Physical Security: A Report on Risk Assessment Methodologies

Verified

Added on 2020/05/28

AI Summary

This report delves into the critical domain of physical security, specifically focusing on risk assessment methodologies applicable to maximum-security environments. It highlights the significance of efficient risk evaluation in safeguarding programs and institutions, emphasizing the use of diverse assessment methods to identify threats, assess vulnerabilities, and evaluate security systems while considering the probability of threat occurrences. The report examines key methodologies, including What-If analysis, checklists, Hazard and Operability Study (HAZOP), Failure Mode and Effect Analysis (FMEA), and Fault Tree Analysis (FTA). Each method is detailed in its application, providing a structured approach to understanding potential risks and implementing effective security measures. The report uses these methods to analyze potential weaknesses and proposes strategies to enhance the overall security posture of maximum-security facilities, providing a detailed analysis of each method and its practical application in real-world security scenarios.

Running head: physical security 1
Physical Security
Author Name(s)
Institutional Affiliation(s)
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

physical security 2
Abstract
Efficient risk evaluation methodologies can be the cornerstone of improvement in the protection
of all programmes and institutions. The vast methods of risk assessment employed in different
critical infrastructures do back this reasoning. Application of risk assessment procedures is
indispensable for identifying threats, assessing vulnerabilities and evaluating security systems
while accounting for the probability of occurrence of any threat. There are many meaningful
methodologies for risk assessment which can be used to assess risk at a maximum-security
facility. However, this paper will focus main critical approaches. The core elements of risk
assessment methods that this paper will be examining are the use of what-if analysis, use of a
checklist, use of hazard and operability study (HAZOP), use a failure mode and effect analysis
(FMEA), use a fault tree analysis (FTA).
Keywords: Maximum Security, Vulnerability, Methodologies

physical security 3
Physical Security
In physical security, maximum security is the highest level, or the level five security. This
level Such a system is intended to identify, evaluate, deter, and counter any unauthorized both
internal and external activities. According to (Fennelly, 2013), such a system has measures
characterized by sophisticated, state-of-the-art alarms systems that are too powerful a lone man
to defeat. They are remotely monitored either in one or different protected locations. They have
tamper-indication and a source of power back up. Besides, these systems are under 24-hour
screening by some on-site response armed individuals armed who are ready to neutralize any
threat. This paper is dedicated to studying risk assessments in such systems using the risk
assessment methodologies.
What If Analysis
The assessment involves brainstorming with what-if scenarios to identify any possible
hazardous activities, their causes, outcome, and prevailing barriers, and then going forward to
suggest alternatives that can be implemented for the reduction of that risk (Rausand, 2013). For
instance, what if response teams are compromised or what team all the teams are attacked with
hazardous gases. From such questions, management can think of air support, gas masks, e.t.c.
Checklist
The checklist is a useful method for determining risks based on the experience obtained
from past risks or risks that have happened elsewhere in similar facilities (Talabis & Martin,
2013). For instance, in maximum security, the management can have a checklist for checking
whether all the physical controls are in place to ensure that everything is functioning correctly.
For example, are all cameras and locks functioning? Are all network scans in place? Rescue
teams e.t.c?

physical security 4
Combination of Checklists and What-If Analysis
Checklist and what-if analysis are combined to maximize security. What if analysis
creates the risk scenarios and the management creates a security measure for that scenario. After
the creation of that measure, it is then added to the checklist where it can be monitored together
with other measures.
Use A Hazard and Operability Study (HAZOP)
This methodology qualitatively identifies risks or operational complications that may
result from deviations from the laid rules, conditions or security process (Wei, Matsubara &
Takada, 2016). The fundamental principles of HAZOP methodologies hold that hazards happen
when people deviate from the standard or expected actions. An example of deviational activity
within the security is a penetration testing. Such a test can aim to uncover the weaknesses
through assuming suspected security flaws and thinking of the methods for neutralizing
vulnerabilities.
Failure Mode and Effect Analysis (FMEA)
The FMEA is a structured methodology which examines failure modes and the impacts
they can have on the security. The method aims to spot possible weaknesses in the system and
recover them. According to (Schmittner, Gruber, Puschner & Schoitsch, 2014), US Department
of Defense used FMEA in 2005 to improve the efficacy and reliability of their military
equipment. In maximum security, FMEA can be applied to check the reliability of the hardware
and software like cameras, locks, automatic gates, etc.
Fault Tree Analysis (FTA)
FTA refers static methodologies that logically model, analyze, display and evaluate
failure paths within a security system (Kornecki & Liu, 2013). In maximum security, FTA uses

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

physical security 5
deductive techniques by postulating sophisticated mishap and trying to find out the weakness in
the system, activities or component performance that contribute to such mishap.

physical security 6
References
Fennelly, L. (2013). Effective physical security (2nd ed.). Waltham, Mass.: Butterworth-
Heinemann.
Kornecki, A., & Liu, M. (2013). Fault Tree Analysis for Safety/Security Verification in Aviation
Software. Electronics, 2(1), 41-56. http://dx.doi.org/10.3390/electronics2010041
Rausand, M. (2013). Risk Assessment. New York, NY: John Wiley & Sons.
Schmittner, C., Gruber, T., Puschner, P., & Schoitsch, E. (2014). Security Application of Failure
Mode and Effect Analysis (FMEA). Lecture Notes In Computer Science, 310-325.
http://dx.doi.org/10.1007/978-3-319-10506-2_21
Talabis, M., & Martin, J. (2013). Information security risk assessment toolkit. Amsterdam:
Elsevier.
Wei, J., Matsubara, Y., & Takada, H. (2016). HAZOP-Based Security Analysis for Embedded
Systems: Case Study of Open Source Immobilizer Protocol Stack. Recent Advances In
Systems Safety And Security, 79-96. http://dx.doi.org/10.1007/978-3-319-32525-5_5