The Purpose and Process of Security Access Control

5 Dec

We can speak of access control where we find a criterion for Authentication, Authorization, and Control.

The purpose of security guards and security devices at points of access. Is to create a perception of sanctuary and a presence of safety, and to enforce the access criteria.

Definition; Access control in general refers to a condition, or conditions (more than one) that must exist that specifically determines a criteria, or a set of criteria’s that has to be met, before access / entrance will be granted, thus restricting free access, by enlisting a criteria. This criteria could be simple or very complicated, physical, electronic or biometric (the recording of things such as people’s fingerprints or the appearance of their eye in order to identify them on an electronic system).By implication, anything from a key, to a credit card pin, to a finger print.

Access also implies egress, and rights

The point is exerting control over who can and who cannot access something has legal implications. Access infuses a right or a privilege that is constitutional, to a right, giving such a person user rights and denying others. Whoever has the key, code, pin, password ect., has rights of access, for or to whatever mechanism, or for whatever reason they might need it. This is called safety, which is also a right, and so too security. So we access some and egress from other rights, when we talk security, and the limitations to rights, and freedoms.

A way of thinking

Access control is a general way of talking about security, as a way of controlling people’s freedom of movement or access to any specific item, place, building, vehicle, resource or whatever. Access can be granted or denied based on a wide variety of criteria, such as predetermined.  This brings about a perception of security. By bringing about forms of control, control creates measures; processes, for dealing with entry/ access and egress, that is now referred to as a criteria for security.

The psychology behind access control;

Maslow defined that one of the criteria, that all humans must have is security, in order to exist, and function normally. Therefore we have security measures and one of these aspects thereof is access control; Safety needs

With the humans physical needs relatively satisfied, the individual’s safety then takes precedence and dominates behaviour. In the absence of physical safety — due to war, natural disaster, or, in cases of family violence, childhood abuse, etc. — people (re-)experience post-traumatic stress disorder. In the absence of economic safety — due to economic crisis and lack of work opportunities – these safety needs manifest themselves in such things as a preference for job security, grievance procedures for protecting the individual from unilateral authority, savings accounts, insurance policies, reasonable disability accommodations, and the like.

Safety and Security needs include:

  • Personal security
  • Financial security
  • Health and well-being
  • Safety net against accidents/illness and their adverse impacts

Access criteria objective; (by looking at an example of premises securing)

  1. 1.     The objective of access control is firstly to secure the objective or asset.
    1. Very important; we have to first know what we want the security to protect, and then we go around to how to restrict access and to whom, and why?  Many security companies, just place guards, with instructions, that relay the criteria, without stressing the goals and objectives of the exercise, or mission, and stating the priority.
    2. By implication, systems fail to live up to expectations, when everyone expects different outcomes from access control and security. For instance, a car gets stolen. Everyone is now up in arms, the security failed. Or did it?
    3. If the initial objective of the security was just to have access control, then a car getting stolen is not a factor in this scope. As the security scope and brief did not include this aspect of property protection as well.  Specifics and objectives are therefore two aspects of access control and security. We have to all know what we want, before we can go out and get it.
    4. Therefore we will need multiple levels of security, backed up by multiple levels of access control, unified in one criterion for each eventuality that translates into the SOP – standard operating criteria.
    5. This is done through multiple layers of security and initiatives; for instance;

i.     The installation of access control measures – a access criteria.

ii.    Environmental design – gates, walls, lights, CCTV, etc

iii.    and access criteria; for pedestrians, tenants, contractors, visitors, police, etc.

iv.    Walls, fences, gates, lights, natural boundaries, barriers, ditches, and guards, electronic fences, alarms, CCTV etc… that make up a full contingent and solution.

  1. That is then in turn determined by specifics, like the grading of guards, and systems required to counter any potential threat, and its prevalence, to lessen vulnerability; by target hardening.
  2. Secondly to control flow, or movement;
    1. Who gets to go where, do what …zone control
    2. Who can bring in, or take out what, and what is the protocol.
    3. Intercept contraband (weapons, explosives, drugs, classified material, etc.)
    4. While maximizing vehicular/ pedestrian traffic flow, and customer satisfaction. It all requires design; you have to design a system that compliments the criteria; if you have a building that leans to bottlenecks, then any criteria, will suffer due to the environmental design, this could then have the opposite effect when the purpose of access control defeats the exercise, as everyone is now inconvenienced, and it becomes a frustration, not worth the effort.

Access design considerations, in order of priority, are:

