physical security paper

Effective Physical Security

FIFTH EDITION

Lawrence J. Fennelly

2

Table of Contents

Cover image

Title page

Copyright

Dedication

Foreword

Preface

Chapter 1. Encompassing Effective CPTED Solutions in 2017 and Beyond: Concepts and Strategies

Introduction

Environment

Space

Target Hardening

CPTED Assessments

Questions to be Answered During an Assessment

CPTED Survey for Colleges and Universities: 30 Vulnerabilities Based on CPTED Assessments

CPTED Recommendations

Psychological Properties of Colors

CPTED Landscape Security Recommendation

Conclusion

Chapter 2. Introduction to Vulnerability Assessment

Risk Management and Vulnerability Assessment

Risk Assessment and the Vulnerability Assessment Process

Statistics and Quantitative Analysis

Vulnerability Assessment Process Overview

Planning the Vulnerability Assessment

Protection Objectives

Data Collection—Detection

Data Collection—Delay

Data Collection—Response

Analysis

3

Reporting and Using the Vulnerability Assessment

Systems Engineering and Vulnerability Assessment

System Requirements

System Design and Analysis

System Installation and Test

System Replacement

Summary

Chapter 3. Influence of Physical Design

Introduction

Defensible Space

Crime Prevention Through Environmental Design

Conclusion

Chapter 4. Approaches to Physical Security

Levels of Physical Security

The Value of Planning

Physical Barriers

Security Surveillance System (CCTV)

The Security or Master Plan and Countermeasures

Convincing Oneself That a Proposal Is Justified

Designing Security and Layout of Site

Summary

Chapter 5. Security Lighting

Introduction

Illumination

Types of Lamps

Twenty-Five Things You Need to Know About Lighting

Energy Management

Lighting Checklist

Lighting Definitions

Chapter 6. Electronics Elements: A Detailed Discussion

Introduction

Alarm/Access Control Systems

Server (and Business Continuity Server)

Workstations

Advanced Elements

CCTV and Digital Video Systems

How Digital Video Differs From Analog

Wireless Digital Video

4

Satellite

Wireless Architectures

Video Analytics

Lenses and Lighting

Security Communications

Analog Versus Digital

Command/Control and Communication Consoles

Workstation and Console Specifics

Guard Console Functions

Communication Systems

Summary

Questions and Answers

Chapter 7. Use of Locks in Physical Crime Prevention

Lock Terminology and Components

Key-Operated Mechanisms

Combination Locks

Lock Bodies

Door Lock Types

Strikes

Attacks and Countermeasures

Locks and the Systems Approach to Security

Appendix 7A: Key Control

New Standard Set for Exit Devices, Locks, and Alarms

Electrified Panic Hardware

Appendix 7B: Key Control and Lock Security Checklist

Chapter 8. Internal Threats and Countermeasures

Introduction

Internal Theft

Management Countermeasures

Physical Security Countermeasures

Security Officers

Chapter 9. External Threats and Countermeasures
Introduction

Methods of Unauthorized Entry

Countermeasures

Chapter 10. Biometrics in the Criminal Justice System and Society Today
Introduction

History of Biometrics and Fingerprinting in the United States

5

Biometrics Usage Today

The Federal Bureau of Investigation’s Biometric Center of Excellence

Biometric Modalities and Technology

International Biometrics: India’s Private Usage of Biometrics on Society

Future Advancements of Biometrics

Chapter 11. Access Control Systems and Identification Badges

Access Control Systems and Protocols

Identification Badging System

Chapter 12. Chain-Link Fence Standards

Recommendations

Security Planning

Material Specifications

Design Features and Considerations

Typical Design Example

Chapter 13. Doors, Door Frames, and Signage

Introduction

Residential Buildings

Exterior Number Sizing

The Function of a Door

Terminology

Standards for Doors

Chapter 14. Glass and Windows

Introduction

Types of Glass

Glass and Security

Window Film

Chapter 15. The Legalization of Marijuana and the Security Industry

Marijuana—the Pros and Cons

Should Marijuana be Legal for Medicinal and/or Recreational Purposes?

