Asset Protection & Security Management Handbook

ASSET PROTECTION AND SECURITY MANAGEMENT HANDBOOK

sustained or increased security, while less frequent contacts and decreas-
ing intensity will allow reduced security. Consideration must be given to
decreasing security in a way that allows the protected personnel to readjust
to a “regular” work environment. Too quick withdrawal of special protec-
tive personnel has caused productivity disruptions that outweighed the
cost of continuing the protection.

And, of course, communication with protected personnel is essential to
facilitate the transition from a climate of special protection to a more nor-
mal level of security.

Selected Bibliography

Combating Workplace Violence: Guidelines for Employers and Law Enforcement; 1997; Interna-
tional Association of Chiefs of Police, Washington, D.C.

Dealing with Workplace Violence: A Guide for Agency Planners;1998; U.S. Office of Personnel
Management, Washington, D.C.

Early Warning, Timely Response — A Guide to Safe Schools; 1998; U.S. Department of Educa-
tion, Washington, D.C., http://www.ed.gov/offices/OSERS/OSEP/earlywrn.html.

Guidelines for Preventing Workplace Violence for Health Care and Social Service Workers; 1996;
Occupational Safety and Health Administration, U.S. Department of Labor, Washington, D.C.,
http://www/osha.gov/oshpubs/.

Preventing Workplace Violence; 1998; American Federation of State, County and Municipal
Employees, Washington, D.C.

Violence and Mental Illness; 1998; American Psychiatric Association, Washington, D.C.,
http://www.psych.org/.

Violence in the Workplace: Risk Factors and Prevention Strategies; 1996; National Institute for
Occupational Safety and Health, Washington, D.C., http://www.cdc.gov/niosh/homocide.html.

Workplace Violence, 1992–96; 1998; Bureau of Statistics, U.S. Department of Justice, Washing-
ton, D.C.

Periodicals

Security Management; American Society for Industrial Security; Alexandria, VA.
— Albrecht, Steven; The Public Challenge of Private Problems; May 1996.
— Arnheim, Louise A.; Mastering Security Amid Merger Mania; February 1999.
— Caldwell, George E., CPP; Workplace Crime and Violence Mirrors a Troubled Society;
September 1997.
— Carpenter, John J.; Trial by Fire; May 1998.
— Gargan, Joseph P.; Stop Stalkers before They Strike; February 1994.
— Hermann, Martin B.; When Strikes Turn Violent; March 1995.
— Janes, Timothy T., CPP; Anatomy of a Successful Intervention; April 1996.
— Johnson, Dennis L.; A Team Approach to Threat Assessment; September 1994.
— Johnson, Dennis L., Kiehlbauch, John B., and Kinney, Joseph A.; Break the Cycle of Vio-
lence; February 1994.
— Koch, Noel; Will Workplace Violence Broaden Corporate Liability?; August 1995
— Lindsey, Dennis; Of Sound Mind? Evaluating the Workforce; September 1994.
— Lynch, Michael O.; An Analysis of Incident Response Teams; October 1998.
— Mattman, Jurg W.; What’s Growing in the Corporate Culture?; November 1995.
— Michelman, Bonnie S., CPP, Robb, Nancy P., and Coviello, Leah Marie; A Comprehensive
Approach to Workplace Violence; July 1998.

526

A Plan for Threat Management

— Post, Jerrold M.; More than a Figure of Speech; December 1996.
— School Safety at a Premium; March 1999.
— Sollars, Robert D.; The Taming of the Workplace; March 1996.
— Waxman, Harvey S.; Putting Workplace Violence in Perspective; September 1995.

Security Technology & Design; Locksmith Publishing, Park Ridge, IL
— Hamit, Francis; Cyberstalking: Harassment Goes Online; April 1999.
— Walton, J. Branch; Violence in the Workplace is Not the Exception Anymore; February
1997.

Security Products, Stevens Communications Inc., Dallas, TX.
— McIndoe, John; School Security, Making the Grade; June 1999.

Other Resources

Department of Justice, National Criminal Justice Reference Service
http://www.ncjrs.org

National Institute for Occupational Safety and Health
http://www.cdc.gov/niosh/homepage.html

Occupational Safety and Health Administration
http://www.osha.gov

Partnerships Against Violence
http://www.pavnet.org

U.S. Department of Education
http://www.ed.gov

U.S. Office of Personnel Management
http://www.opm.gov

APPENDIX A
MODEL POLICY FOR WORKPLACE THREATS AND VIOLENCE

Nothing is more important to [ORGANIZATION] than the safety and secu-
rity of its personnel. Violence, threats, harassment, intimidation and other
disruptive behavior against employees, visitors, guests or other individuals
by anyone on [ORGANIZATION] controlled property will not be tolerated.

All reports of incidents of such behavior will be taken seriously and will
be dealt with appropriately. The behavior can include oral or written state-
ments, gestures or expressions that communicate a direct or indirect
threat of physical harm. Individuals who commit such acts may be
removed from [ORGANIZATION] premises and may be required to remain
off-premises pending the completion of an investigation of the incident.
Should an investigation substantiate that violations of this policy have
occurred, [ORGANIZATION] will initiate a decisive and appropriate
response. This response may include, but is not limited to, suspension
and/or termination of any business relationship, reassignment of job
duties, suspension or termination of employment, and/or seeking arrest
and prosecution of the person or persons involved.

527

ASSET PROTECTION AND SECURITY MANAGEMENT HANDBOOK

In carrying out all [ORGANIZATION] policies, it is essential that all per-
sonnel understand that no existing [ORGANIZATION] policy, practice or
procedure should be interpreted to prohibit decisions designed to prevent
a threat from being carried out, a violent act from occurring or a life-threat-
ening situation from developing.

All [ORGANIZATION] personnel are responsible for notifying the manage-
ment representative designated below of any violence, threats, harassment,
intimidation or other disruptive behavior when that behavior is job related
or might be carried out on a company controlled site, or is connected to
company employment. Employees are responsible for making this report
regardless of the nature of the relationship between the individual who ini-
tiated the inappropriate behavior and the person or persons who were the
focus of the behavior.

The [ORGANIZATION] obligation to provide a safe workplace and protect
employees from threats to their safety cannot be effectively accomplished
unless [ORGANIZATION] is informed about individuals who have been
ordered by the courts, or other legally constituted entities, to remain away
from [ORGANIZATION] company locations. All individuals who apply for or
obtain a protective or restraining order which lists company locations as
protected areas, are required to provide to the designated management
representative: (1) a copy of the petition and declarations used to seek the
order, (2) a copy of any temporary protective or restraining order which is
granted, and (3) a copy of any protective or restraining order which is
made permanent. [ORGANIZATION] understands the sensitivity of the
information requested and has developed confidentiality procedures
which recognize the privacy of the reporting employee(s).

The designated management representative is:

Name:

Position:

Telephone:

E-mail:

Office Mail:

APPENDIX B
MINIMUM QUALIFICATIONS FOR OUTSIDE CONSULTING
TEAM MEMBERS

1. Security and Investigations Professional:
a. Appropriately licensed and insured
b. Proven ability to provide in-depth multi-state or multi-jurisdic-
tional background investigations in a 24- to 72-hour turnaround

528

A Plan for Threat Management

c. Past experience in providing threat analysis and assessment in a
workplace-related context

d. Prior experience in providing and supervising armed and appro-
priately trained protective personnel

e. Proven ability to work with multi-disciplinary teams on protection-
related issues

f. Proven ability to interface effectively with law enforcement on
threat and violence-related issues

2. Licensed Psychological or Psychiatric Professional:
a. Appropriately licensed at a Ph.D. or M.D. level, and insured
b. Past experience in providing threat analysis and assessment in a
work-related context
c. Substantial experience in interaction with violent individuals
d. Experience in trauma management
e. Experience in treating workplace-related stress, productivity,
morale and substance abuse issues
f. Proven ability to work with multidisciplinary teams in a work-
related context
g. Experience in the involuntary commitment of individuals who are
assessed to be a danger to themselves and/or others
h. Experience in working with law enforcement

