At the completion of this chapter, you will understand why security countermeasures are required, and the elements of countermeasure objectives, goals, and strategies.
The term security countermeasures implies correctly that they are measures taken to counter a threat action. In an ideal world, security countermeasures would be so effective as to completely eliminate the will of potential threat actors to take action.
Although most people believe that is not possible, in fact it has been done. There are actually numerous examples, but perhaps the best known is the Fort Knox Gold Depository. As one could imagine, there have been many potential threat actors who would be interested in accessing the gold at Fort Knox since it was built. But none have even attempted. Countermeasures including a formidable building and complex, heavily armed guards, layered detection systems, automatic weapons (oh, and do not forget that it sits next to the largest assembly of U.S. Army tanks and tank crews in the world) that are so well developed that no one has ever attempted a robbery there.
Compare that to the average U.S. convenience store, which as a class, has the highest incidence of robberies of any fixed asset, including many fatal violent attacks. It is worthwhile to compare the two in order to develop study models of risk mitigation. Fort Knox has multiple layers of protection, including heavy arms and multiple layers of detection systems to protect its assets. Its focus is on access control.
Convenience stores have little, if any, protection - often the cash register drawer is directly accessible by reaching across the counter from the public side. Access to the store is free to anyone, good or bad. There are generally no responsive weapons and no detection until a robbery is announced by the threat actor. The greatest protection is usually a video camera system that records the robbery but which cannot intervene. Access control is often limited to a hopeful expectation of politeness.
In one case, access control is heavy. In the other, access control is minimal. The obvious lesson is that keeping bad people out is good for security.
I am not suggesting that all facilities should be equipped like Fort Knox, because most organizations could not function with this level of access control, and the presence of automated .50-caliber weapons and guards on parapets with scoped weapons would be not only a deterrent to crime but also a deterrent to normal business.
[Click here to continue.]
From Risk Analysis and Security Countermeasure Selection by Thomas L. Norman. Boca Raton, Florida: CRC Press LLC, 2010.