The Short-Term Effects of Marijuana

The Long-Term Effects of Marijuana

Is Marijuana Addictive?

Security for Marijuana Farms and Dispensaries

Chapter 16. Designing Security and Working With Architects
Leadership in Energy and Environmental Design

Crime Prevention Through Environmental Design Planning and Design Review

6

Physical Security Systems

Chapter 17. Standards, Regulations, and Guidelines Compliance and Your Security Program,
Including Global Resources

Introduction

Standards

Regulations

Guidelines

Managing Compliance

Resources

Chapter 18. Information Technology Systems Infrastructure

Introduction

Basics of Transport Control Protocol/Internet Protocol and Signal Communications

Transport Control Protocol/User Datagram Protocol/Real-Time Protocol

User Datagram Protocol

Networking Devices

Network Infrastructure Devices

Servers

Network Architecture

Network Configurations

Creating Network Efficiencies

Digital Video

Digital Resolution

Frame Rates

Display Issues

Managing Data Systems Throughput

System Architecture

Interfacing to Other Enterprise Information Technology Systems

Summary

Chapter 19. Security Officers and Equipment Monitoring
Introduction

Command Center

Best Locations for Closed-Caption Television

Introduction to Access Control and Biometrics

Designated Restricted Areas

Summary

Chapter 20. Video Technology Overview

Overview

Video System

7

Camera Function

Scene Illumination

Scene Characteristics

Lenses

Cameras

Transmission

Switchers

Quads and Multiplexers

Monitors

Recorders

Hard-Copy Video Printers

Ancillary Equipment

Summary

Glossary for CCTV

Chapter 21. Understanding Layers of Protection Analysis
Introduction

Conclusion

Chapter 22. Fire Development and Behavior

Introduction

Stages of Fire

How Fire Spreads

Four Ways to Put Out a Fire

Classifying Fire

UL Standard 217, 268 and NFPA 72

Water Supply for Sprinklers and Tanks

Appendix: A Fire Safety Inspection

Administrative and Planning Phase

General Physical Inspection Phase

Extinguisher Inspection Phase

Stand Pipe, Fire Hose, and Control Valve Inspection Phase

Sprinkler System Inspection Phase

Hazardous Materials Inspection Phase

Alarm System Inspection Phase

Chapter 23. Alarms Intrusion Detection Systems

Introduction

False Alarms

Components of Alarm Systems

Application

Alarm Equipment Overhaul

8

Additional Resources

Conclusion

Appendix 23A: Smoke Detectors

Appendix 23B: Alarm Certificate Services Glossary of Terms Certificate Types

Standards

Appendix 23C: Fire Classifications

Use of Fire Extinguishers

Appendix 1. Glossary of Terms

Index

9

Copyright

Butterworth-Heinemann is an imprint of Elsevier
The Boulevard, Langford Lane, Kidlington, Oxford OX5 1GB, United Kingdom
50 Hampshire Street, 5th Floor, Cambridge, MA 02139, United States

Copyright © 2017 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording, or any information storage and
retrieval system, without permission in writing from the publisher. Details on how to seek
permission, further information about the Publisher’s permissions policies and our arrangements
with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency,
can be found at our website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the
Publisher (other than as may be noted herein).

Notices
Knowledge and best practice in this field are constantly changing. As new research and
experience broaden our understanding, changes in research methods, professional practices, or
medical treatment may become necessary.

Practitioners and researchers must always rely on their own experience and knowledge in
evaluating and using any information, methods, compounds, or experiments described herein. In
using such information or methods they should be mindful of their own safety and the safety of
others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors,
assume any liability for any injury and/or damage to persons or property as a matter of products
liability, negligence or otherwise, or from any use or operation of any methods, products,
instructions, or ideas contained in the material herein.