3. Additional Legal Support:
a. Admitted to the state bar and insured
b. Extensive experience in labor law-related issues concerning
employment and employee rights
c. Substantial experience in defending companies in employment-
related cases
d. Substantial experience in seeking and obtaining restraining
and/or protective orders

529

ASSET PROTECTION AND SECURITY MANAGEMENT HANDBOOK
APPENDIX C
NORMAL INCIDENT ASSESSMENT/RESOLUTION PROCESS

530

Index

A vehicle parking garages, 201–203
weapons and contraband screening,
Absenteeism, 507
Academic bodies, UL standards and, 113 205–209
Access control, 187–210 explosives detectors, 209
organizations associated with smart
authorized access control, 190–193
access control sub-system, 191 cards, 210
equipment requirements, 192–193 physical configuration, 206
large systems, 190–191 screening policies and procedures,
operational requirements, 191–192
206–207
basic access control objectives, 187 x-ray inspection, 208–209
coded card technology, 193–198 Acoustic glass break sensors, 122
Acoustic sensors, 121
barium ferrite, 194 Activity log, automatic, 254
biometric technology, 195–196 ADA, see Americans with Disabilities Act
dielectric readers, 196 Administrative expertise, doctrine of, 432
embossing readers, 196 Admission of guilt, 501
hollerith readers, 196 Age Discrimination in Employment Act of
magnetic stripe cards, 193
optical character readers, 196–197 1967, 448
proximity/contact readers, 194–195 Agency, 440
radio frequency readers, 195 Air conditioning breakdown, protection of
resonant circuits, 195
smart card, 197–198 information systems in event of,
watermark magnetics, 193–194 284
Wiegand wire, 194 Air transport industry, screening of baggage
distributed intelligence systems, 198 in, 205
granting/denying entry, 187–190 Alarm(s), 405
exit control, 188–190 emergency, 202
locks, 187–188 local, advantages and disadvantages of,
natural, 357, 384 154
special access features and applications, positive feature to, 154
termination(s)
198–205 central station, 154
anti-passback, 198–199 combination, 158
dressing rooms at performing art fire department, 156
local, 153
centers, 205 methods of, 153
elevator control, 203–204 proprietary, 157, 159
gatehouse, 200–201 transmission, 131
hotels and motels, 205 Alarm sensors, 111–151
janitor’s privileges, 204 categories of sensors, 116–132
mantrap, 199–200 alarm transmission and control
monitoring prisoners, 205 panels, 131
office equipment, 204 audio sensors, 128–129
personal equipment at work, 204 capacitance sensors, 128
personal safety, 205 dual-technology sensors, 123
sally port, 200 electromechanical sensors, 123–126
tools and inventory, 204 glass break sensors, 120–123
two-man rule, 199 microwave sensors, 127–128

531

ASSET PROTECTION AND SECURITY MANAGEMENT HANDBOOK

other sensors, 130–131 identification markings, 147
passive infrared sensors, 116–120 lightning protection, 148
photoelectric sensors, 129 parts and materials, 143
shock and vibration sensors, 128 primary power requirements,
ultrasonic sensors, 126–127
federal specification components for 146–147
spare parts, 148
interior alarm systems, 140–151 technical manuals and operator
sensor applications, 111–116
instructions, 147
ASTM standards, 114–115 workmanship, 147–148
emerging technology, 138 scope and classification, 140–141
fixed-temperature sensors, 135–136 classification, 140–141
other standards and specifications, scope, 140
ALE, see Annualized Loss Expectancy
115–116 All-metal door, 64
rate-of-rise sensors, 136 American Bar Association, 471
sensors for fire detection, 132–139 American National Red Cross, 226, 227
sensor types and selection, 134–135 American Society for Industrial Security
smoke or combustion product
(ASIS), 459, 463, 471
sensors, 136–137 Code of Ethics, 472, 478, 479
stages of fire, 133–134 Rules of Professional Conduct, 473–475,
UL standards, 113–114
water flow indicators, 137–138 476, 483
Alarm systems, federal specification American Society for Testing and Materials

components for interior, (ASTM), 114, 439
140–151 Americans with Disabilities Act (ADA), 98,
applicable documents, 141–142
American Society for Testing and 195, 508, 207, 230, 450
Materials, 142 American Standard for Computer
government publications, 141–142
notes, 150–151 Information Interchange (ASCII),
intended use, 150 248
ordering data, 150–151 Annualized Loss Expectancy (ALE), 275,
qualification, 150 276, 291
preparation for delivery, 149–150 Anti-discrimination, 450
civil agency marking, 150 Anti-passback, 198
preservation, packaging, packing, Antisocial behavior, 4
and marking, 149–150 Antitrust, Federal Sentencing Guidelines for,
quality assurance provisions, 148–149 396
components and material inspection, Apparent authority, 442
148 Application-specific integrated circuit
inspection for acceptance, 148–149 (ASIC), 118
inspection of preparation for Armed attack, 213
delivery, 149 Arrest(s)
inspection responsibility, 148 citizen’s, 411
qualification, 149 definition of, 406
requirements, 142–148 warrant, 407
access control units, 146 warrantless, 407
annunciator units, 144–145 Arson, 213, 373, 403
circuit supervision units, 145–146 Artificial intelligence, 171
detectors, 143–144 ASCII, see American Standard for Computer
electromagnetic radiation Information Interchange
interference, 148 ASIC, see Application-specific integrated
electronic components, 143 circuit
equipment enclosures, 143 ASIS, see American Society for Industrial
general, 142–143 Security
Assault(s), 361, 392, 508
cost of doing business driven up by, 359

532

Index

preventing, 370 B
workplace, 505
Asset(s) Background investigations, 484
corporate, access to vital, 56 Backscatter technology, 208
cost of lost, 31 Backup computers, 218
definition of, 2 BAI, see Behavior Analysis Interview
information, protection of, 375, 376 Balanced pressure sensor, 130
internal sources of information about, Ballasts, 329
Banking, requirement to success of, 195
311 Bank vaults, 222
protection, relationship between Barricade/hostage situation, 213, 214, 220
Barrier(s), see also Structural barriers
criminal law and, 399
recoveries, 46 categories, 56
vulnerability, 192, 288 definition, 55
Assets protection, 1–17 highway median, 76
basic considerations, 4–8 hydraulic impact, 77
light vehicle penetration of, 76
communicating of plan, 8 vehicle, 75, 76
countermeasures planning, 4–5 Barrium ferrite, 194
management support, 5–8 Batch processing mainframe systems, 258
statutory and regulatory Battery, 446, 508
Behavioral indications, evaluation of, 492
requirements, 8 Behavior Analysis Interview (BAI), 496, 497
countermeasures, 9–13 Behavior assessments, accuracy of, 491
Behavior-provoking questions, 497
hardware, 10–11 Biased switches, 125
people, 9–10 Biometric devices, 195
software, 11–13 Biometric readers, 190
definition of, 2–4 Biometric systems, 167
department, database fields, 25 Black-and-white cameras, 337
management function, 1–2 Blast
practice, violation of, 13 damage, 73, 74
procedures, 9 relative resistance to, 74
professionals, 391 wave, phases of, 73
self-inspection and protection of assets, Block Watches, 343
Bomb
15–17 incident, 213, 214, 230
systems approach, 8–9 kinds of damage produced by, 73
system test, 13–14 protection, 70
ASTM, see American Society for Testing and squad, 219
threat, 4, 456
Materials Breaking strike, 103
ATM, see Automatic teller machine Break-ins, 361
Attack(s) Bribery, 21, 396
Brightness, 328
detection of systematic, 281 Brisant explosives, 74
hacker, 300 Broken window theory, 344
Morris worm, 300 BRPs, see Business resumption plans
Audio sensors, 128 Building(s)
Audit(s) codes, local, 70
compliance, 298 construction process, 360
trail(s), 297 high-rise, vulnerability of roof in, 61
openings, 62
circumventing of, 282 weakest links of, 364
integrity, 298
operational use of, 298
Authentication server, 273
Automatic dialers, 157
Automatic teller machine (ATM), 257, 337
Awareness presentations, 12
Awning windows, 65

