (UL), or other mandatory or voluntary standards?

35. THE AUDIT INTRODUCTION Compared with 20 years ago, audits have become more popular and more demanding. They have become a very useful way to have an independent pair of eyes and ears reviewing your operation. An actual audit review checklist, currently used by a very familiar Fortune 500 corporation, is provided in the following sections. If we may suggest, do not be afraid to work closely with your auditors. Tell them what you need and what areas are vulnerable for their report. Then you get things corrected and implemented.

EXTERIOR ACCESS CONTROLS Objective: To determine whether sufficient controls are in place at this facility to deter and detect unauthorized access to: 1. External utility areas 2. Parking facilities 3. Building entrances Approach: Review the latest version of the security manual related to exterior security. 1. Verify that facilities management has posted signs indicating property boundaries and entry restrictions. 2. Validate that critical utilities have been identified (generators, water systems, electrical stations, etc.), documented, and revalidated within the past 12 months. Determine if any required controls are implemented. 3. Verify that the minimum lighting requirements have been met and that no lights are burned out. 4. Verify that access from the parking structure is limited and secure. Determine if the area is well lit with concealment areas minimized using CPTED principles. 5. If it is a company-controlled site, determine if access to the parking structure is restricted to vehicles or drivers that are authorized and that there is an adequate number of handicap parking spaces. 6. If it is a company-controlled site, verify that there are physical deterrents (such as barriers or landscape techniques) that impede vehicular access to lobbies or other glassed areas of buildings where there is a concentration of people.

35.  The Audit

7. Verify that building access points below the third floor (grills, grates, manhole covers, utility tunnels, skylights, and roof vents, etc.) are secured to prevent entry into the building or damage to critical utilities, unless prohibited by local ordinances, codes, laws, or regulations. 8. Verify that there is a clear line-of-sight maintained around the perimeter of the building. 9. All renovation and construction of any site security control centers must be reviewed and approved by the director of corporate security.

INTERIOR ACCESS CONTROL Objective: To determine whether appropriate access controls are in place within the facilities. Approach: Review the latest version of the security manual related to building perimeters and interior security. Test for specific controls related to the various types of designated space. • Perimeter doors • Windows and exterior glass walls • Internal space • Restricted space • Internal shared space • Tenant-restricted space • Loading docks • Lobbies and sensitive areas 1. Verify that all perimeter doors designed as entrances are constructed of heavy-duty material and are alarmed or monitored. Verify that all emergency exit doors are constructed of heavy-duty material and are alarmed. Determine if the door jambs, hinges, and locks are designed to resist forced entry. 2. Validate that windows on the ground floor cannot be opened more than 10 in (25 cm). 3. Verify that all general use areas such as lobbies, elevators, and loading docks have a system to control access into interior space. 4. Validate that there are inconspicuous panic alarm devices in staffed lobbies that are monitored by security or another constantly staffed workstation. Validate that staffed loading docks are equipped with panic alarm devices that are monitored by security or another constantly staffed workstation. Verify that there is a documented response procedure and that the alarm devices are tested as required. In unstaffed lobbies and loading docks that are controlled by remote access doors, verify that there are monitoring devices to allow identification of an individual prior to allowing access to the building. 5. Validate that alarms (e.g., for doors, emergency exits, panic buttons, etc.) are tested to ensure that they are operational and that the results

59

60

150 Things You Should Know about Security

are documented within the required time frame. Determine if corrective actions were taken and any deficiencies were documented. 6. Determine if the interior space is isolated from the public space (such as lobbies and public restrooms) with slab-to-slab construction techniques. 7. Determine if the restricted space has a supervised control access system with an audit trail, and that the audit trail is reviewed by management every 90 days. If cipher locks with audit function are used, validate that the combinations are changed every 90–95 days (or when employees change assignments). 8. Validate that no unauthorized individuals have access to terminals and printers. Determine if the contracts with tenants prohibit such access. 9. In locations where banking facilities [such as automated teller machines (ATMs)] exist, validate that there is a process for third-party monitoring for response to robberies and burglaries. 10. When a company shares space with a non-company function, company employee offices and proprietary information must be secured when unattended. 11. Digital video surveillance recordings are saved for an appropriate period; refer to industry benchmarks for the appropriate recording retention length for your application (a 6-month period or longer; auditors want recorded data be available for at least 90 days). 12. Have emails from managers that give his or her approval for specific employees to enter his specific space been saved and has the approval been sought and given for specific employees to have access to a specific space?

36. MAIL SERVICES SECURITY Objective: To determine whether appropriate access controls are in place for the mail services area, and is the mail room in a separate part of the facility. Approach: Review the latest version of the security manual related to mail services security. 1. Validate that access to the mail room is restricted to authorized individuals only and a controlled access system is used. 2. Verify that doors and windows are equipped to protect against forced entry. 3. Verify that registered, certified, and confidential mail that is not delivered by the end of the workday is secured. This is not required if intrusion detection is installed that covers the entire mail room area. 4. Verify that mail rooms that are multi-purpose rooms (e.g., copier, fax), which serve as a mail delivery location or allow after-hours access, are equipped with lockable cabinets or lockable doors. 5. Verify that there are printed instructions regarding package identification posted in the mail rooms.

37.  Crime Analysis

6. Learn whether there have been any past incidents at this site, or in this particular industry, where harm or risk has come to the place through the mail operation (e.g., bomb, threatening packages), and determine whether an off-site collection and mail screening facility is recommended.

37. CRIME ANALYSIS Crime analysis information should provide the basis for developing crime prevention programs, strategies, and tactics. Yet crime analysis is generally overlooked during the program planning process in favor of traditional crime prevention activities. While traditional programs are of value, crime prevention programs should be designed to provide several of crime prevention services that meet specific and address specific community crime problems. Better results could be achieved by using crime analysis to focus crime prevention activities on clearly defined problems.

CRIME ANALYSIS: DEFINED Crime analysis is a systematic process of collecting data, collating them, analyzing them, and disseminating the information timely and usefully. Information describes crime patterns, trends, and information on possible suspects as well. The keywords here are collecting data, collating, analyzing, patterns, suspects, and timely. A systematic process of collecting (by way of spreadsheets or computer program) is needed. What do we collect? Information collected is based on crime reports, tactical data on the location, and information in all reports. Failure to do so, may skew the results. This in turn might provide the wrong tactical and flawed information and be of no use.

CRIME ANALYSIS DATA NEEDED • Time of day—day of the week—month of the year. • Detailed target description, i.e., corner lot, middle of the street, back office, and fourth file cabinet on the right—point of entry and exit—method of attack— tools used—degree of force—targets secured or lack of security. • Item or items taken, physical evidence if any, suspect, suspect vehicles, MO, and crime history of the area.

DATA COLLECTION The crime analysis process begins with the collection of a wide variety of information. The goal of data collection is to gather crime-specific elements that help to distinguish one criminal incident from another. Incident reports alone do not provide enough information for analysis purposes. For example, in many crimes against property an actual time or means of entry is

61

62

150 Things You Should Know about Security

not available from the actual report. Supplemental data sources such as the time the alarm was tripped, actual time of 911 call, and results from field interviews, all could be used to narrow the time frame within which a burglary may have occurred. A valuable point we would like to make based on our experience is visiting the scene of the crime. Why? Your instincts are invaluable and you may pick up on something that was not in a report. In addition to this follow-up, you may be able to pass on crime prevention information that will prevent an additional losses.

PREDICTIVE POLICING Predictive policing is just one tool in this new, technology-enhanced and data-fortified era of fighting and preventing crime. As the ability to collect, store, and analyze data becomes cheaper and easier, law enforcement agencies all over the world are adopting techniques that harness the potential of technology to provide more and better information. However, although these new tools have been welcomed by law enforcement agencies, they are raising concerns about privacy, surveillance, and how much power should be given over to computer algorithms.

CRIME PATTERN ANALYSIS Crime pattern analysis seeks to determine what crimes are likely to impact particular targets, the criminals likely to commit the crimes, how the crimes are likely to occur, and when they are likely to occur. The process of analysis typically includes the collection and processing of data related to:    1. Crime rate by opportunity 2. The varieties of attack methods, with emphasis on preferred methods 3. Preferred times of attacks by day, week, and month and other time variables such as holidays, seasons, special events, and specific location 4. Characteristics of suspects 5. General patterns of crimes 6. Targets preferred by criminals, losses by types, and values of losses

TIMES HAVE CHANGED41 The Los Angeles Police Department, like many urban police forces today, is both heavily armed and thoroughly computerized. The Real-Time Analysis and Critical Response Division in Downtown, LA, USA, is its central processor. Rows of crime analysts and technologists sit before a wall covered with video screens stretching more than 10 m wide. Multiple news broadcasts are playing simultaneously, and a real-time earthquake map is tracking the region’s seismic activity. Half-a-dozen security cameras are focused on the Hollywood sign, the city’s icon. In the center of 41 https://www.theguardian.com/cities/2014/jun/25/predicting-crime-lapd-los-angeles-police-data-

analysis-algorithm-minority-report website November 2016.

38.  Emergency Planning

this video menagerie is an oversized satellite map showing some of the most recent arrests made across the city—a couple of burglaries, a few assaults, a shooting.

38. EMERGENCY PLANNING Objective: To determine whether emergency plans have been established by senior location management that adequately address anticipated emergencies and catastrophes. Approach: Review the latest version of the security manual related to emergency planning. 1. Verify that the senior location management emergency plan contains procedures for immediate response to emergencies. 2. Validate that the emergency plan addresses various types of emergencies (i.e., natural or man-made disasters, threats or acts of violence against people or property, political/civil disturbances, and catastrophic events in close proximity to the site). 3. Validate that the security department, on behalf of the senior location manager, has reviewed the emergency plan within the past 6 months and updated the plan as needed. 4. Verify that a crisis management team (CMT) has been designated and the team has met as a group once per year to conduct an exercise and training. 5. Validate that emergencies are promptly reported to corporate security. 6. Validate that the emergency plan is filed and that the senior location executive certifies that the plan is up-to-date. 7. Verify that requirements for the CMT are met: members have equipment such as a mobile phone, emergency plan, and aerial or site photo, and a room for the CMT is designated meeting the necessary requirements (emergency power, capability to receive national news, two telephones, workstation connectivity).

EMERGENCY RESPONSE Reference: Company security manual. Objective: In the event of an emergency, it is essential that employees know what to do to avoid danger and secure their safety. Proactive involvement in security emergency planning and emergency response will enhance employee well-being programs. Approach: 1. Are emergency procedures developed for fire, first aid, pandemics, terrorist attacks, and any locally foreseeable disasters/emergencies? Does coordination exist between concerned parties, for example, local fire departments, law enforcement, security, location management, and so forth? Was consideration given to the timeliness of response from community response services?

63

64

150 Things You Should Know about Security

2. Were employees and site visitors made aware of emergency procedures? 3. Were emergency procedures developed and tested periodically to check effectiveness? Were practice evacuation fire drills conducted at least annually? 4. Did provisions exist for maintenance of adequate supplies and equipment? 5. Did a post-incident review process exist? 6. Did the designated emergency response organization have the appropriate training, the capability to respond in a timely manner, and the appropriate resources to handle emergencies? If emergency response teams (ERTs) are used, are all ERT members trained? Were emergency response equipment and vehicles maintained?

39. FIRE AND LIFE SAFETY FIRE PROCEDURES Know the company protocol if you observe a fire. Because toxic gases are more deadly than flames, report any unusual odors like gas or smoke. The following are a few fire prevention tips:    • Fire should be reported first then an attempt should be made to extinguish it • Always evacuate if you hear the fire alarm • Avoid panic • Never use elevators • Never open a “hot” door • Stay near the floor    You play a role in identifying hazards that may lead to fires. This might be reporting wires loosely hanging from a light or an overloaded circuit. Since most fires are electrical in nature, observing and reporting may help prevent a fire.

ADMINISTRATIVE AND PLANNING PHASE42 1. A  re copies of all locally enforced codes maintained on-site for reference? 2. Does the facility meet the requirements of the locally enforced building code? 3. Does the facility meet the requirements of the locally enforced fire prevention code? 4. Does the facility meet the requirements of the locally enforced life safety code? 5. Does the facility have a written and appropriately distributed fire prevention and response plan? Is this plan known to all employees? Is training provided to those with defined responsibilities? Is all training documented and securely filed? Is the plan reviewed annually, updated as required, and redistributed? 42 MA

Stroberger. Appendix 3.B Physical Security Survey. Handbook of loss prevention and crime prevention. 6th ed. 2012.

39.  Fire and Life Safety

6. D  oes the facility maintain a fire brigade? Is the fire brigade training documented and securely filed? Is the fire brigade training conducted in conjunction with the local fire department? Is the fire brigade composed of persons, or positions, that are present or represented at all times? 7. Are all inspection reports retained for a reasonable number of years, as defined by local codes, insurance requirements, or industry standards? Are inspection reports filed in a secure location? 8. Are all employees trained in basic fire prevention concepts and fire event response procedures? Is the content of this training consistent and reasonably inclusive? Is this training documented and securely filed? Is annual refresher training conducted? Is annual refresher training documented and securely filed?

GENERAL PHYSICAL INSPECTION PHASE 1. Are all fire exit routes clearly marked? Are all exit routes unobstructed at all times? Are all exit routes and egress hardware items in compliance with the Americans with Disabilities Act requirements? 2. Are all fire doors and egress hardware items in proper working order? 3. Are service areas secured against unauthorized entry when not in use? 4. Are all areas free of loose or disorganized combustible items (such as rags or empty boxes)? 5. Are all storage areas well organized to allow ease of access in emergency situations? 6. Are flammable or combustible items properly stored to protect against accidental ignition? 7. Are flammable or combustible items properly stored to protect against unauthorized usage or tampering? 8. Are all fire lanes clearly marked? Are fire lanes maintained in an unobstructed condition at all times? 9. Are master keys available at all times for fire department use? 10. Are all electrical panels accessible at all times? Are all panels clearly marked to facilitate emergency power disconnection? 11. Are gas line shutoff valves accessible at all times? 12. Are all gas-operated pieces of equipment inspected for wear and damage with reasonable frequency? Are inspections documented and filed in a secure location? 13. Are all heat-generating devices (such as boilers, furnaces, and dryers) provided with a reasonable clear zone, based on levels of heat output, where storage of any kind is prohibited? 14. Are all ducts inspected regularly and cleaned as required? 15. Is the use of extension cords discouraged in all areas? 16. Are all electrical cords and electrically operated items inspected for wear or damage with reasonable frequency? Are such inspections documented? 17. Are designated smoking areas clearly defined and at a proper minimum safe distance from any common or identified ignition threats? Are appropriate ash and cigarette receptacles available for use in these areas?

65

66

150 Things You Should Know about Security

1. 2.

3.

4. 5. 6.

Objective: To determine if the location had implemented an effective process to detect, annunciate, and suppress fires to ensure life safety, and to comply with insurance company and regulatory requirements. Approach: Review the fire/life safety program and related documentation. Building design: Do all new buildings and modifications to existing buildings meet local/national codes and the requirements of NFPA 101 or equivalent standard? Maintenance: Are fire alarm systems, emergency lighting, fire dampers, automatic door closers, sprinkler and fire suppressant systems, fire extinguishers, and other similar safety features subject to inspection and maintenance as specified in local/national codes and insurance schedules? Contingency measures: Where there is a necessity to temporarily disable any building feature designed to protect users, the risks should be assessed, and, where necessary, contingency measures introduced. Were there controls established to prevent unauthorized impairment of essential fire safety equipment? Life safety and fire prevention: Was there a fire prevention program implemented to address work practices that minimize the likelihood and consequences of fire? Testing the effectiveness of arrangements: Were buildings subjected to a required periodic practice fire evacuation to assess the effectiveness of arrangements, familiarize occupants with requirements, and identify improvements? Fire prevention: Are fire wardens in place and are fire evacuation drills conducted annually?

40. EXTERIOR PHYSICAL CHARACTERISTICS: PERIMETER GROUNDS43 1. Is the fence strong and in good repair? 2. Is the fence height (a minimum of 8 ft excluding a 1 ft top guard of three strands of barbed wire) designed so that an intruder cannot climb over it? 3. Is the design of the fence from the building such that an intruder cannot climb over it? 4. Are boxes or other materials placed at a safe distance from the fence? 5. Are there weeds or trash adjoining the building that should be removed? 6. Are stock, crates, or merchandise allowed to be piled near the building? 7. Is there a clear area on both sides of the fence? 8. Are unsecured overpasses or subterranean passageways near the fence? 9. Are the fence gates solid and in good condition? 10. Are the fence gates properly locked? 11. Are the fence gate hinges secure and non-removable? 12. What types of locks and chains are used to secure the gates? 43 Ibid.

41.  Exterior Windows

13. 14. 15. 16. 17. 18. 19. 20. 21. 22.

 ave unnecessary gates been eliminated? H Do you regularly check those gates that are locked? Are blind alleys near buildings protected? Are fire escapes and exits designed for quick exit but difficult entry? Is the perimeter reinforced by protective lighting? Has shrubbery near windows, doors, gates, garages, and access roads been kept to a minimum? What are the physical boundaries of the residence’s grounds? Does lighting illuminate all roads? Is there a procedure to identify vendors, subcontractors, and visitors before entrance to the gate? Is proper signage in place?

41. EXTERIOR WINDOWS 1. Are non-essential windows bricked up or protected with steel mesh or iron bars? 2. Are all windows within 14 ft of the ground equipped with protective coverings? 3. Are the bars or screens mounted securely? 4. Do those windows with locks have locks designed and located so they cannot be reached or opened by breaking the glass? 5. Are small or expensive items left in windows overnight? 6. Is security glass used in any of these windows? 7. Are windows located under loading docks or similar structures protected? 8. Can windows be removed without breaking them? 9. Do all vents and similar openings have a gross area of 1 ft2 or more secured with protective coverings? 10. Are windows connected to an alarm system adequately protected? 11. Are windows not secured by bars or alarms kept locked or otherwise protected? 12. Have windows (doors) been reinforced with LEXAN? 13. Are all windows properly equipped with locks, reinforced glass, or decorative protective bars or sturdy shutters? 14. Are unused windows permanently closed?

OTHER OPENINGS 1. Do you have a lock on manholes that give direct access to your building or to a door that a burglar could easily open? 2. Have you permanently closed manholes or similar openings that are no longer used? 3. Are your sidewalk doors or grates locked properly and secured?

67

68

150 Things You Should Know about Security

4. Are your sidewalk doors or grates securely in place so that the entire frame cannot be pried open? 5. Are your accessible skylights protected with bars and/or an intrusion alarm? 6. Did you eliminate unused skylights, which are an invitation to burglary? 7. Are exposed roof hatches properly secured? 8. Are fan openings or ventilator shafts protected? 9. Does a service tunnel or sewer connect to the building? 10. Do fire escapes comply with city and state fire regulations? 11. Are your fire exits or escapes designed so that a person can leave easily but would have difficulty entering? 12. Do fire exit doors have a portable alarm mounted, to communicate if the door is opened, or is it hooked up to the intrusion alarm? 13. Can entrance be gained from an adjoining building?

42. SECURITY OFFICERS CHECKLIST44 1. Have you determined whether or not you have limited security requirements? 2. If you have determined that your security needs are complex, have you talked about your needs to a select group of trustworthy agencies? 3. If your security needs are simple, are you aware that it is time consuming and a waste of productivity to obtain a wide variety of competitive bids? 4. Have you checked with a local law enforcement official for recommendations? 5. Have you checked with colleagues who use security services for recommendations? 6. If you are analyzing a security agency, have you requested information on the amount, type, and stipulations of their insurance coverage? 7. Have you requested information on the security agency’s clients, the names of current customers, and the length of time the account has been with the agency? 8. Have you requested information on the agency’s financial status? 9. Is the agency willing to reveal security officer training techniques? 10. Does the agency have security officer incentive programs? 11. Does the agency have a career program for its security officers? 12. Do the guards meet educational and criminal background checks? 13. Has the agency a set of standards to which security officers are held? What are they? 14. Have you reviewed the credentials of the senior executives of the guard service company? 15. Will your account have a representative assigned who is from the highest level of management?

44 Ibid.

43.  Safes

16. W  ill the agency you select have the capabilities to offer other services, such as investigations, disaster planning, executive protection, employee screening, and polygraph testing? 17. Have you determined if the agency you are selecting has a union affiliation? Which one? 18. Will there be a union conflict if your employees go on strike? 19. Have you visited the agency’s local office? 20. Have you discussed prior clients and why they no longer are clients? 21. Have you visited current accounts and talked to management? 22. In the contractual arrangement with the guard company, have you avoided too much control over their employees? 23. Have you double-checked the insurance liability of the agency? 24. Does the contract with the guard company assure that it is an independent contractor, relieving your firm of joint employer liability? 25. Have you reviewed the contract’s provisions for replacing unsatisfactory guards and terminating the contract? 26. Does the contract guarantee costs? 27. Does the contract contain penalties for non-performance or poor performance? 28. Is there an agreement by the guard company to refrain from doing business with a competitive company? 29. Have you assigned a senior person to monitor security services to determine that standards are being met and the agency’s contractual obligations are being fulfilled? 30. If your plant is paying for guard services, have you discussed wages and job-related expenses, such as travel, holidays, and supervisors? 31. Have you discussed any special training required to accomplish the assignment, such as firearms, cardiopulmonary resuscitation (CPR), fire safety, and first aid? 32. If your situation requires a formal presentation and contract, have the documents been reviewed by your legal counsel and insurance company? 33. Have you reviewed provisions for contract terminations?

43. SAFES45 1. What methods are used to protect the safe combination? 2. Are combinations changed or rotated immediately on resignation, discharge, or suspension of an employee having possession of the combination? If not, why not? 3. Is your safe approved by UL? 4. Is your safe designed for burglary as well as fire protection? 5. Where is (are) the safe(s) located? 6. Is it well lit at night? 45 Ibid.

69

70

150 Things You Should Know about Security

7. Can it be seen from outside? 8. Do you keep money in your safe? 9. Do you keep cash at a minimum by banking regularly? 10. Do you use care in working the combination so that it is not observed? 11. Do you spin the dial rather than leaving it on “day lock”? 12. Do you have a policy of making certain that the safe is properly secured and the room, door(s), and windows are locked; night-light(s) is on; and no one is hidden inside? 13. Is your safe secured to the floor or wall? 14. Are combinations changed at least every 6 months? If not, when was the last time? 15. Do you have a protective theft alarm? If yes, is it local or central? 16. When was the system tested last?

44. METAL THEFT Metal theft has gotten more prevalent because of the increasing financial reward. When metal is stolen, the scrap prices make it profitable. Items such as heating, ventilation and air conditioning (HVAC) systems, copper drains, metal on roof tops, almost anything the thieves can get their hands on. From the ground looking up, when a theft is in progress, one would think the building is undergoing repairs. Damage caused by metal thieves may cost the building owner thousands of dollars to repair. Every state in the country has laws against metal theft, Many states have put together a Metal Theft Unit to deal with this problem— the Virginia Police Department was the first to establish such a unit, and their website and the reports of such crimes is the best thing the community can do. Visit: www.stopmetalstheft.org for additional information. Examples of metal theft are as follows:    Sheets of zinc (20,000 kilos), Châteauguay, QC, USA; copper fittings, Forest City, IA, USA; buss bars, copper lugs, #6 wire, and 40’ #2 tinned copper wire, Indianapolis, IN, USA. Turbochef Professional Ovens, Lititz, PA, USA; specialty aluminum brackets, batteries, brass yard lights and bond wire, California.

45. MASTER PLANNING: PHYSICAL SYSTEMS In a recent assessment, the company wanted a master plan for their property. Since we had developed a set of best practices, we modified them to fit their identified vulnerabilities, their specific site, and their industry. This became the framework for a master plan. In 2015, at the Annual ASIS Seminar and Exhibits, session #2107, we discussed the phrase, master plan, and in the session, stated: A Master Plan for Security should dovetail with the corporation’s master plan and mission statement. Master planning is a catalyst for defining a vision for security that touches all aspects of service delivery

46.  Parking Lot Safety Issues

including technology, emergency management, IT integration, command and control, and communication with stakeholders and employees. The plan should identify specific areas in which security can be repositioned as a core business function. The phrase “master plan” is more than just an expression. However, it also applies to your physical security systems.    1. Intrusion alarms a. What is it you intend to alarm and protect? b. Who will monitor the system? c. What components do you intend to use? d. How will this alarm fit in your overall plan? 2. Access control a. Is it a need or a requirement? b. Will it be a stand-alone or part of a bigger package? c. Consider the overall design, the mixture of biometrics? d. Badge control must be a part of your plan. 3. Security surveillance systems a. Consider the very latest in technology and equipment because in 5 years it is no longer state of the art. b. Consider the monitoring and response as well as how it will be administered. c. HD, 10,080-pixel, multi-screen, digital recording, interior, pan and tilt—consider how and what this system is to achieve. 4. Control room a. Consider the layout of the room. b. Do not put the control room in a closet. c. Define the space and define the usage.

46. PARKING LOT SAFETY ISSUES PUBLIC PARKING LOTS These areas can be potentially dangerous during nighttime hours as they afford cover for criminals who understand the vulnerability of car owners. For this reason, it is important to park as near as possible to the parking lot attendant’s office if one exists. If there is no attendant on duty, it is critical that you survey the parking lot area as much as possible upon entry using your headlights. If you observe any suspicious activities or persons in the area, exit the lot immediately. Upon returning to your vehicle, it is important that you have your keys in your hand versus looking for them in your pockets, jackets, or purses. Such fumbling for keys, no matter how short in time, leaves you unnecessarily vulnerable to be attacked. Finally, and if your vehicle is equipped with an alarm system, do not deactivate it until you are within a few feet of it. The noise (and blinking lights) that are triggered by car alarm system being deactivated can alert criminals to the fact that a potential victim is in the immediate vicinity. Wait until the last minute to deactivate the alarm, get into the vehicle and exit the area immediately.

71

72

150 Things You Should Know about Security

PARKING LOT SECURITY • Always look in and around your car before getting in. • Park in well-lighted areas with good visibility. • Never leave your car running or unlocked. • Never leave valuables visible in the car, put them in the trunk, if necessary. • Avoid leaving mail, checkbooks or your day timer in the car, which would tell your gender, marital status, and address. • Avoid bumper stickers that reveal personal information. • Trust your instincts. If you feel uncomfortable for any reason, leave or ask a manager, security, or another person to walk with you. • Have your keys in your hand when walking to your car • Find the panic button on your car’s remote device and learn to use it. • No property is worth risking your life for, so if a thief approaches, cooperate to avoid injury. • Report any and all burnt out lights, intercoms, and emergency phones.

47. PHYSICAL SECURITY IS NEEDED TO PREVENT WORKPLACE VIOLENCE IN THE HEALTH CARE ENVIRONMENT RISK FACTORS Identifying and Assessing Workplace Violence Hazards Health Care and social service workers face an increased risk of work-related assaults resulting primarily from violent behavior of their patients, clients, and/or residents. While no specific diagnosis or type of patient predicts future violence, epidemiological studies consistently demonstrate that inpatient and acute psychiatric services, geriatric long-term care settings, high-volume urban emergency departments, and residential and day social services present the highest risks. Pain, devastating prognoses, unfamiliar surroundings, mind- and mood-altering medications and drugs, and disease progression can also cause agitation and violent behaviors. Although the individual risk factors will vary, depending on the type and location of a health care or social service setting, as well as the type of organization, some of the risk factors include:

Patient, Client, and Setting-Related Risk Factors • Working directly with people who have a history of violence, abuse drugs or alcohol, gang members, and relatives of patients or clients; • Transporting patients and clients; • Working alone in a facility or in patients’ homes; • Poor environmental design of the workplace that may block employees’ vision or interfere with their escape from a violent incident; • Poorly lit corridors, rooms, parking lots and other areas;

47.  Physical Security Is Needed to Prevent Workplace Violence

• Lack of means of emergency communication; • Prevalence of firearms, knives, and other weapons among patients and their families and friends; • Working in neighborhoods with high crime rates.

Organizational Risk Factors • Lack of facility policies and staff training for recognizing and managing escalating hostile and assaultive behaviors from patients, clients, visitors, or staff; • Working when understaffed—especially during mealtimes and visiting hours; • High worker turnover; • Inadequate security and mental health personnel on site.46

POSSIBLE ENGINEERING CONTROLS FOR DIFFERENT HEALTHCARE AND SOCIAL SERVICE SETTINGS Hospital Residential Treatment, Non-Residential Treatment/Services, Community Care Field Workers (Home Healthcare and Social Service) and security/silenced alarm systems    • Panic buttons or paging system at workstations or personal alarm devices worn by employees • Paging system × GPS tracking • Cell phones • Security/silent alarm systems should be regularly maintained and managers and staff should fully understand the range and limitations of the system

EXIT ROUTES • Where possible, rooms should have two exits • Provide employee “safe room” for emergencies • Arrange furniture so that workers have a clear exit route • Where possible, counseling rooms should have two exits. Arrange furniture so that workers have a clear exit route. Managers and workers should assess homes for exit routes. • Workers should be familiar with a site and identify the different exit routes available.

METAL DETECTORS: HANDHELD AND/OR INSTALLED • Employers and workers will have to determine the appropriate balance of creating the suitable atmosphere for services being provided and the types of barriers put in place

46 CDC/NIOSH. Violence.

Occupational hazards in Hospitals, 2002.

73

74

150 Things You Should Know about Security

• Metal detectors should be regularly maintained and assessed for effectiveness in reducing the weapons brought into a facility. • Staff should be appropriately assigned and trained to use the equipment and remove weapons.

MONITORING SYSTEMS AND NATURAL SURVEILLANCE • Closed-circuit video—inside and outside; curved mirrors; proper placement of nurses’ stations to allow visual scanning of areas • Glass panels in doors/walls for better monitoring • Video surveillance system—inside and outside • Curved mirrors for better monitoring • Staff should know if video monitoring is in use or not and whether someone is always monitoring the video or not.47    Employers and workers should determine the most effective method for ensuring the safety of workers without negatively impacting working conditions:    • Hospital Residential Treatment, Non-Residential Treatment/Services, Community Care Field Workers (Home Healthcare and Social Service), protection policies and procedures, • Enclosed receptionist desk with bullet-resistant glass, • Deep counters at nurses’ stations, • Lock doors to staff counseling and treatment rooms, • Provide lockable (or keyless door systems) and secure bathrooms for staff members (with locks on the inside) — separated from patient/client and visitor facilities, • Lock all unused doors to limit access, in accord with local fire codes.

48. SECURITY ASSESSMENT FOLLOW-UP The follow-up to your security assessment takes many forms, from actually sitting down with the recipient to going by the site and seeing if any changes have actually taken place. Some police departments produce five to seven surveys a day. They do not evaluate their performance because of the time and personnel involved. Because of this, they fail to examine their own effectiveness. The reason for the follow-up is to encourage increased compliance and ensure that recommendations are understood. Without this step, you will not know if the recipient has taken any action. 47 Workplace

violence prevention program checklist. California: Department of Human Resources. www.calhr.ca.gov/Documents/model-workplace-violence-and-bullyingprevention-program.pdf.

48.  Security Assessment Follow-Up

The basic security survey framework consists of five steps:    1. Generating the survey request 2. Conducting the physical inspection 3. Delivering survey recommendations 4. Following up after the report is completed 5. Evaluating the program    For every crime committed, there is a crime prevention or loss reduction defense or procedure that, if followed, could delay or prevent a criminal from committing that act. Physical security involves implementing those measures that could delay or deny the risks, threats, vulnerabilities, and crimes determined during the survey, and these may include but are not necessarily limited to unauthorized entry, larceny, fraud, sabotage, fire, and vandalism. This section on security surveys is geared to assist both private security and public law enforcement to harden a target and assist the community to further reduce losses. To further assist your security survey, several checklists are included at the end of this section.

RESIDENTIAL SECURITY A large percentage of home burglars enter through a door or window. In most cases the front, rear, bulkhead, or garage door is unlocked. Front and rear doors often have inadequate locks or are built in such a way that breaking the glass to the side of the door or on the door itself allows the burglar to simply reach inside and unlock the door. Windows on the first-floor level are the crook’s next choice for entry. Basement windows are the least desirable because they may require the burglar to get dirty and, like executives, this person is concerned about appearance. However, a basement is a good location for individuals to hide, thus it becomes much more attractive.

SECURITY ASPECTS Depending on the type of facility you are surveying, the following should be reviewed:    1. Communications networks, utility closets, IP data networks, walkie-talkies or cell phones with walkie-talkie features, and locations of interior and exterior phones 2. Guard force and security personnel and their training, police powers, uniforms, use of badges, and methods of operation (typically called standard operating procedures and post orders)    Your objectives are to identify vulnerabilities, evaluate the site, and provide critical assessment. Methodology and style are purely those of the surveyor, but do not forget that they also represent a document from you and your department.

75

76

150 Things You Should Know about Security

49. SEVEN THINGS YOU SHOULD KNOW ABOUT PHYSICAL SECURITY INFORMATION MANAGEMENT 48 1. P  hysical security information management (PSIM) is created by middleware developers and is designed to integrate multiple unconnected security applications and devices and control them through one comprehensive user interface. 2. Basically, it is used effectively when you tie in several smaller locations into the main unit. It collects and correlates events from existing disparate security devices and information systems (video, access control, sensors, analytics, networks, building systems, etc.) to empower personnel to identify and proactively resolve situations. 3. Locations are generally scattered across several states (or even internationally) and linked together. 4. It provides consolidation; PSIM integration enables numerous organizational benefits, including increased control, improved situation awareness, and management reporting. Ultimately, these solutions allow organizations to reduce costs through improved efficiency and to improve security through increased intelligence. 5. Your large critical infrastructure is ideal for your server system design. 6. PSIM software tells your security managers just about everything you need to know, even which door is ajar or which door has been opened. Many of the alarms and alerts that come into the security environment are not really threats. These need to be prioritized according to risk, such as time of the day, location of personnel, and a whole range of other critical factors. “Dynamic alarm management” is required to find the “hot” ones, which indicate that some action may need to be taken. Connected systems and automation of processes such as “dynamic alarm management” and service level agreements will help to ensure that alarms/alerts are followed up quickly and in a relevant manner. 7. PSIM software must be scalable and must provide the capability for expansion and adaptation to change.

50. THE TEN BASIC KNOWLEDGE AREAS FOR CRIME PREVENTION, IN THE 21ST CENTURY DESCRIPTION OF PROGRAM 1. CPTED—principles and newly designed concepts. 2. Crime risk management and crime displacement theory 3. Physical security devices, deterrents, and concepts 4. Neighborhood watch concepts and community involvement 5. Situational crime prevention principles and concepts 6. Target hardening versus soft targets 48 [email protected];

March 2016.

51.  Ever Need a New Year’s Resolution?

7. Dissemination of proactive information to your community 8. Safety awareness programs 9. Development of specific programming 10. Formulation of critical partnerships

51. EVER NEED A NEW YEAR’S RESOLUTION? HOW ABOUT CHANGING YOUR PASSWORDS? Everyone online is potentially at risk for cybercrime. In fact, you are probably more likely to have your email account hacked than your home broken into.49 Online crime is a serious threat in our Internet-connected culture. There are approximately 1.5 million cyber attacks annually, and online crime is a real threat to anyone who uses the Internet. This means that there are over 4000 cyber attacks every day, 170 attacks every hour, or nearly three attacks every minute50! With all these online attacks, why do people continue to use the 25 worst passwords listed below?51    1. 123456 2. Password 3. 12345678 4. Qwerty 5. 12345 6. 123456789 7. Football 8. 1234 9. 1234567 10. Baseball 11. Welcome 12. 1234567890 13. abc123 14. 111111 15. 1qaz2wsx 16. Dragon 17. Master 18. Monkey 19. Letmein 49 These

cybercrime statistics will make you think twice about your password: where’s the CSI cyber team when you need them? Retrieved from: http://www.cbs.com/shows/csi-cyber/news/1003888/ these-cybercrime-statistics-will-make-you-think-twice-about-your-password-where-s-the-csi-cyberteam-when-you-need-them-/. 50 Ibid. 51 These are the worst passwords that you still keep using. Retrieved from: http://fortune.com/2016/ 01/20/passwords-worst-123456/.

77

78

150 Things You Should Know about Security

20. Login 21. Princess 22. Qwertyuiop 23. Solo 24. passw0rd 25. starwars    If you are using one of the passwords on this list, take the time to change it right now! According to traditional advice, a strong password52    • Has 12 characters, minimum: You need to choose a password that is long enough. There is no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12–14 characters in length. A longer password would be even better. • Includes numbers, symbols, capital letters, and lower-case letters: Use a mix of different types of characters to make the password harder to crack. • It is not a dictionary word or a combination of dictionary words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they are obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad. • Does not rely on obvious substitutions: Do not use common substitutions, either—for example, “H0use” is not strong just because you have replaced an o with a 0. That is just obvious.    In addition to the aforementioned traditional advice, you can also create a passphrase, which is a password that involves multiple random words. The randomness of the word choice and the length of the passphrase makes it strong. For example, “cat in the hat” would not be a good combination because it is such a common phrase and the words make sense together. A passphrase like “correct horse battery staple” or “seashell glaring molasses invisible” is random. The words do not make sense together and are not in grammatically correct order.53 It is difficult to remember all of your passwords without duplicating any. Consider using a password manager, and the only password that you will have to remember is your strong master password. Should you be worried about the cyber attacks on businesses and government agencies? The answer is, “yes!”These big organizations have information on all of us! IBM estimates that businesses are attacked an average of 16,856 times a year. That is, every business has to deal with 46 attacks every day—or nearly 2 attacks an hour. The majority of these attacks do not actually get past an organization’s defenses, but an average of 1.7 per week are successful.54 52 How

to create a strong password (and remember it). Retrieved from: http://www.howtogeek.com/ 195430/how-to-create-a-strong-password-and-remember-it/. 53 Ibid. 54 Ibid.

53.  Bullying and Liability for Schools

Why is cybercrime so prevalent, and so hard to fight? Laws on cybercrimes vary throughout the world, and the overwhelming majority of cybercrimes cross national borders. This can make solving cybercrimes a problem, which has to be investigated through international collaboration and can make it difficult for law enforcement to locate and prosecute cyber criminals.55

52. SPEED BUMPS Flashing crosswalk signs/lights are used primarily on roadways where visibility is an issue or if a driver is not familiar that pedestrians may be in a crosswalk. “Speed bumps” should be in place on each side of a crosswalk to adequately warn drivers that they should slow down and be alert for pedestrians. Flashing yellow signs/lights advise drivers to slow down and prepare to stop for possible crosswalk users even if they cannot see ahead or if they are unfamiliar with where the crosswalk is located. Vehicles are always required to yield to pedestrians in a crosswalk whether there are flashing lights/signs or not. Flashing lights/signs are intended to provide an additional warning to drivers that a pedestrian may be present in the roadway. Studies have shown that these flashing crosswalk lights/signs increase the compliance of vehicles yielding to pedestrians and enable pedestrians to cross more quickly.

53. BULLYING AND LIABILITY FOR SCHOOLS In January 2014, the new definition for bullying was developed: “Bullying is any unwanted aggressive behavior(s) by another youth or group of youths who are not siblings or current dating partners that involved an observed or perceived power imbalance and is repeated multiple times or is highly likely to be repeated. Bullying may inflict harm or distress on the targeted youth including physical, psychological, social or educational harm.”56 It is upsetting just writing about this topic because of the cruelty and harassment suffered by the victims. The injustice to the victims just does not seem to stop. Entire books are written on this topic, but we will address it just briefly. It is easy to say that zero-tolerance programs must include bullying, but for parents who are trying to stop the injustices their child is experiencing, this can be very difficult. It’s time to stop the bullying and for schools to take control of this issue. Who is doing the bullying? Teenage boys and girls, teachers, bus drivers, coaches, and school staff are the perpetrators. 55 Ibid. 56 U.S.

Dept. of Education and Health Resources and Services Administration partnered with bullying experts to develop a uniform definition of bullying. 2014.

79

80

150 Things You Should Know about Security

The effects of bullying on a victim can be devastating. Suicide, crying, depression, weight loss, bedwetting, stress, drug and alcohol abuse, headaches, stomach aches, frequent absences from school because the victim feels ill, stuttering, etc., are just some of the negative side effects a victim of bullying may experience.

LIABILITY The first thing that will be asked is did the school have a duty to take action and to protect the student. If we assume that after notice was given to you, you did nothing, then you failed in your duty to take corrective action. You failed to provide a reasonable degree of case as it pertained to the incident. Likability in the early stages is not complicated. We are seeing numerous times people say the following:    1. Conduct a threat assessment. 2. Train the teachers and staff. 3. Train the bus drivers. 4. Establish policies and procedures. 5. Best practices. 6. Document each and every case.    Now let us assume your school has taken none of the above steps. Assume you had a student who committed suicide; her mother had told you six times she was being bullied, and she hangs herself in the bathroom. Now you ask the questions:    1. Did you have a duty to protect this child after notice? 2. Did you provide a reasonable degree of care? 3. Was your failure to do so the proximate cause of her death?

Fast Facts57 • In an Office of Juvenile Justice and Delinquency Prevention (OJJDP) survey, 13.2% of participants reported having been physically bullied during the previous year. • In the United States, 13% of 6th- through 10th-grade students bully and 6% are both victims and bullies. • In a survey of American middle- and high-school students, 66% of bullying victims believed school professionals responded poorly to bullying problems. • Bullying takes place more often at school than on the way to and from school. • Male bullying declines after the age of 15, and female bullying, after the age of 14. • Of student victims, 25% were bullied about their race or religion.    57 Children’s

Exposure to Violence: A Comprehensive National Survey, OJJDP Bulletin, Bullying in Schools, COPS Problem-Oriented Guides for Police Series, No. 12.

54.  School Bus Driver Drunk in Crash

Finally, bullying just goes by different names at college, in the workplace, on social media, in politics; we have even heard on sports radio one announcer bully a co-worker. ‘Bullying’ does not include ordinary teasing, horseplay, argument, or peer conflict. Code of Virginia § 22.1–276.01.

54. POLICE MASSACHUSETTS SCHOOL BUS DRIVER DRUNK IN CRASH DUDLEY, Mass. (AP) — A Massachusetts school bus driver charged with being drunk when he crashed his bus carrying 11 high school and middle school students into a utility pole has pleaded not guilty. By the Associated Press | February 15, 2016 | 9:45 a.m. EST.

The driver of the Dudley bus was released on personal recognizance with GPS monitoring at his arraignment Friday. He refused to talk to reporters outside of court. Authorities responded to the crash at around 3 p.m. on Thursday in Dudley. First responders found the bus with wires from a utility pole spread across its roof. Police say he struck the pole at low speed while backing up. No injuries were reported, but the crash caused power outages. He was charged with driving under the influence of alcohol. A spokesman for the bus company says the 42-year-old driver has been suspended (Photo 14).

ANOTHER INSTANCE This is not a problem only in the United States. On Wednesday, two children aged 12 and 15 were killed when their bus veered off a road in snowy weather near the Swiss border in eastern France. This bus was taking 32 children to the village school in Montbenoit when it “left the road,” the police said. Read more at:http:// metro.co.uk/2016/02/11/six-children-dead-after-french-school-bus-crash5675275/#ixzz40eHkXzn2.

CONCLUSION We used this information in our book to call to your attention the very serious problems with school bus drivers. The ASIS School Safety and Security Council recently wrote a white paper on this topic. See the ASIS International website www.asisonline.org.

81

82

150 Things You Should Know about Security

PHOTO 14 Photo shows emergency services at the scene. Photo credit: AFP/Getty Images.

55. SECURITY OFFICER RESPONSIBILITIES • Screening employees and visitors in reception areas • Controlling the movement of personnel and vehicles in and out of the facility and controlling the movement of company property • Patrolling the company property on foot, in a vehicle, or by video and gathering and reporting information • Monitoring video surveillance and life safety systems • Responding to security incidents • Documenting incidents • Escorting visitors • Assisting with parking issues • Utilizing various security measures (doors, locks, alarms, security surveillance system, lighting, etc.)    Security officer post orders should be kept current, outline the job duties and responsibilities, and outline potential scenarios. Security officers must have the complete support of management to enforce company security policies.