Library of Congress Cataloging-in-Publication Data
A catalog record for this book is available from the Library of Congress

British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library

ISBN: 978-0-12-804462-9

For information on all Butterworth-Heinemann publications visit our website at
https://www.elsevier.com/

10

Publisher: Todd Green
Acquisition Editor: Steve Merken
Editorial Project Manager: Nate McFadden
Production Project Manager: Stalin Viswanathan
Designer: Matthew Limbert

Typeset by TNQ Books and Journals

11

Dedication

It is with great happiness that we dedicate this book to our two very special daughters-
in-law, Annmarie Carr Fennelly and Janet Mansfield Fennelly. Both of these strong
women are working mothers, have three beautiful children each, and are wonderful

Mothers, Wives, and our Daughters.

Larry and Annmarie Fennelly

12

Foreword

A manager designs and develops security, physical security, safety and investigative programs.

Louis A. Tyska, CPP

This book is your road map to decoding and developing an effective security strategy beginning
with the design build phase and addressing everything in between including life safety issues.
Larry Fennelly and Marianna Perry have the knowledge and experience to see these complicated
and ever-changing security challenges from a unique and multifaceted viewpoint. They both share
their insight with the reader and that is why every security practitioner needs to read this book.
Most security books focus on one topic, i.e., Risk Analysis or Security Surveillance Systems (CCTV)
and access control and biometrics. I love this text because it has so much material in it that we need
to address our everyday problems.

The baby boomers are retiring and the millennium generation is taking over. The face of security
is also changing. Research is being done to advance the security profession to provide the highest
level of protection while at the same time, increasing the bottom-line profitability of the
organization. College courses are changing. Going forward, the combination of business as a major
field of study and security or information technology as a minor is becoming the new norm. This
change is being implemented to prepare security professionals to properly protect corporate assets.

The new “buzz words” from 2015 to 2020 will be the following:

1. What kind of “skill set” does the candidate/officer have?
2. What “certifications and specializations” does the candidate/officer have?
3. Both “physical security and informational security” will be merging with the move toward
certifications.
4. “Career pathways” will be used by way of “internships.”
5. Your “certifications” will be the bar for testing qualifications.
6. Education for a career in security is being “redesigned.” Are you ready?
7. The holistic approach is preferred over independent components or “silos” as a logical approach
to security systems.

8. 5.0 Megapixel cameras on phones and monitors with full (or true) HDTV—1080 are standard.
Do not be left behind! Plan for the future now!
The top crime threat problems according to recent reports are (1) cyber/communications security,

(2) workplace violence, (3) business continuity, (4) insider threat, and (5) property crime.

We mention this because if you are going to be addressing crime problems you first need to know
what they are. To make recommendations and solve problems, you first have to make sure that you
have correctly identified the issue. If a security assessment is not completed to determine the root
causes of a security issue or vulnerability, the security practitioner may simply keep putting policies
or procedures in place that address the symptoms and countermeasures of a problem and not the
actual problem itself. This will be a frustrating (and sometimes costly) situation that can be avoided
if, before any action is taken, an assessment is completed by a knowledgeable security professional
to accurately identify security vulnerabilities. This will ensure that the true issues and concerns are
being addressed, not just the symptoms.

The most demanding problem for managers and supervisors within a protection department is
the physical security devices under his/her control. The supervisor’s role should be to assist in
enabling the manager to provide a level of support within the organization. Supervisors must take
responsibility for corporate regulations, moral and ethical tone as well as providing the required
level of security and customer service required.

13

Managers work with budgets and other resources (equipment, uniforms, technology, software,
etc.) to ensure that the protective mission is achieved. Managers oversee processes (procedures) that
accomplish organizational goals and objectives. Staff functions without a supervisory span of
control over line employees may be performed by managers. Training, technical support, auditing,
etc., are staff functions. A manager coordinates activities rather than supervises them. Turnover and
job rotation can create overall improvement and a challenge. Staying current on industry trends and
events by reviewing news sources, trade publications, and webinars and sources such as ASIS
International and others.

Active shooter/active assailant’s incidents, stabbings, and random unthinkable acts of violence
are happening in our workplaces and on our televisions everyday. We cannot escape these mindless
crimes and thefts that impact every segment of the security management operation. “Security
Matters” now more than ever! Trying to decide which security concepts are right for your
organization is a daunting full-time task. However, I suggest that you start off with a professional
security assessment, so you can identify your security needs.