533

ASSET PROTECTION AND SECURITY MANAGEMENT HANDBOOK

Building surfaces, 57–60 service, radio transmissions to, 155
ceilings, 60 Certified Protection Professional (CPP)
concrete structures, 58
design criteria for, 70 program, 459
evaluation of, 60 CERTs, see Computer Emergency Response
exterior walls, 57
floors, 58 Teams
interior walls, 58–60 CFT, see Corrected Color Temperature
roofs, 57 Change key, operation of, 87
Check kiting, 419
Burden of proof, 303 Chemical sensors, 131
Burglary Child care centers, 216
Chip
cost of doing business driven up by, 359
discovered, 440 fabrication plant, 251
Buried detector, 130 number of transistors on, 251
Burn victims, 227 Circuit systems, 173
Business(es) Citizen’s arrest, 411
enterprise, hazards faced by, 2 Citizen’s rights, old Prussian idea of, 455
law, 431 Civil actions, 5, 311
most common assets to, 374 Civil code, 429
resumption plans (BRPs), 282 Civil damage action, financial loss in, 410
risk, 20 Civil disorders, 213
Civil disturbance, 20, 21
C Civil law, 429–450
civil common law, 433–445
California penal code, 426
Camera(s) agency, 440–445
major areas of civil common law,
black-and-white, 337
CCTV, amount of light needed by, 326 434–440
color, 336 civil rights, 447–450
tagging of, 204
Candor, definition of, 477 civil rights at common law, 447–448
Canine, detection reliability of, 209 civil rights under statute, 448–449
Capable guardian, concept of, 349 discrimination based on disability,
Capacitance sensors, 128
Capital costs, 47 450
Card trend in civil rights, 450
access, recorded information on, 198 definition, 429
reader systems, 190, 191–192 major branches, 429
Cardiopulmonary resuscitation (CPR), 227 statutory law, 430–433
Casement windows, 65 federal statutory law, 430
Cash state statutory law, 430–433
register shortages, 419 torts, 445–447
reserves, 31 negligence, 474
Catastrophic problems, 3, 4 willful torts, 445–447
CCTV, see Closed-circuit television Civil rights
CDR disks, 298 law, 431
CD-ROM, 252 trend in, 450
Cellular telephone, 131, 222 Civil Rights Act of 1964, 448
Central processing unit (CPU), 248 Civil statute law, 433
instruction set, 250 Clones, 257
memory size, 251 Closed-circuit television (CCTV), 10, 130,
Central station
alarm termination, 154 296, 342, 371
methods of receiving signals, 155 access control installation, 162
assessment, 382
camera(s)

activation of when PIR is triggered,
118

amount of light needed by, 326

534

Index

control methods, 161 Emergency Response Teams (CERTs),
installation, 190 300
placement of, 200, 203
use of to identify perpetrator, 106 hardware
use of to monitor movement, 109 fragility of, 270
function, placement of trees and, 367 multiprocessing, 253
monitoring, 382
personnel reductions and, 161 installation, fire detection subsystem in,
recorder, 163 41
surveillance, 44, 385
switcher, 171 Internet-compatible, 265
tape recordings, 191 laptop, 258
use of as deterrent to improper activity, mainframe, 255
operators, programmers, sharing of
511
CMT, see Crisis management team passwords by, 282
Coded card technology, 193–198 peripherals, 255
personal, 256
dielectric readers, 196 room, control of physical access to, 270
embossing readers, 196 system
hollerith readers, 196
optical character readers, 196–197 designers, optimism of, 254
smart card, 197–198 failure, 213
Code of Ethics, ASIS, 472, 478, 479 Computing, stored program, 249
Color Rendition Index (CRI), 328, 336 Concerted efforts, 478
Columbine shooting incident, 224 Concierge
Combination lock(s) stations, 343
dial-type, 86 surveillance by, 351
electronic dial-type, 89 Concrete
number of tumblers in, 88 block(s)
theoretical maximum number of barriers, 67
shapes and sizes of, 71
combinations, 88 wall, 58, 73
Combustion product sensors, 136 highway median barrier, 76
Commercial espionage, 373 structures, vulnerability of, 58
Communication(s) Confession
oral, 501
chain, structured supervisory, 461 written, 502
effective, 304 Confidential communication, 485
gap, 458 Conflicts of interest, 4, 20, 21
interception of, 414 Consequent cost, 31
legally privileged, 485 Construction fraud, 304
links, interruption of, 211 Consulting opinion rule, 480
Company, see also Organization Consumer
assets, protection of, 380 organizations, UL standards and, 113
newsletter, 12 reporting agency (CRA), 320, 321, 322
Compartmentation, 56 Contact microphones, 415
Compensation, unjust, 480 Contingency plans, types of, 214
Competitive intelligence, 20 Continuity of operations plan (COOP), 214,
Compliance
audits, 298 222
program, requirements, 7 Continuous power, 173, 175, 176
standards, 8 Contraband screening, 205
Computer(s) Contract(s)
abuse, 4
backup, 218 custodial staff, turnover in, 26
desktop, 268 express, 435
digital, characteristics of, 248 guard, 442
implied, 435
investigations

advantages of, 308

535

ASSET PROTECTION AND SECURITY MANAGEMENT HANDBOOK

disadvantages of, 308 CPTED, see Crime Prevention Through
investigators, 309 Environmental Design
law, 434
organized labor, 303 CPU, see Central processing unit
security service personnel, 10 CRA, see Consumer reporting agency
subject matter of, 437 Crash bar, 106
warranty, 438 Credit bureaus, 320
Contractors, access to information by, 1 CRI, see Color Rendition Index
Contribution, doctrine of, 444 Crime(s), 20, 21, 391
Controlled Substances Act, 420
Controlled zones, 365 classification of, 390
Controlling persons, criminal penalties for, 6 codes, 389
Conventional risk, 20 controlling facilitators of, 351
Conversion, 446 decision to commit, 348
COOP, see Continuity of operations plan -environment theory, 341
Corporate assets, access to vital, 56 federal, definition of, 391
Corporate security staff, return on incentive for, 351
obligation to report, 392
expenditures of, 47 organized, 23
Corrected Color Temperature (CCT), 327 patterns, neighborhood, 363
Corruption, prevention of, 481 prevention
Cost(s)
education, 347
abatement, 32 knowledge, 347
avoidance, 42, 43 theory, 348
capital, 47 tool, 345
consequent, 31 situational, 347, 350
-effective, definition of, 279 state, definition of, 391
insurance, 43 true nature of, 341
justification, 30 white-collar, 350
-of-loss formula, 32 Crime Prevention Through Environmental
lost income, 31
security, quantified, 47 Design (CPTED), 341–387
of security program (CSP), 47 basic crime prevention assumptions,
temporary substitute, components of, 31
types of, 30 346–347
Counterintelligence, covert penetration of a concepts of risk management, 357–359
considerations regarding U.S. federal
target in, 55
Countermeasures, 9–13 buildings, 381–384
application of GSA security
criteria
approximate cost, 39 standards to all building types,
degree of reliability, 39 383–384
delay, 39 General Services Administration
validity, 39 security standards, 381–383
contemporary thinking on crime and
hardware, 10–11 criminals, 347–357
people, 9–10 concept of capable guardian, 349
planning, 4 CPTED survey, 355–357
software, 11–13 criminal choice, 349–350
Court decisions, laws evolving with, 416 defensible space, 353–354
Courts-martial, use of polygraph evidence potential offenders’ perspective,
352–353
in, 425 situational crime prevention, 350–352
Covert surveillance, 336 target selection, 348–349
C-4 plastic explosive, 209 Tim Crowe and CPTED, 354
CPP program, see Certified Protection design considerations for industrial
buildings, 372–373
Professional program design considerations for office
CPR, see Cardiopulmonary resuscitation buildings, 374–381
protection of information, 376–378