RECOMMENDED QUALIFICATIONS OF A SECURITY OFFICER • Character • Attitude

55.  Security Officer Responsibilities

• Appearance • Professional behavior • Physically fit    To improve security officer operations:    • Security officers should vary the route and routine of the established tours and conduct unscheduled visits to high-risk or problem areas. • To ensure confidentiality of information relayed via radio, security officers and management should be issued ear pieces for handheld radios. • While on patrol of the complex, security officers should be observant for anything on the property needing attention or maintenance. • It should be a priority that post orders be updated and security officers be trained in their job responsibilities and provided with adequate resources to perform their jobs. • It is important that security officers know the basics of day-to-day operations as well as what to do in an emergency situation. At a minimum, security officers should be trained and tested on the following topics: • Ethics and professionalism • Security policies and procedures • Investigation • Observation techniques • Challenging techniques • Crowd control • Blood-borne pathogens, first aid, and CPR/automated external defibrillators (AEDs) • Relations with law enforcement • Legal authority • Human relations • Customer service • Public relations • Patrol procedures • Report writing • Ingress and egress control • Emergency medical assistance and first aid • Terrorism issues • Workplace violence • Active shooter • Use of force • Criminal and civil laws • Operation of security systems • General fire prevention and safety • Personal appearance • Basic security officer responsibilities • Communication policies and procedures

83

84

150 Things You Should Know about Security

• Bomb threat procedures • Responding to emergencies • Access control (people and vehicles)

TWENTY-ONE TIPS FOR CONTRACT SECURITY OFFICER SUCCESS58 There are good ways to handle your contract security officers and bad ways. We break it down here. For Chief Security Officers (CSOs) and other purchasers of security services, you first need to define needs and roles.

Do • Ask the security firm for its recommendations on how to best secure your assets, as opposed to having a preset idea of what you need in the way of security. • Determine if security personnel are going to be “observe and report” or if they are to engage in the event of an incident. Observe-and-report security requires less training, is less expensive, and most likely will result in less liability. • Be aware that security personnel who are to engage should be better trained and well paid. They also could pose higher risk (as they can use excessive force) or fail to prevent what they are hired to protect, etc.

Don’t • Assume you need an armed security officer. A knee-jerk reaction to many serious incidents over the past few years has been to hire armed security, when in reality the hiring of an armed security officer may increase the chance of something bad happening. Determine if armed personnel are appropriate for the exposure you have: government contracts, banks, protecting high-value property, etc., are more appropriate than fast food restaurants, schools, and large public gatherings etc. • Have the security personnel perform tasks outside of what has been contracted (shoveling snow, driving people, etc.). In the event of an accident during these operations, liability may fall upon your firm if the security firm does not have adequate insurance.

ENSURING QUALITY Do • Hire security personnel from the upper level of the candidate pool, such as former/ retired law enforcement personnel. They have undergone extensive training and screening, and they provide a very favorable impression to employees and visitors. • Make sure security personnel have situational training specific to the risks of your industry. 58 Tory

Brownyard. Security Magazine, January 7, 2015.

55.  Security Officer Responsibilities

• Have periodic meetings with the security personnel’s supervisors to point out any issues or concerns to make sure that the security personnel are meeting your requirements.

Don’t • Pay below industry average. In many instances the security officer at the front desk is the first impression a client gets of your firm and you want to make sure they look professional and provide a professional appearance. Prior to 9/11, security professionals were treated more as a commodity, and firms would want to pay as little as possible to get that security officer firm. Since then, however, it became more important to have a well-trained security professional with a professional appearance. • Try to save money by replacing security personnel with remote video monitoring without carefully analyzing what you are looking to protect and which solution will be most effective. Video monitoring alone is not always as effective a means of deterring crime as security officers. A hybrid approach of combining security personnel and video can serve as a more effective deterrent.

HOW TO ENSURE EFFECTIVE CONTRACTS Do • Have clear post orders in contracts that make clear who, what, and where you are protecting. A carefully worded contract does not hold you responsible for claims related to third parties or for incidents in locations that are not clearly stated in your post orders. • Make it clear you are only providing security services for your clients and their employees and are not responsible for their customers/delivery persons or anyone else who comes onto the client’s premises. Numerous court decisions have held private security firms liable for injuries to persons the security firms did not contemplate protecting. These claims occur at the client’s premises with injuries to contractors, deliverymen, customers, guests, and even the general public. • Review any ambiguous contract language with your local insurance broker and attorney to make sure you are not exposing yourself to liability for which you are not properly insured. Also, make sure your insurance has all necessary coverage and endorsements required by the contract (additional insureds, waiver of subrogation, etc.).

Don’t • Sign contract language that is too one-sided in favor of the client, thus leaving your security officer firm unprotected. For example, do not “indemnify” the client for accidents caused solely by the negligence of the client. This shifts all of the client’s financial responsibility to your security officer firm. An ideal contract should clearly state that the contracted firm will only be responsible if the negligence of one of its employees contributes to a claim.

85

86

150 Things You Should Know about Security

• Having officers perform duties other than security services, such as chauffeuring or handyman services, unless your contract specifically states they are to perform such duties. • Pick up liability that you are not insured for when adding a client as an “additional insured” on your insurance policy. Make sure you are only assuming liability for the operations you are providing for this client.

HIRING AND TRAINING Do • Have extensive hiring procedures for your security officers, including background checks, references, personal interviews, and a requirement for prior security industry experience. • Have at least 24 hours of training consisting of pre-assignment and on-the-job training, as well as continuing “in-service” training. • Provide education and training to help security professionals understand and prevent lawsuits. “Litigation awareness” should focus on several components, including acting with professionalism and communicating respectfully and effectively. This type of education should cover how litigation works, teaching security officers what happens in a courtroom and how their words and actions can be used to affect a case.

Don’t • Think one type of training fits all. There needs to be situational training specific to the risks involved in any given industry. Look at the position and ensure that you hire officers who are properly trained and equipped for the needs of the position. • Assume any security officer can be armed. Use former law enforcement professionals as armed security officers. They have been specially trained to react appropriately with a weapon.

56. EMERGENCY PLANNING AND DEVELOPMENT59 WHY EMERGENCY PLANNING? The Primary Goals • Protection of lives • Protection or property • Restoration of operations    59 Fagel

M, Ph.D. CEM permission obtained to reproduce, 2017.

56.  Emergency Planning and Development

Risk Assessment • Consider probabilities and severity of each type of disaster occurring. • Government and industry must share burden of protecting public.

Threat Scenarios • Most serious industrial hazards: • Fire • Explosion • Most common emergencies: • Fire • Bomb threat • Labor dispute

Stages of Emergency Planning • Anticipate emergency • Provide for responsive action • Return to normal operations

Planning Basics • Emergency plans should be in writing • Provide specific and precise actions • No new organizations created at the time of disaster! • Identify who can declare emergency • Identify the emergency coordinator • Ensure continuity of leadership • Basic plan has three essential elements: • Authority • Types of emergencies • Execution • Outline plant shutdown procedures (to be carried out by engineering) • Evacuation routes must remain consistent for all threats • Test plan annually—brief every employee! • Table-top exercise with public safety involvement

Advance Planning • Mutual aid association • Cooperative organization of industrial, business, and local government emergency services, united by a voluntary agreement to assist each other during an emergency. • Identified pooled community resources • Provides for standardized equipment and training • Requires substantial funding

87

88

150 Things You Should Know about Security

• Create an emergency command center: • Maps/procedure charts/call-up lists/mass notification procedures • Backup power and communications gear • Disaster response and medical gear • Identify public relations person to coordinate media • Backup sites—hot, warm, cold • Preserve vital records—bylaws, board minutes, stock transactions, financial data • The most practical way to discover deficiencies is to test plan annually • Make the plan direct in nature • Do not restrict the plan to senior management only • Plan activation is typically activated by the plant/facility manager or president/ CEO

TYPES OF EMERGENCIES: NATURAL AND MAN-MADE Natural Disasters • Tornadoes • Five classifications based on wind speeds (Fi-F5) of 200–400 mph—ground speeds of 30–70 mph • Width up to a mile—travel up to 30 miles • “Tornado watch”—tornado expected • “Tornado warning”—tornado sighted in area • Thunderstorms • “Severe”—heavy rain, hail and winds >50 mph • “Severe watch”—projected winds >75 mph • Floods • Floods • “Flash flood watch”—flooding is possible • “Flash flood warning”—flooding is about to occur • Sinkholes • Hurricanes (heavy rains/winds>74 mph) • Five categories based on wind speeds • “Watch”—expected within 36 hours • “Warning”—expected within 24 hours • Snowstorm • “Heavy snow warning”—4″/12 hours or 6″/24 hours • Severe blizzard warning”—>45 mph • Earthquakes • Unpredictable—can last as long as 5 minutes • If inside, stay there; seek cover under heavy furniture in the center of the building • “Tsunami” is a tidal wave caused by underwater earthquakes   

57.  Seven Basic Types of Protective Lighting

Man-Made Disasters • Plant fires and forest fires • Bomb threats • Labor unrest • Terrorism attacks • Sabotage • Chemical/radiological accidents • Transportation accidents • Public demonstrations and civil disturbances • Active shooter/active assailant

Man-Made Disasters: Fire • Causes are preventable • Carelessness • Ignorance • Most are electrical in origin • Most fatalities are a result of toxic gas inhalation, followed by death from smoke inhalation and high temperatures

57. SEVEN BASIC TYPES OF PROTECTIVE LIGHTING PROTECTIVE LIGHTING Lighting is the single most cost-effective deterrent to crime. An illuminated area acts as a psychological and physical deterrent, and it can reduce criminal opportunity. Research shows that there is a close relationship between crime/the fear of crime and illumination. Lighting is a powerful tool for crime prevention by enhancing safety and may possibly reduce potential liability. The seven basic types of security lighting are:    • Continuous: fixed and the most common type of lighting where lights are installed in a series to maintain uniform lighting during hours of darkness. These lights are frequently set on timers or are controlled by sensors. • Standby: turns on with alarm activation or when suspicious activity is suspected. • Moveable: manually operated search lights. • Emergency: can duplicate other lighting systems in the event of an emergency. Use is limited to times of power failure and other emergencies. Emergency lights usually depend on an alternative power source. • Controlled: used outside a perimeter to illuminate a limited space. • Area: used in open areas and parking lots. • Surface: used on the surface of structures and buildings.   

89

90

150 Things You Should Know about Security

SECURITY LIGHTING SOURCES • Streetlight: uses various sources of illumination. • Searchlight: uses a very narrow high-intensity beam of light to concentrate on a specific area. • Floodlight: projects a medium to wide beam on a larger area.

GOALS OF SECURITY LIGHTING • Objective illumination: will allow observation of the protected item. • Physical deterrence: uses a sufficient light level to cause psychological responses such as pain and temporary blindness. The light source can be continuous or event-responsive and 100,000 fc will cause temporary blindness for 2–3 minutes. • Glare projection: achieved by projecting light away from the protected property so that an approaching intruder cannot see onto the premises, but they are highly visible from the inside. • Psychological deterrence: results when lighting leaves potential intruders fearful that they will be detected, identified, and/or apprehended.

58. THINGS YOU NEED TO KNOW ABOUT SOFT TARGETS INTRODUCTION In civil litigation, expert witnesses testify whether or not the act was foreseeable or not. Has the area and/or the complex had prior crimes? In most cases the answer is “yes.” Therefore the owner or manager of the property is on notice. The same is with soft targets; is the area vulnerable or at risk? Some soft target locations are colleges and universities, schools K to 12, retail outlets and shopping malls, hospitals, hotels, motels, casinos, restaurants, sporting events, theaters, and concerts and churches.    1. Never say, “It can’t or will never happen here.” 2. The Sandy Hook School shooting was over in about 6 minutes and 26 people were killed. 3. Attacks against soft targets have powerful effects on the psyche of people. When Dylann Roof killed 9 people at the AME Church, SC, USA, in June 2015, the families forgave him. 4. We believe that individual shooters have planned and assessed how he or she will do it (the act) and how he or she plans to escape. In the aforementioned case of the shooting in the AME Church, the shooter was there for an hour supposedly praying before he opened fire on the congregation. Dylann Roof said when he was caught “I almost backed out because everyone was so nice at the Church.” 5. Soft target hardening 101—is it possible, to harden your target? It may be difficult because in some cases the perpetrators have been insiders or have had help from insiders.

58.  Things You Need to Know about Soft Targets

6. I n her book, Soft Target Hardening: Protecting People from Attack, Dr. Jennifer Hesterman states on page 240, “What is the cost of not protecting our people?” 7. Consider these six points as you develop your defense. a. The individual(s) will first select or identify a vulnerable soft target. b. The individual(s) will determine the method of attack. c. The individual(s) will conduct detailed surveillance of the target to measure security forces. d. The individual(s) will assess target vulnerability and select the site or move on to another. e. After site selection, a second round of surveillance will be conducted. f. Finally, the operation will be scheduled and the attack conducted. Do not encourage a terrorist or criminal attack by becoming a soft target. The most effective way to avoid indicating you are a soft target is to remain in a high level of situational awareness. The sad truth today is that walking down a street on the way to a ball game in a downtown setting may place you in the middle of a battleground in a split second. Your ability to recognize and perceive potential threats while going about routine activities while on or off duty will make the difference. Do not deny your gut feelings. As we all know, most good arrests on the streets come from a gut feeling or intuition and then most importantly, acting upon that feeling or suspicion. Situational awareness and the apparent readiness of that person will indicate whether or not they are a hard target or soft target.60 8. The CF Sector’s Six-Step NIPP Risk Management framework provides for the following Homeland Security Guidance; we have included this because this is a good place to start to protect our assets.61 a. Set goals and objectives: The CFSSA uses sector goals that define specific outcomes, conditions, endpoints, or performance targets as guiding principles to collectively constitute an effective risk management posture. b. Identify assets, systems, and networks: The identification of assets and facilities is necessary to develop an inventory of assets that can be analyzed further with regard to criticality and national significance. Because of the diverse nature of assets within the CF Sector, the CFSSA works with the DHS IICD to identify and validate these assets. In addition to its collaboration with the IICD, the sector also identifies assets through interaction with trade associations and corporate owners and operators. c. Assess risks: The CF Sector approaches risk by evaluating consequence, vulnerability, and threat information with regard to a terrorist attack or other hazard to produce a comprehensive, systematic, and rational assessment. 60 Glenn

French, a Sergeant with the Sterling Heights (Mich.) Police Department, has 22 years’ police PoliceOne.com June 30, 2015. 61 Commercial facilities sector-specific plan. HLS; 2010.

91

92

150 Things You Should Know about Security

d. Prioritize: The CF SCC and the CFSSA have found that it is not appropriate to develop a single, overarching prioritized list of assets for the CF Sector. Instead, assets are categorized by using a consequence methodology that allows the CFSSA to drive sector-wide protection efforts. e. Implement programs: Given the size and diversity of the CF Sector, there is no universal solution for implementing protective security measures. The owners and operators of CF Sector facilities implement the most effective protective programs based on their own assessments. Protective programs address the physical, cyber, and human dimensions. f. Measure progress: The CFSSA has developed relationships with both public and private sector partners, including trade associations, corporate entities, and industry subject matter experts. Information sharing through these partnerships is used to assist in measuring progress through the creation of sector metrics. By measuring the effectiveness of protective programs and their actions, the CF Sector can continually improve the infrastructure at the facility and subsector levels and improve security overall at the sector level.

59. THE “ULTIMATE SECURITY COOKBOOK” AND THE FUTURE TRENDS Have you ever made a cake or cookies? You add flour, eggs, milk, chocolate chips, etc. This same logic applies to security and loss prevention. You have trained, armed or unarmed security officers; access control; fencing or other barriers; a security surveillance system; an intrusion detection system; appropriately secured doors and windows; security lighting; visibly displayed identity badges; and key control and have utilized CPTED concepts to complete your overall security program. The point is, you mix it all together and you will have good security countermeasures for security and loss prevention. However, this book goes beyond just having the right ingredients. It addresses:    • The environment, design, space • CPTED for 2017 and beyond • CPTED the second generation • CPTED the third generation • Soft targets versus hard targets • Emergency planning/procedures • UL codes • NFPA codes • OSHA guidelines • Chemical/biologic attacks • Crime prevention in the 21st century

60.  Ten Steps to Reduce Risk

• Terrorism, today and tomorrow • Access control • Bullet-resistant materials and ballistics • Stand-off distances • Training culture of security • Active shooter/active assailant • IT • Life safety NFPA 101 • Collaborative partnerships: public/private • Crime/crime prevention theories • Best practices and master planning • Workplace violence

THE FUTURE OF PHYSICAL SECURITY Few topics influence publications, education sessions, capital improvement initiatives, and new construction the way security can. When consumers are making reference to “security,” they might consolidate through assumption several systems— such as network security, data transport, risk management, counterterrorism, loss prevention, and critical infrastructure—that are studied as industrial physical security (PhySec). We will refer to these as the consolidated security disciplines. Although many are quite logically separated today, these individual specialties are appearing to merge into one large amalgamate, especially for markets that demand higher operational and fulfillment efficiencies. It begs the question, how will the PhySec professional of tomorrow adequately prepare to meet the challenges of consolidation and virtualization?

60. TEN STEPS TO REDUCE RISK 1. Conduct a total risk assessment including an IT assessment. 2. Conduct a total review of your crime stats. 3. Review all threats and vulnerabilities. 4. The definition of crime prevention broken down is: The anticipation Recognition Appraisal of a crime risk Initiation of an action to remove or reduce a crime risk (NCPI, 1971) 5. Consider risk avoidance, risk reduction, risk spreading, risk transfer, and risk acceptance. 6. Forecast future risk with countermeasures. 7. Development of a master plan that is followed by updated policies and procedures and the mission statement. 8. ROI—keep in mind decision makers will buy into anything that has an ROI.

93

94

150 Things You Should Know about Security

9. Develop a 5-year plan. Why? You can get everything done or completed in 2 months assuming you convert all lighting to LED lighting and energy-efficient lighting inside. You save $50,000; now you have money to spend going forward. 10. The process is not as complicated as it seems. After all your objective is the protection of all assets.

61. ASIS STANDARDS AND GUIDELINES62 Industry associations are an excellent source for guidelines to support security programs. We have said for years that our profession changes through regulation, standards, and guidelines. For example, ASIS International develops and publishes a range of guidelines that are available free of charge to its members and that may be purchased by non-members. Some of the subjects covered include (http://www. asisonline.org/guidelines/published.htm):    • Auditing management systems: risk, resilience, security, and continuity for application • Business continuity management standard • Chief security officer—an organizational model ANSI standard • Conformity assessment and auditing management systems for quality of private security • Facilities physical security measures • General security risk assessment • Information asset protection • Investigations • Management system for quality of private security company operations • Maturity model for the phased implementation of a quality assurance management systems for private security services providers • Maturity model for the phased implementation of the organizational resilience management system • Organizational resilience: security, preparedness, and continuity management systems—requirements with guidance for use standards • Pre-employment background screening • Private security officer selection and training • Quality assurance and security management for private security companies operating at sea guidance • Risk assessments • Security management standard: physical asset protection • Supply chain risk management: a compilation of best practices • Threat advisory system response • Workplace violence prevention • Supply chain risk management: a compilation of best practices    62 ASIS

Website. Effective physical security. 5th ed. Elsevier; June 2016.

63.  The Art of Training

62. SAFE CITIZEN AND LAW ENFORCEMENT ENCOUNTERS63 There are more and more news stories about violent altercations involving law enforcement officers and citizens. Many people lose all common sense when being stopped by a police officer. Remember that police officers are trained to be suspicious and rigid when they first encounter anyone because police officers are killed each year by people they have never met. They must make split-second decisions whenever there is a threat. Educate yourself and others to keep themselves (and the police officer) safe by keeping the following tips in mind:    • Respect the police officer’s authority. • If driving, move to the right and stop. • Obey the officer’s instructions, even if you do not think you have done anything wrong. • Keep your hands out of your pockets and in sight. Do not get into the officer’s personal space. Police officers are trained to stay about 5–7 ft away from people during a stop. • Do not make sudden movements, particularly in your car. Do not suddenly reach under the seat or in the console. The officer will probably draw his weapon. • Do not argue until it is time to speak. Be civil. • Do not run away. Even if you have not committed a crime until that point, you will likely be tackled and arrested. • If the police are conducting an investigation and you have information that you are afraid to give in public, call the police department. You can give the information anonymously or arrange to talk to officers away from your neighborhood. • If you are cited or arrested and you believe you are innocent, fight the charges in court, not on the street. • Remember, law allows police officers to detain people while conducting an investigation, even for a minor offense. Continuously saying “Am I under arrest?” is not going improve the situation. • If you believe a police officer is being disrespectful to you, say so—but do it properly. • All lives matter.    Do not criticize police officers for doing their jobs. Police officers have the right to go home to their families at the end of a work day—just like everyone else.

63. THE ART OF TRAINING Training the trainers is not a new idea; it has been around for years. To make it work requires training, material, and the knowledge of “How to Teach.” Teaching, lecturing, and give a talk all require a different approach. 63 C

Cooper, M Perry. LMPD Crime Prevention Forum. Safety and security tips. 2015.

95

96

150 Things You Should Know about Security

Teaching requires that you exert influence on the minds of the students and take them into areas that they have not been before; it is also selling them on a product that they will remember. Teaching is said to be based on three great principles:    1. I hear—I forget 2. I see—I remember 3. I do—I never forget

VISUAL AIDS Visual aids are important when training. Consider using some of the following visual aids:    • Blackboard ,whiteboard, or flip chart • Digital Optical Disc player • Projector for PowerPoint Presentation • Video Cassette Recorder: video camera • Go-Pro camera and playback device    There are two golden rules for using visual aids:    1. Do not have too many visual aids. 2. They must be well presented, professionally prepared and presented.    Rules for use of any equipment:    1. Test it before class and ensure it is working. 2. If using slides, make sure none are upside down. 3. Use multi-colored chalk or pens (except for the color red in a PowerPoint). 4. Use a laser pointer; do not walk in front of a picture; talk to the side. 5. Check microphone, podium, and your notes.

INTRODUCTION Each person who is to give a presentation should be introduced as if he or she is someone special. Their qualifications and expertise should be identified and the subject matter should be stated. Emphasize their expertise.

LECTURING VERSUS TEACHING Lecturing usually requires you to talk for a fixed period of time. Preparation to give a lecture usually takes twice as much time as the actual lecture is going to take. Rehearse your presentation and time it. If you have an hour-long presentation, tell the class you will be allowing 10–15 minutes for questions and answers at the end of the lecture.

63.  The Art of Training

CONTROLLING THE CLASS 1. C  ontrolling the class starts when you start the program on time, for example, 8:00 a.m. versus, 8:20 a.m. If the class starts 20 minutes late because two students are late, the students control the class and not the instructor. 2. Request that the class take notes (supply pencil/pen and paper). Emphasize the key points during the class. 3. Encourage an exchange of questions. You can ask the questions, but you know the answer and the person you are asking. Do not ask difficult questions because they may turn off the class.    If you are asked a question, and do not know the answer, do not fake it. Admit that you do not know the answer, and ask if anyone in the class knows the answer. Here are some tricks of the trade in answering questions:    • “Will you ask that again? I don’t think everyone in the class heard you?” Having a question repeated does two things: it give you time to collect your thoughts, and the second time around, the question may be worded differently and to your advantage. • Praise the student who asked the question. It is like a pat on the head. “That was a very good question; I hope I answered it properly.” • Do not fake an answer you do not know. • Phrases like these can save you: “Correct me if I’m wrong…” “In my opinion…” (and answer the question).

HANDOUTS Everyone has handouts, and management expects it. Handouts should relate to the subjects being discussed. As a general rule, handouts should be distributed after the presentation because they will be a distraction. Review the handout material very carefully.

PLANNING Teaching and lecturing require not only a degree of knowledge on a specific subject but also require you to know your audience. Sessions should be planned, for example, a 50-minute program and 10-minute breaks; one 20-minute break in the morning and afternoon; lunchtime to be decided. Your program must fit around the aforementioned or similar time frames. If your program is planned and advertised 9:00 a.m. to 5:00 p.m., you should start at 9:00 a.m. sharp and finish at 4:50 p.m. to 5:00 p.m.

VOICE CONTROL In “My Fair Lady,” (1964) Eliza Doolittle was transformed from a Cockney flower girl to a lady of gentility. Her voice quality and her diction were the focal points of the movie. Remember to speak clearly and raise and lower your voice as you speak. Do not forget to also make eye contact.

97

98

150 Things You Should Know about Security

Following are some helpful hints:    • Speak as if you are speaking to this end of the room. • Look at the person you are speaking to. • Pay attention to questions being asked. • Never interrupt. • Use the proper volume in voice control.

NERVOUSNESS Depending on the type of program and the experience of the presenter, nervousness comes in degrees. If you are drinking coffee or water, the class should be allowed to. Everyone is nervous in the beginning of a presentation until they get started. Consider doing the 7:00 p.m. news on CNN and you must wait in a chair, under strong lights, at 6:30 p.m. until 7:00 p.m. “Your presentation is easier.”

RECORDING DEVICES I have read for a specific seminar recently the following: “Recording devices will not be allowed.” The subject matter and the reason why the person wants to record the session will aid in your decision whether or not to allow recordings of sessions.

ENDING YOUR PRESENTATION In every book or story there is a golden rule: strong beginning and strong ending. This rule will make you become creative and force you to provide a strong finish.

64. DO NOT TAKE TRAINING LIGHTLY Over the years, we have all received training that has helped us get to where we are today. However, as the one conducting the training, it is a different situation— it takes time and effort to put together a quality presentation. It is often said that for every one-hour of presentation time, 4 hours must be spent preparing. We learn valuable training techniques from professional training programs, instructors in university and professional development classes, and also from mentors. One instructor that we remember came bursting into the classroom at exactly the time class was to start, with the door swinging wide open and banging into the wall. Students would jump and heads would turn. Tim Crowe at National Crime Prevention Institute would walk up and down between the tables and chairs in the classroom. Some trainers or instructors stand at a podium, some pace in front of the room, and others walk around the classroom. The point is, everyone who teaches, develops a style to effectively relay information.

64.  Do Not Take Training Lightly

Marianna Perry’s style is to create PowerPoint slides to ensure that she stays on the topic, and then she hands out a copy of her presentation so that class participants will receive all of the information on the subject. She talks about projects that she has been a part of where the material she is presenting proved to be successful. Larry Fennelly’s style is a combination of theory and practice. If he is talking about the crime displacement theory, he will tell you about it and then give examples of how he was successful moving crime and reducing criminal opportunity.

WHY DO WE TRAIN? Over the years, employees have been trained so they will be able to do a better job and also understand what they are expected to do and how they are expected to do it. Lesson plans should be the same way, clear and updated, with the very latest information available. How do you expect a security/protection officer to respond to an alarm system if you do not teach him or her how the system works? We live in a world today of passwords for virtually every device and every system. This is critical information. When an alarm goes off at 3:00 a.m. and the siren is blasting, and no one knows the password to reset the system, it is a problem. The next morning, you may have to explain to management why the alarm system is damaged because no one knew the password to reset the system. We must adequately train security/protection officers to effectively do their jobs. If you want to reap the rewards of being efficient and professional, you properly train and then document the training. Training should not be taken lightly. It is too important to leave job performance to chance.

TRAINING FOR SECURITY/PROTECTION OFFICERS At a minimum, security/protection officers should be trained and tested on the following topics:    • Post orders • Basic security officer responsibilities • Ethics and professionalism • Personal appearance • Human relations • Customer service • Personal safety • Situational awareness • Communication policies and procedures • Telephone and radio etiquette • Public relations • Security policies and procedures • Access control (personnel and vehicles) • Patrol procedures

99

100

150 Things You Should Know about Security

• Observation techniques • Challenging techniques • Crowd control • Blood-borne pathogens, first aid, and CPR/AED training • Ingress and egress control • Operation of security systems (intrusion detection and video surveillance) • Safe driving (if mobile patrol) • Criminal and civil law • Investigations • Legal authority • Use of force • Relations with law enforcement • Conducting investigations • Evidence preservation • Report writing • Responding to emergencies • Terrorism and weapons of mass destruction • Workplace violence • Active shooter • General fire prevention and safety • Hands-on fire extinguisher use • Bomb threat procedures    It is important that you also have your officers sign off on the fact that they have received this specific training and on a specific date, signed also by the trainer.

65. SECURITY/PROTECTION OFFICERS AND PROFESSIONALISM The growth in the private security industry has increased the need for competent security professionals. Some professional acceptance can be achieved through educational programs and professional development, but what does it really mean to be a “professional”? Most of us have probably not been formally taught about professionalism and are instead supposed to learn it on our own, but that is sometimes a difficult way to learn things. Being a security professional means displaying competence in your area of expertise and knowing your strengths and weaknesses. Strive to demonstrate the core values of competence and professionalism. For example, wear the appropriate business attire and practice proper workplace etiquette. Whenever possible, take on leadership roles and show that you are willing to accept result-driven responsibilities.64 64 S

Davies. Women in the security profession: a practical guide for career development. Boston: Elsevier Publishers; 2016.

67.  Guard Houses/Guard Booths

66. THE IMPORTANCE OF PROFESSIONAL CERTIFICATIONS: ASIS INTERNATIONAL AND INTERNATIONAL FOUNDATION FOR PROTECTION OFFICERS Industry credentials may be the single determining factor for advancement in the security profession and could include a degree from an academic institution or a certification from a professional association, such as ASIS or the International Foundation for Protection Officers (IFPO). Gaining knowledge in an academic program may come in the form of certification or accreditation. The credential must be based on something gained and high standards of program credentialing that are recognized by the professional associations, which represent the field and discipline.65 ASIS International was the first organization to implement security certifications and develop a standard for excellence in the security industry. The following ASIS security credentials are accepted throughout the world and are proof of professional knowledge:    • Certified Protection Professional (CPP)   Board Certification in Security Management • Professional Certified Investigator   Board Certification in Investigations • Physical Security Professional   Board Certification in Physical Security66    The IFPO offers the following educational and certification programs for security professionals:    • Certified Protection Officer Program • Certified in Security Supervision and Management • Certified Protection Officer Instructor67

67. GUARD HOUSES/GUARD BOOTHS The presence of a security officer in a guard house/guard booth is not only a visual deterrent, but also a security component that can control vehicle and/or pedestrian access to an area or a facility, monitor video surveillance, check credentials, and restrict access, when necessary. Guard houses/guard booths are available in different sizes—both prefab and built on-site, designed by architects or assembled from a crate—depending on the security application. Some are very elaborate with modern technology and many conveniences, but others are very small, simple buildings intended to protect the security officer from the elements when performing his or her duties. 65 http://ipca-cert.org. 66 www.asisonline.org. 67 http://www.ifpo.org.

101

102

150 Things You Should Know about Security

It is important to have a trained, professional, and competent security officer in a guard house/guard booth because of their constant interaction with the public. They must be observant for suspicious activity and be able to quickly determine if a vehicle or person is dangerous.

68. PHYSICAL SECURITY EXPENSES AND MAINTENANCE Physical security is the use of numerous and diverse devices, hardware, technology, and other various types of equipment to control access, secure property, and detect intrusion or environmental concerns. The types of hardware and technology in use today include, but are not limited to, the following:    • Electronic locking devices • Video surveillance systems • IP cameras, with video analytics • Monitoring equipment • Digital recording equipment • Intrusion, panic, and barrier alarms • Fire detection and suppression equipment • Mirrors (especially in a retail environment) • Cost-effective and energy-efficient lighting • Emergency lighting • Redundant communication systems and notification devices • Access control devices, such as smart cards • Biometrics for access control • CPTED-compliant design of the perimeter of the property and buildings    Ensure that service and maintenance is included for all security components and that you have budgeted for system upgrades, when necessary. Furthermore, there are varieties of fencing, walls, and other barriers designed to protect the property, its contents, and its occupants. Although security departments have varying degrees of involvement in the selection and installation of equipment, they all use it and are frequently responsible for monitoring and maintaining it. The various security equipment and systems available to us are very useful in augmenting the efforts of the security staff. However, security managers should be cautious not to depend solely on hardware. Effective and consistent human security practices are the key to the success of the security program. In addition, security managers should have contingency plans in case a piece of hardware fails, someone tampers with it, or there is a temporary loss of power. As our society becomes more technologically oriented, the risk of becoming too dependent on electronic security equipment increases. In all environments, adequate security still requires a welltrained, alert and conscientious security staff and the integration of basic security concepts into all aspects of the operation.

69.  Data Center and Server Security

69. DATA CENTER AND SERVER SECURITY Data center and server security is a critical operation for any organization because of the need for effective storage of confidential and valuable information. A data breach can be devastating to organizations, regardless of their size. Business partners and customers may lose their confidence that the organization can keep confidential information confidential and this in turn may result in financial losses. When determining the level of security for a new or existing data center or server room, a risk assessment must be conducted to assess both the data stored and the equipment in the facility using an impact versus likelihood approach. The assessment will be the basis for adequate security to potential threats. Part of the process for data center or server security is also to quickly identify a breach and then contain it as soon as possible. The following are industry standards and legal requirements for organizations that safeguard sensitive or confidential data:68 SSAE 16: Statement on Standards for Attestation Engagements (SSAE) No. 16 replaces the previous Statement on Auditing Standards (SAS) No. 70. The SSAE 16 is widely recognized as an auditing standard developed by the American Institute of Certified Public Accountants). Adequate controls and safeguards are required for host or process data belonging to customers. These controls may include physical security requirements such as two levels of authentication for electronic access, “man traps” on the data center floor, and a process for individuals requesting access. Section 404 of the Sarbanes-Oxley Act of 2002 makes SSAE 16 more important to reporting the effectiveness of internal controls over financial reporting. Introduction Industry Standards and Legal Requirements Technological and Internal Challenges 4 ANSI/TIA-942: This standard is recognized throughout the industry for data center infrastructure requirements to provide information to planners regarding the protection of data center/server assets by utilizing physical security as well as fire prevention. It recognizes the importance of providing manageable access control to data center facilities and monitoring of people and their actions. Using the Uptime Institute Tier framework as a basis the ANSI/TIA-942 Standard makes recommendations on the facilities specifications’ and improving the physical security of the data/server center. These include criteria such as video surveillance recording frame rates, access control levels, and hardware and site selection. There are recommended specifications by tier as a uniform way to rate aspects of a data center design utilizing qualified architects and engineers. HIPAA and PCI-DSS (Payment Card Industry Data Security Standard) mandate that certain access restrictions be in place for data/server center facilities and also require the reporting and auditing of access be provided. There are also directives from the DHS if the data are deemed vital to national and economic security.

68 https://www.anixter.com/content/dam/Anixter/White%20Papers/12F0010X00-Four-Layers-Data-

Center-Security-WP-EN-US.pdf.

103

104

150 Things You Should Know about Security

The following are some basic principles for data center and server security:69    • Do not identify the building as the “Data Center” or the room as the “Server Room.” Identify by number and/or address only. • There should be two sources for utilities—electricity, water, voice, and data. Trace electricity sources back to two separate substations and water back to two main lines. The lines should be underground and come into different areas of the building. Utilize the anticipated power usage as leverage for accommodating the building’s special needs. • Use concrete walls to secure generators located outside the building. • The walls should be constructed of 1-ft-thick concrete to be effective barriers against the elements and explosive devices. • Avoid windows completely or only have them in the break room or administrative area and ensure that they are double glazed or shatter resistant. • Control access to the parking lot with permanent security officers and a guard house. The gated entry can be opened remotely or through the use of retractable bollards. A winding entry route will limit the speed of vehicles approaching the facility. • To protect from vehicles, install bollards or planters around the perimeter of the building. • Limit access points to the building—one main entrance in front and a rear entrance with a loading dock in the rear. • Utilize anti-pass-back and man-traps. Tailgating (following someone through a door before it closes) is one of the ways that an unauthorized visitor can gain access into a data center. By implementing mantraps that only allow one person through at a time, you force visitors to be identified before allowing access. • Fire doors should be exit only and equipped intrusion detection to include a propped door alarm, forced door alarm, as well as open/close alarms. • The perimeter of the building and the entry/exit points should be monitored by video surveillance. Access points throughout the building interior should also be monitored. • All contractors, vendors, and repair personnel should be escorted and accompanied at all times while on the property. • Ensure that the HVAC system has the capability to recirculate air rather than drawing it in from the outside, if necessary. This will protect building occupants and equipment should a biological, chemical, or radiological agent be introduced. You may also want to consider monitoring the air in the building. • In the secure areas of the data center, ensure that the walls run from the slab ceiling to the subflooring where wiring is typically housed. Ensure that dropdown ceilings do not provide hidden access points. 69 http://www.datacenterjournal.com/a-guide-to-physical-security-for-data-centers/.

70.  Loading Dock and Chemical Storage Security

• Use two-factor authentication. Biometrics is becoming the standard for access to sensitive areas of data centers. Hand geometry or fingerprint scanners are considered less invasive than retinal scanners. • Ensure you are utilizing layered security. For example, at the front door, use a card reader and entry code panel. At the inner door, ensure that the visitor area is separated from the general employee area. At the “data” location, use strict controls, such as a floor-to-ceiling turnstile to prevent piggybacking or a “mantrap” consisting of two separate doors with an airlock in between so only one door can be opened at a time. • At the door to the computer processing room where servers or mainframes are located is usually the layer that has the strongest “positive controls.” Control and track access. • At the door to an individual server cabinet, racks should have lockable front and rear doors that use a three-digit combination lock as a minimum. This is a final check, once someone has access to the data floor, to ensure that they only access the authorized equipment. • Do not allow food or drinks in the computer rooms, so ensure there is a common break area. • Install visitor rest rooms so visitors, contractors, or repair persons do not have access to the secure areas in the building.

70. LOADING DOCK AND CHEMICAL STORAGE SECURITY LOADING DOCKS Control access to the area. It is recommended that the gate or overhead doors to the loading dock be kept shut at all times. Vehicles should be allowed to proceed only after being confirmed and inspected by security.    1. Inspect delivery vehicles. A protocol consisting of a quick visual or technological inspection utilizing trace detection machines must be conducted prior to vehicles entering the loading dock. 2. Create a stationary security post. A security officer must be assigned to the loading dock to not only inspect incoming deliveries but also monitor for unauthorized access (particularly since the loading dock allows for direct entrance to the facility). This post needs to be equipped with a video surveillance monitoring station to observe for incoming delivery vehicles. 3. Hazardous material storage, such as toxic industrial chemicals (ammonia, chlorine, and hydrogen cyanide and potentially more unknown chemicals) may be in the loading dock area, particularly if the facility is an educational or research center with laboratories. 4. The valve protection caps shall be in place and secured on all gas cylinders. Unless cylinders are firmly secured on a special carrier intended for this

105

106

150 Things You Should Know about Security

purpose, regulators shall be removed and valve protection caps put in place before cylinders are moved. A suitable cylinder truck, chain, or other steadying device shall be used to keep cylinders from being knocked over while in use. Compressed gas cylinders shall be secured in an upright position at all times except, if necessary, for short periods of time while cylinders are actually being hoisted or carried. Inside of buildings, cylinders shall be stored in a well-protected, well-ventilated, dry location, at least 20 ft (6.1 m) from highly combustible materials such as oil or excelsior. Cylinders should be stored in defined, assigned places away from elevators, stairs, or gangways. Assigned storage places shall be located where cylinders will not be knocked over or damaged by passing or falling objects, or subject to tampering by unauthorized persons. Cylinders shall not be kept in unventilated enclosures such as lockers and cupboards. 5. NFPA 1600 is needed for all-hazards planning. 6. Provide FEMA training for administration and crisis team members.70 7. In an emergency: a. Develop a pre-plan for your facility with key elements. Preparedness can fall into the operational and/or procedural guidelines. b. Understand response agency actions at your facility during a crisis response, not during normal day-to-day operations. c. Develop the facility liaison officer to fully integrate/coordinate with the response agency officials to mitigate the impacts of the event.

CHEMICAL STORAGE Access Control The doors from corridors leading to the chemical storage area must be secured and kept shut at all times. Chemical storage rooms must be put on a separate key group, making it a secure area. Card readers need to be installed on the doors leading to the chemicals storage rooms, giving access only to security and authorized personnel.

Security Surveillance Systems Every access point to chemical storage areas should be monitored by video surveillance. An additional camera may need to be installed inside the chemical storage room.

Cabinets Individual cabinets where hazardous materials are stored need to be secured at all times. We recommend using padlocks that have an American Society of Testing Materials and have no markings that will identify the key to a specific location. 70 http://training.fema.gov.

72.  Parking Facility Security

71. THE SIX MOST CRITICAL AREAS IN A STORAGE FACILITY Every facility requires a careful analysis of the most vulnerable areas of attack, most easily identified during a security assessment. The six most critical areas in a storage facility are usually centered around, but not limited to:    1. Overhead doors that are used for deliveries and shipping 2. Exit doors and fire doors (emergency exits) 3. Outside perimeter walls 4. Interior doors that are on access control 5. Ceiling or cabling/utility areas 6. Interior storage areas    Each of these areas must be protected regardless of the number of security officers on the premises. Although conventional alarm devices are available to protect vulnerable areas, certain modifications can be made to improve the system to meet specific needs. Because cargo facilities are resorting to larger and larger storage containers, the obvious movement of material in and out of the facility will often pass through large overhead doors. It is estimated that 70%–80% of all undetected theft leaves facilities through overhead doors, during normal working hours, unless they are protected.

72. PARKING FACILITY SECURITY71 Since parking facilities usually include a large area with relatively low levels of activity, violent crime is more likely to occur, but CPTED principles may help reduce the fear and risk of crime. Natural surveillance may work for low-risk facilities, but higher risk areas may require access control. Access control and perimeter security are best considered when the parking structure is being designed. Security screening or fencing can be provided at points of low activity to keep someone on foot out, but will still allow the structure to still seem open. Ground-level pedestrian exits that open into non-secure areas should be emergency exits only and filled with panic bars. A local alarm should activate if the door is opened.

ISSUES • There are hiding places between parked cars. • Parked cars affect the distribution of light. • Most parking facilities are open to the public. • An offender’s car may not be memorable. • Parking garages are preferred over parking lots because land is valuable.    71 LJ

Fennelly. Handbook of loss prevention and crime prevention. 5th ed. Boston: Elsevier Publishers; 2012.

107

108

150 Things You Should Know about Security

Attendant booths and security offices should be located where they can monitor activity in the facility, preferably at entry and exit points. If a driver is required to take a ticket on entry and is observed by video surveillance and then also has to interact with an attendant or security officer at exit, the facility will be less attractive to criminals than one that is open and unattended—think about crime opportunity. Pedestrian paths should be planned to concentrate egress from the facility. If all pedestrians are brought through a central port, rather than allowing them access through several routes, it improves the likelihood that they will see and be seen by other people in the parking facility. Placement of signs and graphics help orient parking facility patrons and allows them to move quickly in and out of the facility and be less vulnerable to an attack. Color coding parking garage levels will help patrons quickly recall what level they parked on. Public restrooms in parking facilities present a security issue because of infrequent use and they are hiding places. If restrooms do exist in a parking facility, they should have a maze-type entrance instead of inner doors and be visible to the attendant booth or the security office. Shrubbery should be planted away from the facility and trimmed to eliminate hiding places. If there are visible cameras, signage that the area is being monitored and security officers, criminal activity may be deterred. Passive security: physical features that incorporate CPTED principles. Active security: human activities such as security officers on patrol, intercoms, duress buttons, emergency phones, and sound surveillance and monitored video surveillance. CPTED should be a high priority in all parking facilities because:72    • Natural surveillance is a low-cost crime prevention strategy. • Even if security is not an issue at a specific location today, it may be in the future. • Active security will lessen the likelihood that a crime will occur and reduce the liability of the parking facility owner if it does.    Lighting is a key component in the security system in a parking facility, so lights must be reliable, easy to maintain, be able to withstand the elements, and also be protected from vandalism.

HOW TO IMPROVE LIGHTING BRIGHTNESS IN PARKING GARAGES Staining concrete is a cost-effective way to increase brightness and to create a sense of well-being. White stain on ceiling and beam soffits reflects light and increases uniformity. Concrete stain will last about 10 years. Paint achieves the same increased level of brightness, but requires more maintenance. White stain or paint increases the likelihood of graffiti, which decreases the perception of security. Anti-graffiti coatings

72 National

1996.

Institute of Justice. Crime prevention through environmental design in parking facilities;

73.  Emergency (Blue Light) Phones/Call Stations

may be used on walls so that graffiti can easily be removed and the walls cleaned. There are two categories of concrete stains—reactive and non-reactive. Reactive stains are water-based acidic solutions containing metallic salts that react with the concrete’s lime content. Once the chemical reaction takes place, the stain forms a permanent bond with the concrete and will not chip off or peel away. Non-reactive stains are water-based acrylic stains that do not rely on a chemical reaction to impart color. Instead, they are formulated to penetrate the concrete surface and deposit their pigment particles in the open pores. Non-reactive stains are water based and more commonly used, come in more colors, and are easy to apply.73

73. EMERGENCY (BLUE LIGHT) PHONES/CALL STATIONS Emergency (blue light) phones or call stations are ideal security solutions for remote and/or high-risk areas. Emergency phones and call stations can offer immediate assistance and a quick response by security personnel. Additionally, most models include video surveillance capabilities and a blue light that is always illuminated and mounted on top of the unit to give high visibility and a feeling of security to people in the area. Patrons can call emergency personnel with a simple push of a button. At this same time, the blue light on top of the unit will begin to flash, attracting attention to the location. The face plate on blue light emergency phones is illuminated at all times for clear visibility at night. Emergency blue light phones are vandal resistant and designed to operate in extreme weather situations. Emergency blue light phones are commonly used on university and college campuses, parking facilities, shopping malls, medical centers, industrial campuses, and many transit facilities (Photo 15).