This book is your road map to decoding and developing an effective security strategy beginning
with the design build phase and addressing everything in between including life safety issues. The
authors have the knowledge and experience to see these complicated and ever-changing security
challenges from a unique and multifaceted viewpoint. They both share their insight with the reader
and that is why every security practitioner needs to read this book. Most security books focus on
one topic, i.e., Risk Analysis or Security Surveillance Systems (CCTV) and access control. I love this
text because it has so much material in it that we need to address our everyday problems.

Today’s security books are more and more complicated and technical. We, as practitioners must
stay ahead of the curve, to keep up. Books like this, and those of Thomas Norman, CPP, David
Paterson, CPP, Sandi Davis (Women in Security), James F. Broder, CPP, Michael Fagel PhD, and Dr
Jennifer Hestermann are security professionals and future educators along with Larry Fennelly and
Marianna Perry. Writing a book listing 150 things…etc., is not an easy task. I commend these
authors and those that I mentioned, for their vision and dedication that will keep us ahead of the
curve.

Linda Watson, MA, CPP, CSC, CHS-V, Whirlaway Group LLC

14

Preface

We completed this book in about 6 months. Normally, this undertaking would take 18 months.
We know that it is hard to believe, but it is true. We both know that the faster we could complete
this book, get it published and into the hands of those who are responsible for those practitioners in
security, then possibly the information will get out there and be of further help to our profession.
This is basically a very hard book to finish. The first 35 are easy the next 35 are ok, then it gets
harder and harder. We went through two drafts and then after having a strong handle on it, we
keep adding and adding to the various pieces. A perfect example is the section on body cameras, I
saw a report that was negative, then I found another report that was positive, so we add a piece I
felt this was the best part of the book, because it was getting better and better.

Physical security is a big topic, cybercrimes and cyberterrorism, workplace violence, emergency
management, and IT security issues will continue to be the top issues going forward.

Regulations and Compliances and security standards for your corporation will continue to be
developed and aid in the improvement of your security assessment. Follow CPTED principles and
security best practices and master plan development. After you have done so, call your local media
to promote your accomplishments. Let the bad guys know that you take crime prevention and
effective security at your school serious!

Times have changed and you must change as well, I was reading a deposition recently and the

security manager said quote “We have been doing it this way for 30 years.” Of course, you have
that is why a man died and your being sued.

Social media need to monitored and included in your assessment process.

We are concerned because we know that many of you do not have good security and do not have
adequate security in place to protect your assets. We are not advocating that you make your
corporate or place of work a fortress into a cold, uninviting fortress. Instead, we want you to have
not only a safe environment but also has effective security in place to address vulnerabilities and
have continuous assessments to improve the process.

Enterprise risk management (ERM): (1) It looks at a holistic approach to ERM, which breaks
down silos between physical and technological security and provides comprehensives risk
management solutions. Eugene Ferraro recently said, (2) “We owe it not only to this country, but
also to the free world, to think further ahead about future threats and what the solutions look like.
And if we can reach consensus around these solutions, we will be in a better position to build
them.”

We wish to sincerely thank all of our contributors who made this book possible. We truly believe
that compiling the knowledge of many security professionals is a more comprehensive approach to
addressing the issue of physical security. We thank you for your professionalism as well as your
contributions to our profession.

Lawrence J. Fennelly

Marianna A. Perry, CPP
1Enterprise Security Risks and Workplace Competencies, ASIS, University of Phoenix & Apollo
Education Group, 2016.
2Ibid.