536

Index

protection of people, 374–376 relevance to asset protection, 399–405
protection of property, 378–381 crimes based upon damage or threat
fundamentals, 342–344 of damage to property, 405
graphics and signage for crime crimes based upon force or threats of
force against persons, 402–403
prevention and environmental crimes based upon theft or larceny,
security, 384–386 401–402
reducing crime through physical design, crimes based upon unauthorized
359–363 entry or presence, 400–401
architectural planning process, permissible use of force, 403–405
360–362
effective access control, 362–363 specific criminal statutes of security
planning of building, 359 interest, 412–416
security design criteria for parking
facilities, 367–372 eavesdropping statutes, 413, 414
site development and security zoning, Economic Espionage Act, 412–413
363–367 number of government interceptions,
theory, history and practice, 344–346
Criminal codes, 389 416
Criminal complaint, goal of, 5 state laws, 416
Criminal facilitation, 412 summary of federal law, 414–416
Criminal intent, 392 statutory law, 389–390
Criminal law, United States, 389–427 Criminal negligence, 393, 403
case or decisional law, 398–399 Criminal solicitation, 412
deception detection instruments, Crisis Communications Creed, 225
416–426 Crisis management
admissibility of polygraph results in objectives of, 212
evidence, 424–425 team (CMT), 219, 220
broad interpretations of EPPA, Criticality
417–424 approaches to, 34
federal polygraph legislation, ratings
416–417 fatal, 33
voice stress analyzer, 425–426 moderately serious, 33
definition and classification of crimes, relatively unimportant, 33
390–398 seriousness unknown, 33
arraignment, 394–395 symbols assigned to, 34
confinement, 398 very serious, 33
criminal intent, 392–393 Cryptography
definition of federal crimes, 391 government restrictions on exporting of,
definition of state crimes, 391
essential character of crime, 391–392 299
establishing guilt for crime, 393 military-sensitive, 299
federal criminal law, 390 CSP, see Costs of security program
formal charge, 394 Culpability score, 7, 396
sentence, 395–398 Custodial staff, turnover in contract, 26
trial, 395 Customs violations, 407
federal and state constitutions, 389 Cylinder locks, 90, 98
important procedural considerations,
406–412 D
arrests, 406–409
entrapment, 412 Damage, blast, 73, 74
interviews and interrogations, Damaging statement, 446
409–410 Data
searches and seizures, 410–412
backup, 271, 272
entry clerks, 253, 254
loss, 297
performance penalties related to

encrypting, 294

537

ASSET PROTECTION AND SECURITY MANAGEMENT HANDBOOK

relevant, definition of, 516 Desktop computers, 268
security, 269 Detector(s)
storage hardware, 253, 295
-tampering attack, 270 buried, 130
Database explosives, 209
reporting software, 25 flame, 134
sabotage, 271 foil, 123
Daubert v. Merrell Dow Pharmaceuticals, Inc., loop, 201
metal, 206, 207
424 screen, 125
Deadbolt, 100 smoke, 132
wire, 125
electric, 101, 102 Diagnostic opinion, 417
vulnerability of to attack by force, 92 Dial-type combination locks, 86
Deadlocking latch, vulnerability of to attack Dielectric readers, 196
Digital computers, characteristics, 248
by force, 92 Digital data, encoding of, 247
Deadly weapons, use of, 480 Digital photo badging, 167
Death, wrongful, 395 Digital systems, estimating cost of, 165
Deception in interviews and interrogations, Direct costs, 30
Disaster
detection of, 491–503 control organization, 241, 242, 243
behavior analysis interview, 496–499 recovery, items to consider in planning
nonverbal responses, 494–496
for, 236–237
activities suggesting deception, 495 scene, photographic coverage of for
comparative postures, 495–496
eye contact, 496 insurance purposes, 226
preliminary cautions, 492 Discrimination, 507Discovery proceedings,
Reid nine steps of interrogation, 499–502
converting oral confession, 501–502 311
handling denials, handling details, Discriminator logic, 126
Dishonesty, 3, 481
500
handling suspect’s passive mood, judgment of, 481
losses resulting from, 12
handling suspect’s passive Disk drive files, backups, 255
mood, 500 Distributed intelligence systems, 198
having suspect relate details, 501 Distributed processing systems, 267, 268
keeping suspect’s attention, keeping DMR, see Designated Management
suspect’s attention, 500
overcoming objections, overcoming Representative
objections, 500 DoD, see Department of Defense
presenting alternative question, Dog, detection reliability of, 209
presenting alternative question, Door
500–501
theme development, 499 all-metal, 64
types of responses, 491–492 hinge pin removal, 64
verbal responses, 492–494 industrial pedestrian, penetration times
Deceptograph, 417
Declaration of war, 290 for standard, 63
Decryption, 294 locks, 97
Defamation, 314 openers, activation of when PIR is
Defamatory statements, 441
Defense Investigative Service training triggered, 118
manual, 89 preparation, cylinder and mortise locks
Defensible space, 345, 346, 353, 378
Delayed egress locking system, 106 with typical, 98
Department of Defense (DoD), 115 vault, time lock on, 61
Designated Management Representative Doppler effect, 126
(DMR), 513 Double-door booth control, 168
Double-hung windows, 65
Doubtful law, 399
Dropped-bit errors, 289

538

Index

DSS, see ERDA Division of Safeguards and objectives of emergency planning
Security and crisis management, 212

Dual-technology sensors, 123 planning formats, 214–215
Due process, violation of, 405 planning process, 216
Dumb terminals, 260, 264 special planning needs, 216–217
Duress code, 131 stages of incident, 212
Dynamic risk, definition of, 357 types of contingency plans, 214
Dynamite, 74 types of threats and contingencies,

E 213
after plan is written, 234–237
Earthquake, 4, 212, 213, 290
EAS, see Electronic article surveillance keeping plan up-to-date, 235–236
Eavesdropping, 413 training, drills and exercises, 234–235
Economic Espionage Act, 412 alert and warning system, 230
ECPA, see Electronic Communications company disaster control program

Privacy Act policy, 240–244
EDP, see Electronic data processing general, 240–242
Education law, 431 procedure, 243–244
EEOC, see Equal Employment Opportunity emergency evacuation, 230–231
emergency medical services, 227–228
Commission emergency shutdown and restoration,
Electric deadbolt, 101, 102
Electric latch, 101, 102 231–233
Electric lockset, 104, 105 external liaison and coordination,
Electric strike, 102, 103
Electrified locking mechanisms, types of, 223–225
family/victim support, 226–227
100 first step, 211
Electromagnetic interference (EMI), 131 other considerations, 234
Electromagnetic lock, 106, 108, 109, 189 planning issues and considerations,
Electromechanical sensors, 123
Electronic article surveillance (EAS), 204 217–234
Electronic Communications Privacy Act command/management and control,

(ECPA), 414 219–223
Electronic data processing (EDP), 247 planning assumptions, 218–219
Electronic dial-type combination lock, 89 priorities, 217–218
Electronic message delivery systems, 415 public affairs/media relations, 225–226
Electronic sensors, integration of, 158 resources and logistics equipment and
Electronic surveillance, laws regarding, 413
Electronic touchpads, 187 services, 244–246
Elevator control, use of coded cards for, 203 equipment to consider, 244–245
Embezzlement, 269, 418 services to consider, 245–246
Embossing readers, 196 security and fire protection, 228–229
Emergency transportation, 233–234
Emhart high-security cylinder, 84
alarms, 202 EMI, see Electromagnetic interference
medical services (EMS), 227 Emotional problems, 4
normalcy after, 212 Employee(s)
power, 172 accused, 402
response agencies, 224 arbitrary controls and, 11
situations, potential, 5 arrest and prosecution of, 456
succession provisions, 221 background investigations of, 26
Emergency planning, 211–246 disciplinary action against, 411
advance planning, 211–217 discussion sessions, 232
equipment, tagging of, 204
components of emergency plan, 217 identification cards, 510
development of plan, 215–216 interviews with, 458
joint venture, 1
methods used to inform, 12

539

ASSET PROTECTION AND SECURITY MANAGEMENT HANDBOOK

morale, 29 Evacuation drills, 234
offender contact with other, 524 Evidence
parking lots, 373
polygraph tests given to prospective, admissibility of polygraph results in, 424
point of origin for, 495
420 polygraph, 425
suggestions, 13 preponderance of, 395
surveillance by, 351 Excel, 257
terminated, 297 Exemplary award of damages, 447
theft, 359, 373 Exercise planning issues, 236
union, 220 Exit
Employee Polygraph Protection Act of 1988 control, 188
hardware, 106, 107, 189
(EPPA), 416, 425 Explosion, 12, 74, 213
broad interpretations of, 417 Explosive(s)
disclosure of information, 423 brisant, 74
enforcement, 423 detection, 131, 209
exemptions, 418 intensity of, 74
prohibitions, 417 plastic, 209
qualifications of examiners, 423 Express contract, 435
rights of examinee, 422 Extortion, 403
Employee Retirement Income Security Act Ex-wave CCD, 336
Eye contact, 492, 496
(ERISA), 396
EMS, see Emergency medical services F
Encryption
FAA, see Federal Aviation Administration
smart card, 198 Face scanner, 195
software, 294 Facial expressions, 492
system standards, 287 Facial recognition, 167
Entrapment, 412 Facility vulnerability, 293
Environmental criminology, 347, 386 Factory Mutual (FM) requirements, 157
Environmental violations, 7, 396 Factual objections, 500
EPPA, see Employee Polygraph Protection Fail safe locking mechanism, 101
Fail secure lock, 101
Act of 1988 Fair Credit Reporting Act (FCRA), 8,
Equal Employment Opportunity
320–322, 510
Commission (EEOC), 449 Fairness, definition of, 477
Equal Pay Act of 1963, 448 False alarms, 111, 121
ERDA Division of Safeguards and Security False imprisonment, 314, 445, 446
FBI
(DSS), 115
Erie v. Tompkins, 433 headquarters, windows at, 66
ERISA, see Employee Retirement Income Uniform Crime Report, 347
FCC, see Federal Communications
Security Act
Espionage Commission
FCPA, see Foreign Corrupt Practices Act
commercial, 373 FCRA, see Fair Credit Reporting Act
industrial, 20, 359 Federal Aviation Administration (FAA), 206
Ethics in security profession, 469–489 Federal Communications Commission
code of ethics of American Society for
(FCC), 415
Industrial Security, 472 Federal crimes, definition of, 391
definition of professional ethics, 469–470 Federal Emergency Management Agency

need for professional ethics, 469–470 (FEMA), 226
professional responsibility matches Federal Organizational Sentencing

professional recognition, 470 Guidelines, 7
practical application of professional

ethics, 472–488
professional society, 470–472
security profession, 470
European civil law, 429

540

Index

Federal Rules of Evidence 702, 424 Fuel leak, 213
Federal Sentencing Guidelines, 396, 398 Future behavior, best predictor of, 509
Federal Trade Commission, 320 Fuzzy logic, 171
Feedback, methods of obtaining, 458
Felony, 391, 408 G
FEMA, see Federal Emergency Management
Gambling, 4
Agency GANs, see Global area networks
File server Garages, CCTV cameras placed in, 203
Gatehouse, construction of, 200
data, access to, 262 Gate post design, 72
messages broadcast on, 264 General Services Administration (GSA), 115,
Final report, 315
Fingerprints, 167, 190, 195 149, 381, 382, 383
Finished goods inventory, theft from, 37 Glare, 328
Fire(s), 213 Glass break
code issues, 170
department alarm termination, 156 sensors, 120, 121
detection, 41, 132 technology, devices combining PIR with,
exits, 379
flame stage, 134 123
heat stage, 134 Global area networks (GANs), 163
incipient stage, 134 Government
loss, 438
occurrence, probability of, 27 agencies, interagency support
protection of information systems in agreements of, 225

event of, 284 UL standards and, 113
safety applications, vapor detection for, Graffiti, 370
Grand jury, indictment returned by, 394
138 Graphic image, encoding of, 248
sensors, factors to consider when Graphic user interfaces (GUIs), 257
Gregory v. Litton, 449
selecting, 135 Griggs v. Duke Power Company, 449
smoldering stage, 134 Ground rules, examples of, 385
stages of, 133, 134 GSA, see General Services Administration
terms, glossary of, 182–185 Guard(s), 190
Firewall, typical, 300
Fitness for duty report, 519 average cost of one, 160
Fixed-temperature sensors, 135 company, 10
Flame detectors, 134 contract, 442
Flaming, 301 Guilt, admission of, 501
Flood, 213 GUIs, see Graphic user interfaces
major, 212
protection of information systems in H

event of, 284 Hacker attacks, 300
Floors, 57, 58 Hand geometry, 167, 190
Floppy diskettes, 257 Harassing phone calls, 508
FM requirements, see Factory Mutual Harassment, workplace, 505
Hard drives, 260
requirements Hardware
Foil detector, 123
Foreign Corrupt Practices Act (FCPA), 6, 397 data storage, 295
FPCA, see Foreign Corrupt Practices Act failure rates, 289
Fraud, 4, 249, 285, 446 removal of computing, 283
theft of, 270
construction, 304 Hazard material (HAZMAT), 230
Federal Sentencing Guidelines for, 396 incident, 213
targets for, 269 plan, 231
French civil code, 429 response plan, 214
Fresnel lens, 117

541

ASSET PROTECTION AND SECURITY MANAGEMENT HANDBOOK

HAZMAT, see Hazard material Management Team (IMT), 506, 512
Health law, 431 monitoring, 523
Heating and ventilation controls, activation stages of, 212
tracking, multi-jurisdiction, 514
of when PIR is triggered, 118 Indictment, 394
Help desk Indirect costs, 30
Industrial buildings, design considerations
functions, 282, 283
logging of activity by, 283 for, 373
HID, see High-intensity discharge Industrial disaster, 20, 21
High-frequency/low-impact (H/L) threat, Industrial enterprise, hazards faced by, 2
Industrial espionage, 20, 359, 418
290, 291 Industrial pedestrian door, penetration
High-intensity discharge (HID), 329, 332
High–low threats, 292 times for standard, 63
High-rise buildings Industrial revolution, 2
Information
master systems, 97
vulnerability of roof in, 61 gathering, 462
High-security cylinder proprietary, 420
Emhart, 84 public sources of, 312
Medeco, 84 sources, 517–518
Highway median barrier, concrete, 76
Hijacked truck, 46 co-worker interview, 518
H/L threat, see High-frequency/low-impact disciplinary actions, 517
employment application, 517
threat employment evaluations, 517
Hollerith readers, 196 medical information, 517–518
Homicide, 505, 507, 508 systems (IS), 247
Horizontal sliding windows, 65 early, 259
Hostage contingency plan, 520 hardware for, 260
Human problems, 3 multi-tier, scalability, 267
Human relations techniques, 457 obsolete, 295
Human resources operations, 252
parts of, 252
database, 164 systems security program (ISSP), 279
manager, 284 management, aspects of, 280
Human threats, 213 statements, kinds of, 286
Hurricane, 212, 213, 384 Technology (IT), 247
HVAC monitoring, 191 theft of, 269
Hydraulic impact barriers, 77 ways to evaluate, 491
Hyper HAD, 336 Information systems security, 279–302
audit trails and transaction logs,
I
297–297–299
IC, see Integrated circuit audit trail integrity, 298
ICC, see Interstate Commerce Commission operational use of audit trails,
Identification verification, types of, 190
IESNA, see Illuminating Engineers Society of 298–299
classes of computers, 255–258
North America
IFPs, see Intelligent field panels laptop computers, 258
Illuminance, measurement of, 325 mainframe computers, 255–256
Illuminating Engineers Society of North minicomputers, 256
personal computers, 256–258
America (IESNA), 337, 369 definition of information systems
Implied contract, 435
Imprisonment, false, 314 security, 269
IMT, see Incident Management Team encoding digital data, 247–248
Incident evolution of information system risks,

assessment/resolution process, 530 270–273
chronology, 516 batch system risks, 270–271