PHOTO 15 Photo shows an emergency (blue light (light gray print version)) phone in a parking lot.

73 https://www.pci.org/WorkArea/DownloadAsset.

109

110

150 Things You Should Know about Security

74. ENVIRONMENTAL SECURITY “Environmental security” is an urban planning and design process that integrates crime prevention with neighborhood design and urban development. It is a comprehensive environmental design approach that combines traditional techniques of crime prevention with newly developed theories and techniques. Environmental security is not only concerned with the reduction of crime but also the fear of crime, since it has become recognized that the fear of crime is equally serious and is a major contributor of the urban decay process. The main idea behind environmental security is that our urban environments can be designed or redesigned to reduce criminal opportunities and the fear of crime. We need not resort to building fortresses that result in the deterioration in the quality of urban life. Crime and the fear of crime are among the main reasons for reduced urban investment and flight to the suburbs. Every day, the newspapers and television remind us of the problems of uncontrolled street crimes where no individual is safe. Public opinion surveys consistently identify crime as one of the major problems confronting our cities and their urban neighborhoods.

75. THE NEIGHBORHOOD AND FEAR OF CRIME To understand how geography relates to neighborhood watch programs, we must first understand why people’s fear of crime matters. James Garofalo of the State University of New York at Albany defines fear as the emotional response to a sense of danger and anxiety about physical harm. Fear of crime, then, relates to the potential for such harm to be inflicted during a crime event.74 According to Garofalo, people tend to associate the threat of physical harm with certain places: where they live, a place they are visiting, somewhere they want to go, or a place they avoid. And although crime can happen anywhere, certain locations experience crime more frequently.75 Generalizations about crime rates help establish the psychological link between the likelihood of a crime occurring in that place and a person’s fear of being a crime victim. CPTED76 reduces crime and fear of crime (see CPTED section) using:    • Territoriality: attitude of maintaining perceived boundaries. The outsider is recognized and observed. • Natural surveillance: ability of inhabitants of an area to casually and continually observe public areas. 74 J

Garofalo. The fear of crime: causes and consequences. J Crim Law Criminol 1981;72(2):839–57. Wolfgang. Patterns in criminal homicide. Philadelphia: University of Pennsylvania Press; 1985; LW Sherman. Hot spots of crime and criminal careers of places. In: JE Eck, D Weisburd, editors. Crime and place. Monsey, NY: Criminal Justice Press; 1995. p. 35–52. 76 TD Crowe, LJ Fennelly. Crime prevention through environmental design. 3rd ed. Elsevier Publishers; 2013. 75 M

76.  Designing Security and Site Layout

• Image and milieu: design to counteract the perception that the area is isolated and vulnerable to crime. • Safe areas: locales that allow for high degree of police observation. • Incorporating urban planning with crime prevention.    Reduce crime through environmental security by:    • Increasing perpetration time: more difficult to commit the crime • Decreasing detection time: enhanced lighting, landscaping, etc. • Decreasing reporting time: better observation by more people • Decreasing police response time: better planning of streets, clearly marked exits and pathways    In Defensible Space,77 author Oscar Newman states that better residential security can be obtained through environmental and architectural design that is coordinated with crime prevention methods.

76. DESIGNING SECURITY AND SITE LAYOUT Designing security into a new complex should begin with interior security and then move out to the exterior of the building(s) and then to the outer perimeter of the property. Keep in mind the following points before you sit down with the architects:    • Eliminate all but essential doors and windows; the idea should be few entrances but many exits. • Specification of fire-resistant material throughout the interior. • Install fire, intrusion, and environmental control systems. • Separate shipping and receiving areas if possible. • Ensure that the site meets ADA requirements. • Plan for adequate lighting around the perimeter, before, during, and after construction. • Review architectural design plans and layout. • Plan a site assessment/site survey. • Have interior/exterior detection systems. • Apply natural surveillance and other CPTED principles and strategies. • Decide whether there will be security/protection officers and if there will be on-site supervision. • Make employees aware of enforced security policies and procedures. • Be educated about the operation of physical security components and programs. • Carry out budget planning and have a 5-year plan. • Audits/assessment/future needs.    The conclusion of your site layout report should reflect every aspect of the security operation and have measures in place to deny, deter, delay, and detect unauthorized individuals or criminal activities. 77 http://www.defensiblespace.com.

111

112

150 Things You Should Know about Security

DESIGNING FOR SECURITY: A CHECKLIST Some of the most important considerations that must be analyzed before designing a security protection system are as follows:    1. Exterior perimeter protection a. A 6- to 8-ft chain link fence (depending on the application) with three strands of barbed wire at the top b. 8-foot walls (depending on the application) and bushes no taller than 3 feet c. Video surveillance system d. Security/protection officers (contract or proprietary) e. Energy-efficient exterior lighting (LED) f. LEED and high-performance building design g. CPTED concepts and strategies 2. Entrance protection a. Overhead and pedestrian doors (type, strength of doorframe, etc.) b. Windows (locks, grills, etc.) c. No miscellaneous entry points (roof, basement, subterranean utility access, etc.) 3. Interior protection a. Security policies and procedures b. Lighting c. Key or access card control d. Video surveillance system e. Special situations (hours of operation) f. Inventory control (computer safeguards) g. Safe, high-value, and security-sensitive areas h. Intrusion detection systems (alarm sensors) i. Local audible alarm versus central station alarm 4. Environmental considerations a. Areas of building to be protected b. Insurance requirements (UL listed, etc.) c. History of losses (loss experience) d. Type and demographics of employees e. Opening and closing procedures f. Fire and safety regulations and codes g. Delivery and shipping policies/procedures h. Situations peculiar to the building or industry 5. Law enforcement involvement a. Transmission of alarm signal b. Central station or direct connection to the police station c. Municipal ordinances d. Police response time e. Neighborhood/business watch programs f. Formulation of partnerships

78.  Access for Physically and Mentally Challenged

77. MONTREAUX DOCUMENT78 The full title is “The Montreux Document - on pertinent international legal obligations and good practices for States related to operations of private military and security companies during armed conflict.” The Montreaux Document was published on September 17, 2008, and is the first international document to describe international law as it applies to the activities of private military and security companies, whenever these are present in the context of an armed conflict. Its purpose is to ensure that the actions of private security providers do not contravene human rights or international humanitarian law, specifically torture or cruel, inhuman, or degrading treatment; prohibition and awareness of sexual exploitation and abuse; as well as recognition and prevention of human trafficking and slavery.

78. ACCESS FOR PHYSICALLY AND MENTALLY CHALLENGED These requirements generally improve accessibility and wayfinding, but rarely consider the risk of victimization that may be created by the use of out-of-the-way doors, hallways, or elevators.

REVIEW PROCESS The work of builders, designers, and planners have long been affected by codes that govern nearly every aspect of a structure, except for security. Historically, a few jurisdictions enacted security ordinances, but most of these related to windows, doors, and locking devices. It is now becoming more common to find a local law or procedure calling for a full security or crime prevention review of plans before they are finalized. Nevertheless, it is still generally true that more attention is placed on esthetics, drainage, fire safety, curb cuts, and parking access than on gaining an understanding of how a building or structure will affect the area in terms of security. A CPTED design review process must be established within communities and organizations to ensure that good planning is being conducted. The manner in which physical space is designed or used has a direct bearing on crime or security incidents. The clear relationship between the physical environment and crime is now understood to be a cross-cultural phenomenon, as recent international conferences on CPTED have disclosed the universal nature of human–environment relations. That is, despite political and cultural differences, people basically respond the same way to what they see and experience in the environment. Some places make people feel safe and secure, whereas others make people feel vulnerable. Criminals or other undesirables pick up on the same 78 https://www.icrc.org/eng/resources/documents/publication/p0996.htm.

113

114

150 Things You Should Know about Security

cues. They look at the environmental setting and at how people are behaving. This tells them whether they can control the situation or run the risk of being controlled. Someone has to question design, development, and event planning decisions. Do you think that anyone from the police department, or fire department for that matter, asked the builder of a major hotel in Kansas City whether they had extra steel reinforcing rods leftover when they built the cross-bridge that fell and resulted in many deaths and injuries? Did anyone ask the planners what effect the downtown pedestrian malls would have when the fad swept the country in early 2000 to 2005? No! Major planning mistakes were made then and now because no one is asking hard questions.

79. ACTIVE SHOOTER/ACTIVE ASSAILANT79 Active shooters usually plan their attacks very carefully, so the best protection against an active shooter is a very carefully planned security program. In part, this can be accomplished by having a security risk assessment conducted by a competent security professional to help identify vulnerabilities. It is also important to educate students, faculty, and staff about the early detection of suspicious or potentially violent behavior. We think the DHS says it best in their “If you see something, say something” campaign. This early detection can be based on behaviors such as someone who appears out of place, is acting strangely, or is dressed in attire that is odd. We all need to embrace the “see something, say something” mentality and practice situational awareness. In other words, pay attention to what is going on around you and learn to recognize potentially dangerous situations. Since university campuses are considered “soft targets,” CPTED concepts, such as adequate lighting, visible signage, natural surveillance and wayfinding often become fundamental aspects of a security program. Security components, such as security officer or law enforcement officer patrols, video surveillance programs, access control, and securely locking doors may deter a potential active shooter for fear that they will be stopped and/or questioned before they reach their targets. All components and concepts work together to become an effective security system. If you find yourself in an active shooter situation, try to remain calm and of course, call 911 as soon as possible, but the following information may make the difference in whether or not you survive. Jeff Zisner, owner of Aegis Security & Investigations, said that in the event of an active shooter on campus, “Students should be hiding low, away from the door. They should also have heavy objects that are going to conceal them and also provide some sort of protection in case there’s a bullet that comes through.” His words of advice come after the shooting at the University of California’s Los Angeles campus on 79 CBS

Los Angeles 6/01/2016 as published in Security Management Newsletter.

80.  How to Respond When an Active Shooter Is in Your Vicinity

June 1, 2016. Garry Wong, a retired police officer and owner of a security company, agreed. He said students should stay put, stay quiet, and stay away from the doors. He also warned, however, that if a shooter does get through a barricade, “You don’t want to sit there and wait for him to execute you. You have to attack. You can use your laptop. Use anything in your hands, a chair; you attack. He’s not expecting you to attack. Therefore, you do what you have to do.” Both Wong and Zisner said that not only law enforcement officers but also students, faculty, and staff should be trained for active shooter situations.

80. HOW TO RESPOND WHEN AN ACTIVE SHOOTER IS IN YOUR VICINITY80 The following information was taken from an October, 2008, DHS publication, titled Active Shooter - How To Respond.

PROFILE OF AN ACTIVE SHOOTER An active shooter is an individual actively engaged in killing or attempting to kill people in a confined and populated area; in most cases, active shooters use firearms(s) and there is no pattern or method to their selection of victims. Active shooter situations are unpredictable and evolve quickly. Typically, the immediate deployment of law enforcement is required to stop the shooting and mitigate harm to victims. Because active shooter situations are often over within 10–15 minutes, before law enforcement arrives on the scene, individuals must be prepared both mentally and physically to deal with an active shooter situation. Quickly determine the most reasonable way to protect your own life.    1. Evacuate a. If there is an accessible escape path, attempt to evacuate the premises. Be sure to: i. Have an escape route and plan in mind ii. Evacuate regardless of whether others agree to follow iii. Leave your belongings behind iv. Help others escape, if possible v. Prevent individuals from entering an area where the active shooter may be vi. Keep your hands visible vii. Follow the instructions of any police officers viii. Do not attempt to move wounded people ix. Call 911 when you are safe 80 Active

2008.

shooter – how to respond. Department of Homeland Security (DHS) Publication; October

115

116

150 Things You Should Know about Security

2. Hide out    If evacuation is not possible, find a place to hide where the active shooter is less likely to find you. Your hiding place should:    • Be out of the active shooter’s view • Provide protection if shots are fired in your direction (i.e., an office or classroom with a closed and locked door) • Not trap you or restrict your options for movement    To prevent an active shooter from entering your hiding place:    • Lock the door • Blockade the door with heavy furniture    If the active shooter is nearby:    • Lock the door • Silence your cell phone and/or pager • Turn off any source of noise (i.e., radios, televisions) • Hide behind large items (i.e., cabinets, desks) • Remain quiet    If evacuation and hiding out are not possible:    • Remain calm • Dial 911, if possible, to alert police to the active shooter’s location • If you cannot speak, leave the line open and allow the dispatcher to listen 3. Take action against the active shooter    As a last resort, and only when your life is in imminent danger, attempt to disrupt and/or incapacitate the active shooter by:    • Acting as aggressively as possible against him or her • Throwing items and improvising weapons • Yelling • Committing to your actions

HOW TO RESPOND WHEN LAW ENFORCEMENT ARRIVES Law enforcement’s purpose is to stop the active shooter as soon as possible. Officers will proceed directly to the area in which the last shots were heard.    • Officers usually arrive in teams of four • Officers may wear regular patrol uniforms or external bulletproof vests, Kevlar helmets, and other tactical equipment • Officers may be armed with rifles, shotguns, handguns • Officers may use pepper spray or tear gas to control the situation • Officers may shout commands, and may push individuals to the ground for their safety   

80.  How to Respond When an Active Shooter Is in Your Vicinity

How to react when law enforcement arrives:    • Remain calm and follow officers’ instructions • Put down any items in your hands (i.e., bags, jackets) • Immediately raise hands and spread fingers • Keep hands visible at all times • Avoid making quick movements toward officers such as holding on to them for safety • Avoid pointing, screaming, and/or yelling • Do not stop to ask officers for help or direction when evacuating, just proceed in the direction from which officers are entering the premises    Information to provide to law enforcement or a 911 operator:    • Location of the active shooter • Number of shooters, if more than one • Physical description of shooter/s • Number and type of weapons held by the shooter/s • Number of potential victims at the location    The first officers to arrive to the scene will not stop to help injured persons. Expect rescue teams composed of additional officers and emergency medical personnel to follow the initial officers. These rescue teams will treat and remove any injured persons. They may also call upon able-bodied individuals to assist in removing the wounded from the premises. Once you have reached a safe location or an assembly point, you will likely be held in that area by law enforcement until the situation is under control, and all witnesses have been identified and questioned. Do not leave until law enforcement authorities have instructed you to do so.

TRAINING YOUR STAFF FOR AN ACTIVE SHOOTER SITUATION To best prepare your staff for an active shooter situation, create an emergency action plan (EAP) and conduct training exercises. Together, the EAP and training exercises will prepare your staff to effectively respond and help minimize loss of life.

COMPONENTS OF AN EMERGENCY ACTION PLAN Create the EAP with input from several stakeholders including your human resources department, your training department (if one exists), facility owners/operators, your property manager, and local law enforcement and/or emergency responders. An effective EAP includes:    • A preferred method for reporting fires and other emergencies • An evacuation policy and procedure • Emergency escape procedures and route assignments (i.e., floor plans, safe areas) • Contact information for and responsibilities of individuals to be contacted under the EAP

117

118

150 Things You Should Know about Security

• Information concerning local area hospitals (i.e., name, telephone number, and distance from your location) • An emergency notification system to alert various parties of an emergency including: • Individuals at remote locations within premises • Local law enforcement • Local area hospitals

COMPONENTS OF TRAINING EXERCISES The most effective way to train your staff to respond to an active shooter situation is to conduct mock active shooter training exercises. Local law enforcement is an excellent resource in designing training exercises.    • Recognizing the sound of gunshots    Reacting quickly when gunshots are heard and/or when a shooting is witnessed:    • Evacuating the area • Hiding out • Acting against the shooter as a last resort • Calling 911 • Reacting when law enforcement arrives • Adopting the survival mind set during times of crisis • Additional ways to prepare for and prevent an active shooter situation • Planning, communication, and ongoing maintenanc • Ensure that your facility has at least two evacuation routes • Post evacuation routes in conspicuous locations throughout your facility • Include local law enforcement and first responders during training exercises • Encourage law enforcement, emergency responders, SWAT teams, K-9 teams, and bomb squads to train for an active shooter scenario at your location • Prevention • Foster a respectful workplace • Be aware of indications of workplace violence and take remedial actions accordingly • Protection in depth means having a plan, being prepared, having access points, and learning and conducting exercises.

81. SCHOOL PARKING LOTS AND GARAGES81 University parking lots and parking garages must have natural surveillance and natural access control. Routes of travel for vehicles and pedestrians should be clearly identified and marked. Surveillance by both casual observers and law enforcement will help to create a surface parking lot or parking garage that “feels” safe to 81 CPTED

Perspective, vol. 12 Issue January/September 2015 and NIJ, CPTED April, 1996, p. 10.

82.  Women as Investigators

legitimate users. Proper landscaping design and principles can certainly make the difference toward creating an “open” parking garage or surface parking lot and a “closed” parking garage or surface parking lot. Parking lots or parking garages that have dark areas because there is not adequate lighting are considered “closed” environments that do not “feel” safe. They may have enclosed stairwells or tall bushes that have not been maintained, which creates hiding places. Additionally, many times there is no security present, and this may cause users to “feel” unsafe and vulnerable. Some of the concepts below apply to parking garages as well as surface parking lots:    • A well-distributed security surveillance system that monitors drive paths, parking spaces, elevator lobbies, and stairwells • Emergency call buttons (blue light phones) for emergency assistance at vulnerable areas, especially in elevators and on each level of the parking structure • Open and wide line of sight • Clearly visible signage at all entrances and exits • Open stairways with clear line of sight from the outside • Regular patrols by uniformed security or law enforcement (or both) utilizing a guard tour system to document varying routes • Limited entry points for pedestrians and vehicles • Bright walls, ceilings, and colorful decor • White walls and ceilings to enhance reflectivity • Effective lighting that is properly maintained with upgrades to LED lights • According to lighting recommendations by the IESNA: • Covered parking structures and pedestrian entrances should be illuminated to 5.0 fc and garage elevators and stairs to 10.0 fc • An open parking lot should be illuminated to 0.20–0.90 fc • Parking garages should have raised ceiling heights to enhance openness • Pedestrian entranceways should be designed with transparent glass to allow clear observation • There should be directional signage indicating the locations of exits and/or elevators

82. WOMEN AS INVESTIGATORS82 The field of investigations is one many women have chosen to pursue. If you are considering being an investigator, your options are open. There is such a wide range of choices, and they all come with their own set of pros and cons. The section, What Investigative Jobs Are Available details different types of investigative jobs, along with a brief description of the type of work. If the career of an investigator interests you, you may want to do some homework to determine what kind of investigator you want to be. A wide variety of investigative opportunities are available. Some of these are corporate investigations, private investigations, fraud investigations, loss prevention, cyber investigations, and arson investigations. 82 Permission

obtained to reproduce from the author, Inge Sebyan Black, CPP, CFE, CPOI.

119

120

150 Things You Should Know about Security

A woman can be extremely successful as an investigator. Being successful will depend on your skills and abilities. The difference may come in the level of confidence and the training. You might consider shadowing an investigator or doing an internship so you can understand what some of the pros and cons might be, along with required qualifications. Many investigative positions require certifications and the only way to know those requirements will be to review the qualifications of particular positions along with doing some research. You could also consider interviewing one or more current investigators. Some skills that are helpful in this field are attention to detail, having and portraying confidence, being flexible, being objective, good listening skills, ability to make good decisions, good memory, documentation skills, audit abilities, research skills, and having a high level of credibility. If you are considering private investigations, you will first want to look into your state licensing requirements, as many states require that you are licensed. This usually involves a lengthy process of a background investigation, verifying your qualifications and education. There may be a significant cost involved along with securing a bond. Men have typically dominated this field; however, women are opting for this line of work, especially if they have a background in law enforcement or the military. You may want to look at the possibility of working for a contract investigation company. This would allow you to get some practical experience in different types of investigations, allowing you to get a feel of what you like and where your personality and skills fit in. If you choose to work for a contract company, make sure that they represent your level of experience adequately and that they place you in the right position, which will determine your success. I also want to caution you to pick a company that has a reputation of being credible and professional. Surveillance, one of the duties that investigators often have, requires a great deal of patience, being alone, and long hours of sitting around. Consider the amount of income you require as an investigator’s income really depends on what type of work they do and who they are working for. After almost 40 years in the security and investigation field, I have seen many women become very successful investigators. Anyone can be successful with the right training, education, and practice. Following are the 10 things that all investigators should know83:    1. Stay confident 2. Always be ethical 3. Know your purpose at all times 4. Be adaptable 5. Always remain professional 6. Control the interview 7. Maintain confidentiality always 8. Know the respective laws 9. Understand your limits 10. Practice, practice, and practice! 83 IS

Black, CPP, CFE, CPOI. The Art of investigative interviewing. 3rd ed. Elsevier; 2014.

83.  Preventing Identity Theft

83. PREVENTING IDENTITY THEFT84 In the course of a busy day, you may write a check at the grocery store, charge tickets to a ball game, rent a car, mail your tax returns, call home on your cell phone, order new checks, or apply for a credit card. Chances are you do not give these everyday transactions a second thought. However, someone else may. Can you completely prevent identity theft from occurring? Probably not, especially if someone is determined to commit the crime. However, you can minimize your risk by managing your personal information wisely, cautiously, and with heightened sensitivity. Before you reveal any personally identifying information, find out how it will be used and whether it will be shared with others. Guard your mail from theft. Deposit outgoing mail in post office collection boxes or at your local post office. Promptly remove mail from your mailbox after it has been delivered. Put passwords on your credit card as well as bank and phone accounts. Avoid using easily available information like your mother’s maiden name, your birth date, the last four digits of your Social Security Number (SSN) or your phone number, or a series of consecutive numbers. Minimize the identification information and the number of cards you carry to what you will actually need. Do not give out personal information on the phone, through the mail, or over the Internet unless you have initiated the contact or know who you are dealing with. Identity thieves may pose as representatives of banks, Internet service providers, and even government agencies to get you to reveal your SSN, mother’s maiden name, financial account numbers, and other identifying information. Do not carry your SSN card; leave it in a secure place. Give your SSN only when absolutely necessary. Ask to use other types of identifiers when possible.

FEDERAL TRADE COMMISSION INVOLVEMENT The Congress of the United States asked the Federal Trade Commission (FTC) to provide information to consumers about identity theft and to take complaints from those whose identities have been stolen. If you have been a victim of identity theft, you can call the FTC’s Identity Theft Hotline toll-free at 1-877-IDTHEFT (438– 4338). The FTC puts your information into a secure consumer fraud database and may, in appropriate instances, share it with other law enforcement agencies.

STEPS TO TAKE Sometimes an identity thief can strike even if you have been very careful about keeping your personal information to yourself. If you suspect that your personal information has been stolen and misappropriated to commit fraud or theft, take action immediately and keep a record of your conversations and correspondence. Exactly which steps you should take to protect yourself depends on your circumstances and 84 MD

Thurmont. Policed Department website; October 2016.

121

122

150 Things You Should Know about Security

how your identity has been misused. However, the following three basic actions are appropriate in almost every case:    1. First, contact the fraud departments of each of the three major credit bureaus. 2. Second, contact the creditors for any accounts that have been tampered with or opened fraudulently. 3. Third, file a report with your local police or the police in the community where the identity theft took place.   

84. TOP 10 CRIME PREVENTION THROUGH ENVIRONMENTAL DESIGN RESEARCH AND BEST PRACTICE RESOURCES ON THE WEB85 Periodically we are asked for sources to provide a core body of knowledge on CPTED as it is coined into a term of art. There are many worthy article contribution candidates to consider, and here are 10 classics that should surely be in your library.    1. Crime Prevention Through Environmental Design; book (the updated Crowe book, edited by Lawrence Fennelly). http://www.amazon.com/ Crime-Prevention-Through-Environmental-Design/dp/0124116353. 2. Annotated Bibliography on CPTED, by Greg Saville, Ph.D., Prof Sean Michaels, and Joel Warren from the Utah State University. Today this work remains one of the most expansive CPTED bibliographies in the world. http:// www.veilig-ontwerp-beheer.nl/publicaties/a-cpted-bibliography-1975-2011. 3. DOJ: Center for Problem-Oriented Policing: Using CPTED in Problem Solving (Diane Zahm). http://www.popcenter.org/tools/pdfs/cpted.pdf. 4. 21st Century CPTED and Security (Randy Atlas, editor). http://www.amazon. com/21st-Century-Security-CPTED-Infrastructure/dp/1439880212. 5. National Crime Prevention Council - CPTED Best Practices from Weed and Seed Sites. https://www.ncpc.org/resources/files/pdf/training/Best%20 Practices%20in%20CPTED%20-2.pdf. 6. National Criminal Justice Reference Service - Florida’s Approach to CPTED (by Sherry and Stan Carter). https://www.ncjrs.gov/pdffiles1/ Photocopy/143817NCJRS.pdf. 7. Wiki - CPTED. https://en.wikipedia.org/wiki/Crime_prevention_through_ environmental_design. 8. Australian Conference on Designing Out Crime. http://www.aic.gov.au/media_ library/conferences/cpted/cpted.pdf. 9. International CPTED Association. http://www.cpted.net. 10. Our “The” CPTED Linkedin Group, representing the largest CPTED group with over 3700+ members. https://www.linkedin.com/groups/931077. 85 Severin

Sorensen CPP, Founder/Manager, CPTED LinkedIn Group (2008-present), and former Program Manager of CPTED Technical Assistance and Training Program, US Department of Housing and Urban Development (1994–2002). Permission obtained to reproduce.

86.  Physical Barriers

85. THE ROLE OF SECURITY PRACTITIONER The role of security practitioner is to serve the facilitator of crime prevention and loss prevention activities within one’s community. Carrying out this role involves a degree of knowledge and interacting roles in which he or she:    1. Supports individual action and supports group action 2. Has written a set of policy guidelines and decisions 3. Has developed a set of comprehensive crime prevention programs 4. Has conducted a security risk assessment of the property and consulted with management as to future objectives 5. Has trained his security offices on proper patrol techniques as well as policy and procedures

COMMUNITY PARTICIPATION STRATEGIES 1. Community awareness and knowledge of specific strategies 2. Group project strategies 3. Informal social control strategies    Awareness and knowledge strategies are basically aimed at informing the community as to what crime prevention is, how it works, and what you can do and why specific things need to be done to reduce crime. The development of a community-wide crime prevention program must proceed from the concept of the practitioner and the citizen as partners. After all, the community is being asked to assume collective responsibility for the reduction of crime and improving the quality of life. Finally, the role of a practitioner is a very important position because at times you will have many challenges and complications. It is a very honorable job because you are involved so closely with your community to keep them safe. People will look to you for guidance and training. It is a role you will grow into and one that will give you the highest respect, so enjoy it.

86. PHYSICAL BARRIERS The emphasis on design and use deviates from the target hardening approach to crime prevention. Traditional target hardening focuses predominantly on denying access to a crime target through physical or artificial barrier techniques such as walls, fences, gates, locks, grilles, and the like. Target hardening often leads to constraints on use, access, and enjoyment of the hardened environment. Moreover, the traditional approach tends to overlook opportunities for natural access control and surveillance. The term natural refers to deriving access control and surveillance results as a by-product of the normal and routine use of the environment. It is possible to adapt normal and natural uses of the environment to accomplish the effects of artificial or mechanical hardening and surveillance. Nevertheless, CPTED employs pure

123

124

150 Things You Should Know about Security

target hardening strategies, either to test their effectiveness compared with natural strategies or when they appear to be justified as not unduly impairing the effective use of the environment. Physical barriers are typically separated into the following categories:    • Doors • Floors • Roofs • Fences • Walls • Natural barriers

DESIGN • How well does the physical design support the intended function? • How well does the physical design support the definition of the desired or accepted behaviors? • Does the physical design conflict with or impede the productive use of the space or the proper functioning of the intended human activity? • Is there confusion or conflict in terms of the manner in which the physical design is intended to control behavior?    The three CPTED strategies of territorial reinforcement, natural access control, and natural surveillance are in the 3-D concept.    • Does the space clearly belong to someone or some group? • Is the intended use clearly defined? • Does the physical design match the intended use? • Does the design provide the means for normal users to naturally control the activities, to control access, and to provide surveillance?    After a basic self-assessment has been conducted, the Three-Ds may then be turned around as a simple means of guiding decisions about what to do with human space. The proper functions have to be matched with space that can support them— with space that can effectively support territorial identity, natural access control, and surveillance—and intended behaviors have to be indisputable and be reinforced in social, cultural, legal, and administrative terms or norms. The design has to ensure that the intended activity can function well, and it has to directly support the control of behavior.

87. FIRE SAFETY ISSUES What should employers do to protect workers from fire hazards? Employers should train workers about fire hazards in the workplace and about what to do in a fire emergency. If you want your workers to evacuate, you should train them on how to escape.

87.  Fire Safety Issues

If you expect your workers to use firefighting equipment, you should give them appropriate equipment and train them to use the equipment safely (see Title 29 of the Code of Federal Regulations Part 1910 Subparts E and L; and Part 1926 Subparts C and F). What does OSHA require for emergency fire exits? Every workplace must have enough exits suitably located to enable everyone to get out of the facility quickly. Considerations include the type of structure, the number of persons exposed, the fire protection available, the type of industry involved, and the height and type of construction of the building or structure. In addition, fire doors must not be blocked or locked when employees are inside. Delayed opening of fire doors, however, is permitted when an approved alarm system is integrated into the fire door design. Exit routes from buildings must be free of obstructions and properly marked with exit signs. See 29 CFR Part 1910.36 for details about all requirements. Do employers have to provide portable fire extinguishers? No. But if you do, you must establish an educational program to familiarize your workers with the general principles of fire extinguisher use. If you expect your workers to use portable fire extinguishers, you must provide hands-on training in using this equipment. For details, see 29 CFR Part 1910 Subpart L. When required, employers must develop emergency action plans that:    • Describe the routes for workers to use and procedures to follow. • Account for all evacuated employees. • Remain available for employee review. • Include procedures for evacuating disabled employees. • Address evacuation of employees who stay behind to shut down critical plant equipment. • Include preferred means of alerting employees to a fire emergency. • Provide for an employee alarm system throughout the workplace. • Require an alarm system that includes voice communication or sound signals such as bells, whistles, or horns. • Make the evacuation signal known to employees. • Ensure emergency training. • Require employer review of the plan with new employees and with all employees whenever the plan is changed. • All fire prevention plans must be available for employee review. • Include housekeeping procedures for storage and cleanup of flammable materials and flammable waste. • Address handling and packaging of flammable waste. (Recycling of flammable waste such as paper is encouraged.) • Cover procedures for controlling workplace ignition sources such as smoking, welding, and burning, if applicable. • Provide for proper cleaning and maintenance of heat producing equipment such as burners, heat exchangers, boilers, ovens, stoves, and fryers and require storage of flammables away from this equipment, if applicable. • Inform workers of the potential fire hazards of their jobs and plan procedures.

125

126

150 Things You Should Know about Security

• Require plan review with all new employees and with all employees whenever the plan is changed.    What are the rules for fixed extinguishing systems? Fixed extinguishing systems throughout the workplace are among the most reliable firefighting tools. These systems detect fires, sound an alarm, and send water to the fire and heat. To meet OSHA, standards employers who have these systems must:    • Substitute (temporarily) a fire watch of trained employees to respond to fire emergencies when a fire suppression system is out of service. • Ensure that the watch is included in the fire prevention plan and the emergency action plan. • Post signs for systems that use agents (e.g., carbon dioxide, Halon 1211) posing a serious health hazard, if applicable.    For a comprehensive list of compliance requirements of OSHA standards or regulations, refer to Title 29 of the Code of Federal Regulations. The voice phone is (202) 693–1999. See also OSHA’s website at www.osha.gov.

88. VIDEO ANALYTICS AND THERMAL CAMERAS Video analytics (video motion sensors) can be utilized to increase productivity and reduce the amount of video surveillance storage. In this way, cameras are programmed to “stand-by” and only record when there is motion or activity in a defined area. When the camera begins to record, the security desk is notified of a potential problem in that area and can dispatch a security officer or call 911, if necessary. Security officers at the security desk would have the capability to override the video analytics program and manually control the camera, if necessary. This would help to ensure that security officers are alert and motivated. Research from Sandia National Laboratories states that, “…an operator is likely to miss important information after only 20 minutes in front of a monitor; intelligent video can help operators cover more cameras and respond more quickly.”

THERMAL CAMERAS Thermal sensors and cameras create video images from infrared heat waves. Infrared is part of the electromagnetic spectrum with wavelengths that are longer than visible light. The warmer the object, the more energy it emits. Here is a benefit checklist covering most types of thermal cameras with analytics:    • Good useable image both duday and night and in adverse conditions • Reliability of the analytics, as well as visual assessment capabilities of the operator receiving the alarm • No lighting required • Customers/users may be able to turn site lighting off or minimize it. • Low power and bandwidth consumption • Low maintenance and cost of ownership

89.  Design Out Crime/Designing for Security

89. DESIGN OUT CRIME/DESIGNING FOR SECURITY The Designing Out Crime Strategy is a proactive plan for intervention. Paul Cozens 2016.

INTRODUCTION Which elements have had the most influence in designing for security? Building zoning layout, controlled entrances, technology, staff training, and operational strategies streng­ then a school’s position with regard to protecting a building and its occupants. Committees creating strategic plans recognize that security and safety are critical for healthful learning environments and try to identify facilities improvements that achieve that goal.

IDENTIFYING OBJECTIVES In designing security for schools, architects and facilities committees should include objectives in the educational specifications with descriptions and expectations for providing a safe learning environment. Document the institution’s security philosophy, systems approach, and special considerations for operations and management. When designing an education facility, have a security specialist on the design team to help integrate security into architectural, electrical, technology, mechanical, and site elements. Generally, the security specialist on the design team is aware of local laws and ordinances, NFPA 101: Life Safety Code, as well as security issues and should have input on the products going to be used. It is important to work with the security integrator on items such as fire and intrusion alarms, mass notification, exit doors, hardware, access control, biometrics, lighting, a digital security surveillance system, landscaping, parking lots, fences and other barriers, lobby and foyer design, and ensuring that there are layers in the security program. Physical security technology is expected to play a large part in the critical infrastructure protection and incidence of terrorist attacks, and government regulations have made it mandatory. Also, there has been increased budget allocation to implement physical security systems and technologies to secure properties, resources, and society. Architects designing secure learning environments incorporate “intuitive” and “active” design. Intuitive design consists of facility layouts and design standards that promote safety. Visitors approaching a site are guided via architectural and landscape features and other wayfinding means. These security measures include:    • A welcoming site entrance with appropriate signage and lighting detailing areas for learning and community engagement. • Easily identifiable vehicular and pedestrian pathways to route visitors immediately toward designated areas. • Appropriately designated and ample visitor parking near the main entrance. • A well-marked main entrance to the building either by name of building or street address. • Labeled entrances to provide after-hour access.   

127

128

150 Things You Should Know about Security

For the building envelope, consider the following:    • Landscaping, which minimizes shadowed areas against the building (low-height shrubs and higher trees provide landscape security). • Entrances open to view for patrol visibility and camera placement (avoiding wide columns and screen walls). Walls of appropriate height with secure gates to prevent access to unsupervised areas. • Entrance doors clustered together instead of numerous, dispersed single doors, which are difficult to supervise. Entrance doors should be numbered #1, then run the numbers consecutively around the building. • Glare-controlled, well-lighted areas at window locations. • Fish-eye viewers in windowless exterior doors • Numbered windows to aid emergency responders. If its room 125 the windows should read 125-A then 125-B for middle window and 125-C for window on the right.    For the building interior, consider the following:    • At main circulation areas, transparent glazing that is visible from the exterior for ease of supervision, (Natural surveillance). • A direct view from administrative areas to the main entrance, and a direct view to the reception area for the visitor. • Controlled access at the main entrance that directs visitors to a reception area for check-in. • Building zoning that enables after-hours community use while securing unused areas. • Staff planning areas with glazing into student areas for supervision during school hours. • Low-height student lockers in common areas for easy supervision by staff. • Well-maintained door and window hardware, and exterior door latch and guard plates to prevent break-ins. • Numbered doors to aid emergency responders. Entrance doors should be numbered #1, then run the numbers consecutively around the building.    Active design uses technology and electrical systems for the final measure of providing a secure environment. For active site design, provide non-glare, well-lighted approaches; parking lots; and entrances. Consider providing the following “active” features for secure exteriors:    • Cameras at site and building entrances and fenestration. • High-resolution digital cameras with appropriate recording times. • Interior lighting at glazed main entrance areas with evenly distributed lighting to the exterior. • Card readers at main entrances and other heavy-use areas (staff entrances, receiving areas, playground areas, and community entrance, etc.). • Card readers in lieu of keyed entries to control key distribution issues; this will create an issue for badge control of building access.   

89.  Design Out Crime/Designing for Security

Consider providing the following for building interiors:    • Security cameras situated by building zone to protect users. • Two-way communications from central administration to all rooms. In addition, check for dead spots in areas that could be used by police and fire departments. • Security cameras for authorities to find an intruder during lockdown. • Panic or duress alarm at the reception desk and principal’s office. • Security cameras used as a deterrent to protect property from vandalism. • Walk through security lighting, and make sure only LED energy-saving lights are installed. • Security cameras for evidence documentation. • Radio-frequency communication, possibly a repeater maybe needed. • UL-752 • Digital cameras with adequate recording time and HD resolution at appropriate distances. • Generator backup power supply for phones and emergency communications and alarms. • Mass notification program. • Security officers or Security Reserve Officer. • Site hardening. • Emergency blue light phones, more common in colleges and universities.    Managing your physical security is more important than you realize. Make sure you have a maintenance budget line item for replacement and repair issues.

SECURE, YET WELCOMING Appropriate planning and design can result in life-saving experiences. Make sure administrators and the community define and understand the desired level of security. A place for learning must be both secure and welcoming to its users (metal detectors usually are a distraction). Have a consistent plan for maintaining security equipment operational; a non-operating camera is a false sense of security and does more harm than good. Involve security designers early in the design process to avoid costly reconstruction, which also can affect esthetics negatively. Uncontrolled entrances and hallways permit security breaches (main reception areas and entrance vestibules should be connected). Zone building areas so that code-required exits can be maintained (zones with double doors swinging in both directions provide no security). An improperly designed area may need to be covered by security cameras that otherwise would not be needed. Through proper planning, design, and management, a facility and its surrounding site can be a welcoming place, yet be highly secure through intuitive and active ­strategies that are simple and cost effective. Proper facility management and training for handling daily procedures, visitor sign-in practices, lockdown protocol, and equipment maintenance are keys to comprehensive security solutions. The goal is to

129

130

150 Things You Should Know about Security

provide a safe haven for learning, limit the probability of crime, and promote social control through a variety of measures and design strategies.

FIGHTING CRIME BY DESIGN: A SECURE TRANSITION Retrofitting buildings is more challenging than designing new facilities. Most buildings built prior to the 21st century provided minimal security controls. Controlling main entrances via camera installation comes up short to the level of security for building access desired by education institutions. Ten years ago, “school security” meant hiring a part-time police liaison for daily monitoring of hallways, and setting cameras at night for vandalism protection. Over the past decade, events have changed the way educators define and address security. Approaches such as CPTED stem from the premise that design and management of the built environment can reduce crime and improve quality of life (see figure, which highlights the first three strategies).86

Natural Surveillance

Crime Prevenon Through Environmental Design

Territorial Behaviour

Natural Access and Control

There are seven strategies in CPTED:    • Natural access control • Natural surveillance 86 P

Cozens. Think crime. 2nd ed. Praxis Education; 2016. p. 18 (per Cozens & Love, 2015, Cozen, Saville & Hiller, 2005).

90.  Mass Notification Procedures

• Territorial reinforcement • Image management • Activity support • Target hardening • Geographical juxtaposition (wider environment)

CONCLUSION Different buildings and different organizations face different threats, including fighting and bullying, gang activity, theft, vandalism, drugs, and unwanted visitors. An effective security strategy will address individual needs for each building. At times, carrying out security measures may mean installing expensive equipment. Take steps to identify and carry out no-cost or low-cost solutions to strengthen security.87

REFERENCE Erickson, AIA/NCARB/REFP, is president of ATS&R Planners/Architects/Engineers, Minneapolis, a multidisciplined firm specializing in pre-K to 12 and post–secondary school planning and design. He can be reached at [email protected].

90. MASS NOTIFICATION PROCEDURES When developing a mass notification program, ensure that you include redundant forms of communication, such as emails, text messages, social media, public address system announcements, as well as audible alarms. In the age of technology and digital communication, electronic message boards are becoming more common as a form of notification. This must use prescript messages, and messaging must be approved by the Incident Command Staff (not a committee) before being broadcast. Ensure your mass notification program complies with American Disability Act (ADA) (physically handicapped, visually impaired, hearing impaired, or special needs individuals). Have designated individuals trained to assist. Provide language assistance and preestablished phone trees. Ensure that your procedures meet NFPA Standards and Guidelines, which includes a communication program, an incident management system, and individuals who can effectively understand Incident Command System (ICS) and the procedures and protocols. There must be at least three people trained per position in the emergency management organization. Emergency notifications can be made via the public address system, or by text to employees, but you may also want to consider a warning appearing on the screen of every computer that is on the company network. There should be redundant 87 Ibid.

131

132

150 Things You Should Know about Security

notification and communication systems and procedures. Keep in mind visually, hearing, or physically impaired individuals when considering emergency notification processes. The following are recommendations that will strengthen mass notification practices at your complex:    1. Pre-recorded messages: Pre-recorded messages need to be developed to address the most likely and the most catastrophic emergency situations that will require utilization of mass notification systems. Furthermore, pre-recorded messages will allow security officers to initiate mass notification, significantly reducing the time delay. 2. Protocol: Management must establish a clear protocol to address the following. 3. Activation guidelines: Description of situations/criteria that require utilizing the alert system. 4. Authority: Authority to activate an alert must be given to security operators/dispatchers tasked with monitoring all security systems. This will allow for quick and efficient mass notification in case of an emergency situation. 5. Practice: It is recommended that mass notification be included as part of any emergency drill conducted at your complex. This will prepare security operators to utilize mass notification in times of crisis. Furthermore, such ongoing practices will significantly reduce the amount of time it takes to send a message through the mass notification system.

91. OCCUPATIONAL SAFETY AND HEALTH ADMINISTRATION REGULATIONS88 The following OSHA*/Department of Labor regulations may have an impact on security policies and procedures:    • 1910.35: Compliance with alternate exit route codes • 1910.36: Design and construction requirements for exit routes • 1910.37: Maintenance, safeguards, and operational features for exit routes • 1910.38: Emergency action plans • 1910.39: Fire prevention plans • 1910.157: Portable fire extinguishers • 1910.165: Employee alarm systems • 1910.266: First aid and CPR training    *OSHA approves and monitors all State Occupational Safety and Health Plans and provides as much as 50% of the funding for each program. Kentucky, for example, is one of the states that has its own Occupational Safety and Health Program (KY OSH). State-run safety and health programs must be at least as effective as the 88 Safety

and health topics. Retrieved from: https://www.osha.gov/SLTC/firesafety/standards.html.