15

16

C H A P T E R 1

17

Encompassing Effective CPTED Solutions in
2017 and Beyond

Concepts and Strategies
Lawrence J. Fennelly, CPOI, CSSI, CHS-III, CSSP-1, and Marianna A. Perry, MS, CPP, CSSP-1

18

Abstract
We are delighted to be a part of the series of white papers for School Dangers.Org. It is appropriate to say a few words about
Tim Crowe and Crime Prevention through Environmental Design (CPTED), before you read our paper.
Tim Crowe wrote Crime Prevention Through Environmental Design (1991) based on a security assessment that he conducted for a
school district in Florida. Tim’s book (which was updated and modernized by Lawrence Fennelly in 2013) was and is still
considered a primary resource for crime prevention practitioners in the security industry to help them better understand the
relationship between design and human behavior. CPTED is a proactive approach to manipulate the physical environment
and bring about the desired behavior of reduced criminal activity as well as reduced fear of crime. Tim Crowe and Larry
Fennelly lectured for Rick Draper in Australia on the concepts of CPTED.

Keywords
CPTED color; Design; Design concept; Deterrences; Environment; Fear of crime; Hot spots; Landscape security; LED;
Maintenance; Measuring and evaluation; Methods; Police procedures; Programs Tim Crowe; QR code; Rick Draper; Strategies;
Target hardening; Three-D concept

Deterrence’s, CPTED Design, Policies and Procedures, Training Programs and Security Awareness
Programs.

Thomas L Norman, CPP, PSP, CSC 2016.

19

Introduction
We are delighted to be a part of the series of white papers for School Dangers.Org. It is appropriate
to say a few words about Tim Crowe and Crime Prevention through Environmental Design
(CPTED), before you read our paper.

Tim Crowe wrote Crime Prevention Through Environmental Design (1991) based on a security
assessment that he conducted for a school district in Florida. Tim’s book (which was updated and
modernized by Lawrence Fennelly in 2013) was and is still considered a primary resource for crime
prevention practitioners in the security industry to help them better understand the relationship
between design and human behavior. CPTED is a proactive approach to manipulate the physical
environment and bring about the desired behavior of reduced criminal activity as well as reduced
fear of crime. Tim Crowe and Larry Fennelly lectured for Rick Draper in Australia on the concepts
of CPTED.

Tim Crowe’s comprehensive set of guidelines were developed with one goal in mind—to reduce
opportunities for crime in the built environment. His work is the “gold standard” for security
practitioners and others who implement CPTED concepts as a crime prevention tool. Crowe’s work
is frequently used as a training tool for law enforcement, town planners, and architects. These
guidelines have been used in hundreds of training sessions and cited in numerous publications.

Tim Crowe was a professor at the National Crime Prevention Institute (NCPI) at the University of
Louisville in Louisville, Kentucky. Marianna Perry is the former Director of NCPI and together both
she and Tim have presented training sessions on CPTED.

We included this information because we want you to understand the origination of Tim Crowe’s
work on CPTED.

20

Environment
The conceptual thrust of a CPTED program is that the physical environment can be manipulated to
produce behavioral effects that will reduce the incidence and fear of crime, thereby improving the
quality of life. These behavioral effects can be accomplished by reducing the propensity of the
physical environment to support criminal behavior. Environmental design, as used in a CPTED
program, is rooted in the design of the human–environment relationship. It embodies several
concepts. The term environment includes the people and their physical and social surroundings.
However, as a matter of practical necessity, the environment defined for demonstration purposes is
that which has recognizable territorial and system limits.

The term design includes physical, social, management, and law enforcement directives that seek
to affect positively human behavior as people interact with their environment.

Thus, the CPTED program seeks to prevent certain specified crimes (and the fear attendant on
them) within a specifically defined environment by manipulating variables that are closely related
to the environment itself.

The program does not purport to develop crime prevention solutions in a broad universe of
human behavior but rather solutions limited to variables that can be manipulated and evaluated in
the specified human/environment relationship. CPTED involves design of physical space in the
context of the needs of legitimate users of the space (physical, social, and psychological needs), the
normal and expected (or intended) use of the space (the activity or absence of activity planned for
the space), and the predictable behavior of both legitimate users and offenders. Therefore, in the
CPTED approach, a design is proper if it recognizes the designated use of the space, defines the
crime problem incidental to and the solution compatible with the designated use, and incorporates
the crime prevention strategies that enhance (or at least do not impair) the effective use of the space.
CPTED draws not only on physical and urban design but also on contemporary thinking in
behavioral and social science, law enforcement, and community organization.