542

Index

distributed systems, 273 threat occurrence rate estimates,
Internet risks, 272 289–290
local and wide area network risks,
why cost-benefit-based risk
272 management often fails, 291–292
online information systems risks, 271
evolution of information systems, reducing occurrence rate of high single
occurrence losses, 293
258–268
batch processing mainframe roles and responsibilities, 279–285
information systems operational
systems, 258–260 management, 281–283
distributed, three-tier information program management, 280–281
senior management, 280
systems, 267–268 supporting functions, 283–285
Internet, 265–267 users, 285
local area networks, 262–264
online information processing security and planning, 293–295
development and acquisition,
systems, 260–262 294–295
wide area networks, 264–265 disposal, 295
functional definition of information implementation, 295
initiation, 294
systems security, 274–276 operation and maintenance, 295
impact of large-scale integration,
typical central processing unit, 249–251
251–252 typical information system, 252–255
importance of information systems
activity monitoring, 254–255
security, 269–270 application programs, 253
information systems security policies, computer and network hardware, 253
computer system software, 253
procedures and standards, operating procedures, 253–254
285–287 operating staff, 253
documentation and distribution, 287 physical facilities, 253
procedures, 287 user training, 254
standards, 286–287 Infrared (IR)
Internet, 299–301 energy, 116, 118
confidentiality and authentication, light source, 336
299 Initial report, 315
hacker attacks, 300–301 Injury prevention, 218
making wise use of, 301 Input
reliability and response time, devices, examples of, 166
299–300 /output ports, 250
using value-added network, 300 Inspection authorities, UL standards and,
management of information systems
security, 273–274 113
operating and user controls, 295–297 Insurance
personnel reassignment or
termination, 296–297 cost of, 43
staffing, 296 coverage, availability of for losses, 32
processing digital data, 248–249 industry, UL standards and, 113
program management, 287–293 management, 454
how to address low–high risks, 292 transfer of risk by obtaining, 293
reasons for adopting security Insured losses, 24
measure, 292 Integrated circuit (IC), 197
reducing magnitude of high single Integrated systems, 153
occurrence losses, 293 Intel Corporation, 257
risk assessment techniques, 288–289 Intellectual property, 2, 4
spectrum of expected losses, 290 Intelligence, covert penetration of a target
spectrum of risk management
actions, 291 in, 55
Intelligent detection devices, 132

543

ASSET PROTECTION AND SECURITY MANAGEMENT HANDBOOK

Intelligent devices, 133 relevance, 306
Intelligent field panels (IFPs), 163 sources of information, 310–312
Intentional tort of false imprisonment, 445 thoroughness, 306
Interagency Security Committee, 381 timeliness, 307–308
Internal investigative capability summary of rights under Fair Credit

advantages of, 308 Reporting Act, 320–322
disadvantages of, 309 summary of rights as prescribed by
Internet
attractive features of, 299 Federal Trade Commission, 320
investigative resources, 319–320 Investigators
risks, 272
Service Providers (ISPs), 265, 299 contract, 309
local licensing statutes for, 313
investments, 300 proprietary, 309
ISP access to other, 300 Ionization sensor, 138
Interoffice mail, security of, 377 IR, see Infrared
Interrogation, Reid nine steps of, 499 IS, see Information systems
Interstate Commerce Commission (ICC), ISPs, see Internet Service Providers
ISSP, see Information systems security
431, 432
Interview program
Issue-specific policy, 286
company personnel selected for, 521 IT, see Information Technology
participants, training of, 520
site, securing of, 515 J
technique, accuracy of, 496
Intimidation, 403 Jalousie windows, 65
Intruder Jewelry vaults, commercial, 157
detection of, 154 Jingle keys, 94
potential, 55 Joint venture employees, access to
Intrusion
alarms, 44, 168 information by, 1
decoder, 249 Justification, example of, 403
detection systems, 11, 112, 333, 382
Invasion of privacy, 446 K
Inventory
theft, effect of security program on, 44 Keys
variance, 46 jingle, 94
Investigations, general comments, 303–323 try, 94
Internet investigative resources, 319–320
investigative reports, 314–318 Keystroke errors, 289
Keyway, picking of tumblers through, 93
parts of report, 315–318 Kickbacks, 21
report distribution, 318 Kidnapping, 508
types of reports, 314–315 Knowledge
legal guidelines, 312–314
civil and criminal suits and actions, question, 498
worker, 457
313–314
local licensing statutes, 313 L
public- and private-sector
Labor
investigations, 303–304 arbitrators, 425
qualities of effective investigation, disputes, 370

305–312 Lamp
accuracy, 306–307 efficacy, 331
cost elements, 309–310 starting and re-strike times, 332
investigative resources, 308–309 technology, 329
objectivity, 305–305
online investigations, 312 Landscaping
CPTED guidelines for, 368

544

Index

trespassing and, 365 levels, guidelines for minimum, 338
use of to create crime prevention loading docks, 334
parking structures, 333
measures, 366 security perceptions and, 335
LANs, see Local area networks Liquid crystal (LCD), 133
Laptop computers, 258 Loading docks, lighting of, 334
Larceny, 400, 401 Local alarm(s)
Large Scale Integration (LSI), 251 advantages and disadvantages of, 154
Latch, electric, 101, 102 termination, 153
Latchbolt, 100 Local area networks (LANs), 133, 163, 262
Law(s) file server, installation of, 264
linking of low-traffic, 264
business, 431 risks associated with, 272
civil rights, 431 security weakness, 263
civil statute, 433 workstations, user programs on, 263
contract, 434 Local building codes, 70
doubtful, 399 Lock(s), 405
education, 431 classes of, 79
enforcement combination

liaison, 518 dial-type, 86
protection organization headed by electronic dial-type, 89
number of tumblers in, 88
individual from, 459 theoretical maximum number of
requirement to success of, 195
federal criminal, 390 combinations, 88
health, 431 cylinder, 90, 98
loopholes in, 413 door, 97
personal property, 431 electromagnetic, 106, 108, 109 189
state, 416 fail secure, 101
Law Enforcement Assistance high-security, 382
lever, 81, 90
Administration (LEAA), 345 mechanical, 79
LCD, see Liquid crystal
LEAA, see Law Enforcement Assistance fail safe, 100
rearrangement of, 94
Administration mortise, 98, 99
LEDs, see Light-emitting diodes pin tumbler, 81, 83
Legally privileged communications, 485 cylinder, 85
Lever enhancing security in, 84
innovations in security, 94
lock, 81, 90 master keying, 90
tumblers, 82 with multiple tumbler axes, 86
Leverage, principle of, 38 push-button, 187, 205
L/H threat, see Low-frequency/high-impact rotation of existing, 95
Schlage mortise, 98
threat shear, 108, 109
Liability stairtower, 103, 104
wafer
limitations of, 439 master keying, 90
vicarious, 443 tumbler, 84
Liars, sophisticated, 493 warded, 80
Libel, 313 Locking concepts, 79–110
Lie detector, 417, 420 basic lock grouping, 79–89
Life-cycle costing, 371 dial-type combination locks, 86–89
Life safety code requirements, 379 electronic dial-type combination
Light
-emitting diodes (LEDs), 207, 252 lock, 89
levels, 326
source, infrared, 336 545
Lighting
ground, 333
installations, 330

ASSET PROTECTION AND SECURITY MANAGEMENT HANDBOOK

lever lock, 81 Lotus 1-2-3, 257
pin tumbler lock, 81–84 Low explosives, 74
wafer tumbler lock, 84–86 Low-frequency/high-impact (L/H) threat,
warded lock, 80–81
electrified locking mechanisms, 100–109 290, 291
electric deadbolt, 101 LSI, see Large Scale Integration
electric latch, 101–102 Luminaire, 329
electric lockset, 104–106 Lying, 491
electric strike, 102–103
electromagnetic lock, 106–109 M
exit device, 106
master keying mechanical locks, 89–91 Machine tools, damage to, 232
lever lock, 90 Macroeconomics, 1
pin tumbler lock, 90–91 Magnetic ink character readers (MICR), 196
wafer lock, 90 Magnetic locks, 108
security vulnerabilities of mechanical Magnetic stripe cards, 193
Magnetic switch(es), 124, 190
locks, 92–100
attack by force, 92 options, 124
door locks, 97–100 parts, 125
rearranging mechanical locks, 94–97 Magnetic tapes, storage of data on, 259
surreptitious attack, 93–94 Mail
Lockset interoffice, security of, 377
electric, 104, 105 screening of using x-ray machines, 206
storeroom function, 98 Mainframe computers, 255, 258
Loop detector, 201 Main memory, 249
Loss Management Information Systems (MIS),
avoidance formulas, most valuable
247
application of, 45 Mantrap, 167, 168, 199
control Manufacturing costs, 20
Marijuana, 456
cost avoidance in, 43 Market
optimizing of, 218
impact, measurement of, 29 demand, 20
insured, 24 share, 1
occurrence of on weekends, 61 Mass casualty situation, 228
potentials, inherent, 288 Master key
prediction of, 45 applications, lever tumblers and, 82
prevention, 5, 453 operation of, 87
spectrum of expected, 290 Master keying, 81
total, calculated, 44 defense of, 89
Loss event(s) lever lock,
criticality, 19, 29–34 pin tumbler
concept, 29–30
cost abatement, 32 cylinder, 91
cost-of-loss formula, 32–33 lock, 90
criticality ratings, 33–34 wafer lock,
kinds of costs, 30–32 Master system(s)
rating symbols, 34 high-rise office building, 97
historical information about, 24 taking lock off, 95
occurrence of, 38 Mechanical locks, 79
measurement of, 21probability, 19 rearrangement of, 94
physical environment factors, 23 security vulnerabilities of, 92
political environment factors, 23 Mechanical surveillance tools, 369
social environment factors, 23 Mechanical switches, 124
profile, 19 Medeco high-security cylinder, 84
Memory
CPU, 251

546

Index

failure, deceiver development of, 493 National Labor Relations Board, 425
main, 249 Natural access control, 357, 384
programmable, 197 Natural catastrophes, 3, 20, 21
selective, 493 Natural disasters, 12
Metal detectors Natural guardians, visibility of, 352
pass through rate of, 207 Natural light levels, 326
types of, 206 Natural surveillance, 343, 353, 357
MICR, see Magnetic ink character readers Natural threats, 213
Microphones NBFAA, see National Burglar and Fire Alarm
contact, 415
wireless, 415 Association
Microsoft NT, 262 NCPI, see National Crime Prevention
Microwave sensors, 127
Military law enforcement, protection Institute
Negligence, 445, 447
function equated with, 453 Neighborhood
Military munitions, high-explosive, 74
Military-sensitive cryptography, 299 crime patterns, 363
Minicomputers, 256 Watch, 343
Miranda v. Arizona, 409, 410 Network
MIS, see Management Information Systems abuse, 4
Misdemeanor, 391 Access Points, 267
Misinformation, correction of, 486 hardware, fragility of, 270
Misrepresentation, 446 interface card (NIC), 262
Missiles, wall thickness required to protect operating systems (NOS), 262
reliability, 301
against, 75 value-added, 300
Money laundering, 7, 396, 419 New Jersey Bounce, 76
Moral codes, 469 News Group posting, 301
Moral justifications, 499 NFPA, see National Fire Protection
Morris worm attack, 300
Mortise lock, 98, 99 Association
MS-DOS, 253 NIC, see Network interface card
Muggings, 361 NISPOM, see National Industrial Security
Multiprocessing computer hardware, 253
Multi-tier information systems, scalability, Program Operating Manual
Nitroglycerin, 74
267 Noncompliant behavior, excuses of, 352
Murder NOS, see Network operating systems
Novell NetWare, 262
attempted, 392 NRC, see Nuclear Regulatory Commission
cost of doing business driven up by, 359 Nuclear Regulatory Commission (NRC), 8,
Murrah Federal Office Building, bombing of,
329, 333, 337
381
Mutual aid association, 225 O

N Objections
factual, 500
National Burglar and Fire Alarm Association trait, 500
(NBFAA), 111
Occupant emergency plan (OEP), 214
National Crime Prevention Institute (NCPI), OCR, see Optical character readers
346 OECD, see Organization for Economic

National Crime Victimization Studies, 505 Cooperation and Development
National Fire Protection Association (NFPA), OEP, see Occupant emergency plan
Offenders, emotionally driven, 509
115, 229, 240 Offense, 391
National Industrial Security Program Office buildings, design considerations for,

Operating Manual (NISPOM), 374
240 Off-the-shelf software packages, 171

547

ASSET PROTECTION AND SECURITY MANAGEMENT HANDBOOK

O.J. Simpson, 395 detection patterns, 120
Oklahoma City bombing, 381 devices combining glass break
OMC, see Optical Memory Card
Online information processing systems, 260, technology with, 123
motion detectors, 202
261 quad element pyros, 119
Operating system (OS), 260 sensors, 116
Password(s)
common, 253 encryption, 281
network, 262 failure to disable, 281
Optical character readers (OCR), 196–197 token-based one-time, 299
Optical fiber circuits, 201 Patrol personnel, supervision of, 160
Optical Memory Card (OMC), 197 PCs, see Personal computers
Optical passage, 188 Pedestrian passageway, 188
Oral confession, 501 Penal Law, New York, 391
Organization(s) Penetration
attacks on, 270 probability, determination of
bomb incident plan, 231
countermeasure adopted by, 5 predictable, 192
emergency success lists in, 221 types of, 55
example of poor results from improper, Perimeter intrusion detection systems, 333
Personal computers (PCs), 163, 204, 256
454 business use of, 257
hazards faced by, 3 clones, 257
HAZMAT plan, 231 Personal gain, 482
mission of, 288 Personal grudge, 21
planning, 211 Personal identification number (PIN), 161,
policy of for protection of information
165, 197, 299
systems, 280 Personal property law, 431
priorities, 217 Personal references, 307
protection Personnel

management rules, 464 common sources of internal data about,
staffing of, 458 310, 311
risk managers of for-profit, 284
security breach, 276 control, 165
theory, 461 doorways, 62
welfare, requirement to success of, 195 patrol, 160
Organization for Economic Cooperation and protection, supervision of, 170
reassignment, 296
Development (OECD), 7, 398 reductions, closed-circuit TV and, 161
Organized crime, 23 selection, 296
Organized labor contracts, 303 termination, 296
OS, see Operating system Photoelectric cell, 129
OSHA, 329 Photoelectric devices, extremes of weather
Output devices, examples of, 166
affecting, 129
P Photosensors, 329
Physical barriers, categories, 56
Panic bar, 106 Picture windows, 65
Parking structures Pilferage, 22
PIN, see Personal identification number
cash collection in, 369 Pin tumbler(s)
CCTV cameras placed in, 203
lighting of, 333 cylinder(s)
security design criteria for, 367 force used on, 92
Parole, 398 lock, 85, 96
Passive barriers, 349 master keying of, 91
Passive infrared (PIR)
design, 117 lock(s), 81, 83
enhancing security in, 84

548

Index

master keying, 90 Private security programs, parallel
security, innovations in, 94 development of law
manipulation, techniques for defeating, enforcement and, 2