91.  Occupational Safety and Health Administration Regulations

federal OSHA program; so for the purposes of this document, federal OSHA information is cited for guidance.89

EMERGENCY PROCEDURES AND SECURITY OPERATIONS Some occupational safety and health duties will be the primary responsibility of security; for example, administering CPR and first aid, monthly inspections of first aid kits and AEDs, and using fire extinguishers. While on patrol rounds, security officers shall also be alert for any safety hazards, such as blocked emergency exits and immediately report any unsafe conditions, including slip, trip, and fall hazards. Security officers should have good situational awareness, which means they must constantly be aware of their surroundings and be able to recognize potential threats and dangerous situations (see item #16).    • Define the duties of security personnel with an assigned role. • Establish procedures for each position. • Prepare checklists for all procedures. • Define procedures and responsibilities for firefighting, medical and health, and engineering. • Determine lines of succession to ensure continuous leadership, authority, and responsibility in key positions. • Determine equipment and supply needs for each response function.    Assign all personnel responsibility for    • Recognizing and reporting an emergency. • Warning other employees in the area. • Taking security and safety measures. • Evacuating safely. • Providing training.90    General training for your employees should address the following91:    • Individual roles and responsibilities. • Threats, hazards, and protective actions. • Notification, warning, and communications procedures. • Emergency response procedures. • Evacuation, shelter, and accountability procedures. • Location and use of common emergency equipment. • Emergency shutdown procedures.    89 State

plans. Retrieved from: https://www.osha.gov/dcsp/osp/index.html. Management Guide for Business and Industry. Retrieved from: https://www.fema.gov/ media-library/assets/documents/3412. 91 Develop and Implement an Emergency Action Plan (EAP) Emergency Action Plan Checklist. Retrieved from: https://www.osha.gov/SLTC/etools/evacuation/checklists/eap.html. 90 Emergency

133

134

150 Things You Should Know about Security

For more information on workplace emergencies, visit: https://www.osha.gov and https://www.fema.gov. Two sample policies and procedures are below:

Sample AED Policy92 Purpose This policy will provide guidelines for the use of AEDs in a safe manner on company property. The objective is to comply with all federal, state, and local codes by providing training and education to familiarize employees with the general principles of performing CPR and using an AED to save a life.

Scope The guidelines set forth in this policy apply to all AEDs on the property and to all ERT members who are trained in their use.

Responsibility • Cardiac Science Powerheart G5 Automatic AED(s)93 are located at: _____, which are areas easily accessible during all hours that the building is open. • All AED(s) will be stored in unlocked wall cabinets with a transparent door for better visibility. • Each wall cabinet will have the AED symbol clearly visible on the front of the door, and a sign will be placed above each cabinet identifying it as an AED location. • Each AED wall cabinet will have a local audible alarm that sounds when the door is opened as well as an alarm that will sound in the security control center. • Each AED will have one set of pads connected to the AED at all times and a spare set of pads will be kept in the AED case. • Two-year, inspection tags are attached to each of the AEDs, and once each calendar month, security officers shall conduct and document an inspection of each AED. This inspection shall include review of the following: AED Ready Kit that is attached to the carry case of the unit, AED battery life, and pad expiration date. The Powerheart AED Ready Kit contains non-latex gloves (medium and large), a razor, medical shears, two paper towels, two 4 × 4 gauze pads, and a one-way CPR mask. Any AED(s) that require new pads or a battery will be reported to the director of security (or another designated individual) immediately or the designated individual. • Security officers shall initial and date the inspection tag attached to the carrying case of the AED each month when the AED is inspected. AED inspection tags will be replaced at biannual CPR/AED training. • The director of security (or another designated individual) will maintain a list of trained personnel authorized to use the AED. Authorized personnel are those 92 Emergency

Response Plan (AED Policy). Retrieved from: http://la12.org/Portals/733/Web_content/ files/EmergencyResponsePlan.pdf. 93 Powerheart® G5 AED. Retrieved from: http://www.cardiacscience.com/products/powerheart-aed-g5/.

91.  Occupational Safety and Health Administration Regulations

individuals with current certification in CPR and the use of AEDs from the American Heart Association.94 Additionally, trained and certified members of the general public are authorized to use the AED in cardiac emergencies. All trained and certified persons present in the complex when a cardiac emergency occurs will constitute the ERT. • The procedure in the event of an unresponsive individual on the property shall be for the security dispatcher to immediately activate the 911 system and also notify the director of security (or another designated individual). The dispatcher in the security control center shall announce a pre-determined code word on the building’s public address system. At least two members of ERT shall go to the announced location of the patient, assess the patient, and if necessary, begin CPR. A member of the ERT shall go to the location of the AED and bring the AED to the patient. Any remaining security officers or members of the ERT should be used for crowd control or should be sent to key locations on the property to direct emergency personnel to the patient. • Protocol for CPR and the use of the AED: • Make sure the scene is safe for you and the person needing help. • Don appropriate personal protective equipment. • Check to see if the person is responsive or unresponsive. • If breathing normally, stay with the person until advanced help arrives. • If not breathing normally or only gasping, phone or send someone to phone 911. • Begin CPR with your hands on the lower half of the breastbone and give 30 compressions at a depth of at least 2 in and a rate of 100–120 compressions per minute. • Give 2 breaths, each lasting approximately 1 second, until you see the patient’s chest rise. • Continue CPR (30 compressions and 2 breaths). • As soon as the AED arrives, open the lid of the AED and follow voice prompts. You will be attaching the pads on the upper right and the lower left of the patient’s bare chest by following the diagram on the pads. Continue CPR. • Every 2 minutes, the AED will analyze and deliver a shock as necessary. Ensure that no one is touching the person while the AED is analyzing or delivering a shock. • If breathing is restored, move the victim to the recovery position. Do not remove pads from the patient’s chest, and do not disconnect pads from the AED. • When emergency medical services (EMS) arrives, the rescuer will continue the AED protocol until EMS personnel acknowledge that they are assuming responsibility for the patient’s care.    94 Heartsaver® courses. Retrieved from: http://cpr.heart.org/AHAECC/CPRAndECC/Training/Heartsaver

Courses/UCM_473174_Heartsaver-Courses.jsp.

135

136

150 Things You Should Know about Security

Post-incident • Clean the AED by inspecting the exterior and connector for dirt or contamination. • Restock electrode pads and any other contents of the Powerheart AED Ready Kit. • Complete an incident report. • The director of security (or another designated individual) shall notify all personnel that the AED is back in service. • All ERT members shall participate in a review of the event and the response procedures to ensure the actions were appropriate, so it can be an opportunity for improvement.

Periodic Drills • Periodic drills will be held quarterly at the direction of the director of security (or another designated individual) so the ERT members can practice and retain their skills. The person conducting the drills will provide feedback and guidance as necessary.

Sample Fire Extinguisher Policy Purpose This policy will provide guidelines for the use of fire extinguishers in a safe manner on company property. The objective is to comply with all federal, state, and local codes by providing training and education to familiarize employees with the general principles of fire extinguisher use and the hazards involved with the incipient stage of firefighting. A portable fire extinguisher is a “first aid” device and is very effective when used while the fire is small. The use of a fire extinguisher that matches the class of fire, by a person who is well trained, can save both lives and property. Scope: These guidelines set forth in this policy apply to all extinguishers on the property.

Responsibility Fire extinguisher use: Security officers and other trained personnel may make the decision to use a fire extinguisher on company property. Voluntary use of a fire extinguisher by personnel who are properly trained can save both lives and extensive property loss. Portable fire extinguishers will be installed per fire code in workplaces regardless of other fire prevention measures. The successful performance of a fire extinguisher in a fire situation largely depends on its proper selection, inspection, maintenance, and distribution. Classification of fires and selection of extinguishers: Fires are classified into four general categories depending on the type of material or fuel involved. The type of fire determines the type of extinguisher that should be used to extinguish it.    • Class A fires involve materials such as wood, paper, and cloth, which produce glowing embers or char. • Class B fires involve flammable gases, liquids, and greases, including gasoline and most hydrocarbon liquids, which must be vaporized for combustion to occur.

91.  Occupational Safety and Health Administration Regulations

• Class C fires involve fires in live electrical equipment or in materials near electrically powered equipment. • Class D fires involve combustible metals, such as magnesium, zirconium, potassium, and sodium. • Class K fires involve oils and greases normally found in commercial kitchens and food preparation facilities using deep fryers.    Extinguishers will be selected according to the potential fire hazard, the construction and occupancy of facilities, the asset to be protected, and other factors pertinent to the situation. Proper use: Remember PASS for the proper use of a fire extinguisher:    • Pull the pin: By pulling the pin, the operating lever is unlocked and allows you to discharge the extinguisher. • Aim low: Point the extinguisher hose/nozzle at the base of the fire. • Squeeze the lever: This will discharge the extinguishing agent. Some extinguishers may have a button or other means of activation. • Sweep from side to side: While you are aiming at the base of the fire, you should sweep back and forth until the fire is extinguished. If the fire reignites, repeat the process. Keep your back to an exit so that there is a viable means of escape from the fire and stand at least 8 ft from the fire and begin PASS. If the fire does not extinguish immediately, leave the fire. If the fire is extinguished, have the fire department survey the area to ensure the fire is no longer a hazard.

Training Fire extinguisher training and education will be provided as required by OSHA:    1. Where the employer has provided portable fire extinguishers for employee use in the workplace, the employer shall also provide an educational program to familiarize employees with the general principles of fire extinguisher use and the hazards involved with incipient stage firefighting. 2. The employer shall provide the education required upon initial employment and at least annually thereafter. 3. The employer shall provide employees who have been designated to use firefighting equipment as part of an emergency action plan with training in the use of the appropriate equipment. 4. The employer shall provide the training required upon initial assignment to the designated group of employees and at least annually thereafter.    Fire extinguishers will be conspicuously located, easily identified, and readily accessible for immediate use in the event of fire per NFPA 101. They will be located along normal paths of travel and egress. Wall recesses and/or flush-mounted brackets will be used as extinguisher locations whenever possible. In most cases, extinguishers will be located in hallways or in common areas and not in rooms. They shall be placed just outside of a room and allow accessibility to the room occupants as well as other occupants of the building. Extinguishers should not be stored in locked rooms

137

138

150 Things You Should Know about Security

or offices. Extinguishers will be clearly visible. In locations where visual obstruction cannot be completely avoided, directional arrows will be provided to indicate the location of extinguishers. Extinguisher classification markings will be located on the front of the shell above or below the extinguisher nameplate. Fire extinguishers will be maintained in a fully charged and operable condition. They will be kept in their designated locations at all times when not being used. When extinguishers are removed for maintenance or testing, a fully charged and operable replacement unit will be provided. Fire extinguishers will be installed on hangers, brackets, or in cabinets. Extinguishers having a gross weight not exceeding 40 pounds will be so installed that the top of the extinguisher is not more than 3½ ft above the floor. Extinguishers mounted in cabinets or wall recesses will be placed so that the extinguisher operating instructions face outward. The location of such extinguishers will be made conspicuous by marking the cabinet or wall recess in a contrasting color that will distinguish it from the normal decor. Extinguishers must be distributed in such a way that the amount of time needed to travel to their location and back to the fire does not allow the fire to get out of control. OSHA requires that:    • The travel distance for Class A and Class D extinguishers not exceed 75 ft. • The maximum travel distance for Class B extinguishers is 50 ft because flammable liquid fires can get out of control faster that Class A fires. • There is no maximum travel distance specified for Class C extinguishers, but they must be distributed on the basis of appropriate patterns for Class A and B hazards. • It is required that no extinguisher have a travel distance more than 75 ft.    Fire extinguishers must be inspected monthly by security officers and documented on the inspection tag. This inspection should include a visual check of the hose (not cracked), the pressure gauge (in the green area), the container (not damaged or dented), and the location (is it missing). This requires an inventory of the extinguishers assigned to the building to be used as a checklist. The director of security (or another designated individual) will document the location of all fire extinguishers by location for the purpose of conducting monthly inspections. Each fire extinguisher on the property will also be inspected and serviced annually (or as needed) by a qualified fire safety specialist to ensure that they are in the proper location, that they have been inspected monthly, and that they are in working condition.

92. WORKPLACE FIRE SAFETY Pursuant to the OSHA, a fire prevention plan must be:    • In writing • Kept in the workplace • Made available to employees for review    An employer with 10 or fewer employees may communicate the plan orally to employees.

92.  Workplace Fire Safety

At a minimum, your fire prevention plan must include:    • A list of all major fire hazards, proper handling and storage procedures for hazardous materials, potential ignition sources and their control, and the type of fire protection equipment necessary to control each major hazard. • Procedures to control accumulations of flammable and combustible waste materials. • Procedures for regular maintenance of safeguards installed on heat producing equipment to prevent the accidental ignition of combustible materials. • The name or job title of employees (many times security officers) responsible for maintaining equipment to prevent or control sources of ignition or fires. • The name or job title of employees responsible for the control of fuel source hazards.    An employer must inform employees upon initial assignment to a job of the fire hazards to which they may be exposed. An employer must also review with each employee those parts of the fire prevention plan necessary for self-protection.95 The NFPA Fire Prevention Week is intended to focus on the importance of fire safety in the home, in schools, and at work, but workplace fire safety is also addressed by OSHA.96 The principal focus is on saving lives and preventing injuries due to fire.97 When workplace inspections are done, employers are checked for compliance with OSHA standards for fire safety as well as the NFPA 101: Life Safety Code, which is the most widely used source for strategies to protect people based on building construction, protection, and occupancy with features that minimize the effects of fire and related hazards. It is the only document that covers life safety in both new and existing structures98 Employers must provide proper exits, firefighting equipment, emergency plans, and employee training to prevent fire deaths and injuries in the workplace.

BUILDING FIRE EXITS99 • Each workplace building must have at least two means of escape remote from each other to be used in a fire emergency. • Fire doors must not be blocked or locked to prevent emergency use when employees are within the building. Delayed opening of fire doors is permitted when an approved alarm system is integrated into the fire door design. • Exit routes from buildings must be clear and free of obstructions and properly marked with signs designating exits from the building. 95 Fire

prevention plan requirements. Retrieved from: https://www.osha.gov/SLTC/etools/evacuation/ fire.html. 96 Fire prevention week. Retrieved from: http://www.nfpa.org/public-education/campaigns/fireprevention-week. 97 Ibid. 98 Codes and standards. Retrieved from: http://www.nfpa.org/codes-and-standards/all-codes-andstandards/list-of-codes-and-standards?mode=code&code=101. 99 Emergency plans. Retrieved from: https://www.osha.gov/SLTC/etools/evacuation/fire.html.

139

140

150 Things You Should Know about Security

PORTABLE FIRE EXTINGUISHERS100 • Each workplace building must have a full complement of the proper type of fire extinguisher for the fire hazards present. • Employees expected or anticipated to use fire extinguishers must be instructed on the hazards of fighting fire, how to properly operate the fire extinguishers available, and what procedures to follow in alerting others to the fire emergency. • Only approved fire extinguishers are permitted to be used in workplaces, and they must be kept in good operating condition. Proper maintenance and inspection of this equipment is required of each employer. • Where the employer wishes to evacuate employees instead of having them fight small fires, there must be written emergency plans and employee training for proper evacuation.

EMERGENCY EVACUATION PLANNING101 • Each employer needs to have a written emergency action plan for evacuation of employees that describes the routes to use and procedures to be followed by employees. Also, procedures for accounting for all evacuated employees must be part of the plan. The written plan must be available for employee review. • Where needed, special procedures for helping physically impaired employees must be addressed in the plan; also, the plan must include procedures for those employees who must remain behind temporarily to shut down critical plant equipment before they evacuate. • The preferred means of alerting employees to a fire emergency must be part of the plan, and an employee alarm system must be available throughout the workplace complex and must be used for emergency alerting for evacuation. The alarm system may be voice communication or sound signals such as bells, whistles, or horns. Employees must know the evacuation signal. • Training of all employees in what is to be done in an emergency is required. Employers must review the plan with newly assigned employees so they know correct actions in an emergency and with all employees when the plan is changed.

FIRE PREVENTION PLAN102 • Employers need to implement a written fire prevention plan to complement the fire evacuation plan. Stopping unwanted fires from occurring is the most efficient way to handle them. The written plan shall be available for employee review. 100 Ibid. 101 Ibid. 102 Ibid.

93.  Security for Marijuana Farms and Dispensaries

• Housekeeping procedures for storage and cleanup of flammable materials and flammable waste must be included in the plan. Recycling of flammable waste such as paper is encouraged; however, handling and packaging procedures must be included in the plan. • Procedures for controlling workplace ignition sources such as smoking, welding, and burning must be addressed in the plan. Heat producing equipment such as burners, heat exchangers, boilers, ovens, stoves, fryers, etc., must be properly maintained and kept clean of accumulations of flammable residues; flammables are not to be stored close to these pieces of equipment. • All employees are to be apprised of the potential fire hazards of their job and the procedures called for in the employer’s fire prevention plan. The plan shall be reviewed with all new employees when they begin their job and with all employees when the plan is changed.

FIRE SUPPRESSION SYSTEM103 • Properly designed and installed fixed fire suppression systems enhance fire safety in the workplace. Automatic sprinkler systems throughout the workplace are among the most reliable firefighting means. The fire sprinkler system detects the fire, sounds an alarm, and puts the water where the fire and heat are located. • Automatic fire suppression systems require proper maintenance to keep them in serviceable condition. When it is necessary to take a fire suppression system out of service while business continues, the employer must temporarily substitute a fire watch of trained employees standing by to respond quickly to any fire emergency in the normally protected area. The fire watch must interface with the employers’ fire prevention plan and emergency action plan. • Signs must be posted about areas protected by total flooding fire suppression systems, which use agents that are a serious health hazard such as carbon dioxide, Halon 1211, etc. Such automatic systems must be equipped with area pre-discharge alarm systems to warn employees of the impending discharge of the system and allow time to evacuate the area.    There must be an emergency action plan to provide for the safe evacuation of employees from within the protected area. Such plans are to be part of the overall evacuation plan for the workplace facility (see item #91).

93. SECURITY FOR MARIJUANA FARMS AND DISPENSARIES For those who either cultivate or sell marijuana, it is important that they know how to protect their investment—equipment, inventory, products, and above all, their employees. The marijuana industry certainly comes with its own security challenges. 103 Ibid.

141

142

150 Things You Should Know about Security

The legalization of recreational marijuana in Colorado and Washington introduced a new element for the cannabis industry in the United States—effective security that “fits” with this industry. Medicinal marijuana is legal in 23 states, but is still considered a Schedule 1 controlled substance by the US government, which makes growing and selling marijuana illegal under federal law. This elevates the security situation for marijuana farms and dispensaries to a new level because many banks are reluctant to accept money that is generated from the sale of marijuana, so this has forced the industry to be an all-cash business.104 This has led to the development of “specialty” security companies for a niche market. These “specialty” security companies not only protect product and cash on hand but also are responsible for securing the perimeter of the property, access control in and out of areas and buildings, monitoring video surveillance and response, monitoring the intrusion detection systems, and providing ongoing consulting services; they have to constantly monitor the temperature and lighting within the growing facilities. It is important that marijuana farms and dispensaries consider all possible threats and have state-of-the-art technology as a part of their security master plans and that the security operation is efficient and either minimizes or eliminates any security vulnerability. CNN reports that there are now big-box stores, named “weGrow,” that offer marijuana growing equipment, supplies, and services (including recommendations for security) and they are being called, the “Walmart of Weed.”105 None of the “weGrow” stores actually sell marijuana, but they advertise that their services and products are designed especially for cultivating marijuana. This is a perfect example of the premise, supply, and demand. “weGrow” also offers a “Dispensary Security Plan” that covers facility as well as operational security that is touted as something that “…every dispensary or cultivation owner must have! Essential document for anyone that plans to own a marijuana dispensary.” It includes a sample security plan and advertises that custom plans are also available. The security plans are designed to “minimize security exposure and prevent breaches before they even occur. However, in the event that preventative measures fail, the Operational Security Plan is designed to quickly observe, monitor, protect, counter and report any situations that do occur.”106 The Facility Security Plan includes:    • Location and site security • Secured employee parking • Round the clock coverage • Security surveillance systems • Maintenance of security systems • Access control/ingress and egress 104 http://www.securityinfowatch.com/article/11601437/booming-cannabis-industry-presents-wealth-

of-opportunities-to-security-system-installers-manufacturers. 105 http://www.cnn.com/2011/US/05/31/arizona.marijuana.superstore/index.html?iref=allsearch. 106  http://wegrowstore.com/index.php?page=shop.product_details&flypage=flypage.tpl& product_id=35&vmcchk=1&option=com_virtuemart&Itemid=262.

94.  Site Security During Construction

• Perimeter security • Product security • Fire alarm system • Intrusion alarm system    The Operational Security Plan includes:    • Security threats • Transactional security • Delivery security • Hazardous weather • Human resource policies • Employee security training • Inventory control • Guest, media, and visitor procedures • Neighborhood involvement • Emergency response • Contingency planning107    The “specialty” security companies are meeting the needs of the marijuana industry because some dispensary owners have stated that American District Telegraph (ADT), the largest security provider in the nation, has dropped or is refusing to accept customers in the marijuana industry. ADT told CNN Money it will not “sell security services to businesses engaged in the marijuana industry because it is still illegal under federal law.”108 Owners in the marijuana cultivation and dispensary business state that they are concerned not only with thieves but also with federal authorities who are eager to see them put out of business.109 With demand for security services to protect the marijuana industry, there is certainly not a shortage of opportunities for security professionals.

94. SITE SECURITY DURING CONSTRUCTION It is safe to say that most contractors will experience some theft of tools, building materials, or supplies before completion of a long-term construction project. They should be made aware of this fact and be security conscious at the beginning of the construction project before thefts become costly. Thefts that appear to be of an internal nature should be analyzed against such thefts at other sites, and security measures put into place. The following is a checklist for contractors:    1. The contractor should appoint security/protection officers or a liaison staff person to work with law enforcement on matters of theft and vandalism. 107 Ibid. 108 http://money.cnn.com/2013/04/29/smallbusiness/marijuana-security/. 109 Ibid.

143

144

150 Things You Should Know about Security

2. Perimeter protection: a. Gate type and strength b. Hinges c. Locks and chains d. Lighting e. Know the crime rate and offense types in the neighborhood f. Install a 6- to 8-ft (depending on the application) chain link fence with three rows of barbed wire or razor wire. 3. Location of contractor’s building on-site: a. Inspect the security components of the building b. Review site security procedures and controls c. Illuminate the building inside and out. 4. Materials and equipment on-site should be protected in a secured yard area. 5. Facilities for storage and security of tools and clothing should be kept in a locked, secure area. 6. All subcontractors are responsible to the main contractor. 7. Security/protection officers should patrol at night and on weekends. 8. Use temporary alarm protection for the site. 9. Payment of wages to employees should be made by check, not cash. 10. Deliveries of valuable material to site and the storage of such items should be in a secure area. 11. Establish a method to check accurate deliveries by using authorized receiving persons. 12. Check for proper signage around the perimeter of the building and the property. 13. Identify easily transportable material and property and be knowledgeable about common construction site thefts. 14. Have procedures in place to report theft to: a. Local law enforcement b. On-site security officers c. Insurance company    We heard the story once of a construction site that was experiencing a large number of thefts—both supplies and tools. The contractor contacted several contract security companies, but only one had experience in construction site security and also gave a proposal that was acceptable. The company was awarded the contract, and thefts at the site were stopped.

SOMETHING TO THINK ABOUT At 3:30 p.m. the security/protection officer showed up, ready for duty. He was 6 ft tall, weighed 240 lbs., and was all muscle. He carried a Glock 40 on his right hip, a shot gun, and two belts of shells over his shoulders. He basically looked like a Mexican bandito from an old cowboy movie. Plus, he had two German shepherds

96.  Three Phases of Attack

that patrolled the interior of the building and the perimeter of the property. Within several days, he fired his shotgun four times up into the air. That was it. There were no more crime problems. The protection exceeded the norm but worked to reduce losses. We are certainly not endorsing this approach, but this is an example of reactive, excessive security. Be sure to take the appropriate proactive approach to construction site security.

95. PROTECTION OF CULTURAL RESOURCE PROPERTIES: NFPA 909110 MUSEUMS, LIBRARIES, AND PLACES OF WORSHIP NFPA 909 describes principles and practices of protection for cultural resource properties (such as museums, libraries, and places of worship), their contents, and collections, against conditions or physical situations with the potential to cause damage or loss. NFPA 909 addresses provisions for fire prevention, emergency operations, fire safety management, security, emergency preparedness, and inspection, testing, and maintenance of protection systems. Criteria are also provided for new construction, addition, alteration, renovation, and modification projects, along with specific rules addressing places of worship and museums, libraries, and their collections.

96. THREE PHASES OF ATTACK When we use the term attack, we are not referring to any specific type of assault or sexual act. The key factors of an attack are:    1. Spontaneous or non-spontaneous 2. Random or not random 3. Risk: intent, capacity, opportunity    The three phases of an attack are:    1. The invitation to attack 2. The confrontation—acceptance or rejection 3. The attack—incomplete or complete    The overall goal should be to prevent the attack before it occurs and/or reduce the probability that an incident will occur or that a perpetrator will attempt and/or complete a criminal act. 110 O.P.

Norton Information Resources Center, ASIS Website. Retrieved from: https://www.asisonline. org/Membership/Library/Documents/virtual_library_tour.pdf.

145

146

150 Things You Should Know about Security

97. THIRTEEN STEPS TO AVOID BECOMING A VICTIM 1. Report all suspicious activities immediately to police (suspicious acting individuals; suspicious sounds like calls for help, screaming, breaking glass, a whistle being blown continuously; office doors ajar, broken windows, or individuals loitering near or in the doorways of a building. 2. Help deter property thefts—participate in operation identification—and engrave all personal property with the abbreviation of your state and your state driver’s license number. For example, GA 033-40-9999. 3. Lock your doors and pocket the keys—thefts only take seconds. 4. Do not lend a stranger your office key. 5. Request positive identification before opening a door to strangers. Use door viewers or “peepholes.” 6. Leave a light on when you go out, even if you plan on only being gone for a short time. 7. Select safe walking routines, preferably where there is the most light. 8. Walk in groups of two or more whenever possible. 9. Do not hitchhike. 10. Get a whistle and carry it in your hand when you walk alone 11. Do not carry more money than necessary, or flash money or credit cards when making purchases—ideally, use travelers’ checks when large sums of cash are needed. 12. If it is necessary to carry a handbag, carry it with the opening toward your body and your arm through the strap. 13. Do not provoke arguments or confrontation—the other person could be carrying a weapon.

STOP AND THINK! Most crimes can be prevented if we take a minute to stop and think about our own self-protection, safety, and the security of our possessions. Week after week, make note of the various crimes that have occurred, such as bicycles stolen that were unsecured, thefts from an office because a door was left unlocked, and thefts from a pocketbook that was left unattended. If you want to avoid being a victim of a crime, stop and think! Most crimes can be prevented. Crime prevention is everyone’s business. Help yourself, help your neighbors and coworkers, and help your community be a safer place! Think security and think prevention!

98. COURTROOM TESTIFYING At times, you may be required to testify in court as a result of some incident at work. Below are some helpful hints to assist you.    • Being nervous is nothing new. Many attorneys are also nervous. Get to the courthouse early, so you are not rushed.

99.  Crime Prevention: Eighteen Terms You Should Know

• Observe where everyone is sitting and where you will be sitting to testify. During this time, do not talk, laugh, or whisper or cause any disturbance. • When called upon, smile and make eye contact with the jurors when you answer the attorney’s questions. • Remember it is the jury, not the judge that is going to decide the outcome of the case. • If you can, leave after you testify. • Be aware of the fact that the jury may observe your behavior in the hallway and on the elevator.    Finally, remember these six points:    1. Tell the truth and do not exaggerate. 2. Look the jurors in the eye. Making eye contact is important. 3. Attorney’s ask questions, you answer to the jury. 4. Give full and complete answers. 5. During cross-examination, give short, truthful answers. 6. Sit comfortably in the witness chair and avoid hand motion. Try locking your fingers together as if in prayer.

99. CRIME PREVENTION: EIGHTEEN TERMS YOU SHOULD KNOW The following list of terms is included to assist you and facilitate common terminology usage. Note that the definitions of the terms listed reflect their utilization in the area of community crime prevention.    1. Behavior modification: A change in behavior patterns brought about by education or training in crime prevention principles and/or techniques. 2. Community crime prevention: Direct involvement of a single sector or a combination of sectors in a community in the planning, funding, implementation, and operation of a crime prevention program, usually stressing cooperation with the local criminal justice system (related term: community involvement). 3. Community anti-crime efforts: Actions taken by the members of a community to prevent crime or to increase the amount of cooperation with the police in reporting crimes. 4. Crime displacement: A theory that states that criminals denied the opportunity to commit crimes in a certain area will move to other areas or to other crimes (related term: mercury effect). 5. Crime prediction: A system of predicting future crime patterns and trends using past patterns and trends as indicators. 6. Crime prevention: The anticipation, recognition, and analysis of a crime risk, and the initiation of some action to remove or reduce it. 7. Defensible space: A term for the range of mechanisms—real and symbolic barriers, strongly defined areas of influence, and improved opportunities for surveillance—that combine to bring an environment under the control of its residents (related term: environmental design).

147

148

150 Things You Should Know about Security

8. Deterrence: A concept that holds that the threat of punishment or the denial of opportunity will forestall the criminal or delinquent act (related term: punitive crime prevention). 9. Dynamic risk: A risk situation that carries the potential for both benefit and cost. This is normally considered the type of risk that is inherent in doing business (related terms: risk management, risk assessment, pure risk). 10. Environmental design: Selectively controlling variables in the planning, design, and effective use of physical space to create physical and social conditions that will promote citizen surveillance, reduce criminal opportunity, and increase the risk of apprehension and arrest. 11. Neighborhood watch: A community action program administered by the National Sheriff’s Association that encourages neighborhood residents to organize with a purpose of neighborhood security and in cooperation with the criminal justice system (related terms: block watch, radio watch, community action programs). 12. Operation identification: A program in which citizen’s mark property for identification purposes. The intent of the program is to facilitate the recovery and return of stolen property and to provide a deterrent to potential offenders (related term: property identification). 13. Opportunity reduction: The removal of opportunity, a necessary ingredient for the commission of crime, by making a potential target of attack inaccessible or unattractive and by making the attack itself dangerous or unprofitable to the criminal. 14. Private security: Self-employed individuals and privately funded business entities and organizations who provide security-related services for a restricted clientele for a fee. An individual or entity contracts them to protect their persons, private property, or interests from varied hazards (related terms: security systems, deterrence). 15. Pure risk: A risk situation in which there is no possibility for benefit, only cost or loss, for example, fire or flood (related terms: risk management, risk assessment, dynamic risk). 16. Risk management: The anticipation, recognition, and appraisal of a risk and the initiation of some action to remove the risk or reduce the potential loss from it to an acceptable level (related terms: dynamic risk, pure risk, risk assessment). 17. Security assessments: Surveys of residences, businesses, public buildings, or other facilities for the purpose of evaluating the degree of security present to make recommendations for physical and procedural improvement (related term: vulnerability analysis/assessment). 18. Target hardening/soft targets: Concept of opportunity reduction that seeks to deter the criminal act by making a potential target of attack inaccessible or unattractive and by making the attack itself dangerous or unprofitable to the criminal (related terms: opportunity reduction, security hardware, security systems).   

101.  Hazardous Materials: How They Are Harmful to People

100. HAZARDOUS MATERIALS111 At times, it can be confusing as to what is hazardous material, hazardous waste, or hazardous substances. Following are some brief definitions that we hope are helpful:    Hazardous material: Any item or agent (biological, chemical, radiological, and/ or physical) that has the potential to cause harm to humans, animals, or the environment, either by themselves or through interaction with other factors. Hazardous waste: Waste with properties that make it dangerous or capable of having a harmful effect on human health or the environment. Hazardous waste is generated from many sources, ranging from industrial manufacturing process wastes to batteries and may come in many forms, including liquids, solids gases, and sludges. In order for a material to be classified as a hazardous waste, it must first be a solid waste. Hazardous chemicals: A hazardous chemical, as defined by the Hazard Communication Standard, is any chemical that can cause a physical or a health hazard. Extremely hazardous substances: any chemical or hazardous substance identified by the Environmental Protection Agency on the basis of hazard or toxicity and listed under Emergency Planning and Community Right-to-Know Act of 1986. Incident commander: The individual responsible for all incident activities, including the development of strategies and tactics and the ordering and release of resources. The Incident Commander has overall authority and responsibility for conducting incident operations and is responsible for the management of all incident operations at the incident. ICS: A standardized on-scene emergency management concept specifically designed to allow its user(s) to adopt an integrated organizational structure equal to the complexity and demands of single or multiple incidents, without being hindered by jurisdictional boundaries.

101. HAZARDOUS MATERIALS: HOW THEY ARE HARMFUL TO PEOPLE There are four pathways for substances to enter the body:    Absorption: The skin acts as a barrier against entry of foreign materials into the body. If this protective barrier is weakened or compromised, toxic chemicals enter. The barrier is greatly diminished by lacerations and abrasions. Also, many organic solvents greatly increase the permeability of the skin to materials that would otherwise not pass through it. The skin provides a large surface area for contact with toxic agents. 111 Resources.

Retrieved from: http://www.ihmm.org/.

149

150

150 Things You Should Know about Security

Inhalation: Inhalation is the most rapid route of entry, immediately introducing toxic chemicals to respiratory tissues and the bloodstream. Once admitted to the blood through the lungs, these chemicals are quickly transported throughout the body to contact all organs. In many cases, chemicals accumulate in a target organ. Ingestion: Ingestible materials get into the mouth through hand-to-mouth contact, and through coughing when inhaled particulate material is removed from the lungs to the throat and then swallowed. Since there are acids, alkalis, and enzymes in the gastrointestinal tract, the toxic nature of a compound may be enhanced or diminished. Injection: The injection of hazardous materials into the body sounds, at first, like a bad joke. Who in his right mind would inject themselves—especially when it is not required by a doctor? However, it can occur by stepping on or bumping against a sharp object while working at an incident site.

102. INFORMANTS112 Why do police use informants? Police departments use confidential informants to obtain information about illegal or criminal organizations that is not easily available through other official sources of information, according to The Police Chief magazine. Informants supply law enforcement agencies inside information about criminal organizations and provide assistance in a wide range of areas including the identification of criminal assets and locations, aiding or protecting the identities and activities of undercover police officers, and helping the police with routine or coordinated surveillance. Most law enforcement agencies recruit and manage informants, who are paid for the information they provide.

103. TWENTY THINGS YOU SHOULD KNOW ABOUT THE LEGAL ASPECTS OF SECURITY Below are the 20 things that you should know about the many aspects of law, courts, and security:    1. US District Attorneys work in the Federal Court System. 2. A grand jury determines if there is sufficient evidence that a crime has been committed. After an indictment by a grand jury, the person is taken into custody and arraigned. 3. Bail is provided to a person arrested to assure his presence in court. 112 Police

informants. Retrieved from: https://www.reference.com/government-politics/police-useinformants.

103.  Twenty Things You Should Know about the Legal Aspects of Security

4. A citizen can be arrested without a warrant only for a crime committed in his presence. We do not recommend it, but if possible, the citizen should have a witness. 5. The Miranda Warning is required when a person is about to be arrested or questioned by law enforcement. 6. An illegal search is searching someone’s person or property without their consent or by law enforcement when there is no search warrant or probable cause for the search. 7. The Exclusionary Rule (also known as “fruits of the poisonous tree”) is basically not using or considering evidence that has been illegally obtained. 8. Corpus Delicti is the body or essence of a crime. 9. Deadly force can be used to protect yourself or another person when deadly force is used against you. 10. Terry versus Ohio113 is a decision by the United States Supreme Court which held that the Fourth Amendment prohibition on unreasonable searches and seizures is not violated when a police officer stops a suspect on the street and frisks him or her without probable cause to arrest, if the police officer has a reasonable suspicion that the person has committed, is committing, or is about to commit a crime and has a reasonable belief that the person “may be armed and presently dangerous.” 11. Voir Dire is the examination of prospective jurors. 12. A trial jury, also known as a petit jury, decides whether the defendant committed the crime as charged in a criminal case or whether the defendant injured the plaintiff in a civil case, and it consists of 6–12 people. A federal grand jury consists of between 16 and 23 individuals. 13. A grand jury consisting of between 16 and 23 people determines whether there is “probable cause” to believe the individual has committed a crime and should be put on trial. If the grand jury determines there is enough evidence, an indictment will be issued against the defendant. 14. Blackmail is when a person makes written or oral threats of force or demands money or property that is not his. 15. Ex officio describes an act done by a person merely by virtue of the office he or she holds. 16. Evidence is the information that helps in the formation of a conclusion or judgment. There are four types of evidence: a. Personal evidence is testimony from a person at the crime scene b. Physical evidence something at the scene of the crime that links the perpetrator to the crime c. Miscellaneous evidence does not fall into the two previous groups and can be subjective or objective and not always admissible in court. d. Corpus Delicti evidence is evidence that a crime has been committed. Before an investigation can begin, there must be proof that a crime has occurred. 113 Terry

versus Ohio. Retrieved from: https://www.law.cornell.edu/supremecourt/text/392/1.

151

152

150 Things You Should Know about Security

17. E  ntrapment is the act of an agent of the government to induce a person to commit a crime, which was not contemplated by such person, for the purpose of instituting criminal prosecution against him or her. The mere act of an officer in furnishing the opportunity to commit a crime where the accused is predisposed to commit said crime, is not entrapment. 18. The statutes of limitation is the time period within the state when criminal proceedings must be acted on. 19. Probable cause, in an arrest situation, is a combination of facts and circumstances that warrant a person of reasonable caution to believe that a crime has been committed and that the person to be arrested is guilty of such crime (in the context of search and seizure). Facts and circumstances derived from credible sources would warrant a person of reasonable caution to believe that crime-related evidence may be found in the premises to be searched. 20. A deposition is the testimony of a witness taken upon oral or written interrogatories, not in open court, after notice to the adverse party for the purpose of enabling him or her to attend and cross-examine the witness. A deposition is reduced to writing and then duly authenticated.

104. THE 3-D’S APPROACH TO CRIME PREVENTION THROUGH ENVIRONMENTAL DESIGN In order for the 3-D’s Approach to CPTED to be a success, it must be understandable and practical for the normal users of the space. This means the normal residents of a neighborhood and the people who work in buildings or commercial areas must be able to use these concepts. Why is this important? Because these individuals know more about what is going on in that particular environment and they have a vested interest (their own wellbeing) in ensuring that their immediate environment operates properly. The technologist or specialist, who may be a traffic engineer, city planner, architect, or security specialist, should not alone be allowed to shoulder the responsibility for safety and security. The specialist needs to follow the dictates of the users of the space, because he can often be swayed by misperceptions or by the conflicting demands of his professional competition. The Three-D approach to space assessment provides a simple guide for the layperson to use in determining the appropriateness of how her space is designed and used. The Three-D concept is based on the three functions or dimensions of human space:    1. All human space has some designated purpose. 2. All human space has social, cultural, legal, or physical definitions that prescribe the desired and acceptable behaviors. 3. All human space is designed to support and control the desired behaviors.    Using the Three-D approach as a guide, we can evaluate space by asking the following types of questions.

104.  The 3-D’s Approach to Crime Prevention

DESIGNATION • What is the designated purpose of this space? • What was it originally intended to be used for? • How well does the space support its current use? Its intended use? • Is there conflict?

DEFINITION • How is the space defined? • Is it clear who owns it? • Where are its borders? • Are there social or cultural definitions that affect how that space is used? • Are the legal or administrative rules clearly set out and reinforced in policy? • Are there signs? • Is there conflict or confusion between the space’s designated purpose and its definition?

DESIGN • How well does the physical design support the intended function? • How well does the physical design support the definition of the desired or accepted behaviors? • Does the physical design conflict with or impede the productive use of the space or the proper functioning of the intended human activity? • Is there confusion or conflict in terms of the manner in which the physical design is intended to control behavior?    The three CPTED strategies of territorial reinforcement, natural access control, and natural surveillance are inherent in the Three-D concept. Does the space clearly belong to someone or some group? Is the intended use clearly defined? Does the physical design match the intended use? Does the design provide the means for normal users to naturally control the activities, to control access, and to provide surveillance? Once a basic self-assessment has been conducted, the three Ds may then be turned around as a simple means of guiding decisions about what to do with human space. The proper functions have to be matched with space that can support them—with space that can effectively support territorial identity, natural access control, and surveillance—and intended behaviors have to be indisputable and be reinforced in social, cultural, legal, and administrative terms or norms. The design has to ensure that the intended activity can function well, and it has to directly support the control of behavior.

STRATEGIES IN ACTION There are hundreds of examples of CPTED strategies in practice today. In each example there is a mixture of the three CPTED strategies that is appropriate to the setting and to the particular security or crime problem. Some of the examples were

153

154

150 Things You Should Know about Security

created in the direct application of CPTED concepts. Others were borrowed from real-life situations. The common thread is the primary emphasis on naturalness— simply doing things that you already have to do, but doing them a little better. Some examples of CPTED strategy activities are:    • Providing clear border definition of controlled space • Providing clearly marked transitional zones that indicate movement from public to semi-public to private space • Relocating gathering areas to locations with natural surveillance and access control or to locations away from the view of would-be offenders • Placing safe activities in unsafe locations to bring along the natural surveillance of these activities and to increase the perception of safety for normal users and of risk for offenders • Placing unsafe activities in safe spots to overcome the vulnerability of these activities with the natural surveillance and access control of the safe area • Redesignating the use of space to provide natural barriers to conflicting activities • Improving scheduling of space to allow for effective use and appropriate critical intensity • Redesigning space to increase the perception or reality of natural surveillance • Overcoming distance and isolation through improved communications and design efficiencies.    CPTED planners and specialists are taught above all else that they have to:    1. Never look at the environment the same way again. 2. Question everything, as politely as possible. 3. Learn the language of the other professions.    CPTED’s underlying objective is to help the various disciplines do a better job of achieving their primary objectives, with the added by-product of improved security and loss prevention. The CPTED planner must ask the questions: What are you trying to do? How can we help you do it better? A successful use of these concepts will always result in this sequence of events:    1. Careful design and use of physical space 2. Resulting human decisions and behavior 3. Improved productivity and profit 4. By-product of loss prevention or loss reduction

105. MANAGEMENT PRINCIPLES ACCORDING TO BUD SMITH Bud Smith, Director of Security, is a fictitious individual. It is our intention to show poor management traits as a means of calling to your attention bad and poor principles.

106.  Crime Prevention Tips

BUD SMITH 1. Heard about Total Quality Management and COPS programs but does not know how to implement them. 2. Does not believe in staff meetings because no one is going to tell him what to do since he knows everything. 3. Does not talk to all of his staff. 4. Works 65 hours a week doing everyone’s job except his own managing job. 5. Does not have a security textbook on his shelf. 6. Has never attended a security workshop. 7. Has not made any attempt to learn the business. 8. Has not learned how to listen to his clients. 9. Is not a part of any internal committees or working groups. 10. Feels that management does not understand security. 11. Does not know how to quantify his contribution to profitability. 12. Can never seem to get the information or cooperation he seeks within the company. 13. Has not kept up with technology advances in security hardware. 14. Cannot find the time to work on public enforcement or peer relationships. 15. Has never seen a copy of his company’s business or financial plan. 16. Does not have a positive word for anybody. 17. Never says, “thank you.” 18. Never volunteers. 19. Does not dress, act, or look the part of a manager. 20. Is not computer literate and does not think he needs to learn. 21. Does not interact with department heads or managers. 22. Cannot read his own department financials or those of other departments. 23. Does not believe you can learn from mistakes; he believes in three strikes and you are out. 24. Believes you can buy loyalty. 25. Takes his personal problems to work. 26. Takes his job home with him.

CONCLUSION Hey Bud, this book is for you!

106. CRIME PREVENTION TIPS FROM THE GREENVILLE, NC, USA, POLICE DEPARTMENT114 • Always let a family member or colleague know your plans, appointments, or outings. • Stay alert. Be aware of your surroundings. 114 Crime

prevention tips. Retrieved from: http://www.greenvillenc.gov/government/police/crimeprevention.

155

156

150 Things You Should Know about Security

• When walking appear confident. Do not show fear. Trust your instincts. • Choose to walk in busy areas that are well-lighted at night. Try not to walk or jog alone. • Always carry your purse close to your body and keep a firm grip on it. • Carry a whistle on your key chain. If you are in trouble attract attention any way you can. • When using an elevator, approach it with caution. If possible, use an empty elevator. • If you plan to use public transportation, have your fare ready; wait and board in well-lighted areas. • When using an ATM, try to use one in a well-lighted, busy, public place. Avoid using an ATM after dark when possible. Be aware of your surroundings while at the machine. • If traveling by motor vehicle, keep doors locked and windows rolled up. • Know the area you are in. Beware of dead end streets. • Make sure your car stays in good operating condition and be aware of the fuel level. Keep a flashlight, spare tire, and jumper cables with you. • Park in well-lighted areas. Be especially alert when using parking garages. Keep your keys in your hand when returning to your vehicle. If necessary, your keys can be used as a defensive weapon against an attacker. • Leave only your ignition key with an attendant. • Never pick up hitchhikers. • Stay in your car if it breaks down. If someone stops to help, lower your window only slightly and request they telephone a police officer for you. • Continue driving if someone tries to stop or follow you. Proceed to a welllighted business or the police station before stopping. Do not lead someone to your home. Keep the car in gear at stop signs and traffic lights. • Keep your purse and other valuables out of sight in your car if it breaks down. • Marking your property with an Owner Applied Number such as your driver’s license number makes it identifiable anywhere, anytime in the United States, whether it has been lost or stolen.