  1. Tactics; has two criteria, we get there by asking; how, what, where, when, who, how much must be asked to get to a point where we can do proper; AA
    1. Authentication, we know who you are – and now we need to see if you are expected, announced, allowed;
    2. Authorization – does this person, vehicle meet the authorisation criteria? Two criteria must be met for proper access control…
    3. Accuracy; effectiveness versus cost and time – how effective and full proof is this system, are we getting value for money, and is it fast enough?
    4. Precision; what is the benchmark, what would make the customer and public happy, and do we really need it?
    5. Speed; versus precision, must complement each other, trained personnel, working equipment, and friendliness, goes a long way towards rendering quality service with speed, and keeping tempers from flaring.
    6. Security; how secure is this check point, can it be over run, bridged, rendered useless, if someone trips the power, walks in with a gun, etc…You are only as good as your weakest defence.
    7. Safety; safety of staff and public at the control point. Once you let someone beyond your control point you are responsible for their safety, in terms of the law. The occupational health and safety control act Act, No. 181 of 1993. for instance has several stipulations you cannot indemnify yourself from. Whereas indemnities are always a good idea, and should form part of access control and its criteria.
    8. Capacity; can the system handle the volumes? The design capacity should be based on the peak hour traffic volume that the entry control point would handle without unreasonable congestion.  Consider both current and future traffic demands, where the design demand is the peak hour traffic volume, such as the morning rush hour.  If the rate of vehicles arriving at an entry control facility exceeds the rate of processing, then congestion will occur…
    9. Image; perception and education go hand in hand, informed people interact, uninformed people fight… or cause a fight soon enough. Get the right people for the job, people with good people skills, that are friendly, yet vigilant and work towards precision.

How do you restrict access based on what?

  1. Define the real objective, do a threat assessment; if the objective is not clear you will never hit the spot with security and access control. Define the objectives clearly; against the following;
    1. Objective broken down into goals- what do we want to protect by implementing access control and security; the obvious goals are;

i.    Property;

  • Private and common

ii.     Living things; Animals, plants, fish, and yes -People;

  • Tenants, pets and guests
  • Go down the list and then grade these items; against this criteria; based on Any relevant crime statistics and crime trends – not perception.
  1. The level of threat against them,
    1. High, medium, low, none…
    2. Then the Prevalence or frequency of such a threat
      1. High, medium, low, none
      2. Then value of these objectives
        1. High, medium, low, or none

iii.    Add all the “highs”, give them a weighted score, high = 5, medium 4, low 2, and none 0, for instance. The one with the highest score gets preference and so on, the secondary and so on…

  1. Then we have to get a user requirement; what does the customer want?
    1. Then the protocol; here it can get tricky;
    2. Pin, password, code, card, tag, ID, drivers licence, tickets etc…
    3. Back up criteria; in the event of power failure, disaster, flood, etc..
    4. Get user and security/ support services inputs, fire, disaster management, police/ metro police.
    5. Finalise the protocols and criteria; sign off, publish, train, test, implement, revises, and then standardise…
    6. Anticipated a rise in violent crime activities; don’t give them the edge, one successful attempt and all is lost, upping security, and getting access control in place, is only the start of the process, it’s called target hardening. With target hardening comes a down side as well, crime and criminals also now are forced to plan their attack pertaining to your strategy and tactics, they study and test your strategy, daily, and then come with a plan, that will naturally imply force. The harder the target the greater the force…
    7. Access control is only as good as your system is tested and disciplined…
    8. Yes you have two components that make it vulnerablenow; the first is the human element, the second the technology and then people finding ways to bypass the criteria…
      1. Bribes, ill discipline, Laissez faire attitudes, no supervision etc.
      2. People get ill, die, transferred, the one man is not always as good as the next
      3. People find inventive ways, excuses, and means to bypass access control with.
      4. Equipment fail, require updates, repairs, and maintenance…oh, and even power.
      5. Contingencies and backups are essential…

Get a copy of this great book; 

More related links;

Advertisements

11 Responses to “The Purpose and Process of Security Access Control”

Trackbacks/Pingbacks

  1. A Standard Operating Procedure for Strategic, Security, Emergency, Disaster & Event Management Planning. « Strategic Management - December 5, 2011

    […] Ingress and egress control of vehicles, how will this be done from the main road – VIP requires […]

  2. Standard Operating Procedure (SOP) for Access Control « Strategic Management - December 12, 2011

    […] implementation. Tactical – implying; the use of military science that deals with securing objectives set by strategy, especially the technique of deploying and directing “troops” – guards -, and the use of […]

  3. Security as part of Emergency and Disaster Management – Planning an Event « Strategic Management - December 12, 2011

    […] Then plan your entrance and exits; […]

  4. Overview of an application in terms of the; SAFETY AT SPORTS AND RECREATIONAL EVENTS ACT 2/2010 « Strategic Management - June 11, 2012

    […] The Purpose and Process of Security Access Control […]

  5. Certification of Events – for the purpose of emergency and disaster mitigation management. « Strategic Management - June 11, 2012

    […] The Purpose and Process of Security Access Control […]

  6. Emergency and Disaster Management Essential Elements of Information? « Strategic Management - June 11, 2012

    […] The Purpose and Process of Security Access Control […]

  7. Combining Management Principles with Disaster Management Aspects « Strategic Management - June 11, 2012

    […] The Purpose and Process of Security Access Control […]

  8. Look at the nuts and bolts of a typical CONTINGENCY READYNESS SOP « Strategic Management - June 29, 2012

    […] The Purpose and Process of Security Access Control […]

  9. A Strategic Approach to Traffic Management at Large Events « Strategic Management - July 1, 2012

    […] The Purpose and Process of Security Access Control […]

  10. Index of posts on this blog – Strategic Management « Strategic Management - July 2, 2012

    […] The Purpose and Process of Security Access Control […]

  11. Responsibilities of Emergency Co-ordinator and Safety Marshals at events. « Strategic Management - September 1, 2012

    […] The Purpose and Process of Security Access Control […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: