Physical security systems are deployed to prevent or mitigate loss of valuable assets (e.g., property or life).
According to the Department of Homeland Security National Infrastructure Protection Plan of United States, benefit-cost analysis is the hallmark of homeland security decision making.
Cost analysis :
Benefit-cost analysis requires quantification of the risk after and before implementation of a risk reduction strategy. The basic theory of risk evaluation for security systems is still lacking in China. Scientists mainly rely on qualitative assessments of management science to determine the risk of the system . However, if an evaluation system does not have a deep, comprehensive understanding of the security system, risk evaluation based on management science will result in deviations.
Risk evaluation of security systems :
On an international scope, scientists have made some significant progress on the basic theory for risk evaluation of security systems.
In 1970s, the U.S. Department of Energy’s Sandia National Laboratories first introduced the basic concepts of physical security systems. At that time, it proposed the idea that this system can be applied to the field of nuclear facilities protection. Subsequently, the U.S. Department of Energy put forward a model of adversary sequence diagram (ASD). This model can identify deficiencies in physical protection systems by analyzing how hypothetical adversaries might achieve their objectives through various barriers.
The model identified the weakest path in a physical protection system where an opponent has the highest probability of attacking the system. Subsequently, the U.S. Department of Energy put forward a comprehensive path analysis model based on single-path analysis that has a significant limitation in that only one adversary attack path is analyzed.
Weakest paths :
The top ten weakest paths will be found from among hundreds of probable attack paths. In 2007, Garcia gave an integrated approach for designing physical security systems.
The measure of effectiveness employed for a physical protection system is the probability of interruption, which is defined as “the cumulative probability of detection from the start of an adversary path to the point determined by the time available for response”. Hicks et al. presented a cost and performance analysis for physical security systems at the design stage.
Their system-level performance measure is risk, which they define as follows: Risk = P(A) × [1 − P(E)] × C where, P(A) is Probability of Attack, P(E) is Probability of System Effectiveness, = P(I) × P(N), P(I) is Probability of Interruption, P(N) is Probability of Neutralization, C is Consequence.
Their discussion of the cost-performance trade off is limited and heavily weighted toward cost as a driver in the decision. Fischer and Green present a qualitative risk analysis approach to ranking threats using a probability/criticality/vulnerability matrix. Cost effectiveness is discussed as a possible measure of system evaluation.
Oak Ridge National Laboratory :
Oak Ridge National Laboratory established a CSG (Combination Solid Geometry) model, which is a powerful descriptive model facility. This model is based on the use of image processing, distributed computing, geometric aspects of technology, using computer-aided design methods to establish facilities in three-dimensional simulation model. This three-dimensional simulation model is close to the actual installations of the model, calculated by dedicated software; the system can do the most detailed analysis.
Those researches are mainly focused on the risk evaluation of security system by using probability statistics methods and simulation methods. Probabilistic statistics methods experiment with small statistical samples of events to get the probability of attack of a security system and make debatable assumptions about fixed values for detection and delay elements. These methods only describe scenarios of one asset, and don’t extend to collocated assets . In practice, there are many security systems that protect multiple assets, such as museums or schools. Risk assessment for security systems for multiple assets is needed. Simulation experiments are applied to assess the effectiveness of security systems must establish completely different facilities models for different facilities, so the complexity of computation is very large and the development process is extremely complex.
Physical security systems
The historical data on attacks is limited. There are enormous uncertainties in risk evaluation of security systems. The most uncertain is the threat itself . A number of researchers have used bounded intervals, game theory, exogenous dynamics, to characterize uncertainty in terrorism risk analysis. There is some important recent literature considering both adaptive and non-adaptive threats. Despite the fact a contribution on this issue is not within the scope of this article, we take the position that credible expert opinion can compensate for the lack of data to support quantitative risk assessments and only consider non-adaptive threats.
Theory of Shannon :
The primary objective of this article is to reference the Information Theory of Shannon. Like information entropy, we use entropy to measure the effectiveness uncertainty degree of a security system’s protection capability with regard to protection of multiple assets. With a simple illustrative example, we demonstrate the application of security system risk assessment and benefit-cost estimation with different strategies. [ read more … ]
Related Topics :
- Physical security systems | Cost Analysis and Risk evaluation
- Credit card and How to Avoide Identity Theft
- Home security, Hardware and personal security practices
- Cgi Proxy Sites and Stealing personal web identities