107. WHY SECURITY FAILS115 DO WE HAVE PERMISSION TO SUE THIS? The questions often arise after a serious loss or act of violence, “What more could we have done?” “Why did it happen to us?” “We never thought it would happen here.”

115 Why

security fails. Retrieved from: https://www.linkedin.com/pulse/when-security-fails-richardsem-cpp-csc.

107.  Why Security Fails

In my 46 years’ security management experience, I have worked with dozens of organizations and businesses following major acts of violence and other significant losses, as well as served as expert witness in litigations where security and workplace violence programs are under question. The following are some of the reasons why security programs fall short:

The Boss Does Not Get It Management at varying levels, including the highest, may think of security as a necessary evil or non-productive expense. It may take an Act of Congress to get another security officer or camera. The security program is among the least of priorities until the “big one” happens, and then it rises to the top for a short while. In fact, more than half of my clients are competent and knowledgeable security directors and managers who know what they need but cannot get the executive committee, or even the board, to listen or understand. You are not always seen as a prophet in your own village.

The Mish Mosh The physical and procedural security program has existed for years and is mostly composed of measures and tasks added in response to incidents and losses over the years. Here is a camera installed when some computers were missing. There is a security officer post placed when an intruder tried to get in. The end result is a Mish Mosh of measures accumulated over the years, which may not address the real and present risks and vulnerabilities.

The People Are Not Part of the Security Team Often, when security fails, it was not a failing of the security program or staff but a failing of general employees to take personal responsibility and be protective of each other and their workplace. Doors get propped, strangers are allowed through restricted doors, badges are not worn or shown, suspicious or threatening behavior is not reported, confrontational behavior is escalated, etc. Employees feel that security is not part of their duties—it is someone else’s job. The most powerful, least costly, and most neglected security measure of all is fostering a level of ownership, engagement, involvement, awareness, and protectiveness by all employees. They should all be part of the safety and security team.

It Could Not Happen Here The first thing I almost always hear following active shooter incidents is, “We never thought it would happen here.” The assumptions are often made, “It never happened before,” “We don’t have much crime around here,” “None of our people would ever do that,” etc. Violence and other significant losses can and do happen anywhere, even in the nicest neighborhoods and where it never happened before. Perhaps above all else, the most effective security program is the proactive and anticipatory one, far above the reactive one. See more on that later.

157

158

150 Things You Should Know about Security

We Do Not Really Know What Our True and Present Risks, Vulnerabilities, and Threats Are What harm is most likely to happen to your business or organization? What can most impact your people, assets, reputation, and ability to continue business? What do comparable facilities in your industry do? How do your area crime rates and trends affect you? How does your history affect what you should be doing? Who or what is most at risk? How do you prevent, mitigate, and respond to such harm? How does your security program relate with your human resources, risk management/legal, safety, facilities, operations, and emergency planning programs and processes? Is your security program as cost effective and appropriate as it can be? It is best to periodically conduct comprehensive, outside and objective security risk and vulnerability assessments to reasonably assure that your security program is still on track.

Security Is Just Guards, Cameras, and Card Readers I often encounter security programs that are mostly limited to the traditional measures such as security officers, video, access control, alarms, and lighting. Although these are usually essential components, they are only pieces of the security pie. Sometimes even security managers sell themselves short and focus almost exclusively on those traditional measures. Other measures may include employee training, background screening, fostering employee security awareness, visitor and contractor management, law enforcement liaison, violence mitigation and response processes and tools, crime analyses, internal and external communications systems and processes, security and violence vulnerability assessments and analyses, internal reporting channels, worn identification, environmental and facility design, and drills and table-top exercises. Security should also be creative and innovative. There are few “cookie cutters” in security. As I like to say, in security planning there is always more than one way to “skin a cat” depending upon the many variables.

The Horse Is out of the Barn Syndrome Although many law enforcement professionals have moved into security management and embraced the concepts of good security, some organizations mistake the primarily reactive nature of law enforcement with the primarily proactive and preventive nature of security. A security program focused primarily upon investigations or reacting to incidents is not a true security program. Although there needs to be a responsive component to a Security program, it is always better to prevent the bad stuff from happening than dealing with the painful and costly aftereffects. And a key component of that preventive nature is deterrence, or making yourself less attractive as a target.

The Shoe Bomber Theorem Governmental agencies sometimes plan their security measures as reactions to the most recent attack. We take our shoes off in the airports in reaction to the shoe bomber. Again, security is ideally anticipatory. For example, in security vulnerability assessments we determine what, in addition to people, are our most critical assets. Which of those could be the most likely or vulnerable targets? How might someone

108.  Fifty Random Aspects of Physical Security That You Should Know

most likely compromise those assets, including our reputation and ability to continue doing business? And do our current and planned physical and procedural security measures truly prevent and mitigate those risks and threats?

Security Does Not Reflect or Support Our Special Culture and Values When I interview CEO’s and presidents, I sometimes hear the perception and concern that security measures interfere with the culture. “We don’t need a Police State/ Fort Knox here.” However, the truth is that a well-planned and implemented security program will support and reflect that welcoming, customer/patient/visitor satisfaction and service-oriented and respectful culture and values. In fact, where I see a high level of civil and respectful management and leadership as well as a strong culture of customer service and satisfaction I usually see a safe and secure facility. The most powerful five words in security are, “How may I help you?”

108. FIFTY RANDOM ASPECTS OF PHYSICAL SECURITY THAT YOU SHOULD KNOW: A CHECKLIST Often, we hear, integrate, or interface multiple security systems in a layered effect— CPTED, critical infrastructure protection, building designs, interior/exterior layout, intrusion detection systems, structural barriers, access controls, communications, and video surveillance—so each component contributes to the protection of assets, as well as to the control and reduction of losses, but what does it mean?    1. Ensure that exterior doors into inhabited areas open outward. Ensure emergency exit doors only facilitate exiting. 2. Secure room access hatches from the interior. Prevent public access to building roofs. 3. Restrict access to building operation systems. 4. Conduct periodic training of HVAC operations with the maintenance staff. 5. Evaluate HVAC control options (e.g., recirculate air). 6. During initial construction or major renovation, install empty conduits for future expansion of security control equipment. 7. Do not mount plumbing, electrical fixtures, or utility lines on the inside of exterior walls. 8. Minimize interior glazing near high-risk areas and/or install protective film. 9. Establish written plans for evacuation and shelter-in-place. 10. Integrate/interface multiple security systems in a layered effect—include CPTED. 11. Illuminate building access points—both pedestrian and vehicle. 12. Restrict access to building information. 13. Protect HVAC intakes and secure mechanical rooms. 14. Limit the number of doors used for normal entry—few ingress doors and many egress doors.

159

160

150 Things You Should Know about Security

15. S  ecure all utility access openings. 16. Provide emergency power for lighting in restrooms, egress routes, and any interior meeting rooms, conference rooms, and common areas. 17. Install a mass notification system that will direct individuals where to go in case of an emergency. Ensure your system can notify non-hearing, visually impaired, and other special needs individuals. 18. Stagger interior doors and offset interior and exterior doors. 19. Eliminate hiding places. 20. Install a second and separate emergency telephone service. 21. Install radio telemetry antennas throughout the facility so that there are no “dead” spots. 22. Use a badge identification system for building access. 23. Install a video surveillance security system. 24. Install an intrusion detection system. 25. Install rapid response and isolation features into HVAC systems. 26. Use interior barriers to differentiate levels of security. 27. Locate utility systems away from likely areas of a potential attack. 28. Install duress alarms/buttons at key public contact areas. 29. Install emergency and normal electric equipment at different locations. 30. Avoid exposed building structural elements. 31. Reinforce foyer walls. 32. Use architectural features to deny contact with exposed primary vertical load members. 33. Isolate mail rooms, loading docks, and storage areas. 34. Locate stairwells remotely. Do not discharge stairs into parking or loading areas. 35. To protect against attack, elevate HVAC fresh-air intakes. 36. Create shelter-in-place rooms or areas, and supply materials to seal doors and windows. 37. Designate separate HVAC zones. Eliminate air leaks and increase building air tightness. 38. Install blast-resistant doors or steel doors with steel frames. 39. Physically separate unsecured areas from the main building. 40. Install HVAC exhausting and purging systems. 41. Connect interior non-load-bearing walls to structure with non-rigid connections. 42. Use structural design techniques to resist progressive building collapse. 43. Treat exterior shear walls as primary structures and use braced panels. 44. Orient glazing perpendicular to the primary facade facing uncontrolled vehicle approaches. 45. Use reinforced concrete wall systems in lieu of masonry or curtain walls. 46. If there is a blast or bomb, ensure that the active fire system is protected from single-point failure. 47. Install a backup security control center. 48. Avoid eaves and overhangs or harden to withstand blast effects.

110.  National Response Framework: Five Mission Areas

49. E  stablish group floor elevation 4 ft above grade. 50. Secure with greater purpose and hardware all openings to the building within 14 ft of ground level, or 14 ft of access to roof.

109. EMERGENCY MANAGER RESPONSIBILITIES The jurisdiction’s emergency manager oversees day-to-day emergency management programs and activities. The emergency manager works with elected and appointed officials to establish unified objectives regarding the jurisdiction’s emergency plans and activities. This role entails coordinating and integrating all elements of the community. The emergency manager coordinates the local emergency management program. This includes assessing the capacity and readiness to deliver the capabilities most likely required during an incident and identifying and correcting any shortfalls. The local emergency manager’s duties often include:    • Advising elected and appointed officials during a response. • Conducting response operations in accordance with the National Incident Management System. • Coordinating the functions of local agencies. • Coordinating the development of plans and working cooperatively with other local agencies, community organizations, private sector entities, and non-governmental organizations. • Developing and maintaining mutual aid and assistance agreements. • Coordinating resource requests during an incident through the management of an emergency operations center. • Coordinating damage assessments during an incident. • Advising and informing local officials and the public about emergency management activities during an incident. • Developing and executing accessible public awareness and education programs. • Conducting exercises to test plans and systems and obtain lessons learned. • Coordinating integration of the rights of individuals with disabilities, individuals from racially and ethnically diverse backgrounds, and others with access and functional needs into emergency planning and response.

110. NATIONAL RESPONSE FRAMEWORK: FIVE MISSION AREAS The National Response Framework is an essential component of the National Preparedness System mandated in Presidential Policy Directive (PPD) 8: National Preparedness. PPD-8 is aimed at strengthening the security and resilience of the United States through systematic preparation for the threats that pose the greatest risk to the security of the Nation.116    116 www.fema.gov/national-response-framework.

161

162

150 Things You Should Know about Security

Prevention: The capabilities necessary to avoid, prevent, or stop a threatened or actual act of terrorism. As defined by PPD-8, the term “prevention” refers to preventing imminent threats. Protection: The capabilities necessary to secure the homeland against acts of terrorism and man-made or natural disasters. Mitigation: The capabilities necessary to reduce loss of life and property by lessening the impact of disasters. Response: The capabilities necessary to save lives, protect property and the environment, and meet basic human needs after an incident has occurred. Recovery: The capabilities necessary to assist communities affected by an incident to recover effectively.

111. EMERGENCY PLANNING BEST PRACTICES In recent years, several lists of “Best Practices” have been developed by different groups in the security industry. We have been in the forefront of this movement with the formulation of “Best Practices of 2017.” This is an adaptable document that can be applied to various circumstances to make it applicable for different environments.

EMERGENCY PLANNING BEST PRACTICES117 • Develop an effective, comprehensive, emergency response plan and provide training/education for the staff. • Establish emergency procedures with standardized actions and directives for inclement weather (tornado, earthquake, hurricane, flooding, etc.), medical issues, fire, building evacuations, shelter-in-place, lockdown, workplace violence, and active shooter as well as a business continuity plan for after the incident (OSHA, NFPA, FEMA, etc.). • Ensure your emergency procedures comply with ADA Standards [physically handicapped and vision and hearing impaired (special needs students, faculty, and staff, if in a school setting), and visitors, etc.)]. Have designated individuals trained to assist. • Conduct regular training and joint exercises for emergency procedures with the local fire department, police department, and EMS and other local first responders. Provide floor plans for each building on the campus to each of these departments. Consider supplying building plans and layout of campus in a digital format for quicker access by more responders. Update the thumb drives on a quarterly basis, which can be issued to teams. The main servers may be down, as well as cloud based, so a thumb drive for a laptop may be the only available tool (install in exterior locked Knox or Supra Boxes). 117 LJ

Fennelly, MA Perry, MJ Fagel. ASIS International; 2016.

111.  Emergency Planning Best Practices

• Establish a CMT with documentation, training, and integration into the larger Incident Command Team. Determine who has the immediate authority to lock down, issue a CLERY alert for higher education, and talk to the press. Establish a Joint Information Center with appropriately trained public information officer that can supply vetted information that comes from the command staff only. • The CMT will integrate in to the response and recovery operations and will work closely with the first responder community as the situation ebbs and flows. • Develop procedures for during and after a crisis situation. • Develop mass notification procedures. • Provide two-way radios batteries, chargers, cases, and training (or another alternative method for communication) for staff and establish a designated command center area or location. • The staff should follow the prescribed plan and report to the Emergency Command Center (ECC), or other predesignated area for response and recovery. This may not be at the same site due to safety reasons and may be at a remote location. • Administrators will need to be at different locations and not in the immediate area of the event for their own and response operations safety. • Ensure you are in compliance with all applicable OSHA regulations, life safety codes, and local/state fire codes. • NFPA 1600 is a useful tool to help comply with for all risks and all-hazards planning. • Provide FEMA training for administration and crisis team members.118 • Conduct fire, evacuation, lockdown, shelter-in-place, etc., drills. • Consider using the standard response protocol, “I love u guys foundation.” • Develop crisis kits with all necessary supplies for an emergency situation. • Develop GO BAGS for action teams. • Establish markings, vests, hats, or other easy identification so that the school teams can be effectively identified to appropriate response officials. • Collaborate with local law enforcement and other emergency responders to determine if interior door windows are to be covered and/or if shades are to be left open or pulled down in a lockdown situation. • Develop an effective and practiced mutual aid agreement with other schools and businesses. • Collaborate with local law enforcement and all emergency response officials to establish protocols for shades and green cards to determine if interior door windows are to be covered and/or if shades are to be left open or pulled down in a lockdown situation. • Develop a mutual aid agreement with other schools and businesses.    118 Training.

Retrieved from: www.training.fema.gov.

163

164

150 Things You Should Know about Security

PLAN DEVELOPMENT AND PRIMARY CONSIDERATIONS Why Emergency Planning? • Three primary goals: • Protection of lives • Protection or property • Restoration of operations • Risk assessment—consider probabilities and severity of each type of disaster occurring. • Government and industry must share burden of protecting the public.

Threat Scenarios • Most serious industrial hazards: • Fire • Explosion • Most common emergencies: • Fire • Bomb threat • Labor dispute

Stages of Emergency Planning • Anticipate emergency • Provide for responsive action • Return to normal operations

Planning Basics • Emergency plans should be in writing • Provide specific and precise actions • No new organizations created at the time of disaster! • Identify who can declare emergency • Identify the emergency coordinator • Ensure continuity of leadership • Basic plan has three essential elements: • Authority • Types of emergencies • Execution • Outline plant shutdown procedures (to be carried out by engineering) • Evacuation routes must remain consistent for all threats • Test plan annually—brief every employee! • Table-top exercise with public safety involvement

Advance Planning • Mutual Aid Association • Cooperative organization of industrial, business, and local government emergency services, united by a voluntary agreement to assist each other during an emergency.

112.  National Fire Protection Association

• Identified pooled community resources • Provides for standardized equipment and training • Requires substantial funding • Create an ECC • Maps/procedure charts/call-up lists/MAAs • Backup power and communications gear • Disaster response and medical gear • Identify PR person to coordinate media • Backup sites—hot, warm, cold • Preserve vital records—bylaws, board minutes, stock transactions, financial data • The most practical way to discover deficiencies is to test the plan annually • Make the plan direct in nature • Do not restrict the plan to senior management only • Plan is typically activated by the plant/facility manager or the president/CEO

112. NATIONAL FIRE PROTECTION ASSOCIATION The NFPA is located at:    National Fire Protection Association (NFPA) 1 Batterymarch Park P.O. Box 9101 Quincy, MA 02269-9101 (800) 344-3555 Customer Center    We have always felt very strongly that law enforcement and security should work closely with local fire departments. The NFPA has a considerable amount of material available, if you should ever need it. We recently had an opportunity to read a Fire Investigation Report, written by a chief fire investigator for NFPA. The report contained the following buzzwords:    • Four dead • Distress call • Building collapsed • Structure design • Confusion • Protective clothing • Lack of awareness • Trapped • Strategy • Asphyxiation • Insufficient information • Roof access • “Building was a potential target for arson.”   

165

166

150 Things You Should Know about Security

To help you with fire prevention and fire suppression, we are providing the following checklist:    1. Is a comprehensive written plan addressing fire prevention and suppression policies, techniques, and equipment disseminated to all employees? 2. Are fire drills conducted on a regular basis (at least once every 6 months)? 3. Have individuals been assigned specific responsibilities in case of fire? 4. Is smoke/fire detection equipment installed in the computer area? 5. Does the smoke/fire detection system in the computer area automatically: a. Shut down or reverse the ventilation air flow? b. Shut down power to the computer system? c. Shut down computer area heating? 6. Is the computer area smoke/fire detection system serviced and tested on a regularly scheduled basis? 7. What devices are incorporated into the computer area smoke/fire detection system? a. Ionization smoke detectors? b. Photoelectric smoke detectors? c. Heat rise detectors? d. Other (specify)? 8. How many of these components are located in the computer area and where are they placed? 9. Is there equipment available in the computer area to exhaust smoke and combustion products directly to the atmosphere after a fire? 10. Are smoke detectors placed and functioning properly in the computer area (in the ceiling, under the raised floor, and in all HVAC ducts)? It is suggested that you read material on smoke detectors in this book. 11. How often are these smoke detectors tested and by whom? 12. Will the smoke detectors operate in a power failure situation? 13. Is an automatic sprinkler system installed to protect against fires in the computer area open space?    The above checklist is incomplete (because of lack of space). Some standards with which you and your personnel department should be familiar are: • NFPA 1001, Standard for Fire Fighter Professional Qualifications • NFPA 1002, Standard for Fire Apparatus Driver/Operator Professional Qualifications • NFPA 1003, Standard for Airport Fire Fighter Professional Qualifications • NFPA 1004, Standard on Fire Fighter Medical Technicians Professional Qualifications • NFPA 1021, Standard for Fire Officer Professional Qualifications • NFPA 1031, Standard for Professional Qualifications for Fire Inspector, Fire Investigator, and Fire Prevention Education Officer • NFPA 1041, Standard for Fire Service Instructor Professional Qualifications

113.  Organization and Administration

113. ORGANIZATION AND ADMINISTRATION Because of its vital importance, the contemporary security function should be the concern of management at the highest level within every organization. Experience has demonstrated that if security is to be effective it must have—and must be seen to have—the support of top management. It is not just support, but also buy-in. Without this support and buy-in, security cannot possibly command the respect and cooperation necessary to the success of its protective goals and objectives. Although the visible support of top and middle management is a sine qua non of competent security, opinion differs as to the level of management at which security should report. Many advocates support the notion that security should report directly to the president or highest ranking financial executive to avoid having adverse information blocked or diluted in transmission. On the other hand, carried to extreme, such an arrangement could burden an overworked corporate officer with excessive detail. Whoever the responsible executive may be, she or he should be genuinely involved and familiar with company risk to evaluate whether the security operation is controlling and reducing risks. In many companies, this role simply cannot be squeezed into top management’s portfolio, but it should be as near to the top as may be possible. The solution is to tailor the decision for the particular situation. Where the top executive can be involved, and where the risk of loss is great, the responsibility for security supervision may be placed there. Where the risk is less and top executives are already fully occupied, the responsibility should logically be placed on the highest ranking executive available whose other assignments are most compatible with evaluation of security administration. In situations in which there is a particularly high risk, or where there has been high incidence of loss, it is wise to delegate other responsibilities away from the top to make room for security supervision at the highest level. In any event, security’s access to top management must never be wholly blocked or filtered. In small companies, the direct administration of the security operation, as well as its supervision, is often assigned to executives of the administration having other primary responsibilities, such as treasurer, comptroller, head of administration, or human resources manager. In larger corporations where there is a security staff requiring supervision and security administration is clearly a full-time position, the operational responsibility is assigned to a security administrator. Titles for this position range from executive security officer and director of security down through security manager, security supervisor, and chief of security, depending upon the structure of the particular company organization and the degree and kind of responsibility delegated. Whatever the title, the top security administrator, in terms of available company information, should:    • Be aware of and have access to the operations of every department. • Understand and have access to company statistics. • Be aware of company planning prior to implementation, particularly building plans and alterations, and office relocation.

167

168

150 Things You Should Know about Security

• Understand and have access to computer operations. • Be involved in and have knowledge about personnel department operations and have access to personnel records. • Be knowledgeable about and have access to operations such as purchasing, equipment and equipment replacement, petty cash disbursements, mail room operations, and various company accounting and audit procedures. • Be an active participant in management discussions and policy decisions in all areas that may affect, however marginally, company security and safety.    While access to some of these areas may seem unusually liberal to the executive unfamiliar with the function of security, professionals in the security field can illustrate from examples the need for each of them. Obviously, the development of an effective, operations-integrated security function is almost as great a challenge as security’s assignment of loss prevention. Without the necessary access, information, authority, and contingency planning, the goal of an adequate security function can never be truly attained.

114. ORGANIZATION AND PLANNING Organization and planning for the security manager are as important as time management. Below are 15 questions you should ask yourself about organization and planning.

ORGANIZATION 1. Do I have a clearly defined organization structure? 2. Have I clearly defined the responsibilities of my staff? 3. Have I eliminated overlap, duplication, wasted motion, and unnecessary work? 4. Does my organization fit into my business plan? 5. Have I considered the organizational needs of my staff? 6. Do I secure participation from all my staff in establishing my organization? 7. Does my organization help maintain maximum productivity with the fewest people at lowest cost? 8. Do communications flow smoothly? 9. Do the appropriate people make decisions quickly and accurately? 10. Would my business run effectively if I were absent for a long period? 11. Have I identified the most qualified person in my business for every job?

PLANNING In making your life plans, ask yourself the following questions:    1. Do I know where I am now? 2. Do I know where I want to be? 3. Do I know how to get there? 4. Do I know the things I do well, and the things I do poorly?

116.  Paper Shredders

115. OUTSOURCING FOR A SECURITY PRACTITIONER The competitive nature of business in today’s environment operates in a rapidly changing arena. Companies are continually trying to find ways to increase quality internal services while reducing operating costs and overhead. The asset protection or security services a company seeks must be developed around a strategy that can efficiently deal with all of the concerns of the company at acceptable cost and compatible with its culture. If a company must answer management’s needs and provide support at a lower, fixed cost, it most definitely should consider outsourcing as a positive alternative. There is a need for technical and experienced knowledge when addressing specific concerns with a company’s operating environment. While the purpose of these comments is to provide positive reinforcement for the costs savings of outsourcing a security manager, you should identify the following considerations before considering outsourcing:    • An agreed-upon job description must be used as the basis for the expectations of the function. • Make sure to clearly state the goals and expectations for improvement of the identified concerns and the specific functions of the outsourced position. • Define the availability of internal resources available to the “rented” security manager and the levels of company confidential data that would be available to that person. • Establish a method of evaluation of the services performed and a pre-determined timeframe for analysis and review of performance. This is necessary as much for the company as it is for the outsourcing provider.    The forging of a strategic alliance with the company is understood in advance to be a cooperative arrangement. You should expect to receive expert and technical support for a reasonable cost with less direct operating expenses. The company is expected to provide the senior level management support and internal influence along with participation as appropriate to ensure that the outsourced security manager receives sufficient input, response, and support to accomplish the agreed-upon goals. This partnership is the foundation of a relationship which, when supported by performance and attainment of agreed-upon goals, could be a long-term partnership. This longevity offers additional benefit.

116. PAPER SHREDDERS Paper shredders have become very popular, not only for document destruction but also for “green” initiatives because the shredded paper is then recycled. There is a full-line of paper shredders on the market today, ranging from wastebasket size to large industrial types. They can be purchased and deployed according to need. Any department within an organization where there is confidential information should

169

170

150 Things You Should Know about Security

either shred documents themselves or contract that to a shredding company. A centralized copy department could pass all day-end confidential wastepaper through a large shredder. Smaller shredders should be placed beside decentralized copiers. Departments who process confidential information, such as research, sales, advertising, personnel, and engineering, to name a few, should have shredders. The following is a list of some documents that should be shredded before you recycle or dispose of them:    • Personnel records and files • Insurance forms and reports • Marketing and sales data • Financial information • Blueprints and designs • Production schedules • Bills of laden and material • Vendor lists • Obsolete forms such as old checks and purchase orders    Some organizations hire shredding companies to pick up their bags of sensitive documents to be shredded, but instead of shredding the sensitive documents immediately, the bags are taken to another location where they may remain unsupervised for days together before being shredded. This practice puts your sensitive, confidential information at risk. The good news is that there are some shredding companies, such as A Plus Paper Shredding119 in Louisville, KY, USA that do not simply “shred” your sensitive documents, but “pulverize” them in your parking lot as soon as they are removed from your business. Your sensitive documents are totally destroyed by being ground into small pieces so that there is no way they could be reassembled. Do not forget, that in California versus Greenwood,120 the Supreme Court ruled that when you voluntarily place your trash outside for collection, you have no reasonable expectation of privacy. This means that information in your trash is fair game to anyone, but privacy laws may make you vulnerable to lawsuits when sensitive records are disclosed to outsiders—even by accident.

117. GENERAL PERSONNEL SECURITY Home Depot has a sign at the entrance to its stores: “All our employees have been drug tested.” New employees must be advised of a company’s rules and regulations as well as drug and alcohol awareness and other educational programs. Your company’s policy should address unprofessional behavior, illegal, and unethical activities. 119 A

plus shredding. Retrieved from: www.apluspapershredding.com. versus Greenwood. Retrieved from: http://caselaw.findlaw.com/us-supreme-court/ 486/35.html. 120 California

117.  General Personnel Security

EMPLOYEE SCREENING Every aspect of the employee’s application must be checked for accuracy and completeness. Your objective is to remove the bad applications and reduce the company’s risks before a hiring decision is made.

Common Omission on Application

1. Application was not signed and dated 2. Education a. Falsely stated b. School, dates, and cities omitted c. Attended, but earned no degree 3. Gaps in application 4. Resume too big, too small, does not say much, poor profile 5. References and applicant’s employers not listed 6. Criminal background record, not answered    Based on your review of the application, you must make a determination as to whether or not to hire the individual. Points to look into:    1. Does the applicant have the education for the position? 2. Examine prior employment going back 7–10 years. 3. Background check must be reliable, relevant, and confirmed. 4. “Google” the applicant and check activity on social media. 5. Confirm qualifications, education, and employment history. 6. Check references.

Questions You Cannot Ask in an Interview 1. 2. 3. 4. 5. 6.

Religion Age or marital status Ethnic background and race Any disabilities Children and number of times married You cannot ask if they have been arrested, but you can ask applicants if they have been convicted of a crime.

Interview You have the application, the interview process, and you have verified prior employment and education and checked references, all of which will help you in deciding if you have the right candidate or not. Some additional factors you should be aware of are:    1. Civil Rights Law of 1964 (42 USC 200e, et seq.) 2. Title VII 3. Age Discrimination in Employment Act (29 USC 621 et seq.) 4. Fair Credit Reporting Act (15 USC 1681 et seq.)

171

172

150 Things You Should Know about Security

5. I nvestigative Consumer Report 6. Results from testing companies 7. National Labor Relations Act (29 USC 151 et seq.)

118. PERSONNEL SECURITY: TWENTY-FIVE THINGS YOU SHOULD KNOW The following list of items includes key points that should be known when investigating, interviewing, or reviewing candidates for employment.    1. The foundation of personnel security is to determine the attitude and honesty of employees. 2. Questions that cannot be asked of applicants include marital status, whether the individual has ever been arrested or has experienced having salary garnished, and if they own or rent their residence. 3. The Age Discrimination in Employment Act forbids asking the age or date of birth and using that information to make a hiring decision. 4. The key elements to focus on as reasons for refusal to hire are several jobs over a short period of time, salary reductions, or employment gaps. 5. There are three considerations when arming security personnel with weapons: a. What are the potential threats to the officer? b. What type of engagements or encounters will the officer face? c. What are the operational objectives? 6. The key objectives in the government policy in personnel security is to keep those people thought to be “risks” from performing in sensitive jobs. 7. The administrative reference to an individual who is granted access to classified information is called an agency clearance. 8. There are many government agencies that process requests for security clearance, including the US Department of Defense (DoD). 9. The two types of personnel security investigations are: a. National agency check b. Background investigation 10. To determine if a person has been naturalized as a US citizen, the records of the applicable US District Court are checked. 11. The Fair Credit Reporting Act was passed to ensure that the consumer reporting agencies apply reasonable practices to meet consumer credit needs. 12. The Reid Technique of Interviewing is frequently used to identify dishonest employees. 13. The Caldwell Report is a personality test that may be used when testing public and private enforcement personnel. 14. There are four critical considerations that are used when determining the quality of performance and/or service by security personnel and these are: a. Training received b. How selected initially

119.  Ten Things You Should Know about Fraud

c. Wage and supervision d. Job performance 15. When motivating night shift security personnel, you should make the assignment special, pay a salary premium, and stress the importance of the position. 16. The Bank Protection Act specifies that each institution must have a security officer but does not require one at each location. 17. Dishonest employees can cost employers twice the amount of losses due to burglaries, car thefts, and bank robberies across the entire country. 18. There are three principal reasons for inventory shortages: a. Documentation errors b. Shoplifting c. Employee theft 19. The single most important deterrent for preventing internal theft and loss is the background investigation and pre-employment screening. 20. A potential employer may reject an application due to a prior conviction for a property crime. 21 A potential employer may reject an application due to a prior conviction for moral turpitude. 22. It has been observed that 80% of persons acquitted or who had cases dismissed in the courts in the United States are rearrested within 30 months. 23. Employees should be interviewed behind closed doors whenever possible. 24. Aggressive, frustrated persons who determine that there is a low expectation of being caught will steal, according to a Yale University study. 25. Employee frustration and anger can be caused by poor supervision and unrealistic security policies and procedures.

119. TEN THINGS YOU SHOULD KNOW ABOUT FRAUD By James “Rick” Youngblood CPP CFE.

INTRODUCTION Fraudulent activity is an issue for individuals and all types of business operations from the small mom-and-pop store to the large Fortune 50 operation. The goal of those initiating and committing the fraudulent activity is to gain some type of monetary benefit. The goal of the targeted operation is to identify the threat, educate their associates to identify, and to eventually block the threat. Following is a discussion on the top 10 fraud-related issues present today: Employee integrity: All businesses need at least one or more employees to have a successful operation. The goal of the business owner is to hire, train, and place into their workforce an associate who has the best interest of the organization at heart.

173

174

150 Things You Should Know about Security

The goal of those looking to commit fraud, from the inside of an organization, is to simply get hired. From the standpoint of the potential fraud-driven employee, their goal is to get by any pre-employment screening processes and enter the organization’s work force. From the standpoint of any organization that is aware of the many aspects of fraud targeted at business operations, the goal is to begin their fraud awareness program at the front door of the operation. The employee fraud unaware organization is going to implement new hire screening procedures and practices that make other organizations a better conduit for internal theft and losses. The employee fraud aware organization is going to develop and implement the following new hire policies and procedures:    • An extensive new hire interview process. • A detailed and complete applicant background screening (these background screenings can be conducted by in-house personnel or through the services provided by professional organizations) • If possible, hiring organizations need to use the services of industry-specific head hunters. A large majority of head hunter operations have a vetted candidate pool of industry-known professionals. • Development and use of a new hire orientation process. The orientation process needs to ensure each new hire reads, understands, and signs organization-specific: • Mission Statement • Employee Code of Conduct • Conflict of Interest Policy    The goal of any organization is to attract and hire new associates that have been thoroughly vetted. These newly hired and screened associates also need to enter the organization with an understanding of the business takes and aggressive stance toward identifying and stopping internal fraud. Not providing potential fraud avenues: Business owners and managers all have to work within limited budgets for expenses, travel, associate education, and staffing levels. Based on the size of the business operation, departments within an organization can face the following issues:    • Can have a satisfactory budget that allows for adequate staffing levels where separation of duties takes place. • Have a restrictive budget that requires associates to wear one of many hats.    With the less restrictive staffing budget, many organizations can prevent the need to have associates wear many hats in the daily operation. Organizations operating under a more stringent budget normally allow employees to perform many functions throughout each business day. The hope being their associates operate above board and never fall to the temptation of fraud.

119.  Ten Things You Should Know about Fraud

A major area that needs to be avoided by organizations operating under tight staffing budgets is providing fraud avenues. These are avenues that would allow the associate the opportunity to recognize a fraud avenue and act. A good example of a fraud avenue is allowing a single associate to be in charge of both accounts receivable and accounts payable. With no oversight of their day-to-day activities, an associate can conceal unauthorized transactions while embezzling countless dollars from the organization. It is up to business owners, managers, and loss prevention personnel to look at employee job overlap activities to ensure that they are not creating potential fraud avenues. Job rotation: Irrespective of the size of the organization or the restrictive staffing levels, it is a good idea to institute some type of Job Rotation policy. A Job Rotation policy requires associates within a specific department to move from one job function to another on a set time frame. By establishing a Job Rotation policy, a business organization can prevent many of the following Fraud Avenues:    • A Job Rotation policy can prevent potential collusion between employees. Over time a couple of employees can become partners in crime and use their specific daily duties to conceal fraudulent activity, for example, Partner A working in the Accounts Payable area, with Partner B working in Accounts Receivable. A perfect partnership for collusion and fraud. • Job Rotation can also prevent creating certain levels of comfort in a position. An associate working for years in a specific department and performing the same daily duties can identify fraud avenues. An associate knowing, they will remain in their position for an extended period of time can act on a fraud avenue and conceal their activity. • Associates can develop relationships with outside vendors over time and act on an open fraud avenue, this avenue being the creation of a Kickback121 scheme. An associate and an outside vendor, both knowing there will be no change in company operating procedures, can create a situation that benefits both individuals involved.    The main goal behind establishing Job Rotation policies is to prevent potential fraud avenues. In addition to working to prevent potential fraudulent activity, the organization is rewarded with a more diverse and educated workforce. Mandatory vacations: Many work-related frauds are successful due to the criminal associate being allowed to remain in their position for an extended period of time. In addition to establishing a Job Rotation within the work place, it is also necessary to require all associates to take mandatory vacations. 121 Kickback—a

percentage of income given to a person in a position of power or influence as payment for having made the income possible: usually considered improper or unethical. http://www.dictionary. com/browse/kickback.

175

176

150 Things You Should Know about Security

Many managers will look upon an associate who works constantly and fails to take an annual vacation as dedicated and committed to the organization. In many instances, this practice could be true. However, for those committing fraudulent activity in the work place, their loyalty resides in keeping the crime hidden from prying eyes. For many office-related frauds, the offending associate needs to maintain an almost daily observation of their work practices to keep the fraudulent activity hidden. In an effort to prevent associates from hiding fraudulent activity, it is necessary that all associates are required to take an annual 2-week vacation. While the offending associate is out of the office, it is quite possible the house of cards they built through the fraudulent activity will crumble. Business owners and managers need to ensure the following:    • While employees are on their annual vacation, their work process continues by other associates in the office. • Associates on vacation are not constantly accessing company computer systems. • There is not an extended period of time between annual vacations. An employee taking a 2-week vacation in early January 2016 and not scheduling another vacation until December 2017.    In today’s world of telecommuting, business owners and managers need to conduct a fraud analysis of positions where associates operate from a home office. The analysis needs to look at each position through the eyes of a criminal and locate areas of fraud potential. This is necessary to ensure that there is a low threat potential for fraud and how to manage the position when the associate is on their annual vacation. Understanding sweethearting: Any business operating in a retail-type environment has to be concerned with the prospect of employee sweethearting. Sweethearting is the process of retail associates conducting their daily activity in what appears to be above board, while they are actually helping accomplices defraud the business. Some examples of sweethearting are as follows:    • Employee A is working as a bartender in a busy location. During a busy time frame an accomplice of Employee A takes a seat at the bar and consumes many drinks over an extended time frame. When the accomplice decides to settle their tab, they are charged for a single beverage. They usually pay the bill in cash, while leaving Employee A a very large tip. • Employee B is a cashier working at a retail establishment. An accomplice of Employee B enters the building and selects several items for purchase. The accomplice waits in line to be checked out by Employee B. Employee B simply rings up for purchase of a few small dollar items, while placing into the bag one or more high-dollar items. On face value, the transaction appears routine. In actuality, the retail establishment is the victim of fraud. • Employee C works in a restaurant-type establishment that offers a frequent customer reward program. A popular example would be a sandwich business and the customer receives a free meal after the purchase of a set number of

119.  Ten Things You Should Know about Fraud

sandwiches. Employee C can manipulate the rewards program and allow one or more accomplices to receive meal credits, while not making the required number of actual purchases.    The crime of sweethearting can take place in almost any type of retail environment and is up to the imagination of the associate and their accomplices. It is up to the owners and managers to look at the day-to-day operation through the eyes of a thief and identify areas of vulnerability. An educated fraud prevention–oriented workforce: Any business, no matter the size, needs to develop a fraud awareness and prevention posture that is not unique to the typical internal Loss Prevention (L/P) Department operation. Many business operations develop and use an aggressive L/P Department that operates as an island. These internal L/P operations work and operate somewhat independently from the main business. Although aggressive and successful, a majority of the organizations’ associates have no or very little interaction with loss prevention or security personnel. When any interaction does take place between associates and internal L/P personnel, it is after some type of loss has taken place. The loss can be the result of an internal fraud perpetrated by one or more associates or an event generated by outside sources. Irrespective of the need for a forced interaction between an associate and L/P, it typically results due to some type of loss taking place. A reactive response. In addition to the hiring organization developing a stringent new hire screening process and fraud awareness program, associate knowledge and assistance needs to become part of the overall loss prevention operation. Internal employee knowledge and assistance can be used by the L/P/Security Department in the following areas:    • The development of internal associate fraud discussion groups. These are groups developed with associates from various departments within the organization. The purpose of these discussion groups is to talk about areas of vulnerability within the overall organization and specific internal departments. Who knows better as to where the potential fraud holes are within a specific department than those conducting the daily operations. • The development of relationships between internal associates and L/P /security personnel. Internal L/P personnel need to get out of their offices and interact with associates at all levels of the organization. It is not beneficial if company associates only think of L/P personnel in a negative light. These individuals need to be looked at as part of the daily operation, who share the end goal of organizational prosperity. • By establishing quality relationships between L/P and company associates, the “what if” game can be played, creating discussions with the everyday company associates as to how they would steal from the organization. No one knows better the potential holes in departmental operations than those working in the day-to-day operation. • Developing fraud awareness training and educational programs. L/P /security personnel need to keep the company’s workforce educated on the latest fraud trends and how to recognize fraudulent activity.   

177

178

150 Things You Should Know about Security

Establishing fraud reporting avenues: Every now and then there is discussion in the news of how a Whistleblower reported on criminal activity in a private or government organization. Usually praised, the associate coming forward helps to uncover fraudulent activity within the workplace. In an effort to identity fraud in almost any type of business activity, business owners and managers should setup some type of Fraud Reporting Program. These programs are developed and well understood within the workplace. The goal being to provide associates an avenue to come forward with actionable intelligence on fraudulent activity in the workplace. To be successful, the Fraud Reporting Program has to:    • Be setup to where those reporting the information are provided a means of supplying detailed information. Not just an index card in a drop box that states “Joe Thief is stealing.” • Be acted upon. Success of a Fraud Reporting Program has to be shared with associates in the work place. By sharing the information, those reporting know their voice is heard and all associates understand that management is serious in containing fraud. The sharing process will also act as a future deterrent. • Be anonymous. Associates will not participate in any type of Fraud Reporting if they suspect their information and activities will be known among their coworkers.    Business owners and managers have two options, when establishing a Fraud Reporting Program:    • The program can be established in-house and operated through the L/P /security Department. Many of these in-house programs are successful. However, some may lack full participation with associates knowing there is no separation between the program and the business. • The program can be established through one of many third-party vendors that specialize in creating and maintaining Fraud Reporting Programs. If a decision is made to utilize an outside vendor, anonymity is vital.    Data breaches: Data breaches take place when an unsuspecting individual opens an attachment that is forwarded to them within an email or a link provided via a text message. The intent of those sending the link or attachment is to have the targeted individual click on the data line provided. Once the link or attachment is accessed, the device has unauthorized Malware/Spyware122 downloaded. The software is then used to access the internal computer systems of the individual or business operation. 122 Malware/Spyware

– Short for “malicious software,” malware refers to software programs designed to damage or do other unwanted actions on a computer system. In Spanish, “mal” is a prefix that means “bad,” making the term “badware,” which is a good way to remember it (even if you are not Spanish). Common examples of malware include viruses, worms, Trojan horses, and spyware. http://techterms. com/definition/malware.

119.  Ten Things You Should Know about Fraud

The discussed attachments and links are sent to unsuspecting victims through unsolicited emails and text messages. The delivery methods are referred to as:    • Phishing: Phishing takes place through the opening of unsolicited emails. The unsolicited emails will have a Subject line used to attract the attention of the recipient. The email can be formulated to appear to be from a trustworthy organization, financial institution, cell phone carrier, etc. The goal is to have the recipient believe the email is from a trustworthy source and follow the instructions provided. • Spoofing: Email spoofing is used to trick the recipient into believing they received an email from a trusted source. With a spoofed email the name of the sender in the From: line is from a person the recipient has corresponded with on a prior basis. The perceived sender could also be a name associated with the recipient’s friends on social media websites. The goal is to have the recipient believe a trusted friend or coworker sent them an interesting link, in which they click on. • Smishing: Smishing is a combination of phishing and Short Message Service or texting. With smishing the unsuspecting target receives a text massage that is sent from what they believe is a trustworthy source. Source line information could lead the receiver to believe a message was sent from their financial institution, utility company, workout facility, etc., the hope being the receiver follows the text instructions and clicks on whatever link provided. • Cramming: Cramming attempts are also delivered to unsuspecting targets via a text message. The recipient is led to believe that they have won some type of contest or prize. To collect on the potential reward, the recipient has to follow the instructions provided, usually by clicking on a link or attachment provided.    Irrespective of the delivery method used, the end goal is to gain unauthorized access to the electronic system targeted. Additionally, the recipient is led to believe the activity they used in response to a phishing, smishing, spoofing, or cramming scam is legitimate. Successful scams will put up no red flags on the part of the recipient. Social media conduit: A recent study revealed that:    • Almost 60% of workers aged 18–34 say that if their boss prevented them from using a mobile device and checking social media, they would quit123!    With the increase in data breaches taking place in business operations throughout the country, many avenues are created through social media accounts. A major concern for business owners and managers is the risk created from having associates checking social media accounts while at work. They also have to be concerned with associates using work-related laptops and cell phones during off duty hours to access social media accounts. 123  http://philadelphia.cbslocal.com/2015/07/08/3-on-your-side-many-millennials-would-quit-

if-not-allowed-to-do-personal-tasks-at-work/.

179

180

150 Things You Should Know about Security

Additionally, there is the issue of cross-contamination taking place between a personal cell phone that is used to check an office email account. The personal cell phone could have previously been infected, with the virus being transferred to the office system once the associate accesses a work-related computer system. Some interesting information on the receipt and transfer of phishing-type attempts is as follows:    • A 2015 Data Breach Investigative Report revealed that infected attachments accounted for 40% of the breaches, while an attached link represented 35%. • Roughly 23% of those individuals receiving phishing emails open the message and about 11% click on the link or open the attachment. • The study found the median time from opening the email to clicking on the link or opening the attachment was 1 minute and 22 seconds. After the phishing attempt gained success, about 75% of those victimized spread the virus to another victim within a single day.124    As previously discussed with the necessity to develop fraud awareness training programs, providing detailed discussion on data breach activity is necessary. Associates need to be made aware of the various delivery methods of Malware/ Spyware and how to avoid becoming a victim. It is also necessary that all business operations develop and adhere to policies regarding associates accessing social media accounts while at work and by using company-related electronic devices. Cyber attack disclosure: As previously discussed, criminals, foreign governments, as well as corporate insiders and outsiders use various techniques to hack into the internal computer systems of various types of organizations. The size and business specialty of the targeted organizations will vary, but the end game is the same. Those attempting to hack into an organization are looking to gain unauthorized and unknown access to the information contained in the internal computer systems. Some seeking the internal company information can be competitors looking to develop intelligence on development plans of a rival organization. A good example would be competitors in the drug development industry. Company A could be close to completing development on a top-of-the-line cancer drug. Company B, seeing a potential loss of market share to Company A from the release of a new cancer drug, could look to gain the upper hand on getting their competing drug to market. If Company B can gain unauthorized access to the internal research information on Company A’s cancer drug, they could potentially beat their rival to be the first to release their new product to the market. Although corporate competitive espionage does take place in various business markets, the main reason behind the hacking of corporate computer systems comes down to gaining access to internal employee and customer personal and financial information. The successfully hacked customer and employee information can be used to commit the crimes of identity theft and credit/debit card fraud. The main goal of all organizations is to protect the sought-after data from outside compromise and maintain the integrity of trusted information. 124 Data

Breach Investigative Report. https://msisac.cisecurity.org/whitepaper/documents/1.pdf.

