Elements Security management provides a framework for better practice in asset protection. Any organization, regardless of size, complexity, or industry, can implement SRM practices to secure key...

Elements
Security management provides a framework for better practice in asset protection. Any organization, regardless of size, complexity, or industry, can implement SRM practices to secure key assets and to manage security-related risks.
Typical activities and responsibilities that are part of security management include:
  
    Policy, procedures, and standards
    Threat identification and the use of intelligence
    Threat assessments
    Investigations
    Root cause analysis
    Design basis threat
    Asset and business impact identification
    Identification and protection of significant organizational infrastructure
    Security training
    Supply chain protection
    Business resilience
    Incident reporting
    Law enforcement presence and effectiveness
    Criminal trends
    Client base, including means and level of access as well as type and frequency of interaction
    Management support
5.2.3 Applying Security Management Practices
Any of the practice areas can operate independently; however, they can only realize their full benefits when integrated appropriately. ICT security technologies, such as firewalls, encryption devices, and controlled information access points, for example, although important, need to be integrated with a range of other information control technologies. Security measures such as secure containers, classified document registers, building or room specific access passes, and identification cards also contribute to the security of information. Personnel security processes, which include the vetting of those who access secure information, are similarly integral to an overall SRM plan.
5.3 Physical Security
Scope
Although the traditional 3Gs (guns, guards, and gates) remain useful in physical security, they represent only a small proportion of physical security protective measures.
Physical security involves the physical protection of personnel, hardware, property, networks, and data from deliberate acts and events. These acts and events can include burglary, theft, vandalism, and te
orism and could cause loss or damage to an organization or individual.
Purpose
The purpose of a physical security system is to prevent altogether or reduce the likelihood of sabotage, theft, trespass, espionage, vandalism, or te
orism. A security system must provide the capability to detect, assess, communicate, delay, and respond to a suspected physical
each of security.
Security safeguards should include:
    Access control systemsg
    Executive protection and background investigations
    Security staff
    Integration with other physical safety issues that could potentially pose a threat to staff or others
    Building safety standards as well as construction and maintenance frameworks relevant to CPTED principles
    The installation of emergency response systems, including fire prevention and other incident response mechanisms and procedures
5.3.2 Asset Identification in Physical Security Risk Management
The establishment of a physical security context is a useful first step in identifying assets that require protection. This context should include an analysis of the internal and external environment and the way in which this environment affects the security and operation of an organization. This analysis should include consideration of:
    Te
ain (including natural ba
iers and natural security impediments)
    Physical attributes of assets, including lighting and proximity to other structures, parking, access, and thoroughfares
    Existing physical security measures
    Accessibility
    Population and demographics
5.3.3 Controls and Protective Ba
iers
The Oxford English Dictionary defines the term ba
ier as “an obstacle that prevents movement or access.”
Physical ba
iers are one of the more visual and versatile elements of physical security. Fences, bollards, doors, and screens protect assets from a range of threats.
They can be used to:
    Define the perimeter of an asset
    Control and deny access
    Detect and deter unauthorized entry
    Delay intrusion
Ba
iers can be both natural and structural. Natural ba
iers should be identified in an initial asset appraisal and used if appropriate. Structural ba
iers should be placed not only to enhance physical security but also to act as a psychological dete
ent to people that may contemplate an attack on the asset.
Ba
iers should enhance security and at the same time reduce the need for more costly human or technological security measures. Ba
iers should also increase the effectiveness of other measures, such as lighting, CCTV, and security guards.
The nature and appearance of a ba
ier should also complement the needs of an organization. Ba
ed-wire fencing may be an effective ba
ier in some situations, but it would be inappropriate for use in a shopping center. Ba
iers should be made from materials that can act as a dete
ent against likely threats. Ballistic glass, fences covered by hedges, and security bollards to limit vehicular access are all commonly used by organizations concerned about the aesthetics of the asset being protected.