Security of Sensitive Areas in Working Hours —. the New Philosophy
| Pages | 4-8 |
| Date | 01 March 1982 |
| DOI | https://doi.org/10.1108/eb057235 |
| Published date | 01 March 1982 |
| Author | Nevill Porter |
| Subject Matter | Economics,Information & knowledge management,Management science & operations |
Security of Sensitive Areas in
Working Hours — the New Philosophy
by Nevill Porter
Managing Director, Mastiff Security Systems Ltd
The New Problems of Security
Pre-1971
Up to about 1971, security thinking was concentrated on
providing perimeter protection of buildings, out of work-
ing hours, when the building was virtually empty
—
except
perhaps a guard or two
—
with the aim of preventing intru-
sion by anyone, if possible; and fitting sensors within to
detect any intruder who nevertheless succeeded in
penetrating — to alert the security lodge, the police or a
central station.
During working hours, when the building was full,
guards or receptionists might be posted at the main en-
traces and if anything was done to protect inner areas of
high security, this necessitated further guards.
Definitions
Perimeter protection at night is Access Prevention.
Daytime control of sensitive areas presents quite a
dif-
ferent problem since free passage of many authorised users
throughout the areas is essential but intruders must be
prevented from penetrating. This is the true definition of
Access Control.
The Last Decade
It is only in the last decade that true Access Control of
busy doors has been seriously tackled using electronic
methods. At the outset of this period, the security industry
in general failed to appreciate the depth of the new pro-
blem. Card readers and digital locks had existed for a con-
siderable period and provided a ready method of taking care
of a door while it was
locked.
Unfortunately, no door re-
mains locked all the time in working hours — indeed a
door in frequent legitimate use may well be cumulatively
unlocked for more than half the working day. True Access
Control, however, postulates 100 per cent positive control
of access all the time and not only while doors are locked.
True Access Control is seldom applied effectively at the
perimeter of buildings because of the numbers involved.
Bear in mind that it is essentially a working hour problem.
The practical approach is to designate Sensitive Areas
within the building and provide really effective access con-
trol to these areas, e.g. computer suites.
In assessing the needs of Sensitive Area Access Control,
the protection of external links such as computer terminals
must also be covered. The interface with the software pro-
tection of computer input and with the ensuing checks of
audit trail must not be overlooked.
In the very many computer suite security assessments
with which I have been involved companies have often had
problems of
who
within the organisation should be respon-
sible for the diagnosis of such security requirements. The
Computer Manager is an expert on computers but an
amateur at security. The Security Officer is an expert on
security but probably an amateur at computers. Nowhere
is this joint problem more apparent than in the protection
of terminals where not only must the terminal itself be pro-
tected but it must be ensured that nothing penetrates, or is
extracted from, the main frame computer without authori-
ty.
My company, Security Systems Ltd, formed in
Leatherhead, Surrey, in 1972 to exploit the "hands-free"
principle, has provided true Access Control
—
in which we
are pioneers and specialists — for many hundreds of com-
puter centres and other sensitive areas, and our experience
of potential problems is hence very wide. Certainly any
organisation when reviewing access control problems,
would do well to tap the wealth of practical experience in a
specialist company such as mine. For whatever their access
control application we will probably have tackled it, in
practice rather than theory, many times before. I hope in
my text which follows to reflect some of the philosophy
which we have built up as a result of that experience over
the last eight years.
The System Approach to Access
Control — The New Philosophy
At night, the intruder who succeeds in penetrating the
perimeter will, despite alarms, have some time in which to
do his work because of the time needed to respond to these
alarms, and detection may therefore not be critical to him
— so long as he can get out again in time.
In working hours, however, the intruder must penetrate
his target area, act and get out again undetected. If he
spends more than a couple of seconds fiddling with a busy
protected door in working hours he will be taking too
much chance of being caught in the act by an authorised
person approaching in the ordinary course of his business.
If
he
is caught he is lost. If, therefore,doors protecting sen-
sitive areas remained permanently locked, the intruder
would not get in since breaking down the door or trying to
pick the lock in busy areas would put him at too great a
risk.
It is the authorised users, however, the normal users of
the doors, who breach this ideal permanently locked state,
and they are the vital link in the problem of Access Con-
trol.
Any Access Control solution must above all work in
practice — not only in theory. It must take full considera-
tion of the behaviour and interests of the authorised users,
who are human, with human frailties. It must not be
dependent on rigid discipline for its success, for in the
practical life of, for example, a busy computer organisa-
tion, it will fail if it is. The aim, when installing an Access
Control System, should be to simulate, for the authorised
user, precisely the situation before it was installed, so that
only the intruder, and not the authorised user, notices the
difference.
4 INDUSTRIAL MANAGEMENT + DATA SYSTEMS
To continue reading
Request your trial