120.  Physical Access Control

A disturbing trend that is taking place is organizations failing to disclose a data breach to the Securities and Exchange Commission, their investors, current and past employees, and customers. The rationale behind an organizations decision to not disclose a data breach resides mainly in protecting the overall integrity of the targeted business. An attacked organization could suffer loss of integrity in the marketplace, fear among employees/customers, and a loss of stock value. Whatever be the rationale behind a failure to report a successful data breach, a large percentage of the victims are the employees and customers.125 Both the employees and prior customers of a business that fell victim to a data breach will most likely follow down the path of fraud targets. Many individuals who target business operations in a data breach scheme are looking for a goldmine of personal and financial information of previous customers and current and prior employees. Individual and financial information collected from the hack is used to commit the additional crimes of identity theft, identity fraud, and credit/debit card fraud. Organizations that fall victim to a data breach owe it to their customer base and associates to report that an incident took place. This will allow the list of customers and associates a fighting chance to protect their good name and financial information.

120. PHYSICAL ACCESS CONTROL At any physical barrier, a security system must possess the ability to distinguish among authorized persons, unauthorized visitors, and other unauthorized persons. Such discrimination may be exercised by security or protection officers, by other access control persons, or by an automatic access control system. In general, discrimination is based on establishing one or more of the following:    • Identification: Who is the person (confirmation of identity, visually, aurally, by signature, or by comparison with previously stored physical characteristics such as fingerprint impressions)? • Passwords: What does the person know (a memorized combination or password)? • Cards and/or keys: What does the person have (possession of a key, card, smart card, badge, or other access control item)?

BASICS OF ACCESS CONTROL As a general principle, the simple possession of an access control item should not in itself grant access privileges to any sensitive asset because of the potential for forgery, counterfeiting, or improper use of access control items. A second principle of access control is that the more sensitive the asset, the more selective the access control mechanism must be—fewer individuals should have access to it. 125 When

to disclose you’ve been hacked. Wall St J September 20, 2016.

181

182

150 Things You Should Know about Security

A third principle, especially with regard to classified information, is that no person should ever be granted access to, custody of, or knowledge of a sensitive asset solely by reason of rank or position. This is a restatement of the familiar need-toknow principle.

121. PHYSICAL SECURITY: TEN THINGS YOU SHOULD KNOW 1. There are four types of fences: chain link, barbed tape, barbed wire, and concertina. 2. Federal specifications for a chain link fence are 8 ft, excluding top guard; nine gauge or heavier; and 2-in opening. 3. Two types of protective barriers are structural and natural. 4. Barriers are psychological deterrents geared to deter, delay, and supplement security personnel. 5. Fences and/or barriers control pedestrian traffic and vehicular traffic. 6. Categories of burglary-resistant glass: plexiglas, plastic glazing, and safety glass (UL listed). 7. There are six types of protection available for windows: two-track storm windows, double locks on windows, double locks on sliding glass windows (Charley bar and secondary lock), steel bars, mesh wire, and burglary-resistant glass. 8. The weakest point in the window is the glass. Beware that the putty may be removed on Monday and the glass broken or removed on Tuesday. 9. Doors come in different shapes and sizes from solid core, metal to hollow core, with hinges on the outside, with non-removable pins. 10. The types of door locks are dead bolt, double-cylinder keyed, single-cylinder keyed, and all with a 180-degree door viewer (peephole).

122. GLAZING (BULLET-RESISTANT AND BURGLARYRESISTANT GLASS) Two basic kinds of glass can improve security: bullet-resistant glass and burglar-resistant glass. UL Standards classify bullet-resistant glass into three types according to its strength against various powers of weapons and bullet caliber. Burglar-resistant glass, also UL listed, is available in polycarbonate and acrylic materials. Burglar-resistant glass is made of laminated construction, a tough plastic inner layer pressed between two sheets of glass. These products are expensive. However, in a high-crime area where attack is likely, the expense is cost-effective. An insurance premium reduction will make the expense even more attractive. “Smash-and-grab” attackers, besides burglars, are deterred by glass that is labeled burglar-resistant because it resists hammers, rocks, flame, and other techniques. Burglar-resistant glass is referred to as safety glass; the safety features are obvious in that the glass cannot shatter and cut people. Another type

123.  Privacy in the Workplace

of safety glass is the wire mesh type, which may appear to be strong, but is easily penetrated. Combined bullet-resistant and burglar-resistant glass is available.

123. PRIVACY IN THE WORKPLACE Has anyone ever reported to you, or you yourself indicated, that someone was observed or left indications that your personal work space had been violated, searched, or examined by fellow employees, management, or others? The media is continuously reporting on personal privacy issues, actual industrial espionage incidents, or simply acts of invasion motivated by curiosity or harassment. Employees and others have been known to plant microphones or clandestine listening devices in ventilating systems. A state-of-theart camera as part of your video surveillance system can be hidden inside fire sprinkler heads, for instance, to provide covert observation. Never put a camera inside a restroom, locker room, or in any other location where there is a reasonable expectation of privacy. The individual employee’s right to privacy over the past several years has become a major concern not only of the individual but also of unions, companies, courts, and the government, prompting numerous questions, polls, and surveys. The University of Illinois at Urbana-Champaign undertook a study and survey described in the following paragraph (published in the August 1996 issue of Security Magazine published by Cann).

INTRUSION OR NECESSITY126 Does your organization ever find it necessary to collect information without informing the employee? Yes 49% No 51% Does your organization ever check, verify, or supplement background information collected directly from personnel? Yes 75% No 25% Is the individual who is the subject of a background check always notified before such information is collected? Yes 74% No 26% How about afterward? Yes 37% No 63% Do you have a policy allowing the individual to have access to the information collected during a background check? Yes 42% No 58% Can the person correct or amend this information? Yes 75% No 25%    126 Security

1996.

Investigations: Basic Guidelines. ASIS International, 1991; Security Magazine, August,

183

184

150 Things You Should Know about Security

The Fourth Amendment of the US Constitution127 states: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” Note also that unreasonable search and seizure issues are covered under the 14th Amendment. There are many issues to be considered here:    • Reasonableness of the expectation of privacy • Probable cause • Suspicion of a crime • Violation of law    The concerns for these issues do not apply equally between public enforcement and private security. A private citizen is not restricted by the Fourth Amendment as it is wholly inapplicable to a search or seizure, even an unreasonable one, if done by a private person not acting as an agent of the government or public enforcement official. If, however, a private person acts as an agent of or is under the direction of the public or the government, the actions taken are not authorized and are illegal. A private person may pursue the same goals of public enforcement without the limitations of search and seizure laws in pursuit of evidence of an employee’s illegal activities or violations of a company’s policies and procedures. However, other rules involving specific laws or precedence concerning harassment and discrimination may restrict certain conduct by private enforcement. In conclusion, it is a mistake to assume that a reasonable expectation of privacy exists just because the location being searched is a personal office or workplace of an organization.

124. PRODUCT CONTAMINATION Over the past 3 decades, product contamination has become a concern to manufacturers and consumers. Companies have experienced, through costly incidents of intentional product contamination, that they are vulnerable and in most cases, unprepared for managing and recovering from the event. The media in particular, sometimes releases graphic details about contamination incidents that were both intentional and accidental. The results are predictable and frequently both helpful to the consuming public and damaging to the company. When contamination takes place due to employee error or some “natural” influence, it is considered not sinister and quasiunderstandable. However, when the contamination is criminally motivated or the actions are precipitated by terrorists, the contamination renders the company or manufacturing/distributor a victim as well. When such events occur, they always do so unexpectedly and are devastating. The damage to public image, harm to facilities and 127 U.S.

Constitution. Retrieved from: https://www.law.cornell.edu/constitution/fourth_amendment.

124.  Product Contamination

even employers, and damage to customers’ health—even death that may result—can overwhelm and even lead to failure of the business. The possibility of product contamination should be included in any crisis management plan that a company may have. Implementing such a plan is a challenge of major proportions since you can never know the extent or reach the contamination may make. The use of a simulation drill or management exercise can be a major influence on management and specific key employees when responding to a contamination. Determining the most efficient and effective course of action to be taken should not be done in a vacuum. A simulation drill can be an effective way to identify who the various key executive and support staff participants should be. There are a variety of scenarios that can help identify options and problem areas, galvanize internal communication and equipment needs, and identify external resources and event impact on the organization:    • Accidental manufacturing contamination • Deliberate contamination, either in manufacturing or on shelf • Sabotage • Extortion • Terrorism • Product failure • Process error    The devastating aspects of product contamination can be greatly reduced if the security practitioner works on three issues:    1. Proactively pursue elevating the awareness level of key operational and executive management. 2. Implement periodic risk assessments that specifically address the product contamination issues. 3. Create a complete security and asset protection program that encompasses all of the necessary elements to reduce risks and implement a crisis response.    These proactive steps can lessen the likelihood that a product contamination will occur and will also help the company be better prepared to deal with the aftermath, if it does occur.

PROPRIETARY SECURITY Answers to three key questions reveal the quality of an in-house protection program:    1. Does the program have good support from upper management? 2. Does the program have an adequate budget? 3. Does the program have the appropriate authority to fulfil responsibilities?    Any loss prevention manager would be delighted to have affirmative responses to all of these questions, although this is not the case in many instances. Whatever support and resources are available, proprietary security programs are characterized by the organization terms and practical management tools in the following list.

185

186

150 Things You Should Know about Security

BASICS OF ORGANIZATION: THE VOCABULARY Division of work: Work is divided among employees according to such factors as function, clientele, time, and location. Authority: The right to act. Responsibility: An obligation to do an assigned job. Power: The ability to act. Delegation of authority: A superior delegates authority to subordinates to spread the workload. A superior can delegate authority, but a person must accept responsibility. Responsibility cannot be delegated. Example: The sergeant delegated to his loss prevention officers the authority to check employee lunch boxes when employees left the plant. Chain of command: Communications go upward and downward within an organized hierarchy for the purpose of efficiency and order. Span of control: The number of subordinates that one superior can adequately supervise. An example of a broad span of control is one senior investigator supervising 20 investigators. An example of a narrow span of control is one senior investigator supervising five investigators. An adequate span of control depends on factors such as the amount of close supervision necessary and the difficulty of the task. Unity of command: To prevent confusion during an organized effort, no subordinate should report to more than one superior. Line personnel: Those in the organized hierarchy who have authority and function within the chain of command. Line personnel can include uniformed loss prevention officers, sergeants, lieutenants, captains, and other superiors. Staff personnel: Specialists with limited authority who advise line personnel. Example: The loss prevention specialist advised the captain about a more efficient method of reducing losses. Formal organization: An official organization designed by upper management whereby the “basics of organization” are applied to produce the most efficient organization possible. Informal organization: An unofficial organization produced by employees with specific interests. Example: Several employees spend much time together (during breaks and lunch) because they are on the company bowling team. Organization chart: A pictorial chart that visually represents the formal organization. Many of the “basics of organization” can actually be seen on organization charts.

125. REENGINEERING, DOWNSIZING, AND RIGHTSIZING: TWENTY-FIVE THINGS YOU SHOULD KNOW What is happening in business and why is the beleaguered security profession not grasping the change? Simply stated, if security and asset protection managers do not make adjustments to join the business mindset of their companies, they will be powerless to grasp the reengineered company. Initially, the pressure brought about by

125.  Reengineering, Downsizing, and Rightsizing

competition from the international community, a drive for quality in manufacturing and business services, productivity, and cost concerns, as well as the technological advances in business and industry, demanded that change come about. Something was happening after the Industrial Revolution era; it was ending. American companies that were implementing changes within their operating concepts began to experience a true competitive resurgence of their companies and the business they conducted. The late 1990s produced major changes and adjustments within this process. We learned that giant companies that were in trouble turned their problems around and experienced revitalization—companies such as Texas Instruments, Levi Strauss, Xerox, GTE, Shell Chemical, Pepsi, American Standard, Ford, and Aetna Life and Casualty. Listed below are 25 points that security professionals need to learn, understand, and accept.    1. A change of major proportions involves going from traditional work to tasks, processes, and group skills by teams. 2. Managers and supervisors in fewer numbers became coaches in a flattened organizational structure. Employees are members of a team. 3. Unnecessary tasks must be eliminated and others should be combined. 4. We need to become process oriented. A task or work activity performed by a single person should be grouped together to create a result of value. This is called a process. 5. Tasks and processes provide results or value to customers, both internal and external. 6. The security or asset protection manager must accept that the changes affect his/her internal customers. The people and assets and how they are protected become the security process. 7. We in security do our tasks or work well and effectively. The problem at times is that we are doing work we need not be doing at all. At other times, we should be doing other tasks and processes that we can add value to. 8. Three types of tasks/work: a. Value-adding work b. Non-value-adding work c. Waste 9. Concentrate on eliminating unnecessary tasks/work. 10. Combine various tasks. 11. Share information with all employees who are involved with a process. 12. Process management crosses existing boundaries in organizations. When this occurs, traditional managers adopt the new concepts or fail and fall by the wayside. 13. There is more empowerment to employees working on the front lines of industry. 14. Traditional companies that become process-oriented companies experience both problems as the old organization dies and the new one arises. 15. Process centering means that all the organization’s people change and all focus on the process.

187

188

150 Things You Should Know about Security

16. T  ransitioning from old to new or to process centering from the traditional organization takes place on the floors of the company, not in the executive suites. Management by walking around and becoming involved and coaching is really taking to the organization. 17. Focusing on process centering and customers, both internal and external, eliminates the traditional workers and job functions. Workers become “professionals.” These workers are not necessarily better; they are just different. 18. By redesigning and reengineering processes and companies, goals were established that reduced or eliminated non-value-adding work. Reengineering processes make jobs more enriched and complex. 19. The small job worker doing little tasks is going away. The jobs are bigger, more complex, and cover a wide range of tasks. 20. The “professional” worker or employee needs to understand and implement tasks that contribute to the big picture. With the workers in charge, they must understand what the business and customer goals are. 21. Security professionals need to understand the big picture. They need to understand what the business goals are, what their customer needs are, and just what the structure of the process is. 22. Employees will continue to perform tasks to please. 23. To support the process concept, internal managers need to determine customer needs, performance levels, and vision and goals. They need to adjust processes as needed, evaluate the results, and measure the process performance. 24. The goal of the organization is to create value for its customer. This is true for the manufacturing company, retail operation, or the security professional addressing his or her internal customers. 25. Win–win results or success comes from becoming a superior process performer. The first step is accepting change.

126. RETAIL SECURITY The losses due to customer and employee theft in retail operations, both large and small, in inner cities and suburbs as well as in rural communities, is in excess of billions of dollars all across the United States, according to the US Department of Commerce. Such losses due to theft and misappropriations result in lower profits and increased prices to the consumer and are a significant factor in retail bankruptcies. The large-scale losses from retail inventories of departmental stores, retail establishments, drug and food stores, and markets are outside the realm of customer theft alone and must be placed in the hands of internal employees working with vendors and suppliers as part of a conspiracy of theft and fraud. Shoplifting may be defined as when the book value of merchandise and products in inventory and on the shelves is less than records supported by actual sales and inventory on hand. Shoplifting may be caused by internal employees as well as by customers and is the most widespread crime affecting retail stores. In studies conducted in New York City 20 years ago, 500 shoppers were chosen at random,

127.  Retail Security Management

followed, and observed closely, and 42—or 1 in 12—stole something. Current data suggest a continuing, escalating problem. The shoplifters can be broken down into three groups: professionals who do it for a living, amateurs who would do it for a variety of reasons, and the sickness or uncontrollable impulse or urge to steal by the true kleptomaniac. In addition to the theory about internal employees causing inventory loss, there are the more obvious violent crimes of burglary and robbery, supplemented by bad checks, credit card fraud, and vandalism. Vandalism includes opening packages, removing certain parts and contents, defacing, and sailing or rough handling of merchandise. There are far greater crimes with serious liabilities associated for all parties concerned when product tampering becomes an issue. The motivation is not limited to just extortion and revenge but a wide range of political and social issues. This shall be dealt with elsewhere in this book. The following recommendations can significantly reduce losses from employee and customer crime and improve profits if they are applied conscientiously:    • Implement a professional level of property and asset protection programs. • Maintain an appropriate manager with a charter that provides he or she with the authority and adequate resources to implement the programs. • Prosecute thieves both internal, vendor, and customer based. Publicize your commitment to prosecute; it could be your strongest deterrent. Earn a reputation as an organization that is tough on thieves. • Take full advantage of public enforcement support and any services that may be available. Promote local anti-crime campaigns. • In association with aforementioned facts, cooperate with industry-sponsored crime reduction and prevention efforts. • Do not enter into the purchase of any merchandise or products for resale to the public that do not come from proven legitimate sources. • Screen all levels of employees. The investment in pre-employment screening cannot be emphasized strongly enough. It is the key to successful control and loss prevention. • Make all levels of employees aware of the importance of loss prevention through awareness training. Instruct on appropriate techniques to prevent opportunities to steal. Develop a high level of loyalty in your employees through the training efforts.

127. RETAIL SECURITY MANAGEMENT Much can and has been said about retail security management. We only want to raise five points:    1. Develop a culture of honesty. a. Create a corporate integrity statement. b. Issue a code of conduct to all associates. c. Establish an employee awareness program and anonymous hotline. d. Ensure that management leadership and open-door policies are maintained.

189

190

150 Things You Should Know about Security

2. Maintain a vigorous pre-employment screening program. a. Scrutinize all applications. b. Actively check professional references. c. Check criminal and credit histories. d. Consider integrity surveys. 3. Ensure compliance to procedural controls. a. Restrict/control access to sensitive assets. b. Require supervisor approval of sensitive procedures. 4. Maintain technological controls. a. Restrict/control access to sensitive assets. b. Deploy surveillance systems to high-risk areas. 5. Investigate all incidents and sanction all offenders. a. Maintain deterrence through consistent follow-up. b. Take civil and criminal action against offenders.

128. RISK ANALYSIS The process of security risk analysis must include a detailed assessment of the assets to be protected, the threats to those assets, the probability of those threats being realized, and the consequences of the resulting total or partial loss of that asset. The direct costs are relatively easy to determine. However, it is also important to consider the indirect costs such as goodwill and reputation, employee morale, and possibly missed business opportunities. Having taken all of these factors into consideration, you will have a much clearer appreciation of security measures that are appropriate to protect your assets.

SECURITY RISK MANAGEMENT Electronic security systems cannot be used in isolation; they must be part of a broader security risk management plan. There is no point having a sophisticated electronic alarm system if there is no policy in respect of its use. In a similar vein, an electronic access control system can be rendered useless if staff are not trained in its use and prop doors open. In protecting any organization, there is a need for three classifications of security:    • Software: policies, procedures, security awareness, training • People: guards, dedicated security personnel • Hardware: locks, alarm systems, access control, ID cards, safes    No one classification can be employed in isolation; each is dependent on the others for security to be effective.

128.  Risk Analysis

The vulnerability of particular assets will change from time to time, and an organization needs to be constantly monitoring and evaluating security. This does not have to be an onerous task and will serve to ensure that resources are directed to where they are most needed.

BUDGETING AND FINANCIAL JUSTIFICATION In these days of economic rationalism, all expenditures need to be justified and security is no exception. The problem with budgeting for security is somewhat like insurance, in that you rarely see the value other than when an incident occurs and losses are minimized by the existence of effective security systems. The most popular method of justifying large-scale capital expenditure on electronic security systems is through cost-benefit analysis. By way of example, consider the situation where a guard force is employed to check the identification of personnel entering a secure area. The cost of the security personnel in this example might be $140,000 per annum. By introducing an electronic access control system these costs can be reduced to $40,000, with the guard force being used to supplement the electronic system. If the access control system costs $500,000 to install and it were to have a life expectancy of 10 years, the resulting savings to the organization is $1,000,000 over the life of the system. Thus the cost-benefit ratio is $500,000 to $1,000,000 or 0.5:1, easily justifying the expenditure. Where it becomes more complicated is in situations where you are attempting to calculate the likely losses compared with the cost of protection. This process must consider all of the likely risks to the asset being protected, and any consequential implications of introducing the new security measures. For example, it might seem cost-effective to secure leather jackets by cables and clamps to protect them from shoplifting, but this does not necessarily prevent theft by staff and the security measures employed may reduce sales of the jackets. If the security risk analysis has been carried out correctly, then justifying the security budget becomes much easier, as you will be able to support your proposals in a manner which senior management and the accountants understand—dollars and cents and their effects on the bottomline.

RISK FACTORS128 For any corporation, risk factors are broken down into the following:    • People: employees, staff, vendors, and visitors. • Property: buildings and their contents. • Protection of proprietary information, company secrets, and data. • Protection of company’s reputation. This adds to profits and growth.    128 R

Draper. Australia: International Security Management & Crime Prevention Institute.

191

192

150 Things You Should Know about Security

The following is an example list of risk factors for a library: Inventory of the collection Theft from the collection Internal theft Access control Key control Hardware corrections for internal doors Awareness on the part of staff Transportation of books to storage Fire prevention

Marking of property Mutilation of books or vandalism Physical security Electronic Perimeter doors alarm system Environmental controls Awareness on the part of security Changing of climate control Insurance coverage

Proper protection to works on display

Laptop computers

129. ROBOTS AS SECURITY DEVICES Having robots supplement loss prevention personnel is not futuristic speculation: robotic technology is here today. These devices are capable of traveling around a facility to relay information back to a control center staffed by a human being. Some present-day robot characteristics are video surveillance, lights, infrared sensors to detect movement, communications equipment that allows the human at the control center to speak through the robot, a piercing siren and bright light to stun an intruder, and an extinguisher to suppress a fire. The robot’s greatest asset is that it can enter hazardous areas that would be dangerous to human beings. Consider that a robot can be used to confront an armed offender, or during a nuclear accident, bomb threat, or fire. Robots can be replaced; humans cannot. Robots are also repairable, but humans suffer from injuries. The losses from the death of an employee are far greater than those from a destroyed robot. The use of robots will expand in the future, especially when they are mass produced at lower prices. The robots of tomorrow will be more sophisticated and better equipped. Perimeter patrol, access control, searching people and other robots, detaining offenders, analyzing loss vulnerabilities, and performing inspections and audits will be standard jobs for robots. They will eventually outperform humans. Flying, carrying, and pulling huge loads, and the ability to see, hear, smell, taste, and touch with greater perception than humans are inevitable capabilities. Lawsuits involving the liability of a robot’s owner for, say, excessive force against an offender, will be common, but humans must be ready to “pull the plug” on a robot when necessary. Additional information on robots from Knightscope are presented in the following sections.

PRODUCT AND SERVICE129 Knightscope provides its technologies on a Machine-as-a-Service business model to clients needing to enhance their security operations. Knightscope believes that the 129  https://www.seedinvest.com/knightscope/series.m/gallery?utm_source=Mailchimp&utm_

campaign=Email4&utm_medium=KIIndustry website, January 2017.

129.  Robots as Security Devices

technology reduces the cost, time, complexity, and stress of deploying traditional security commodity solutions. Knightscope provides ongoing software, firmware, and hardware upgrades free of charge so that clients can keep up with the pace of innovation streaming out of Knightscope’s headquarters in Silicon Valley.

AUTONOMOUS DATA MACHINES Knightscope builds and deploys autonomous data machines (ADMs). Both the Knightscope K5 robot (outdoors) and Knightscope K3 robot (indoors) operate autonomously but can be monitored by authorized personnel.    • K3: The indoor robots patrol interiors such as sports arenas, shopping malls, and office buildings. • K5: The K5 Knightscope robots are best suited for larger outdoor spaces. K5 works together with human surveillance to keep areas such as parking lots, corporate campuses, hospitals, and outdoor malls safe autonomously.

K3 AND K5 FEATURES • 360 degree video: The K3 and K5 ADMs capture video from all angles and stream in HD. 360 degree video footage is viewable by all authorized personnel. • Two-way audio: ADMs are equipped with speakers and microphones that allow intercom conversations between the security operations center and a person near a robot. Additionally, users may broadcast pre-recorded and live audio (public address) messages through one or multiple robots from anywhere in the world. • Thermal imaging: Knightscopes run thermal imaging and can push an alert at a certain threshold, but they also capture data for historical analysis or pattern recognition. • Data collection: The ADMs generate over 90 terabytes of data per machine, per year, providing an unprecedented ability to understand an environment at all times. The goal is that over time, the ADMs will be able to “see, feel, hear, and smell” enabling a unique approach to sensor fusion and analytics.

KNIGHTSCOPE SECURITY OPERATIONS CENTER • Data is accessible through the Knightscope Security Operations Center (KSOC), an intuitive, browser-based user interface. Both the K3 and K5 integrate the 90 terabytes of data generated each year per machine into one comprehensive browser-based and mobile-based user interface through the KSOC. • Clients can recall, review, and save the data for forensic or event-documenting purposes. And with Knightscope’s mobile apps, a security professional can have the power of the technology at their fingertips. As we drop new software code every 2 weeks and new hardware every few months, our clients also enjoy unlimited free software, firmware, and hardware upgrades.

193

194

150 Things You Should Know about Security

130. THE ROLE OF RISK MANAGER The risk manager’s job varies with the company served. He or she may be responsible for insurance only, or for security, safety, and insurance, or for fire protection, safety, and insurance. One important consideration in the implementation of a risk management (or loss prevention) program is that the program must be explained in financial terms to top executives. Is the program cost effective? Financial benefits and financial protection are primary expectations of top executives that the risk manager must consider during decision-making. The activities of the risk manager should include: developing specifications for the desired insurance coverage, meeting with insurance company representatives, studying various policies, and deciding on the most appropriate coverage at the best possible price. Coverage contract such as workers’ compensation insurance and vehicle liability insurance may be required by law. Plant equipment should be periodically reappraised to maintain adequate insurance coverage. Also, the changing value of buildings and other assets, as well as replacement costs, must be considered in the face of depreciation and inflation. It is of tremendous importance that the expectations of insurance coverage be clearly understood. The risk manager’s job could be in jeopardy if false impressions are communicated to top executives who believe a loss is covered when it is not. Certain things may be excluded from a specific policy that might require special policies or endorsements. Insurance policies state what incidents are covered and to what degree. Incidents not covered are also stated. An understanding of stipulations concerning insurance claims, when to report a loss, to whom, and supporting documentation, are essential to not invalidate a claim. During this planning process, loss prevention measures are appraised in an effort to reduce insurance costs. Because premium reductions through loss prevention are a strong motivating force, risk managers may view strategies such as security officers as a necessary annoyance.

131. CRIMES DEFINED130 Crime is defined as an act prohibited by a law to which there is a penalty. Keep in mind that some of the specific elements of crimes may vary from state to state or from country to country. This section describes eight common definitions we feel you should be aware of: Robbery: “the crime of taking or attempting to take anything of value by force, threat of force or by putting the victim in fear.” Burglary: “entry into a building illegally with an intent to commit a crime, especially theft. Larceny: “theft of personal property.” 130 Definitions.

Retrieved from: http://thelawdictionary.org/.

132.  Safe Schools

Disorderly conduct: “unruly behavior constituting a minor offense” Rape: “the crime of using force or the threat of force to compel a person to submit to sexual intercourse.” Felony: “a crime, typically one involving violence, regarded as more serious than a misdemeanor, and usually punishable by imprisonment for more than 1 year or by death.” Misdemeanor: “minor wrong-doing - less serious than a felony.”

132. SAFE SCHOOLS A number of school districts across the United States have implemented educational and behavioral programs and strategies in an attempt to counter the rise of crime and violence in the schools. Some of these programs work well; others are still being evaluated. Most will need time, reinforcement, and participation to have an effect on the root problems. Following are some of the programs that schools implementing to test their effectiveness:    • Alternative programs or schools • Curricula • Human/ethnic sensitivity training • Implementing and enforcing discipline policies consistently and fairly • Teaching conflict resolution and problem solving to students and teachers • Drug education programs • In-school suspension • Truancy abatement programs • Partnerships • Parental support and involvement programs • Peer mediation training • Life skills training (empirical data shows great promise) • Anger management • Saturday detention • On-site probation officers • Student courts • Adopt-a-student programs • Mentoring programs • After-school activities • Intramural sports in middle/junior high schools • Community involvement initiatives • Strengthened relationships with juvenile courts, human service, and law enforcement • Educating the community about school problems • Educating the media about problems and proactive efforts by schools • Establishing zero-tolerance policies

195

196

150 Things You Should Know about Security

• Teaching more effective classroom management skills • Teaching non-verbal message skills • Reporting, collecting, and analyzing incident data    Integration is a popular buzzword in the security industry today, particularly where it relates to schools. It often has to do with combining an alarm system with other systems, such as energy management, access control, identification badges, and video surveillance. Integration must also be applied to the security and behavior policies and procedures of the school to ensure that there is a holistic approach to security. Security should be a requisite component of education.

133. SECURITY ASSESSMENTS Vulnerability assessment; security survey; security assessment; risk assessment; inspection. Are all these saying the same thing, or is each term is different? You decide. A vulnerability assessment is a risk management methodology for examining and assessing security risk, threats, and vulnerabilities that exist within an operating entity. A security survey is a critical on-site examination and analysis of an industrial operation, business, home, public, or private institution to ascertain the present security status, to identify deficiencies, to determine the protection needed, and to make recommendations to improve the overall security. A security assessment is performed to identify the current security of an organization. The assessment provides recommendations for improvement, which allows the organization to a reach security goals that mitigate risk. A risk analysis/assessment is the process used to establish priorities to protect corporate assets. An inspection is routinely conducted by trained security or protection officers who are on patrol. In conducting your survey, consider the following factors:    1. The hardware on all doors and windows 2. The access control on every door and every window 3. Key control 4. Alarms: fire and intrusion, every point 5. Risk factors 6. Identification and protection of assets 7. Parking lot and perimeter lighting 8. Video surveillance and security officers 9. Shipping and receiving 10. Characteristics of the complex 11. Crime analysis 12. What are the concerns of management or why did they ask for the survey?   

135.  Security Management

Finally, you look at the specific vulnerabilities of the organization, the cost to implement the recommendations as opposed to the benefits, the environment where the organization is located, and the crime/incident report data.

134. BIOMETRICS USING HAND GEOMETRY The hand geometry concept was developed by David Sidlauskas in 1985 and was first used commercially in 1986.131 Hand geometry devices measure and record the length, width, thickness, and surface area of the hand by inserting your hand, palm down into the device. Your hand is guided into the correct position in the device by five pegs. The device then measures the length of the fingers, the distance between the knuckles, and the height or thickness of the hand and fingers and compares it with the measurements within the device.132 Hand geometry can be used in many different applications, such as colleges and universities, casinos, drug enforcement facilities, stock rooms, banks, correctional institutions, insurance companies, and manufacturing complexes, to control access into a building or to control access into more secure area within a building. This eliminates the need for a key or access control card. Geometry systems have been used at the Olympic Games to control access into the Olympic village and also at Walt Disney World. Many times, hand geometry devices are preferred over other biometric systems because they are considered the least intrusive.

135. SECURITY MANAGEMENT Despite the importance of security in today’s world, security has yet to become totally accepted by all organizations. The successful practice of security requires extensive specialized knowledge as well as a full range of general management skills. The field has witnessed some progress in the past 15 years toward establishing its body of knowledge, developing formal academic programs, and establishing a professional certification program. However, the two biggest obstacles to security’s acceptance as a profession remain. They are:    • Erroneous perceptions of the field • The lack of a structured prerequisite to practice    131 Hand 132 Ibid.

geometry. Retrieved from: http://www.biometrics.gov/documents/handgeometry.pdf.

197

198

150 Things You Should Know about Security

The types of knowledge and skill required for a security professional are as follows:    • Familiarity with physical security devices and controls and their uses is one of the most obvious. What may not be so obvious is the breadth of that subject. By itself, physical security occupies many specialists full-time. Access controls range from simple locks to complex electronic systems. There are more than 150 categories of access control equipment. • Security professionals must also be aware of legal considerations and labor relations issues and how they affect security policies and practices. Legal requirements and government regulations unique to the particular industry must be known. And let us not forget the potential for conflicts between the organization’s need for security and the individual employee’s right to privacy. The various influences of specific company cultures have a serious impact on the type of program implemented. Procedural knowledge is yet another requirement for security professionals. Security surveying, vulnerability assessments, risk analysis, personnel screening, training, loss reporting and analysis, investigative techniques, contingency planning, and much more as they pertain to security must be learned, applied, and skillfully implemented.    Like many other professions, you cannot commit to memory all that there is to know and all that is available to solve problems. What you need to know is where to look for the right information and how to apply it. Any security practitioner who is unable to transcend the “company cop” mentality and deal with business associates as a business manager will fall far short or fail altogether to provide effective security for his or her employer. Unlike other professions such as purchasing, finance, and human resources, where the application of basic fundamentals are much the same from one organization to another, security departments differ considerably from one organization to another. What you do as a security professional in a research and development operation versus a high-risk office complex are obviously different, even though accomplishing the same goals of prevention and protection of assets exists, but the application is different.

WHY IS PROFESSIONALISM IMPORTANT IN SECURITY? The role of security has taken on a much greater importance over the past 20 years. Lives as well as organizational survival often depend on the effectiveness of the individual security manager. For this reason alone, we need competent professionals in security. Private security as we know it originated as a department of defense (DoD) requirement. Originally, the only function was the safeguarding of government-classified information. Security was considered only as a cost of doing business with the government. As long as government inspections were satisfied, nothing else needed to be done, security managers were rarely asked to provide total security solutions for a given plant or facility.

135.  Security Management

The social unrest, the threats of terrorism, and the changes in the social climate have resulted in new demands on security managers. Public law enforcement has been asked to provide increased protection while being asked to operate with reduced funds and fewer personnel. As a result, much of the burden for protection and prevention has shifted to the private sector. The rising need for protection cannot be handled by the public sector alone. Security has been playing an expanded role over the past several years. Despite all of this, security professionals are not being given carte blanche to accomplish their mission within the corporate structure. They must compete with all other managers and disciplines for resources.

WHY IS SECURITY NOT WIDELY ACCEPTED AS A PROFESSION? People are not knowledgeable about what security professionals do, primarily because security practitioners have not actively publicized their roles within their organizations. By the nature of their positions security professionals tend to work without great fanfare or display and often accomplish their tasks behind the scenes. Security professionals talk very well among themselves but have difficulty outside their own spheres. Even the public sector of enforcement does not really know or understand the private security discipline. The common misconception among law enforcement is that the private security sector is unprofessional and unreliable and “just security guards.” Misconceptions have been perpetuated largely because the public’s perception of security most often results from contact with uninformed personnel and news reports of security errors and tragic mistakes. Most activities for which security professionals are involved are seldom seen or known by the general public or widely within their own companies. Educating the management team about security and all its complexities is an important task. A lack of understanding of what security really is often leads management to hire poorly qualified people to fill incorrectly defined jobs. The end result is often that executive management becomes dissatisfied with the security profession for failure to fulfill expectations. Management’s lack of understanding causes them to have a false impression that any public enforcement background can perform key private security functions without additional specialized training and experience. This pattern of misinformed hiring of persons with only public enforcement, government intelligence, or investigative background contributes to the misconceptions about the security profession. Many people rush to asset protection and security as a second career. They assume there is little or no difference between what is done in public enforcement and what is done in private security. In doing so, they are committing an injustice to the profession and to themselves, and on frequent occasions, their failures adversely affect private sector practitioners. That is not to say that there are not many individuals from public enforcement backgrounds who can quickly make the transition, but there are many who do not, and they convey an erroneous impression of what security is all about.

199

200

150 Things You Should Know about Security

The private sector’s goal is the prevention of crime and the protection of property, but the public sector’s primary focus many times is on investigating, apprehending, and prosecuting. Another significant difference is that the private sector has fewer rules and regulations to guide our conduct, whereas in the public enforcement, most action taken is as a result of laws, regulations, and codes of conduct. In the last instance, the public sector can be considered more of an exact science than we can in private security. What can we then expect and what should we be thinking about to break our profession out of this apparent holding pattern we seem to be stuck in for the past several years? We need to lose the thought that management will always need to have security and rely on that only to save our profession especially when competing internally for company support and resources. We need to accept that we are not being singled out as a discipline to be cut back in financial support—reduced headcount and a lack of general inclusion in the overall business plan. Forget the emotional reactions involved here and respond with professional arguments and business justification. Learn to demonstrate your value by your service and control contributions to the overall business goals. Quantify your contributions. You are in competition for your justified share of the company’s operating budget. Demonstrate how your goals tie into the company’s business plan. Know that your company is your customer and you are trying to sell your services. Liability on the part of corporate America to provide a safe and secure workplace will have more of an impact on the security profession as we proceed into the 21st century. To keep abreast of change and make yourself more valuable, make sure to adhere to the following guidelines:    • Learn to provide security service and support with cost-effective programs. Build more technological integration—more innovative and creative use of hardware—into your operational plan for security. • Learn to use your own internal systems and resources in support of your security goals and objectives. Do not be the one who is always responding to internal requests for support—ask first. Become assertive in your requests for internal resources. • Accept that domestic and international terrorism will continue to affect morale if you and your employees will be called upon to deal with it directly and in cooperation with others within your company and the communities where you are located. • Accept and be receptive to the inevitable—you cannot, nor should you, hold back standards, regulations, and licensing for the security industry. • Learn to accept graciously positive exposure. Stand up for and accept recognition for accomplishments that you deserve. Sell the discipline and yourself as a professional contribution to business success. • Work at finding entry-level jobs for the young who are following our direction and seek to become educated in asset protection. They are the downsizing trends for security as we have seen it develop over the past few years. We need to encourage, develop, and grow the future for them.

136.  Protection of Sensitive Information

136. PROTECTION OF SENSITIVE INFORMATION We begin with generally accepted definitions of trade secrets, US government classified information, industrial espionage, proprietary information, and patents. Trade secrets133: A trade secret is information that is important to the business or company and is not known to the public. It is a term often used to cover information that has commercial value. A trade secret can include, for example, a method or technique that would give a business or company an edge over its competitors. Patent134: A patent is a right granted to the owner of an invention that prevents others from making, using, importing, or selling the invention without his permission. A patentable invention can be a product or a process that gives a new technical solution to a problem. It can also be a new method of doing things, the composition of a new product, or a technical improvement on how certain objects work. Once granted, the term of a patent is 20 years from the date of filing, subject to the payment of annual renewal fees. Patents are defined as government grants given to inventors exclusively to make, sell or use his or her invention for a term of years. US government classified information: It is official government information, data, or material that requires protection against use or disclosure in the interest of our national defense. There are three categories of classified information: confidential, secret, and top secret. Industrial espionage135: Industrial espionage is the theft of trade secrets by the removal, copying or recording of confidential or valuable information in a company for use by a competitor. Industrial espionage is conducted for commercial purposes rather than for national security purposes. The following are some of the elements that require protection in business and industry:    • Design information • Sales/marketing strategy • Testing and experimentation results • Manufacturing and production plans • Formulas and raw material • Componentry    The methods of obtaining information through industrial espionage are:    • Examining trash and industrial waste (see section on paper shredders) through undercover operations including actual employment • Use of electronic listening devices • Wiretaps • Through customers, clients, vendors, and subcontractors.    133 IPOS.

Retrieved from: http://www.ipos.gov.sg/aboutip/typesofipwhatisintellectualproperty.

134 Ibid. 135 What

is industrial espionage? Retrieved from: http://www.investopedia.com/terms/i/industrialespionage.asp.

201

202

150 Things You Should Know about Security

To prevent or reduce the loss of sensitive information, a company must start with a proprietary security program that includes pre-employment screening, policy and procedures and access control, control of waste and destruction of trash, secrecy agreements, security awareness, and due diligence investigations and audit. Below are the 25 key points concerning the protection of sensitive information:    1. The main reason for the loss of sensitive information is unadvertised disclosure. 2. The Omnibus Crime Control and Safe Streets Act of 1968 prohibits the manufacture, distribution, possession, and advertising of wire or oral communications interception devices. 3. A pen register is used to monitor telephone calls and provide a list of telephone numbers called from the specific line. 4. A controlled area to safeguard classified information and material is called a closed area. 5. Information or material that, if disclosed, could reasonably be expected to cause identifiable damage to national security is classified as confidential. 6. Multiplexing is the process of combining a number of transmissions into one composite signal sent over one link. 7. The most secure scrambler in common use is the vocoder. 8. The designation given for classification of significant military plans and/or intelligence operations is secret. 9. The designation given to information or material that, if disclosed, could be reasonably expected to cause exceptionally grave damage to national security is top secret. 10. DoD regulations require that contractors have procedures that require employees who discover a loss or compromise, or are suspicious of either having taken place concerning classified information, report such concerns or knowledge to the nearest Federal Bureau of Investigation (FBI) office. 11. Combinations to safes, containers, vaults, and other methods for securing classified or proprietary information should be changed at least once per year. 12. Any documents classified as confidential shall exhibit that marking at the top and bottom of the page. 13. Documents or material received from a foreign source should be classified from the foreign contracting authority. 14. DoD regulations require that contractors’ top secret records be maintained for 3 years. 15. DoD regulations require that destruction of classified information can be accomplished by burning, mutilation, chemical decomposition, and melting. 16. A contractual employee may have his or her security clearance in effect so long as they are employed by the particular contract according to the DoD regulations. 17. DoD regulations require that to be eligible for a personnel security clearance for confidential information, a person must be 16 years of age.

137.  Transportation Security

18. A  ny automatic data processing (ADP) system that allows all users access to the system shall have a security clearance for the highest classification. Most restrictive types of information contained within the system are known as “system high security mode.” 19. The ADP system security supervision or designee shall review the audit trail logs at least once per week. 20. Proprietary information is anything of relevance to a business, group, or enterprise that involves its operations or status that they do not want publicly disclosed. 21. Compared with other classified information, trade secrets are consistent or continuously used and are not known to others. It can be a formula, process, plan or marketing, or client lists. 22. Secret information does not have to be specifically identified to be trade secrets. 23. If there is an absence of evidence that an owner of trade secrets has taken reasonable precautions to protect and safeguard confidential information, then disclosure may be assumed to be inadvertent or innocent. 24. The person(s) under obligation/duty to safeguard a proprietary secret is called a fiduciary. 25. There are dangers when enforcing confidentiality agreements in the courts, and these may include: a. Divulging or exposing trade secret data in open court. b. The owner of the secret might lose. c. The litigation defense costs would be excessive or high.

137. TRANSPORTATION SECURITY Billions of dollars are lost annually to theft during the movement of merchandise and materials. This is a shared responsibility between the shipper/manufacturer, carriers, and the consignees or receivers of goods being moved both domestically and internationally. If certain security requirements are met and maintained throughout the supply chain, companies can be a part of the Customs Trade Partnership Against Terrorism (C-TPAT), which is a cooperative agreement between the trade community and the US Customs Service to develop, enhance, and maintain effective security processes throughout the global supply chain and effectively manage the US border. The following can participate in the C-TPAT program:136    • US Importers of Record • Carriers (highway, rail, sea, air) • US Marine Port Authority/Terminal Operators 136 C-T PAT: Customs trade partnership against terrorism. Retrieved from: https://www.cbp.gov/ border-security/ports-entry/cargo-security/c-tpat-customs-trade-partnership-against-terrorism.