21

Space
The continuum of space within a residential complex (that is, a property consisting of one or more
buildings containing dwelling units and associated grounds or, more broadly, a neighborhood
consisting primarily of residential uses) may be divided into four categories:
• Public. Space that, whatever its legal status, is perceived by all members of a residential area or

neighborhood as belonging to the public as a whole, which a stranger has as much perceived
right to use as a resident.

• Semipublic. Space accessible to all members of the public without passing through a locked or
guarded barrier. There is thought to be an implied license for use by the public, and strangers will
rarely be challenged. This is generally associated with multifamily housing.

• Semiprivate. Space restricted for use by residents, guests, and service people on legitimate
assignments. In multifamily housing, this is usually secured by protection officers (or doormen),
locks, or other forms of physical barriers. Strangers can be expected to be challenged as potential
trespassers.

• Private. Space restricted for use by residents of a single dwelling unit, their invited guests, and
service people, with access generally controlled by locks and other physical barriers.
Unauthorized use is always challenged when the opportunity for challenge presents itself.

22

Target Hardening
The emphasis on design and use deviates from the traditional target-hardening approach to crime
prevention. Traditional target hardening focuses predominantly on denying access to a crime target
through physical or artificial barrier techniques (such as locks, alarms, fences, and gates). Target
hardening often leads to constraints on use, access, and enjoyment of the hardened environment.
Moreover, the traditional approach tends to overlook opportunities for natural access control and
surveillance. The term natural refers to deriving access control and surveillance results as a by-
product of the normal and routine use of the environment. It is possible to adapt normal and
natural uses of the environment to accomplish the effects of artificial or mechanical hardening and
surveillance. Nevertheless, CPTED employs pure target-hardening strategies either to test their
effectiveness as compared with natural strategies or when they appear to be justified as not unduly
impairing the effective use of the environment.

As an example, a design strategy of improved street lighting must be planned, efficient, and
evaluated in terms of the behavior it promotes or deters and the use impact of the lighted (and
related) areas in terms of all users of the area (offenders, victims, other permanent, or casual users).
Any strategies related to the lighting strategy (e.g., block-watch or neighborhood watch, 911
emergency service, police patrol) must be evaluated in the same regard. This reflects the
comprehensiveness of the CPTED design approach in focusing on both the proper design and
effective use of the physical environment. Additionally, the concept of proper design and effective
use emphasizes the designed relationship among strategies to ensure that the desired results are
achieved. It has been observed that improved street lighting alone (a design strategy) is ineffective
against crime without the conscious and active support of citizens (in reporting what they see) and
of police (in responding and conducting surveillance). CPTED involves the effort to integrate
design, citizen and community action, and law enforcement strategies to accomplish surveillance
consistent with the design and use of the environment.

CPTED Strategies
There are three overlapping strategies in CPTED (as shown in Fig. 1.1):
1. Natural access control
2. Natural surveillance
3. Territorial reinforcement

Access control and surveillance have been the primary design concepts of physical design
programs. At the outset of the CPTED program, access control and surveillance systems—
preexisting as conspicuous concepts in the field of CPTED—received major attention. Access
control and surveillance are not mutually exclusive classifications since certain strategies achieve
both, and strategies in one classification typically are mutually supportive of the other. However,
the operational thrust of each is distinctly different, and the differences must be recognized in
performing analysis, research, design, implementation, and evaluation.

23

FIGURE 1.1 Overlapping strategies in CPTED.

Access control is a design concept directed primarily at decreasing crime opportunity. Access
control strategies are typically classified as organized (e.g., security officers), mechanical (e.g., locks,
lighting, and alarms), and natural (e.g., spatial definition). The primary thrust of an access control
strategy is to deny access to a crime target and to create a perception of risk in offenders.
Surveillance is a design concept directed primarily at keeping intruders under observation.
Therefore, the …