203

204

150 Things You Should Know about Security

• US Air Freight Consolidators • Ocean transportation intermediaries and Non-Vessel Operating Common Carriers • Mexican and Canadian manufacturers • Licensed US customs brokers    C-TPAT is part of the DHS and is the largest government–private sector partnership to emerge from the terrorist attacks on September 11, 2001. The risks associated with goods in transit primarily center around accurate documentation and security controls. The transit manifest should include identities of all personnel who move or have custody of the specific shipments and all descriptive data, including marks and labels, serial numbers, weight, cube, quantity and the serial number of the safety device, such as the security seal. It is important to note that security officers are part of this process and must be trained on C-TPAT procedures. If movement occurs with hard copy documentation, then all hand notations, including signatures, should be made in ink and legible. Since all documentation is valuable, you must limit access. You must be able to audit the process for strict accountability. The movement of all types of conveyances used to transport or move merchandise or cargo should be under strict accountability. All related personnel and vehicles must be strictly controlled. This includes the use of entry/exit logs, visibly displayed employee identity cards, control procedures for keys and access control cards, controlled visitor passes, appropriate fencing, adequate lighting, and security seal controls. The C-TPAT compliance criteria include written and verifiable processes for determining risk throughout the supply chain and the selection of business partners. Physical security, personnel security, and information security procedures must be implemented and maintained. . High-value cargo in transit or storage must be placed in controlled areas; they should be sealed, locked, and audited when accountability is transferred as conditions may permit. Under ideal conditions, merchandise in transit is under physical or electronic surveillance or control. All or limited access to goods/cargo in transit or storage must be enforced. In addition, since the merchandise is under strict control, you must validate all vehicles, operators, cargo handlers, or others who may have access to the merchandise. This includes government officials as well as security, management, crew, and all others as conditions permit. When using locks on equipment or containers, use only changeable-core, casehardened, and seal-compatible locks. The key control associated with locks is as essential to the integrity of the process as is anything else in the physical security of the cargo. The use of kingpin or “pin” locks for container frames and/or trailers when not in transit is highly recommended. When cargo containers are used and when conveyances are released for any combination of transportation means available in the movement of cargo, it is highly recommended, and frequently it is mandatory that seals be used. When using seals, make sure to follow some basic rules to obtain maximum control and deterrent results:    • Serialized seals that are securely stored. • Identified with the company or transporter. • Serial numbers appear on documentation.

139.  Sexual Harassment

• Be tamper resistant. • Be affixed when cargo count is agreed upon. • Control of seals in purchase, storage, and use should be under tight controls and accountability. • Any breaking of seals in transit for any reason, official or otherwise, must be immediately reported/documented. Resealing must occur as soon as possible. • Use reputable vendors or suppliers.    These are but a few of the controls that when applied, will reduce the risks associated with merchandise or cargo in transit. Prudent managers must acknowledge that cargo is most valuable when it is under the least amount of control. Therefore, cooperation and communication are essential between all parties involved in the process.

138. SETTING SPECIFICATIONS AND GETTING BIDS FOR SECURITY COMPONENTS Once you have determined your requirements, you are ready to draft your final specifications and start taking bids. At minimum, those specifications should include:    • Equipment requirements • Installation services • Fee-based training services • Ongoing maintenance services • Communication services (optional)    Do not be surprised if specific system changes are made during the bidding process. Keep an open mind. Often dealers and installers are aware of aspects of projects that might not be readily apparent to individual buyers. On the other hand, your prior research should guard you against being pushed into accepting unneeded equipment. Working with a system design consultant will further buffer you against a last-minute oversell. Always include the cost of training in the installation contract. The dealer (possibly together with the equipment manufacturer) must provide training on a fee basis. Before you finalize the contract, check to see that the training programs offered are effective and respond to individual needs. Remember that installation and maintenance manuals do not provide enough information on how to properly operate equipment. The best way to learn complex tasks is to have other people show you how things are done.

139. SEXUAL HARASSMENT Sexual harassment often involves relationships of unequal power. Such situations may contain elements of coercion, such as when compliance with requests for sexual favors becomes a criterion for granting privileges or favorable treatment on the job.

205

206

150 Things You Should Know about Security

However, sexual harassment may also involve relationships among “equals,” such as when repeated advances or demeaning verbal comments by one coworker toward another coworker have a harmful effect on a person’s ability to perform his or her work. Sexual harassment can also involve employee behavior directed at non-employees or non-employee behavior directed at employees. Ten examples of sexual harassment include, but are not limited to:    1. Repeated unwanted sexual flirtations, advances, or propositions 2. Continued or repeated verbal abuse or innuendo of a sexual nature 3. Uninvited physical contact such as touching, hugging, patting, brushing, or pinching 4. Verbal comments of a sexual nature about an individual’s body or sexual terms used to describe an individual 5. Display of sexually suggestive objects, pictures, posters, or cartoons 6. Continued or repeated jokes, language, epithets, or remarks of a sexual nature in front of people who find them offensive 7. Prolonged staring or leering at a person 8. Making obscene gestures or suggestive or insulting sounds 9. A demand for sexual favors accompanied by an implied or overt threat concerning an individual’s employment status or promises of preferential treatment 10. Indecent exposure    This behavior is unacceptable in the workplace itself and in other work-related settings such as work-related social events and travel. We suggest the establishment of a corporate policy that deals with sexual harassment in the workplace. The following are some suggestions that will help you address this topic. If an individual believes that he or she is being sexually harassed, the most immediate goal is to stop the offensive conduct. If you think you are being harassed, you should:    1. Promptly and firmly confront whomever is doing the harassing. 2. State that his or her conduct offends, intimidates, and/or embarrasses you. 3. Describe how the harassment negatively effects your work. 4. Request that he or she stop the conduct immediately. 5. Say things like: a. “Please don’t touch me. I don’t like it. It makes me uncomfortable.” b. “I don’t think jokes like that are funny. Please don’t tell them when I am in the room.” c. “I’d like it a lot better if you’d comment on the quality of my work rather than on the way I look.” d. “My name is_____, not ‘honey.’” 6. If practical, bring a witness with you for this discussion. After the discussion, write a summary of the conversation, including the date and name of anyone who accompanied you.

141.  Stalking

7. If you believe you have been sexually harassed, it is helpful, but not necessary, to write down a description of the offensive conduct, the dates on which it took place, and the names of anyone who witnessed the conduct or heard the offensive remarks. 8. Seek guidance from Human Resources department. 9. File a formal complaint with Human Resources department. 10. File a grievance.

140. SEXUAL HARASSMENT IN THE SCHOOLS Grammar school and secondary school administrations are being sued for failing to intervene when one student sexually harasses another. In September 2016, a jury in California awarded damages of $1,000,000 to a girl who had endured months of sexual threats and taunting from a sixth-grade classmate. The former school principal must pay $60,000. A set of federal guidelines sent to schools in August 1996 stated that schools that did not take adequate steps to stop such harassment would be in violation of Title IX of the Education Amendments of 1976, the law that prohibits sex discrimination in schools that receive federal funds. In New York, a school district is being sued because a 12-year-old girl was harassed to the point where she was forced to transfer to another school midterm. These cases have similarities to workplace harassment, for example:    1. Threats 2. Taunting 3. Name-calling 4. Depression 5. Victim sullen and isolated 6. Loss of self-esteem 7. School administrator/employer ratified    School security personnel should be aware of these problems and should document each and every incident in detail. Even though the terms are the same, the problem is different. Consider a proactive approach and get involved with the school’s awareness program. When parents go to the teacher to complain about the problem and when the teacher/principal knows about unacceptable behavior and fails to act, families will be forced to call a lawyer.

141. STALKING What is it? How do I know for sure that someone is being stalked? The simple answer is to check the laws of your state.

207

208

150 Things You Should Know about Security

For example, below is a stalking law passed in 1992 in Massachusetts that describes in detail what the law contains and defines the elements of stalking. The statute creates the crime of stalking, with two sentence enhancement provisions. The crime is a felony, allowing arrest based on probable cause, whether or not committed in an officer’s presence.    1. Any person who wilfully, maliciously, and repeatedly follows or harasses137 another person and who makes a threat with the intent of placing that person in imminent fear of death or serious bodily injury is guilty of the crime of “stalking,” a felony, and subject to a maximum state prison sentence of five years, or a house of correction sentence of up to two and one-half years, or a fine of up to $1000, or both fine and imprisonment. G.L. c.265 §43(a). 2. Any person who commits the crime of “stalking” in violation of a vacate, restraining, or no-contact order issued under G.L. c.208 or G.L. c.209 A or any other temporary restraining order or preliminary or permanent injunction issued by the superior court, faces a mandatory minimum one year sentence (with the maximum sentence remaining five years in state prison). G.L. c.265, §43(b). 3. Any person convicted of a second or subsequent violation of any provision of the stalking law faces a maximum ten year state prison sentence, and a mandatory minimum 2-year sentence. G.L. c.265, §43(c).

ELEMENTS Therefore, the following elements constitute the crime of stalking in violation of G.L. c.265, §43(a):    1. That the defendant act wilfully; 2. That the defendant act maliciously; 3. That the defendant followed or harassed another person; 4. That the defendant engaged in the conduct repeatedly; 5. That the defendant made a threat, with the intent to place the victim in imminent fear of death or serious bodily injury.    The key to any stalking case is documentation, documentation, documentation!

142. STRESS ON THE JOB Everyone on this planet has his or her own definition of stress and what, who, or how it affects them and their personal ability to function as a practitioner or provider of security services. There is no substitute for good health as the key to 137 “Harasses”

is defined in the statute [subsection (d)] as a “knowing and willful pattern of conduct or series of acts over a period of time directed at a specific person, which seriously alarms or annoys the person … [and which is] such as would cause a reasonable person to suffer substantial emotional distress.”

142.  Stress on the Job

avoiding stress and its impact on our abilities to carry out our duties and interact with others. The fluctuation levels of stress in our lives are influenced by our personal and family lives, changes and events in our workplace, our personal mental attitude, and our outlook on life. The impact of our social habits affect our levels of stress. For example, drinking, exercise, and how and what we eat, are all critical. These are all important to the levels of stress we feel and our ability to deal with it. Certain occupations such as air traffic controllers, health care providers, and law enforcement workers are stereotypically associated with high levels of stress. Employee stress can also come from organizational sources or individual sources, which are commonly classified as situational or dispositional sources, respectively.

STRESSORS Today’s workers find themselves wearing many different “hats” in the workplace. Some people do not feel comfortable when they are expected to perform many tasks simultaneously. Typically, if an office that had 12 people working in a given department a year ago, today you may find 7 workers. Downsizing has eliminated jobs and people. Stress is a by-product of all the changes people have endured. Look around, the effects of change are seen time and time again. Following are some key stressors:    • Global competition • Change • Added responsibilities • Teams • Frustration • Anger • Depression • Wearing different “hats” • Forced overtime • Budget cuts • Role conflict • Work ambiguity • Peer pressure • Shrinking pay checks • Changes in benefits • Competitiveness • Management    Reading this list, we can only ask ourselves what effect will this have on security and safety within our own workplace. Personally, when I see angry people, frustrated people, or depressed people, it sends off warning signals that potential problems can be imminent.

209

210

150 Things You Should Know about Security

CHANGING ATTITUDES Changing attitudes can have a negative impact on workplace security. The perception is that employees’ rights are being violated in corporate America by management. As their frustrations build up to the boiling point, some employees will tend to take matters into their own hands. I am suggesting that each of you be aware of the cause and effects of the changes taking place in your own organizations. Ongoing stress for workers and being associated with today’s stressors within the working environment can cost your company millions of dollars.

TURNOVER Turnover can be costly because replacement costs are high and training must take place. New people can make more mistakes and be a bigger threat to security and safety within the work environment. Downtime is an issue with new people, as well as the cost of providing substitutes and replacements. Both problems bring added cost with turnover and training, although our biggest loss is trying to replace highly skilled professionals. Without them we are more susceptible to internal crime as well as more vulnerable to outside theft. The self-fulfilling prophecy is a strong influence on our psychological outlook with regard to our private lives and our work life. Our discipline for many of us has a tendency to cause us to adopt cynical outlooks and attitudes about the motives of others. We should remind ourselves frequently that we need to be optimistic; otherwise what we expect to happen may happen. So we must accept that each of us is personally responsible for maintaining a high level of vitality and good health if we are to maintain professional levels of performance that are stress-free or have lesser levels of stressful influences. Often, we feel that there is not sufficient time available to us to implement a personal plan to improve our health through exercise, relaxation, and work management. We make the mistake of trying to change too much at one time and when the results are not immediate, we grow frustrated and abandon our plan. We need to make our changes “bite-sized.” Start with diet, progress to eliminating bad habits, and then begin to exercise. Make use of company facilities or a health plan that provides for wellness activities. Get started on a new series of habits. If you adopt this approach, you will see gradual and lasting degrees of change and improvement. Accept the fact that there will be job-related crises that will occur from time to time. These can interrupt our dedication to positive change. Do not let it keep you from getting back on the road to a less stressful and healthier life. There will always be emergencies—that is the nature of our discipline. What is important is how we deal with these emergencies. Take a personal inventory of all the negative aspects of your job that bring you to the unacceptable levels of stress you wish to change or rid yourself of. Next, prepare a list of what you need to do to address each item. The answers are in some cases simple, and in other instances, you may have to schedule time to accomplish the positive influence you need to have. Do it because you are worth it! Take an annual medical exam because you are worth it!

144.  Freedom of Information Act

Technology is changing our lives and how we conduct business. It has greatly affected our levels of stress and even brought with it new concerns over time concerns. Perhaps you are faced with relearning aspects of your profession because of the technology changes. Do not let the stress of new challenges overwhelm you. “Effective adaptation can take place only if the image of achievement far outweighs the image of inconvenience and embarrassments (Hanson, 1989, 72).” Change or die, adjust to the changes or be overcome by techno stress. Failing to see the positive aspects of being current and able to effectively communicate can stress you right out of the ability to provide any response to your company’s asset protection concerns.

143. THE USE OF FORCE BY PRIVATE CITIZENS On occasion, private citizens, including security personnel, use either deadly or nondeadly physical force. This is done to protect themselves and others, to protect or recover their property, or to prevent crime. This should be of great concern to security managers, as they will hire others to protect corporate property. The user of force, and potentially the security manager and corporation, must justify not only the use of force but also the degree used in each particular instance. The key to using force lies in what is a reasonable response under the circumstances presented by the threat. One must take into consideration the seriousness, danger present, and kind and degree of the threatened misconduct. The more serious threat allows for the use of a higher degree of force than does a lesser threat, and, of course, no security person should actually cause an escalation in the degree of force being used. Also, there is no need for any force to be used when the threat has subsided, except to make the apprehension. One should consider that generally speaking life is worth more than property, that the law does not condone the use of unnecessary violence, and that one should use no more force than is necessary to accomplish one’s purpose under the circumstances. Other considerations to think about before using force includes determining whether the threat is real, imminent, or pressing and accompanied by the ability to carry it out; whether there are alternatives to using force; how much time has elapsed since the incident occurred; whether force to be used is for retaliatory purposes only; and who actually is the provocateur or aggressor. There is verbal de-escalation training available to help security officers as well as private citizens learn techniques that may help them diffuse potentially volatile situations. Force should only be used as a last resort. Remember that the amount of force used by an employee may be measured at a much later date by others, possibly even a jury. Also, note that many states have statutes covering the permissible limits on the use of force.

144. FREEDOM OF INFORMATION ACT The Federal Freedom of Information Act (FOIA) applies to documents held by agencies in the executive branch of the federal government. The executive branch includes cabinet departments, military departments, government corporations

211

212

150 Things You Should Know about Security

and/or those controlled by the government, independent regulatory agencies, and any others within the executive branch. The FOIA does not apply to elected officials of the federal government, the vice president, senators, congressmen, or members of the federal judiciary. The FOIA does not apply to private companies, persons who receive federal contracts or grants, tax-exempt organizations, or state and local governments. All states and some local governments have passed laws like the FOIA that allow people to request access to records. There are additional state and federal laws that allow or permit access to documents in the possession of organizations not covered by the federal FOIA. Personal notes of agency employees may not be considered agency records. Any records that are not agency records are not available under the FOIA. The FOIA does not define agency records, but any records or material that is in the possession or care/custody/control of the agency is considered to be an agency record. A requester may ask for records as opposed to asking for information. For example, you may not ask to see “all your twos.” You must ask to see “the inventory of the twos of hearts.” This means that an agency is required to look for an existing record or document in response to a request. They are not required to do research, create a new record, or collect information they do not already have. All requests must be specific and carefully composed to obtain the information you seek. The law demands that the requestor reasonably describe the records or information being sought. It must be understood that different agencies have different methods of maintaining records or retrieving material. When making a request under the FOIA you must be specific as to the agency that has the records you want. The request must be in writing and addressed to the attention of the FOIA officer of that particular agency. You start by stating that your request is based upon the FOIA. You would then state the specific records or information you want, and you must identify yourself fully and with complete detail. It is strongly suggested that you keep a copy of your request for follow-up purposes. FOIA requestors may have to pay a fee for all or some of the costs of assembling the data. In the case of a small or non-commercial request, the fee may be waived. The Office of Information and Privacy (OIP) is the official point of contact in the executive branch for advice and policy determinations pertaining to the FOIA. You may contact the OIP-FOIA Counselor Service for help. There is a complete listing for the numerous agencies and departments. There are Federal Information Centers located in over 40 metropolitan areas all across our country. They can assist you and smooth the way to minimize frustration and disappointment when trying to obtain information.

145. TRAVEL SECURITY We all do some degree of traveling, but what about corporate travel? Do all the corporate executives fly on the same plane? They should not.

146.  Physical Entry and Access Control

Consider the following seven points:    1. Does the Security Department advise corporate about travel, specific airlines, and what countries are high risk? 2. Do you advise executives to remove corporate business cards and company logos from luggage? 3. Do you advise executives on how to behave in airports and how to act in hostage or hijack situations? 4. How do you get your first-hand oversees security information? Do you check with State Department or associates? 5. Do you disseminate travel information on security issues to staff before they travel? 6. Do you disseminate travel information to your travel agent? 7. The world has changed, and therefore all the more reason to be concerned for your own personnel safety.    Two issues to remember:    • Be proactive. • Do a risk assessment.

146. PHYSICAL ENTRY AND ACCESS CONTROL DOORS Personnel doors in both exterior and interior building walls may be single, double, revolving, sliding, or folding. In a normal security setting, their function is to provide a barrier at a point of entry or exit. In a high-security setting, a door must offer the maximum delay time before penetration by extraordinary means (Gigliotti and Jason, 2004). Doors can be weaker or stronger than its frame and the surface into which it is set. Hinges and hinge pins can be defeated. Measures can be taken to strengthen the doors by adding a steel plate for reinforcement, anchoring frames, adding kick plates, using set screws in hinges, or spot welding hinges. Vehicular doors may be single, double, hanging, rolling, or folding. They can usually be penetrated with hand tools or vehicles. They can also serve secondarily as passageways for personnel. As with any large opening, vehicular doors create a vulnerability of unrestricted pedestrian access.

DOOR NUMBERING SYSTEM Numbering the exterior doors on large buildings and buildings with a high occupant load will ensure that emergency responders arrive promptly in the event of an emergency. The implementation of a door numbering system is strongly recommended at all schools, assemblies with an occupant load greater than 300, and commercial and industrial buildings greater than 50,000 ft2.

213

214

150 Things You Should Know about Security

MINIMUM STANDARDS When a door numbering system is provided, it shall comply with the following:    1. All exterior man doors must be numbered. 2. Doors must be numbered on both the building interior and the building exterior. 3. Numbers on the building exterior should be a maximum of 12 in in height. 4. Numbers on the building interior should be a minimum of 4 in in height. 5. Numbers must be reflective, white, or contrast sharply with the background. 6. Doors must be numbered in a clockwise direction beginning at the main entrance.

147. LETTER AND PARCEL BOMBS What are the chances of your organization receiving a letter or parcel bomb? What are the threats and risks? Considering this, are you aware of the background of all your employees? The US Postal Service and the FBI have done a great job in the education of the public regarding this subject. Following are 14 common characteristics of letter and parcel bombs:    1. Type of mail: foreign, priority, special delivery 2. Restrictive endorsements: confidential, personal, to be opened by addressee only 3. Visual distractions: fragile, rush, handle with care 4. Excessive postage (usually postage stamps) 5. Fictitious or no return address 6. Poorly typed or handwritten addresses 7. Incorrect titles 8. Titles but no names 9. Misspellings of common words 10. Oily stains or discoloration 11. Excessive or uneven weight distribution 12. Excessive binding material: masking, electric or strapping tape, string, twine 13. Rigid, lopsided, or uneven envelope 14. Protruding wires, screws, or other metal parts

148. LIAISON: TWENTY-FIVE THINGS YOU SHOULD KNOW 1. Private sector employees number approximately 2 million. 2. Crime represents the common denominator between the public and private enforcement sectors. 3. Approximately 33% of all business failures are caused by employee theft and dishonesty.

148.  Liaison: Twenty-Five Things You Should Know

4. The principal reason to improve the level of relationship between the public and private sectors is to improve the quality of security personnel through training and recruitment. 5. The main objective of the private sector is to prevent crime and loss of assets. 6. Employee theft is the most frequently investigated crime by the private sector. 7. The major influence by the public sector in support of business crime prevention is the effort to investigate and prevent burglary. 8. Approximately one-fourth of the police departments actually deputize private security personnel. 9. Police officers perceive their relationship with the private sector as very good to excellent. 10. Police executives and supervision perceive their relationship with the private sector as less than good. 11. According to the White House Conference for a Drug-Free America, approximately one out of every seven Americans are using drugs. 12. According to a Gallup poll, one of every four employees in America has knowledge of coworkers using drugs in the workplace. 13. Almost 60% of the world’s drug consumption is taking place in the United States. 14. Only 10% of American employers test for drugs. 15. The Hallcrest II Report suggests that to improve public/private sector relations, a cooperative program should be established in every metropolitan area. 16. According to the National Institute of Justice, approximately 90% of all computer crimes are not prosecuted. 17. Since 1985, there have been slightly more than 1, 000 terrorist incidents per year. 18. Public sector enforcement would like to turn over answering burglar alarms and incident reports to the private sector. 19. Concerning the transporting of prisoners, the private sector believes the public sector should do it and the police feel it is a function that should be turned over to the private sector. 20. A large percentage of the public sector feels that the private sector could more cost effectively perform parking enforcement, funeral escorts, public building security, and school crossing guards. 21. Both sectors agree that to improve relationships there should be cooperation, management coordination, clearly defined and understood roles, information exchange, and improved communications. 22. Growth in the private sector will be approximately 7%, and in the public sector, approximately 4% per annum. 23. Private security will grow for four reasons: workplace crime, increase in fear of crime, decrease in government spending, and the realization that security is a cost-effective investment. 24. Contract security is believed to be less expensive, more flexible, and more impartial than proprietary security. 25. The advantages of proprietary security are high quality, more control, loyalty, and higher prestige.

215

216

150 Things You Should Know about Security

149. AMBER ALERTS The AMBER Alert Program138 is a voluntary partnership between law enforcement agencies, broadcasters, transportation agencies and the wireless industry, to activate an urgent bulletin in the most serious child abduction cases. The goal of an AMBER Alert is to utilize the resources of the entire community to assist in the search for and the safe recovery of the child. The US Department of Justice coordinates the AMBER Alert program. AMBER Alerts are broadcast through radio, television, road signs and all available technology referred to as the AMBER Alert Secondary Distribution Program. These broadcasts let law enforcement use the eyes and ears of the public to help quickly locate an abducted child. The AMBER Alert Program was named in honor of 9-yearold Amber Hagerman who was abducted while riding her bicycle in Arlington, Texas, and was later found murdered. The program is active in all 50 states, the District of Columbia, Puerto Rico, and the US Virgin Islands. To see a map of all AMBER Alert Plans, visit: http://www.missingkids.com/en_US/documents/AmberMap.pdf. When signing up for AMBER Alerts you will receive geographically targeted information to help identify an abducted child, a suspected abductor, or a vehicle suspected to be involved in an abduction. You can sign up at: www.missingkids.com/ AmberSignUp. As of January 1, 2013, AMBER Alerts will now be automatically sent through the Wireless Emergency Alerts (WEA) program to millions of cell phone users. If you have a WEA-enabled phone, you are automatically enrolled for the three alerts: President, Imminent Threat, and AMBER Alerts. The addition of AMBER Alerts to this notification system is a result of a partnership between Cellular Telecommunications Industry Association and the wireless industry, the Federal Communications Commission, and FEMA. If you would like to receive AMBER Alerts on your cell phone, visit: www.missingkids.com/AMBER/WEA.139 Any questions or concerns on the AMBER Alert message received on your phone should be directed to the National Center for Missing & Exploited Children (NCMEC), which manages the secondary distribution of AMBER Alerts. Contact: NCMEC, 1-800-THE-LOST (1-800-843-5678). To find AMBER Alert contacts for all states, visit: http://www.missingkids.org/ AMBER/Contacts. The AMBER Alert Training and Technical Assistance Program,140 through the US Department of Justice brings you a variety of training opportunities to improve the investigative response of local, regional, state, and tribal law enforcement to high-risk victims, children in crisis, and the commercial sexual exploitation of youth. Through this program, you will increase collaboration, improve skills, and 138 http://www.missingkids.org/AMBER. 139 Ibid. 140 https://ncjtc.fvtc.edu/programs/PR00000010/amber-alert.

150.  Emerging Trends in Security

develop effective policies and best practices to protect and safely recover missing, endangered, and abducted children. AMBER Alert training courses can be hosted by local, regional, state, and tribal law enforcement training academies, agencies, or organizations. We encourage you to collaborate with your law enforcement, public safety, and non-profit partners to identify your training needs and bring training to your community.141

150. EMERGING TRENDS IN SECURITY There is no doubt that technology will advance the security profession. China, for example, is trying to be proactive and address pre-crime, with the help of China Electronic Technology Group who seek to develop software to collate data on jobs, hobbies, consumption, habits and other behavior for the purpose of predicting terrorist acts before they strike. In California, a group of individuals are attempting to prevent crime based on software and based on crime analysis, which records crime data that advise on the location for police presence in specific locations, to reduce crime. Research into software will continue, RFID technology, and smart home devices will also play a larger role in the future. Applications for new technology will expand over time and we will find new ways to use it. As technology continues to take over almost every aspect of our lives, the following 30 items are to be taken into consideration to increase levels of security:    1. IT infrastructure protection planning 2. IT infrastructure as a single strategic plan 3. Mitigation strategies 4. IP video and digital video 5. IP security provisions 6. Security IP edge device 7. HD cameras and monitors 8. Video analytics 9. Visible light cameras 10. Thermal imaging and cameras 11. Thermal imaging sensors 12. Perimeter protection 13. Layers of protection analysis 14. Visitor management systems 15. Mass notification 16. Active shooter/active assailants 17. Cloud storage and computing for security 18. Advancement of CPTED 141 Ibid.

217

218

150 Things You Should Know about Security

19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30.

Contractor pre-qualification Emergency management and planning for disasters Software for physical security maintenances Laser communication Drones becoming a safety issue Encryption Critical thinking Soft targets versus target hardening Establishment of countermeasures and deterrents Embracing the beast Social media monitoring software ASIS and NFPA Active Shooter Initiative

CONCLUSION Times have changed and we also must change or be behind the curve.

Appendix 1 WOMEN IN THE SECURITY PROFESSION: A PRACTICAL GUIDE FOR CAREER DEVELOPMENT1 THE FUTURE OF WOMEN IN SECURITY: DEVELOPING A STRATEGY FOR SUCCESS2 Marianna A. Perry, M.S., CPP

In 1989, Jay W. Lorsch, a professor at Harvard Business School, wrote about the framework of corporate structure and the decline of American companies to make the system operate efficiently and generate profit in Pawns or Potentates: The Reality of America’s Corporate Boards.3 It is up to the boards of directors in companies to find solutions to difficult problems, to voluntarily implement measures for continued business success, and to not rely on laws or court decisions to positively affect business profitability and continued growth. Even though this publication does not specifically discuss the future of women in the security industry, it can be compared with the future of women in society in general and, above all, in the chessboard of life. Chess is a game of strategy, and the goal is checkmate or to threaten your opponent’s king with capture. When the game of chess is played, it involves 32 movable chess pieces. The queen on a chessboard can move any number of spaces, in any direction—forward, backward, right, left, or diagonally. A pawn on the other hand, can only move one or two spaces at a time toward the opponent. Playing chess is similar to what we as security professionals strive to do each day in the security industry. We want to threaten our opponents (or those who threaten the safety and security of an organization) with fear of capture. It is a game of strategy and preparedness. Our goal is to be proactive and develop countermeasures or security systems that make a security breach unlikely. We use overlapping layers of security components to protect our “king,” or our organization, much like the other pieces on a chessboard. To further explain and discuss this analogy, queens have more options than pawns and they are often considered the most powerful piece on the chessboard. Queens are valuable because they must think several moves ahead. To prepare for success in any industry, women (and men) need to think like a queen on the chessboard. This is done 1 Davies

S, editor. Women in the Security Profession: A practical guide for career development. Elsevier Publisher; 2016. 2 Ibid. 3 Lorsch JW, MacIver E. Pawns or potentates: the reality of America’s corporate boards. Boston, MA: Harvard Business School Press; 1989.

219

220

Appendix 1

by thinking ahead, preparing for the future, and setting ourselves up for success by being proactive and anticipating the needs of the future. Each of us has to determine how much control we want to have over our own future and how far we want to go in this industry. We can do this by asking ourselves the following question, “Do you want to be a queen or a pawn?”

THE SECURITY INDUSTRY The security industry, like law enforcement and other areas of public safety, are generally male-dominated professions. Traditionally, the security profession has been dominated by former law enforcement and military personnel, as well as seasoned male security practitioners. Even though men still outnumber women in the security field, the demand for qualified security professionals continues to grow and there are high-profile positions available for both men and women. After the terrorist attacks of 9/11, awareness was raised throughout the world about the need for competent security professionals, and there are more job opportunities in the diverse world of security for those individuals, both male and female, who strive to stay on top of this ever-changing industry by being knowledgeable about current trends and issues and are consistently striving to develop themselves professionally to remain on the cutting edge of the latest innovations and solutions in the industry. Technology has and will continue to have a great influence on the security industry. The future challenge for security professionals will be to understand the capabilities and the integration of technology into day-to-day security operations. It is important to understand that technology is not the answer to effective security. Technology is a component within the overall security process. Moving forward, all security professionals will need to be adaptable and have the ability to anticipate change and needs of the future by gathering information, analyzing data, and studying crime trends. According to research done by Scott Goldfine in the 2014 Security Industry Demographic Census,4 women comprise only 7% of the workforce in the security industry. With the advances in technology, more and more women are entering the field of information security and International Information Systems Security Certification Consortium (ISC)2, the world’s largest not-for-profit information security professional body, released a study that women represent 11% of informa­ tion security professionals.5 One of the obstacles for women in the security i­ndustry appears to be related to a general lack of information about the industry and the awareness about the careers available in the security profession. 4 Goldfine

S, Security Sales and Integration. 2014 Security Industry Demographic Census. Security Sales and Integration (Massachusetts: EH Publishing); 2014. p. 78. 5 Frost & Sullivan, Agents of Change: Women in the Information Security Profession. (ISC)2 (Florida: (ISC)2, 1-3.

Appendix 1

PROFESSIONALISM Professionalism is defined by the Merriam-Webster Dictionary as “the skill, good judgment, and polite behavior that is expected from a person who is trained to do a job well.”6 Undoubtedly, you have probably been told to be professional if you want to have a successful career, but what does it really mean? Most of us have probably not been formally taught about professionalism and are instead supposed to learn it on our own, but that is sometimes a difficult way to learn things. Being a professional means displaying competence in your area of expertise and knowing your strengths and weaknesses. This is not being arrogant—it is demonstrating that you are competent. Strive to demonstrate the core values of professionalism. For example, wear the appropriate business attire and practice proper workplace etiquette. Whenever possible, take on leadership roles and show that you are willing to accept responsibilities and that you can produce results. It is very important that you build a professional resume that will help you succeed and reach your goals. Join organizations that will help you grow—both as an individual and as a security professional. Be an active member in ASIS International by participating in your local chapter, joining a council, attending the Annual Seminar, writing book reviews and articles, and attending ASIS-sponsored training programs. Participate in industry events that law enforcement, Department of Homeland Security (DHS), Federal Emergency Management Agency (FEMA), and other government entities sponsor in your local area. Turn your brain into a sponge and absorb all the knowledge and security industry expertise possible. Determine where you want to be and do everything possible to make that happen. Be a valuable security professional.

WORKPLACE BULLYING This brings us to another issue in the workplace. Many times, we think that bullying is only a problem in the school environment, but, unfortunately, bullying is sometimes also an issue in the workplace. The Centers for Disease Control and Prevention definition of bullying includes “a perceived or actual power imbalance” and now considers bullying to be a public health problem.7 Workplace bullies generally display negative behavior and have no regard for other workers. Workplace bullying is sometimes hard to identify and may be difficult to manage. It can occur at every level in the workplace and can come in many forms. It is often not noticed and not addressed until there are distressing consequences.8 The Workplace Bullying Institute states that approximately one-third of workers may be the victims of workplace bullies. About 60% of workplace bullies are men, and they appear to bully male and female employees equally. Female bullies are more likely to bully other females. 6 http://www.merriam-webster.com/dictionary/professionalism. 7 Fennelly

LJ, Perry MA. The handbook for school safety & security. Elsevier Publishers; 2014.

8 www.crisisprevention.com/Workplace-Bullying.

221

222

Appendix 1

This may be because there is more pressure on females trying to succeed in maledominated workplaces.9 The job market today is competitive, so let your outstanding performance, productivity, and quality of work speak for itself. Craft your strategy to succeed, and ensure that your success is not at the expense of someone else. Stephen Covey said it best in his book, Seven Habits of Highly Effective People: “Win/Win is based on the paradigm that there is plenty for everybody, that one person’s success is not achieved at the expense or exclusion of the success of others.”10

WOMEN IN THE SECURITY PROFESSION ASIS International, the leading organization for security professionals, has approximately 38,000 members worldwide11 and only recently began collecting gender information on membership applications; however, it is not surprising to learn that there are more men than women who are members of ASIS. In 2000, the Forum on Women and Minorities in the Security Profession was held in Granada Hills, California, and the proceedings were published in 2001 by the ASIS Foundation. The following is a portion of the presentation by Cynthia Conlon, CPP, then Chairman of the Board of ASIS: Speaking specifically about ASIS, currently there are approximately 30,000 members in ASIS in over 120 countries. Although ASIS does not maintain statistics relative to gender or race, we can make some assumptions relative to gender, in particular, from the membership ASIS International – IRC: Women in Security, February 2015 Page 4 of 7 records. I perused those and found that there are approximately 24,000 members – of the 30,000 – who are registered with the prefix ‘Mr.’ Approximately 1900 are registered with the prefix of ‘Ms.’ or ‘Mrs.’ The remaining 4000 or so did not designate a prefix, so I don’t know what the gender is. But this would indicate an average membership for the Society worldwide of six-and-a-half percent women. That tells you that our profession has a long way to grow from that side of the house.12

EDUCATION AND PROFESSIONAL DEVELOPMENT Based on information from ASIS, it appears as though the number of women pursuing a career in the security industry is growing. Women (and men) who are interested in pursuing a job in the fast-growing security industry need to educate themselves about career paths that will prepare them for the position they want. Do research. Determine 9 www.bullyingstatistics.org/content/workplace-bullying. 10 http://blog.zerodean.com/2014/quotes/one-persons-success-is-not-achieved-at-the-expense-or-exc-

lusion-of-the-success-of-others. 11 www.asisonline.org. 12 www.asisonline.org/Membership/Library/Subject-Guides/Pages/Women-in-Security.

Appendix 1

what you want and where you want to be. Goals must be set and an action plan put in place to make these desires and dreams become a reality. Have a strategy to achieve your goals and gain industry expertise to become an innovative problem solver. Learn about the industry and what jobs are available, and then do research on specific jobs that you are interested in. Determine what educational level is required for those positions. Education and industry training may consist of formal educational degree programs, professional certifications, and professional development through industry organizations, such as ASIS International, which offers seminars and webinars on various security topics as well as on-the-job training programs. Industry-specific education and training programs will emphasize your commitment to the security industry and knowledge base, allow you to be a subject matter expert, and give you more flexibility in achieving your goals within the security industry. Join security industry groups and educate yourself about the industry-specific skills, credentials, qualifications, certifications, or licenses that will give you the competitive edge. Get a job that will give you some relevant experience in the security profession or help you learn more about the security industry. Purchase books by the leading authors in the security industry and do not just read them—study them. Look especially for those books that are a third, fourth, or fifth edition because that will tell you the author or the topic has a following and that they are the experts in the security industry.

INDUSTRY EXPERIENCE I was interested in a career in law enforcement and made the decision in 1979 to apply for employment with the Kentucky State Police, even though I knew there was only one female Kentucky State Police trooper at the time and approximately 900 male troopers. The odds of being selected for one of the coveted spots on the Kentucky State Police, especially for women, were certainly formidable. In 1979, over 250 women applied to become troopers and there were four chosen to enter the training program at the Kentucky State Police Academy, including me. Sixty-eight men were chosen. There were a total of over 2000 applications for these 72 positions. Sixty cadets successfully completed the grueling training, graduated from the Kentucky State Police Academy, and were assigned locations throughout the Commonwealth of Kentucky. I found the Kentucky State Police to be a challenging and rewarding experience, and it certainly has had a positive effect on my career path because I learned valuable skills that easily transferred to the security profession. Security professionals are known for their specialized knowledge about the security industry. This is accomplished by a deep personal commitment to develop and improve their skills and knowledge base. Experience, degrees, and certifications serve as the foundation of knowledge about the industry. Security professionals work in a serious and sustained way to master the specialized knowledge needed to succeed in the industry. It is important to keep this knowledge up-to-date to meet new challenges and to be a problem solver. Since trust is of utmost importance, it is critical that security professionals exhibit qualities like honesty and integrity in both their personal and professional lives.

223

224

Appendix 1

MEMBERSHIP IN ASIS INTERNATIONAL ASIS International13 is the leading organization for security professionals worldwide. If you want a career in security, join ASIS and get involved in your local chapter and participate in industry events, such as the ASIS International Annual Seminar and Exhibits. There are over 30 ASIS Councils that focus on specialized areas of interest in the security industry. Join an ASIS Council that is relevant to your specific skill set and participate and collaborate with others in the industry about best practices or trends in the industry. The ASIS Women in Security Working Group recently became the Women in Security Council, whose goal is to “provide support and assistance to women in the security field, as well as inspire those interested in entering the profession.”14

PROFESSIONAL CERTIFICATIONS ASIS was the first organization to implement security certifications and develop a standard for excellence in the security industry. The following ASIS security credentials are accepted throughout the world and are proof of professional knowledge:    • Certified Protection Professional (CPP)   Board Certification in Security Management • Professional Certified Investigator (PCI)   Board Certification in Investigations • Physical Security Professional (PSP)   Board Certification in Physical Security15    Security certifications are solid evidence of your level of proficiency in the security industry and will validate your level of knowledge. Any of the aforementioned certifications will make evident your commitment to professional development in the security industry. ASIS did not collect gender information on membership applications in the past and recently conducted research to determine how many women in the organization hold professional certifications—specifically CPP, PCI, and PSP. Research conducted by ASIS is not completely accurate because not every member identifies his or her gender. There are approximately 7139 CPPs, approximately 1612 PSPs, and approximately 580 PCIs. According to their research, there are approximately 496 female members of ASIS International who have earned certifications.16 13 Ibid. 14 Ibid. 15 Ibid. 16 Ibid.

Appendix 1

NETWORKING In addition to obtaining education, training, and certifications in the security industry, never underestimate the value of networking. It is a common fact that people will do business with people they like, rather than through an advertisement. Networking will give you professional business connections and will create new opportunities for success. Again, this is another strategy to help you achieve your goals. Networking through professional groups will give you the opportunity to practice your public speaking skills. I have given hundreds of presentations and, yes, I have made mistakes, but the important thing is that I learned something from my mistakes. Almost everyone is nervous when they speak to a group, but practice will help you to improve your presentation skills. Even on those days when you do not feel your best, you fail to bring your notes, or you lose your train of thought in the middle of a presentation, if you keep practicing and giving presentations, your public speaking skills will improve. Toastmasters International17 is a world leader in communication and leadership development and has clubs in over 135 countries. The goal of Toastmasters is to help members improve their public speaking and leadership skills. Brian Morris with the Business 2 Business Community lists the top 10 business networking groups that you may want to consider joining.18 Check your local area for the following groups to improve your presentation skills and advance your career:    1. Business Networking International (BNI) 2. MasterMind Groups 3. LeTip 4. Women in Business Networking 5. Chamber of Commerce 6. Convention and Visitor’s Bureau 7. Merchant Associations 8. Rotary International 9. Kiwanis Club 10. Optimist Club

THE VALUE OF NETWORKING In 2009, through networking with law enforcement and security professionals in the university setting, I was offered the prestigious position as Director of the National Crime Prevention Institute (NCPI) because of my law enforcement background and experience in the security industry. The NCPI began operating in 1971 in the 17 www.toastmasters.org. 18 http://www.business2community.com/strategy/top-10-business-networking-groups-you-should-join.

225

226

Appendix 1

Department of Justice Administration at the University of Louisville; countless numbers of security professionals have taken courses, and the reputation of NCPI is known throughout the world. Simply by being the Director of NCPI, many doors were opened for me in the security industry. In 2010, Larry Fennelly, a very good friend of mine (and mentor), introduced me to a business associate of his at the ASIS Annual Seminar and Exhibits. He introduced me by name, and Larry’s associate was very polite and cordial; however, when Larry told him that I was the Director of the NCPI, his demeanor completely changed and he enthusiastically shook my hand said, “Oh, it’s very nice to meet you.” I immediately gained professional credibility because of my position at the NCPI. Never underestimate the value of being affiliated with companies or institutions, and use that credibility to move your career forward.

MENTORING Mentoring relationships, whether they are formal or informal arrangements, are invaluable for providing direction and negotiating your career path. John C. Crosby’s definition of mentorship is excellent. He stated, “Mentoring is a brain to pick, an ear to listen, and a push in the right direction.”19 The best way to describe mentoring is that a more experienced or more knowledgeable person helps a less experienced, less knowledgeable person develop professionally and navigate toward reaching their goals. In the typical mentoring relationship, one individual has more experience, skill, and development than the other and a caring, respectful partnership is built. Corporate mentoring programs have long been recognized as an essential strategy for attracting, developing, and retaining top employees. According to a survey by the American Society for Training and Development, 75% of private sector executives said that mentoring had been critical in helping them reach their current position.20 I have had strong mentors who helped me navigate my career path in the security industry, and each has helped me in a different way by providing their expertise and guidance. It is important to note that mentoring relationships do not have to be formal and there is no need to have an established mentorship program. Find a mentor and let them help you toward reaching your goals in the industry. I am currently a mentor with the ASIS Women in Security Council, and this experience has helped me “give back” to the security industry to help other women succeed. Sallie Krawcheck, who was once one of the highest ranking women on Wall Street, said that networking and mentorship are the “unspoken secrets to success” in male-dominated industries.21 19 http://www.burrellesluce.com/freshideas/tag/john-c-crosby. 20 Ibid. 21 www.huffingtonpost.com/2013/07/01/sallie-krawcheck-wall-street-women.

Appendix 1

SUCCESS IN THE SECURITY INDUSTRY ASIS International has a Mentoring Security Leaders Program that matches experienced security professionals with those new to the industry or looking to advance into leadership positions. The Women in Security Council also has a monthly “Ask a Mentor Series” as well as mentorship programs designed especially for women in the security industry.22 To succeed in the ever-changing world of security, female (and male) security professionals must evolve to keep pace with technology as well as the new threats that will evolve with increased world globalization. Our world is advancing at an incredible pace so ensure that you have a global security perspective. Embrace change and technology! You must stay ahead of the curve, be adaptable, and have the ability to anticipate change and the needs of the future by gathering information, developing professionally, having the ability to analyze data, and by studying crime trends. Specifically, this will include addressing such issues as:    • Information technology and cyber security, including the Internet of things • Effective means of communication and motivation of a multigenerational workforce • Total systems integration • Video surveillance technology (including unmanned aerial vehicles) • Biometric applications for access control • The value of building effective partnerships with local, state, and federal emergency managers/first responders to effectively prepare for natural disasters, workplace violence and global terrorism before, during and after the event • The importance of industry-specific certifications, training, and education to prepare the security professional to meet the challenges of the future    The future is bright for female security professionals whose education, professional certification, and expertise separates them from the competition, whether this competition is male or female. Many females in male-dominated industries choose to downplay their gender and strive to be recognized solely for their qualifications, skills, and expertise—basically what they bring to the table. Regardless, ensure that you bring value to the industry and strive to contribute as a security professional, not just as a woman. When Sallie Krawcheck, one of the highest-ranking women on Wall Street, was asked if being a woman helped or hindered her career, she simply replied, “Yes.”23 As a female security professional in a male-dominated industry and in the chessboard of life, keep the “opposing pieces” on the board in “check.” Strive to plan today for the needs of the future. Determine whether you want to be a queen or a pawn. Develop your strategy for success, and remember that education, professional certification, leadership roles, and expertise will separate the queens from the pawns. 22 Ibid. 23 Ibid.

227

228

Appendix 1

Queens are valuable because they must think several moves ahead. Do not just simply think several moves ahead, but instead, take action. Prepare for the future, and set yourself up for success by anticipating the needs of the future. Be a visionary and think big! In other words, think like a queen. Your success will create future opportunities, but success in the security industry does not happen overnight. It takes hard work and determination. I can tell you one thing for certain; I am a queen on the chessboard of life, not a pawn.

Appendix 2 THE TOP 10 THINGS YOU SHOULD KNOW ABOUT SECURITY IN PLACES OF WORSHIP By Paula L. Ratliff

Ratliff is the author of Crime Prevention for Houses of Worship, 2nd Edition, and coauthor with Chester L. Quarles of the 1st Edition, published by the American Society of Industrial Security.

People visit places of worship to pray, sing, meditate, and worship, not to think about crime. Unfortunately, it has become increasingly more common for churches, mosques, synagogues, and temples to be targeted for criminal activity. When a 21-year-old entered the Emanuel African Methodist Episcopal Church in Charleston, South Carolina, to attend a Bible study, no one except the shooter knew the terror that was about to unfold. As he participated in the Bible study for about an hour, eventually he did what he came to do—he pulled out a gun and began shooting, killing nine people and injuring one. This horrific crime compelled discussions about race, gun control, and mental illness across America. However, it should also be a catalyst toward the review of security at religious and cultural facilities. This tragedy should resonate with all religious leaders that we must be diligent in our efforts to secure our facilities and our people. I have condensed 245 pages in to a list of the top 10 things you should know about security in places of worship.    1. Every place of worship is susceptible to being victimized.   Churches, mosques, synagogues, and temples have been victimized, representing all religions and all types of crimes from murder, rape, robbery, arson, embezzlement, to kidnapping. Crime happens regardless of the size, location, and denomination. 2. The greatest weakness is the mind-set of people in our places of worship.   When individuals enter our places of worship, we want to believe they are seeking help, so we welcome them and try to help. That trusting mind-set could get you killed. Overcoming the paradigms of your membership will be one of the most difficult tasks. It is often difficult for members to understand the need for change, and it is difficult to accept the reality that crime occurs in places of worship. It is also difficult to be suspicious of people entering your facility until your gut has given clearance. 3. Every religious organization needs a security plan that will protect people, property, and programs while including preparations for emergency situations (four P’s). a. Protecting people: This includes a plan to protect anyone on your property including the congregants, religious leaders, employees, and contract laborers.

229

230

Appendix 2

They must be protected from robbery, rape, sexual assault, murder, shootings, active shooters, suicide bombers, hostage situations, sexual abuse, date rape, incest, domestic violence, disruptive incidents, and workplace violence. b. Protecting property: This includes securing the building, protecting it from trespassers, burglary, vandalism, arson, fraud embezzlement, and con games. If your organization has a ball field, a playground, buses, vans, etc., each must be secured. c. Protecting programs: Programs for children, youth, middle-aged adults, elderly, the homeless, the addicted, etc., must be protected. If you have youth going to the inner city for ministry, you need to include several elements of security to ensure their safety. d. Preparations for emergencies: This would include natural disasters, medical emergencies, weather emergencies, community shootings, civil unrest, and/or protest, etc. Additionally, if your church is in an industrial area and there is a shooting in a workplace or a terrorist attack, people may seek shelter in your facility. How will you be prepared to handle these situations? 4. Religious leaders must be prepared to deal with three types of criminals. a. Stranger criminal: This is generally completely random and is committed by a person who is unknown to the congregation. This is someone who does not have a set target, but intends to cause harm and terror. b. Acquaintance criminal: This is generally domestic related and could be an estranged spouse, ex-lover, parent, etc. This is an outsider coming in, targeting someone specific. Disruptions to services, shootings, and hostage situations are most likely with these types of criminals. c. Internal criminal: This is when someone from the “inside” commits a crime while in your place of worship. This could be a member, leader, minister, bus driver, church treasurer, etc. The perpetrator and the victim are both known.     This could also include a situation when someone in your congregation commits a crime “outside.” It is not unusual for the media to contact your organization for comment, putting the leaders in a vicarious situation. I would encourage that all comments be withheld until disposition by the court system. 5. New members should be accepted cautiously.   We may think that a new member is an answer to a prayer, but in reality it could be the beginning of a nightmare. Take time to know them, their past, and their reasons for arriving at your place of worship. Sometimes, people will mess up (i.e., commit a crime) at one place and move on to another. This is referred to as “pass the trash.” Many congregations are reluctant to prosecute individuals, so they move on to the next victim.     Observe them for at least 6 months and conduct a background check and check references from their previous place of worship before giving them a leadership role.

Appendix 2

6. People seeking places of worship are often dealing with many challenges.   Some may be dealing with mental illness, drugs, alcohol, or prescription drug addictions, or may be engaged in a contentious divorce or custody battle. Some may be homeless and jobless, whereas some may be living with scars from abuse they suffered many years ago. These are the people we want to help, yet we have to be diligent in our security efforts. 7. Our places of worship are vulnerable locations for crime.   Places of worship are often vacant, or have a limited number of people present at any given time. Many times the doors are unlocked and the buildings are secluded without having security cameras or guards. A criminal can enter and exit rather quickly with less chances of being apprehended. 8. Each church-sponsored activity requires a security assessment and a commitment to security.   If you have a nursery, school, or gym, it requires a different level of security when compared with evening events, a bus ministry, or a food/pantry ministry. However, it is your obligation to provide a secure venue for all activities. Are there any activities where children are alone with adults? What procedures are necessary to ensure all are safe? 9. Fraud and embezzlement are probably the most frequently occurring crimes committed in our places of worship.   This statement is impossible to prove; however, research substantiates that many places of worship are hesitant to report embezzlement, so we do not have records of these crime. Leaders do not want to be embarrassed about the embezzlement, and they do not want to draw attention to their facility for failing to have security measurements in place. Additionally, they are often forgiving when the offender seeks forgiveness and offers to pay restitution. Thus the crime is swept under the “counter” and never reported.     Therefore, it is vital that any person with access to money should have a completed background on file, in addition to a credit check from time to time. Develop sound financial policies, having two people count and verify the money and the deposits. Reconcile the accounts monthly. Review all credit card purchases, prohibit wire transfers, and change treasurers often! If possible, have a camera in the “counting room” and have limited access to the safe. 10. Sexual predators prey in places of worship.   Pedophiles pick children who are vulnerable, those who are loners or are having problems at school with drugs/alcohol, or those who are from a singleparent home. The predator needs them alone so they can complete their crime. Watch for people who exhibit this type of behavior and who have a “calling” to work in this area.     Sexual predators seeking victims often visit places of worship because individuals are more trusting. A predator may attend a few classes and participate in group activities while winning confidence to extend an invitation. It is important to discuss this topic with the youth, middle aged, and elderly, so they do not become a victim to a sexual predator.   

231

232

Appendix 2

In conclusion, having security measures in your place of worship should not be intrusive. Many security measures can be put into place, and the general attendee will never notice. Most people will not notice things like locks, alarms, and security cameras. The majority of your congregation will never know your efforts to secure them. However, in the event that a horrific crime takes place, they will be forever grateful for your efforts to secure them. I encourage policies and procedures for every aspect of your day-to-day operations. Obviously the size and financial resources of your facility will determine the level of resources you have available. Each congregation will review crime in a different way, and each congregation, based on size, location, financial resources, and beliefs, will respond in a different way. It may be necessary to reach a compromise in some situations, but “some protection is better than no protection.” For example, if your congregation will not agree to lock the sanctuary doors during the day, perhaps you can convince them of the need to lock the doors at night and on holidays when facilities are extremely vulnerable. As your congregation accepts these security programs incrementally, it will be easier to become more restrictive as time passes. As you develop a security plan, make sure to include your leadership! You will need their support to ensure that the plan is accepted and implemented. It can be a difficult process because one cannot see immediate results. Over time, however, security approaches will be both cost effective and people friendly. Additionally, make contact with your local law enforcement agency and invite them to participate in the development of your security plan. Many officers are trained in crime prevention and community-oriented policing, and they can bring a vast array of knowledge to your efforts. Additionally, the police department may be able to provide other free services; but you have to ask! These efforts can often lead to an effective and lasting partnership. Together, we must work diligently to protect our places of worship and the people who worship there. We owe it to future generations to preserve our worship heritage and to protect our places of worship.

Index Note: Page numbers followed by “f” indicate figures, “t” indicate tables, and “b” indicate boxes.

A Absorption, 149 Access control, 1–2, 25, 106 cards, 30–32 applying images to cards, 30 authentication, 30 bar-coded credentials, 31 barium ferrite cards, 31 biometrics, 31 card sizes, 30 coercive force ratings, 32 credential reader, 30 credential technologies, 30 EAC credential types, 31 EAC readers, 30 hollerith cards, 31 infrared cards, 31 keypads, 31 magnetic stripe cards, 31–32 mixed technology cards, 32 optical cards, 32 proximity cards, 32 smart cards, 32 Wiegand cards, 32 exterior, 58–59 interior, 59–60 physical entry and door numbering system, 213 doors, 213 minimum standards, 214 systems, 26 Acquaintance criminal, 230 Active assailant, 114–115 Active proximity cards and tokens, 32 Active security, 108 Active shooter, 114–118 components of emergency action plan, 117–118 components of training exercises, 118 law enforcement, 116–117 profile of, 115–116 training staff for active shooter situation, 117 Actively check professional references, 190 Activity program support, 1, 6 support, 131 Administration, organization and, 167–168 Administrative and planning phase, 64–65 ADMs. See Autonomous data machines (ADMs)

Adopt-a-student program, 195 ADP system. See Automatic data processing system (ADP system) AED policy. See also Fire extinguisher policy periodic drills, 136 postincident, 136 purpose, 134 responsibility, 134–136 scope, 134 AEDs. See Automated external defibrillators (AEDs) AEE Technology, 33 Age Discrimination in Employment Act, 172 Age or marital status, 171 Agency clearance, 172 Alarms, 1–2, 7, 59–60, 158, 196 intrusion, 9 signage of, 9 Alcohol abuse, 72, 80 awareness, 170 Alerts, 76 AMBER alerts, 216–217 All lives matter, 95 AMBER Alert Program, 216 AMBER Alert Secondary Distribution Program, 216 AMBER Alert Training and Technical Assistance Program, 216–217 AMBER alerts, 216–217 Analysis crime, 48, 61–63 crime pattern, 62 Annealed glass, 21 Anticipation, 45, 148 Anticrime efforts, community, 147 Appraisal of crime risk, 45, 93 Asis International, 101 ASIS International, 222 membership in, 224 Mentoring Security Leaders Program, 227 professional certifications, 224 ASIS School Safety and Security Council, 36, 81 ASIS security credentials, 101 ASIS Standards and Guidelines, 94–95 Asphyxiation, 165 Assaults, 72 Assessments, damage, 161

233

234

Index

Asset protection, 169 ATMs. See Automated teller machines (ATMs) Attack, phases of, 145 Audit(ing), 34–35 actual audit review checklist, 58 exterior access controls, 58–59 interior access control, 59–60 Automated external defibrillators (AEDs), 83 Automated teller machines (ATMs), 60 Automatic data processing system (ADP system), 203 Autonomous data machines (ADMs), 193 Auto–theft prevention program, 55 Awareness programs, 174, 177

B Badges, 50, 50 control, 49–50 Bar code technology, 31 Bar-coded credentials, 31 Barium ferrite cards, 31 Barn Syndrome, 158 Barricades, 9 Basement doors and windows, 55 Behavior modification, 147 Bicycle registration and antitheft program, 55 Bids, getting, 205 Biometrics, 31, 105 using hand geometry, 197 Blue light phones, 109 Blueprints and designs, 170 Body cameras for law enforcement and private sector, 32–35 auditing, 34–35 chain of custody, 34 data security, 34 deletion, 35 flagging videos, 34 maintaining data, 34 nonevidentiary footage, 35 testing and evaluating body-worn video technology, 33–34 pathways for substances to enter, 149 Absorption, 149 Ingestion, 150 Inhalation, 150 injection, 150 Body-worn video technology, 33–34 Bollards, 9 Bombs letter, 214 parcel, 214

Browser-based user interface, 193 Budgeting, 191 Bullet-resistant glass, 21, 182–183 Bulletproof glass, 74 Bullycide, 36 Bullying, 79–81 Bumper stickers, 72 Burglar, 42–44 burglar-resistant glass, 21 Burglary, 194 burglary-resistant glass, 182–183 Business Networking International (BNI), 225

C C-TPAT. See Customs Trade Partnership Against Terrorism (C-TPAT) Cabinets, 106 Caldwell Report, 172 Calling 911, 118 Cameras, 10f, 158 body, 32–35 closed-circuit television, 8 digital, 129 IP, 102 monolog, 26 non-operating, 129 security, 129 thermal, 126 video surveillance, 29 Capital letters, 78 Carbon dioxide, 141 Cards, 30–32 applying images to, 30 authentication, 30 bar-coded credentials, 31 barium ferrite, 31 biometrics, 31 coercive force ratings, 32 credential reader, 30 credential technologies, 30 EAC credential types, 31 EAC readers, 30 hollerith, 31 infrared, 31 keypads, 31 magnetic stripe, 31–32 mixed technology, 32 optical, 32 proximity, 32 sizes, 30 smart, 32 Wiegand, 32

Index

Centers for Disease Control and Prevention, 221–222 CEO. See Chief executive officer (CEO) Certification, professional, 101 Certified Protection Professional (CPP), 101, 224 CF. See Commercial Facilities (CF) CFSSA. See Commercial Facilities Sector-Specific Plan (CFSSA) Chain of custody, 34 Changing attitudes, 210 “Charley bar”, 23 Check criminal and credit histories, 190 Chemical storage security, 106 Chief executive officer (CEO), 37 Citizen patrols, 56 Classified information, US government, 201 Clearance, agency, 172 Client-related risk factors, 72–73 CMT. See Crisis management team (CMT) Codes building, 21 fire, 21 Coercive force ratings, 32 Collaboration, 5 Commerce, US Department of, 188 Commercial Facilities (CF), 41 Commercial Facilities Sector-Specific Plan (CFSSA), 42 Communication, 70–71, 159 networks, 75 Community anticrime efforts, 147 crime prevention, 147 development, 5–6 participation strategies, 123 reaction, 48 Community-oriented policing services (COPS), 29–30 Competition, 186–187, 227 Conduct, disorderly, 195 Consultants, 35 Contamination, product, 184–186 Contract security officer (CSO), 84 Contracts, 60, 85–86 Control access, 1–2, 25, 106 cards, 30–32 electronic key, 49 exterior access, 58–59 interior access, 59–60 key, 50, 49–50 natural access, 1, 4, 7, 9, 19–20, 280, 118–119, 123–124, 130

physical access, 181–182 physical entry and access, 213–214 span of, 186 voice, 97–98 Copper drains, 70 COPS. See Community-oriented policing services (COPS) Corporate mentoring programs, 226 Corpus Delicti, 151 Cost–benefit analysis, 191 Courtroom testifying, 146–147 CPP. See Certified Protection Professional (CPP) CPTED. See Crime prevention through environmental design (CPTED) Cramming method, 179 Crime analysis, 15, 48, 61–63 crime pattern analysis, 62 data collection, 61–62 data needed, 61 predictive policing, 62 times, 62–63 Crime prevention, 45, 146–147 terms, 147–149 behavior modification, 147 community anticrime efforts, 147 community crime prevention, 147 crime displacement, 147 crime prediction, 147 defensible space, 147 deterrence, 148 dynamic risk, 148 environmental design, 148 neighborhood watch, 148 operation identification, 148 opportunity reduction, 148 private security, 148 pure risk, 148 risk management, 148 security assessments, 148 target hardening/soft targets, 148 tips, 155–156 in 21st century, 76–77 Crime prevention through environmental design (CPTED), 1, 113–114. See also Security assessments, 6, 10–14 pedestrian travel paths and gathering areas, 14 perimeter and points of entry, 12–13 surrounding neighborhood, 12 vehicular travel routes and parking facilities, 13–14 benefits of, 14–15 care and maintenance, 9–10 and community-oriented policing services, 29–30

235

236

Index

Crime prevention through environmental design (CPTED) (Continued) examples of strategies in action, 17–18 landscape principles, 9 research and best practice resources on web, 122 stem, 130 strategies, 1–5, 130 medium-height fence, 4f natural surveillance, 2f–3f, 18f 3-D’s approach to, 152–154 definition, 153 design, 153 designation, 153 strategies in action, 153–154 Crime(s) defined, 194–195 burglary, 194 disorderly conduct, 195 felony, 195 larceny, 194 misdemeanor, 195 rape, 195 robbery, 194 displacement, 147 fighting by design, 130–131 pattern analysis, 62 prediction, 147 problems, 4, 14, 48 rate, 47, 62 risk, 46 Criminal and civil law, 83, 100 Criminal assets, 150 Crisis management team (CMT), 63 Cross-examination, 147 Crowding, 11 Crying, 80 CSO. See Contract security officer (CSO) Customs Trade Partnership Against Terrorism (C-TPAT), 335, 203 Cyber attack disclosure, 180 Cyber security, 37 Cyberbullying, 36 Cybercrime, 27, 37

D Data breach, 57 breaches, 178 center and server security, 103–105 collection, 61–62 security, 34 Deadly force, 151 Dedicated security personnel, 190

Defensible space, 4, 111, 147 principles, 8, 16–17 Defensive measures, 23 Delay time, 46, 213 Demographic information, 16 Department of Homeland Security (DHS), 42 Depression, 80, 152, 207 Design out crime/designing for security, 127–131 elements, 127 fighting crime by design, 130–131 identifying objectives, 127–129 planning and design, 129 Designing security and site layout, 111–112 Deter, 9, 56 Deterrence, 148 Deterrents, 8–9 Devices recording, 98 robots as security, 192–193 DHS. See Department of Homeland Security (DHS) Digital recording, 71 equipment, 102 Digital security surveillance system, 50–51 Digital video recorder (DVR), 50 Disabilities, 161 Disaster response, 88, 165 Disorderly conduct, 195 “Dispensary Security Plan”, 142 Displacement of crime, 4, 9 Documentation, 120, 163, 204 DoD. See US Department of Defense (DoD) DOJ, 122 Doors, 23, 157, 182, 213 exit, 59, 68 with glass, 23 numbering system, 213 Downsizing, 186–188 Duty, 46, 71, 91 DVR. See Digital video recorder (DVR) Dynamic alarm management, 76 Dynamic risk, 148

E EACs. See Electronic card readers (EACs) EAP. See Emergency action plan (EAP) Earthquakes, 88 ECC. See Emergency Command Center (ECC) Electronic card readers (EACs), 30–31 Electronic key control, 49 Embezzlement, 231 Emergency (blue light) phones/call stations, 109

Index

evacuation planning, 140 lighting, 66, 89, 102 management, 27, 161 manager responsibilities, 161 response, 63–64 Emergency action plan (EAP), 117 components, 117–118 Emergency Command Center (ECC), 163 Emergency planning, 63–64, 86–88, 92 best practices, 162–165 and development, 86–89 planning development and primary considerations advance planning, 164–165 emergency planning, 164 planning basics, 164 stages of, 164 threat scenarios, 164 types of emergencies, 88–89 Employee integrity, 173–174 screening, 171–172 interview process, 171–172 omission on application, 171 Encryption, 36–37 Entrapment, 152 Environment, 6–7 Environmental design, 148 Environmental security, 4, 110 Equipment requirements, 205 Ethnic background and race, 171 Evacuation, 87, 133, 141 Evidence preservation, 100 Excessive postage (usually postage stamps), 214 Exclusionary Rule, 151 Exit doors, 59, 68 Exterior access controls, 58–59 lighting, 52–53 physical characteristics, 66–67 windows, 67–68 Extortion, 185, 189 Extremely hazardous, 149

F Facility manager responsibilities, 39–40 Facility Security Plan, 142 Fair Credit Reporting Act, 172 Federal Bureau of Investigation office (FBI office), 202 Federal Emergency Management Agency (FEMA), 27, 106

Federal Freedom of Information Act (FOIA), 211–212 Federal Information Centers, 212 Federal Trade Commission (FTC), 121 Fee-based training services, 205 Felony, 195, 208 FEMA. See Federal Emergency Management Agency (FEMA) Female bullies, 221–222 Fences, 7, 16, 127 Fiduciary, 203 Financial justification, 191 Fire, 89, 104, 138 alarm systems, 66, 143 detection and suppression equipment, 102 drills, 64, 166 exits building, 139–140 and life safety administrative and planning phase, 64–65 fire procedures, 64 physical inspection phase, 65–66 prevention, 65–66 plan, 240, 140–141 safety, 113 issues, 124–126 suppression, 126 system, 141 Fire extinguisher policy. See also AED policy purpose, 136 responsibility, 136–137 training, 137–138 Firearms, 69, 115 First aid, 63, 136 5-year and 10-year security plan design first 5 years, 25–26 indoor security, 28–29 next 5 years, 29 outdoor and building perimeter security, 28 prioritizing solutions, 28 Security Master Plan, 24–25 security solutions, 29 technology, 26–27 training, 27–28 Flagging videos, 34 Flashing yellow signs/lights, 79 Floods, 88 Floors, 188 FOIA. See Federal Freedom of Information Act (FOIA) Formulation of partnerships, 5 Forum on Women and Minorities in the Security Profession, 222 Fraud, 75, 173–181, 231

237

238

Index

“Fruits of the poisonous tree”. See Exclusionary Rule FTC. See Federal Trade Commission (FTC)

G Garage doors and windows, 55 Gates, 7, 25, 123–124 Geographical juxtaposition, 1, 6, 131 Glare, 53 Glass, 21, 75 Glazing glass, 182–183 Global Positioning System (GPS), 33 Goldfine, Scott, 220 Good security, 28, 92, 158 Good visibility, 72 GPS. See Global Positioning System (GPS) Graffiti, 44, 48 Greenville, 155–156 Ground floor windows, 54–55 Guards, 158 house, 101–102 houses/guard booths, 101–102

H Halon 1211, 141 Hand geometry, biometrics using, 197 “Harasses”, 330 Hazardous materials, 149 definitions, 149 extremely hazardous substances, 149 hazardous chemicals, 149 hazardous material, 149 hazardous waste, 149 incident commander, 149 harmful to people, 149–150 HD video. See High-definition video (HD video) Health, 9, 330, 210 Health Information Security Rule Safeguard Standards (HIPAA), 58, 103 High-definition video (HD video), 33 Holiday season, 42b–43b Holistic, 196 Hollerith cards, 31 Home Depot, 170 Hospital residential treatment, 73–74 Hurricanes, 88 HVAC systems, 70

I ICS. See Incident Command System (ICS) Identification assets, 42 fraud and credit/debit card fraud, 181 theft prevention, 121–122 FTC involvement, 121

IESNA, 119 IFPO. See International Foundation for Protection Officers (IFPO) IICD. See Infrastructure Information Collection Division (IICD) Image and/or maintenance, 1, 6 Image management, 131 Incident Command System (ICS), 131 Industrial espionage, 201 Industry credentials, 101 Informal organization, 186 Informants, 150 Information technology (IT), 37 Infrared cards, 31 Infrastructure Information Collection Division (IICD), 42 Inge Sebyan Black, 120–121 Ingestion, 150 Inhalation, 150 Initiation of an action, 93 Injection of hazardous materials, 150 Inland Regional Center, 40 Installation services, 205 Insufficient information, 165 Insurance coverage, 194 Insurance forms and reports, 170 Interior access control, 59–60 layout, 159 lighting, 53 spaces, 13 Internal criminal, 230 International Foundation for Protection Officers (IFPO), 101 Internet protocol (IP), 26 cameras, 102 Internet-connected culture, 77 Intervention, 17 Intrusion alarm, 9 system, 143 Intrusion detection systems, 30, 142 Intuitive design, 127 Investigations, 37, 114–115, 120 IoT. See Internet of things (IoT) IP. See Internet protocol (IP) ISO, 58 IT. See Information technology (IT)

J Job, stress on, 208–211 changing attitudes, 210 stressors, 209 turnover, 210–211 Job Rotation policy, 175

Index

K

M

K3 and K5 features, 193 Key control, 50, 49–50 Keypads, 31 Knightscope Security Operations Center (KSOC), 193

Magnetic stripe cards, 31–32 Mail services security, 60–61 Malicious destruction of property, 44–45 Malware, 178 Man-made disasters, 89 Management principles, 154–155 Managers, 38–40 civil litigation, 38 facility manager responsibilities, 39–40 Marijuana farms and dispensaries, security for, 141–143 Marketing and sales data, 170 Mass notification procedures, 131–132 Master planning, 70–71 Mentoring, 226 programs, 195 Mentoring Security Leaders Program, 227 Merchandise, 66, 188–189, 204 Mercury vapor lights, 52 Metal detectors, 73–74 on roof tops, 70 theft, 70 Methods of operation, 75 Miranda Warning, 151 Misdemeanor, 195 Mish Mosh, 157 Misspellings of common words, 214 Mitigation, 162 Mixed technology cards, 32 Monitoring equipment, 102 Montreaux Document, 113 Multiscreen, 71 Mutual aid association, 87, 164–165

L L/P Department. See Loss Prevention Department (L/P Department) Lack of awareness, 165 Laminated glass, 21 Land use, 16 Landscape security principles, CPTED, 5 Landscaping, 128 Larceny, 194 Law enforcement, 5–6, 116–117 body cameras for, 32–35 auditing, 34–35 chain of custody, 34 data security, 34 deletion, 35 flagging videos, 34 maintaining data, 34 nonevidentiary footage, 35 testing and evaluating body-worn video technology, 33–34 encounters, 95 Lecturing, 96 LED. See Light-emitting diode (LED) Legal aspects of security, 150–152 Legal authority, 83, 100 Letter bombs, 214 Liability, 79–81 Liaison, 214–215 Life safety and fire prevention, 66 Light-emitting diode (LED), 25 Lighting, 52–53. See also Protective lighting brightness in parking garages, 108–109 exterior, 52–53 interior, 53 levels, 53–54 and security, 51–53 streetlights, 51–52 Loading dock, 105–106 Loan tags, 49 Local emergency management, 161 Locks, 43, 204 and key program controls, 50 Lorsch, Jay W., 219 Los Angeles Police Department, 33–34, 62–63 Loss of self-esteem, 207 Loss Prevention Department (L/P Department), 177 Low power, 126 Lower-case letters, 78

N Name-calling, 207 National Center for Missing & Exploited Children (NCMEC), 216 National Crime Prevention Institute (NCPI), 225–226 National Fire Protection Association (NFPA), 25, 47, 131, 139, 162, 165–167, 218 codes, 92 Fire Prevention Week, 139 NFPA 101, 25, 66, 93, 127, 137–139 NFPA 101: Life Safety Code, 127, 139 NFPA 909, 145 Standards and Guidelines, 131 National response framework, 161–162 Natural access, 6 control, 1, 4, 7, 9, 19–20, 280, 118–119, 123–124, 130

239

240

Index

Natural barriers, 18, 124, 154 Natural disasters, 88–89, 162 Natural surveillance, 1, 2f–3f, 5–6, 10, 18–20, 18f, 280, 30, 107–108, 110, 114, 118–119, 124, 128, 130, 154 monitoring systems and, 74 NCMEC. See National Center for Missing & Exploited Children (NCMEC) Neighborhood watch, 148 concepts and community involvement, 76 program, 56 Networking, 225 value of, 225–226 Networks, 76, 91 NFPA. See National Fire Protection Association (NFPA) NIMS, 161 Nonevidentiary footage, 35 Nonreactive stains, 109 Non–value-adding work, 187–188 Numbers, 31, 36–37, 43, 56, 78, 121, 128, 187, 214

O Observations, 16 Occupational Safety and Health Administration (OSHA), 27, 125–126 emergency procedures and security operations, 133–138 AED policy, 134–136 fire extinguisher policy, 136–138 regulations, 132–138 standards, 126, 139 Office of Information and Privacy (OIP), 212 OIP. See Office of Information and Privacy (OIP) On-site probation officers, 195 Ongoing maintenance, 205 Online crime, 77 Openings, 67, 160–161 Operation identification program, 55 Operational Security Plan, 142–143 Opportunity reduction, 148 Optical cards, 32 Order maintenance, 6 Organization and administration, 167–168 organizational resilience, 94 organizational risk factors, 73 and planning, 168–169 OSHA. See Occupational Safety and Health Administration (OSHA) Outsourcing for security practitioner, 169 Overhead doors, 105, 107

P Padlocks and door locks and peepholes, 9 Pan and tilt, 71 Pandemics, 63 Panic and barrier alarms, 102 Paper shredders, 169–170 “Paper-and-pen” system, 25 Parcel bombs, 214 Parking facility security, 107–109 garages, 30, 107, 156 lots, 9, 13, 19, 25–27, 29, 51, 72, 89, 107, 127–128, 193 safety issues, 71–72 Parting thoughts, 21 Passive proximity cards and tokens, 32 Passive security, 108 Passwords, 57, 99, 121, 181 Patent, 201 Patient-related risk factors, 72–73 Payment Card Industry Data Security Standard (PCI-DSS), 103 Pedestrian travel paths and gathering areas, 14 People, 6, 16 Perimeter, 19, 25, 47, 52, 59, 89, 102, 104, 144 grounds, 66–67 security, 107, 143 walls, 107 Personnel records and files, 170 Personnel security, 170–173 employee screening, 171–172 Personnel security investigations, 172 Petit jury. See Trial jury Phishing method, 179 PhySec. See Physical security (PhySec) Physical access control, 181–182 Physical barriers, 123–124 design, 124 Physical deterrence, 90 Physical entry and access control door numbering system, 213 doors, 213 minimum standards, 214 Physical inspection phase, 65–66 Physical security (PhySec), 57, 93, 159–161, 182 engineering controls, 73 exit routes, 73 expenses and maintenance, 102 future of, 93 metal detectors, 73–74 monitoring systems and natural surveillance, 74 risk factors, 72–73 technology, 127

Index

Physical security information management (PSIM), 76 Physical Security Professional (PSP), 224 Physical systems, 70–71 Pin locks, 204 Planners, 103, 113–114, 154 Planning emergency, 63–64, 86–88, 162–165 evacuation, 140 master, 70–71 organization and, 168–169 Plastic glazing, 182 Plexiglas, 182 Plus Paper Shredding, A, 170 Police department, 155–156 Police officer, 9, 95, 114–115, 151, 215 Police powers, 75 Policies, 15, 34–35, 180, 190, 194, 216–217 and procedures, 80, 93, 134, 174, 196 Portable alarms, 68 Portable fire extinguishers, 140 Post orders, 75, 82–83, 85 Postal Service, US, 214 PowerPoints, 96, 99 PPD. See Presidential Policy Directive (PPD) Predictive policing, 62 Preemployment screening, 174, 189–190, 202 Prerecorded messages, 132 Presidential Policy Directive (PPD), 161 Presidential Policy Directive 8 (PPD 8), 161 Prevention, 162 Privacy in workplace, 183–184 Private citizens, use of force by, 211 Private security, 148 Probable cause, 184 Process error, 185 Product contamination, 184–186 basics of organization, 186 proprietary security, 185 Product failure, 185 Product security, 143 Production schedules, 170 Professional certifications, 101 Professional Certified Investigator (PCI), 224 Professionalism, 100, 221 in security, 198–199 Profile of active shooter, 115–116 Proprietary information, 60, 203 Proprietary security, 185 Protection, 162 of depth, 46 of sensitive information, 201–203 Protection of assets, 159, 198

Protection officer and professionalism, 100 training for, 99–100 Protective clothing, 165 Protective lighting, 89–90. See also Lighting Proximity cards and tokens, 32 PSIM. See Physical security information management (PSIM) Public parking lots, 71 Public/private sector partnerships, 5 Pure risk, 148

Q Qualifications, 96, 120, 166b, 171

R Random attack, 145 Rape, 195 Ratings, coercive force, 32 Reactive stains, 109 Reader(s) credential, 30 EAC, 30 Reasonableness of expectation of privacy, 184 Recognition, 45 Recording devices, 98 Reducing crime through environmental security, 111 Reengineering key points, 186–188 Regulations, 25 Reid Technique of Interviewing, 172 Relations with law enforcement, 83, 100 Religion, 171 Reporting, 24–25, 196 Research from Sandia National Laboratories, 126 Resident interviews, 16 Residential security, 57, 75 Retail security, 188–189 management, 189–190 Return on investment (ROI), 25, 93 RF ID technology, 217 Rightsizing key points, 186–188 Risk assessment, 45–48, 87, 196 community reaction, 48 crime analysis, 48 degree of security, 47 developing security points, 47 negative aspects, 47–48 positive aspects, 47–48 security risk analysis, 46 security risk assessment survey, 45–47 Risk(s), 145, 158 analysis, 190–192, 196

241

242

Index

Risk(s) (Continued) budgeting and financial justification, 191 security risk management, 190–191 factors, 191–192 management, 5, 148 managers, 39, 194 Robbery, 189, 194 Robotic technology, 192 Robots as security devices, 192–193 ADMs, 193 K3 and K5 features, 193 KSOC, 193 product and service, 192–193 ROI. See Return on investment (ROI) Roll-up shutters, 22f window shutters, 21, 22f Roof(s), 124 access, 165

S Sabotage, 75, 89, 185 Safe areas, 111 Safe schools, 195–196 Safety glass, 182–183 Safety issues fire, 124–126 parking lot, 71–72 Sarbanes-Oxley Act, 58, 103 SAS. See Statement on Auditing Standards (SAS) Saturday detention, 195 SCC. See Sector Coordinating Council (SCC) School(s) administrator/employer ratified, 207 parking lots and garages, 118–119 safe, 195–196 security, 130 sexual harassment in, 207 Screening, preemployment, 174, 189–190, 202 Secret information, 203 Secrets, trade, 201 Sector Coordinating Council (SCC), 42 Securities and Exchange Commission, 181 Security. See also Crime prevention through environmental design (CPTED) access control cards, 30–32 access for physically and mentally challenged, 113–114 active assailant, 114–115 active shooter, 114–118 AMBER alerts, 216–217 ASIS Standards and Guidelines, 94–95 aspects, 75

assessment follow-up, 74–75 assessments, 148 audit, 58–60 avoiding becoming victim, 146 badge control, 49–50 biometrics using hand geometry, 197 body cameras for law enforcement and private sector, 32–35 bullycide, 36 bullying and liability, 79–81 burglar, 42–44 chabging passwords, 77–79 chemical storage, 106 components, 114 courtroom testifying, 146–147 crime analysis, 61–63 crime prevention, 147–149 tips, 155–156 in 21st century, 76–77 crimes, 194–195 critical areas in storage facility, 107 cybercrime, 37 data center and server security, 103–105 defensible space principles, 16–17 design out crime/designing for, 127–131 deterrents, 8–9 digital security surveillance system, 50–51 directors, 37 designing security and site layout, 111–112 downsizing, 186–188 emergency (blue light) phones/call stations, 109 emergency manager responsibilities, 161 emergency planning, 63–64 best practices, 162–165 and development, 86–89 encryption, 36–37 environment, 6–7, 110 examples of strategies in action, 17–18 exterior physical characteristics, 66–67 exterior windows, 67–68 failure, 156–159 fire and life safety, 64–66 fire safety issues, 124–126 5-year and 10-year security plan design, 24–29 fraud, 173–181 freedom of information act, 211–212 general personnel security, 170–172 glazing glass, 182–183 guard houses/guard booths, 101–102 hazardous materials, 149 identity theft prevention, 121–122 increasing security through building design, 18–21

Index

natural access control, 20 natural surveillance, 19 parting thoughts, 21 territorial reinforcement, 20 wayfinding, 20 informants, 150 key control, 49–50 lack of security awareness, 57 law enforcement, 5–6 legal aspects of, 150–152 letter and parcel bombs, 214 liaison, 214–215 lighting, 51–54, 90 loading dock, 105–106 mail services, 60–61 malicious destruction of property, 44–45 management principles, 154–155 managers, 38–40 for marijuana farms and dispensaries, 141–143 mass notification procedures, 131–132 master planning, 70–71 metal theft, 70 Montreaux Document, 113 national response framework, 161–162 neighborhood and fear of crime, 110–111 new year’s resolution, 77–79 NFPA, 165–167 NFPA 909, 145 occupational safety and health administration regulations, 132–138 organization and administration, 167–168 and planning, 168–169 outsourcing for security practitioner, 169 paper shredders, 169–170 parking facility, 107–109 parking lot safety issues, 71–72 personnel security, 172–173 phases of attack, 145 physical, 72–74, 159–161, 182 physical access control, 181–182 physical barriers, 123–124 physical entry and access control, 213–214 physical security expenses and maintenance, 102 in places of worship, 229 police massachusetts school bus driver drunk in crash, 81 practitioner, 123 privacy in workplace, 183–184 product contamination, 184–186 professionals, 223 certifications, 101 protection of sensitive information, 201–203

protective lighting, 89–90 PSIM, 76 reducing risk, 93–94 reengineering, 186–188 retail security, 188–189 management, 189–190 rightsizing, 186–188 risk analysis, 46, 190–192 assessment, 45–48 management, 190–191 manager, 194 robots as security devices, 192–193 safes, 69–70 citizen and law enforcement encounters, 95 schools, 195–196 school parking lots and garages, 118–119 security assessments, 196–197 security/protection officers, 99–100 setting specifications, 205 sexual harassment, 205–207 site security during construction, 143–145 social media, 35–36 soft targets, 40–42, 90–92 speed bumps, 79 stalking, 207–208 stress on job, 208–211 surveillance systems, 106 survey, 56, 75, 196, 198 target hardening, 7–8 terrorism, 37–38 thermal cameras, 126 threats, 57–58 training, 95–100 transportation security, 203–205 travel, 212–213 trends in, 217–218 “ultimate security cookbook” and future trends, 92–93 use of force by private citizens, 211 use of information, 15–16 video analytics, 126 windows and window shutters, 21–24 women as investigators, 119–120 workplace fire safety, 138–141 Security checklist, 54–57, 112 basement doors and windows, 55 entrances, 54 entrances from garage and basement, 54 garage doors and windows, 55 ground floor windows, 54–55 protecting personal property, 55–57 upper floor and windows, 55

243

244

Index

Security industry, 220 future of women in, 219–220 success of women in, 227–228 technology in, 220 women in security profession, 222 education and professional development, 222–223 industry experience, 223 membership in ASIS International, 224 mentoring, 226 networking, 225–226 professional certifications, 224 Security Magazine, 183 Security management, 197–200 professionalism in security, 198–199 retail, 189–190 security professionals, 199 Security Master Plan, 24–25 Security officer(s), 1–2, 8–9 checklist, 68–69 contract security officer, 84 ensuring effective contracts, 85–86 ensuring quality, 84–85 hiring and training, 86 qualifications of security officer, 82–84 responsibilities, 82–86 Self-fulfilling prophecy, 210 Sensitive information protection of, 201–203 industrial espionage, 201 patent, 201 trade secrets, 201 US government classified information, 201 Server room, 103–104 Setting-related risk factors, 72–73 Sexual harassment, 205–207 in schools, 207 Sexual predators, 231 Shoe Bomber Theorem, 158–159 Shoplifting, 188–189 Shredders, paper, 169–170 Signage, 20 Sinkholes, 88 Site layout, 111–112 Site security during construction, 143–145 Situation crime prevention, 4 Situational crime prevention, 9, 76 Situational prevention, 29–30 Sliding glass doors, 23 Smart cards, 32, 102 Smash and grab attackers, 182–183 Smishing method, 179

Smith, Bud, 154–155 Smoke detectors, 166 Snowstorm, 88 Social media, 35–36 Social Security Number (SSN), 121 Soft targets, 40–42, 90–92 assessing risks, 42 identify assets, systems, and networks, 42 implementing programs, 42 prioritizing, 42 setting goals and objectives, 42 Software, 27–28, 190 Space, 17 Space, defensible, 4, 16–17 Span of control, 186 Specifications, setting, 205 Speed bumps, 79 Spin dial, 70 Spoofing method, 179 Spyware, 178 SSAE. See Statement on Standards for Attestation Engagements (SSAE) SSN. See Social Security Number (SSN) Staining concrete, 108–109 Stalking, 207–208 Stan Carter, 122 Standard operating procedures, 75 State department, 213 Statement on Auditing Standards (SAS), 103 Statement on Standards for Attestation Engagements (SSAE), 103 Stop and think, 146 Stranger criminal, 230 Streetlights, lighting, 51–52 Stress on job, 208–211 changing attitudes, 210 stressors, 209 turnover, 210–211 Structural barriers, 159 Student courts, 195 Subcontractors, 144 Suicide, 36, 80 Support of community development, 5–6 Supreme Court, 170 Surface parking lots, 119 Surveillance, 1–2, 2f–3f, 118–120 Survey, 45 Suspicion of crime, 184

T Target hardening, 7–8 Tasks/work, types of, 187

Index

Taunting, 207 Teaching, 96 Technology, 26–27 credential, 30 in security industry, 220 Tempered glass, 21 Territorial reinforcement, 1, 9–10, 20 Territoriality, 3 Terrorism, 37–38 Terrorist attacks, 63 Terry versus Ohio, 151 Testifying, courtroom, 146–147 Theft identity theft prevention, 121–122 FTC involvement, 121 internal, 46 Theory, crime displacement, 76, 99 Thermal cameras, 126 Thieves, 46, 70 Think, stop and, 146 Threat(s), 158 scenarios, 87, 164 3-D’s approach to CPTED, 152–154 definition, 153 design, 153 designation, 153 strategies in action, 153–154 360 degree peephole, 182 3–7 rule, 19 Thunderstorms, 88 Time management, 168 Toastmasters International, 225 Tornadoes, 88 Total Quality Management, 155 Trade secrets, 201 Training, 95–100 controlling class, 97 ending of presentation, 98 exercises components, 118 handouts, 97 lecturing vs. teaching, 96 nervousness, 98 planning, 97 presentation, 96 recording devices, 98 visual aids, 96 voice control, 97–98 Transportation security, 203–205 Trapped, 165 Travel security, 212–213 Trial jury, 151 Two-factor authentication, 105 Two-way communications, 129

U UL, 58 codes, 92 UL-752, 129 Undercover operations, 201 Underwriters Laboratories, 182–183 Uniforms, 75 Unsafe activities, 18, 154 Upper floor and windows, 55 Urban problems, interdisciplinary approach to, 14 US Department of Defense (DoD), 172 US Department of Justice, 216–217 US government classified information, 201 USA, 155–156 Use of badges, 75 Use of force, 33–34, 83, 100, 211 Use of information, 15–16 User interviews, 16

V Vacation, 42b–43b, 175 Value-adding work, 187 Vandalism, 45 Vehicular travel routes and parking facilities, 13–14 Vendors, 25, 191 Verbal de-escalation, 211 Victim avoiding becoming, 146 stop and think, 146 sullen and isolated, 207 Video analytics, 102, 126 software-based, 29 Video surveillance, 12, 25–26, 29, 100, 103, 106 preventing crime, 51 systems, 26, 50–51 Violation of law, 184 Violence in workplace, 72–74 Visitors, 20, 25, 127, 191 Visual aids, 96 Voice control, 97–98 technology, 29 Voir Dire, 151 Vulnerability, 158 assessment, 196

W Walls, 104, 124 “Walmart of Weed”, 142 Waste, 187 flammable, 125, 141 hazardous, 149

245

246

Index

Wayfinding, 20 WEA. See Wireless Emergency Alerts (WEA) “weGrow” stores, 142 Wiegand cards, 31–32 Win/Win strategy, 221–222 Window(s), 19, 22f, 24, 75 defensive measures, 23 entrances, 24 glass, 21 ground floor, 54–55 roll-up shutters, 22f and window shutters, 21–24 Wired glass, 21 Wireless Emergency Alerts (WEA), 216 Witnesses, expert, 38, 90 Women future in security, 219–220 as investigators, 119–120 in security profession, 222

education and professional development, 222–223 industry experience, 223 membership in ASIS International, 224 mentoring, 226 networking, 225–226 professional certifications, 224 success in security industry, 227–228 Workplace bullying, 221–222 fire safety, 138–141 building fire exits, 139–140 emergency evacuation planning, 140 fire prevention plan, 140–141 fire suppression system, 141 portable fire extinguishers, 140 privacy in, 183–184 violence, 72–74 hazards, 72