93 Privileged information, confidentiality of,
operations, modification of 485

conventional, 93 Probability
parts of, 83 data matrix, 54
PIR, see Passive infrared ratings
Planning liaison, 223 highly probable, 27, 29
Plastic explosive, C-4, 209 improbable, 28, 29
Points of Presence (POP), 265–266 moderately probable, 27, 29
Police numerical statements, 34
patrol patterns, 363 probability unknown, 28, 29
relations, 23 virtually certain, 27, 29
Policy
definition of, 285 Probation, 398
documentation of, 287 Problem(s)
issue-specific, 286
program, 286 catastrophic, 3, 4
system-specific, 286 emotional, 4
Polygraph, 417 human, 3
evidence, 425 total, comprehensive solution to, 8
license, 423 Procedures, documentation of, 287
results, 424 Professional censure, 487
simulated use of, 418 Professional code, means for enforcing, 471
technique, accuracy of, 497 Professional conduct, ASIS rules of, 473–475
test, 420, 421 Professional ethics
POP, see Points of Presence aim of, 475
Positive confrontation, 499 definition of, 469
Post-disaster restoration, 241, 244 need for, 469
Post-employment background Professional regulation, obligation of, 470
Program instruction bytes, storage of, 249
investigations, 484 Progress report, 315
Power Projected windows, 65
Proper constituted authority
continuous, 173, 175, 176 police as, 482
emergency, 172 reporting to, 483
outage, 213 Property
standby, 172, 174, 176 crimes against, 21
supplies, monitoring of status of, 176 crimes based upon damage to, 405
transfer devices, 105 greatest destroyer of, 228
Pre-alarms, 132 internal sources of information about,
Pre-employment
background investigations, 484 311
investigations, 13, 307 Proprietary alarm termination, 159
screening, 506, 509 Proprietary information, 2, 420
Prejudice, 482 Proprietary investigators, 309
freedom from, 477 Prosecution, standards for, 303
identification of personal, 305 Protection
Preponderance of evidence, guilt by, 395
Pressure mates, 125 activity, establishment of, 455
Privacy of assets field, required skills sets in, 3
invasion of, 446 executive, reporting level of top, 460
security versus, 366 of life, principles applied, 217–218
Private investigators, licensing of, 431 organization

management rules, 464
staffing of, 458
personnel, supervision of, 170

549

ASSET PROTECTION AND SECURITY MANAGEMENT HANDBOOK

Protective lighting, see Security and special, 315
protective lighting Responses, types of, 491
Restoration procedures, 232
Proximity/contact readers, 194 Restraining order, violation of, 508
Psychological deterrent, 154 Restricted-access software, 90
Psychological evaluation, 521 Restricted zones, 365
Psychological ownership, 343 Retinal patterns, 190, 195
Psychological stress evaluator, 417 Retinal scans, 167
Public emergency services personnel, 524 Return on expenditures (ROE), 46, 47
Public housing, CPTED in, 350 Revenge, acts of, 21
Public key cryptography, 299 RFI, see Radio frequency interference
Punched card readers, 258 Rioting, 4, 21, 359
Punitive award of damages, 447 Risk(s)
Pure risk
acceptance, 358
definition of, 357 alternatives for handling, 358
loss events, 20, 21 assessment techniques, 288
Purpose question, 497 avoidance, 358
Push-button locks, 187, 205 business, 20
conventional, 20
Q disbursement, 293
dynamic, definition of, 357
Qualified privilege, doctrine of, 313 high–low, 292
Quasi-judiciary powers, 432 management
Question
functions of, 42
knowledge, 498 loss prevention and, 32
purpose, 497 steps, 357
suspicion, 498 pure
vouch, 498 definition of, 357
you, 498 events, 20
ranking of, 35
R reduction, 358
segregation of, 28
Radio frequency interference (RFI), 118 spreading, 358
Random access storage devices, 260 threat logic pattern, 36
Rape, 359, 370, 508 transfer, 358
Rate-of-rise sensors, 136 Robbery, 370, 401, 508
Rational choice, 348 ROE, see Return on expenditures
Real-time processing, 271 Roofs, vulnerability of, 57
Real-time systems, exposure of to Rules of Professional Conduct, ASIS,

catastrophic failure, 273 473–475, 476, 483
Reasonable belief, 404, 405
Reasonable cause, 407, 408 S
Reasonable value, 436
Reception desks, overlooked feature of, 380 Sabotage, 4, 21, 507
Reduced instruction set chip, 251 occurrence of, 38
Reflectance, measure of, 326, 327 software, 271
Rehabilitation Act of 1973, 450
Relevant data, definition of, 516 Safe deposit service, 438
Remote surveillance, 296 Salami swindle, 269
Report Sally port, operational requirements for, 200
Sandia Laboratories, 115
distribution, 318 San Francisco earthquake, 4
final, 315 Sargent Maximum Security System, 84
initial, 315 Satellite telephone, 222
parts of, 315 Scatterplot, vulnerability/criticality, 34, 35
progress, 315

550

Index

Schlage mortise lock, 98 internal and external relationships,
School campuses, card functions required 463–464

of, 203 planning, 461–462
SCIF, see Sensitive Compartmented training, 462–463
staffing of protection organization,
Intelligence Facility
Screen detectors, 125 458–461
Search warrant, 407 compensation, 460
Security reporting level, 460–461
Security and protective lighting, 325–340
breaches, investigation of suspected, lighting economics, 329–332
283 lighting and lighting definitions, 325–328
lighting systems, 329
costs, quantified, 47 security lighting applications, 333–335
countermeasure(s) building facade, 333
guard and gate houses, 334
financial consequences, 45 loading docks, 334
planning of, 20 open parking, 334
deliberations involving, 484 parking structures, 333–334
design, challenges of, 363 perimeter fencing, 333
economic justification of, 42 security control and monitoring
exercises, 235
failures, cost impact of, 285 rooms, 334
intercom, 202 site landscape and perimeter
justification, avoidance approach for, 43
loss events, predicting probability of, 22 approaches, 333
management, unprofessional, 274 security lighting and closed-circuit video
manpower, 377
measure, definition of, 287 systems, 336–337
officers standards for security lighting levels,
inspection duties of, 14
uniformed, 13 337–338
perceptions, lighting and, 335 starting and re-strike, 332
privacy versus, 366 Security vulnerability, 19–54
professionals, credibility of, 29 alternative approaches to criticality,
program, objective of, 274
resourcing, optimum, 40 34–36
sensors, categories of, 113 basic matrix, 54
service personnel, contract, 10 basic security survey, 48–53
staff, compensation for, 460
system(s), see also System controls, 53
fire and disaster, 52
considerations geography and climate, 48–49
automated, 163 indemnity, 53
costs, 165 internal activity, 51
levels of reliability in, 41 physical safeguards, 52
terms, glossary of, 177–182 size and configuration, 49–50
window film, 66 social and political environment,
Security as management function, 453–467
communications, 458 50–41
definition of responsibilities, 454–455 defining problem, 19
development of organization, 453–454 economic justification of security, 42–48
program implementation, 455–458
involvement of others, 457 asset recoveries, 46
top management responsibility, cost avoidance in loss control, 43–45
measuring return on expenditures,
455–457
program management, 461–464 46–48
loss event criticality, 29–34
delegation, 463
cost abatement, 32
cost-of-loss formula, 32–33
criticality concept, 29–30
criticality ratings, 33–34

551

ASSET PROTECTION AND SECURITY MANAGEMENT HANDBOOK

kinds of costs to be considered, ultrasonic, 126, 127
30–32 vibration, 128
water flow, 139
rating symbols, 34 Server
loss event probability or frequency, authentication, 273
file
21–28
application of probability factors access to data on, 262
LAN, 264
analyses, 25–26 messages broadcast on, 264
checklists, 26 Severe weather, 213
historical experience, 24–25 Sexual harassment, 4
probability factors, 23 Shear lock, 108, 109
probability ratings, 27–28 Shock sensors, 122
rating symbols, 28 Shoplifters, apprehending alleged, 402
risk matrix, 26–27 Shoplifting
loss event profile, 19–21 cost of doing business driven up by, 359
network design, 38 surveillance, 386
problem solving, 38–41 Shoulder-surfing, 167
countermeasures, 38–40 Sick leave, 507
keeping system current, 41–42 Signaling line circuit (SLC), 133
risk management, 42 Signature analysis, 167
systems evaluation technique, 40–41 Single occurrence loss (SOL), 275, 276, 292,
solution preparation, 36–38
leverage, 37–38 293
threat analysis, 36–37 Situational crime prevention, 347, 350
statement of in monetary terms, 29 Slander, 313, 445
Seismic shock frequencies, 120 SLC, see Signaling line circuit
Selective memory, 493 Slip and fall accident potential, 368
Self-insurance, 24 Small Business Administration, 62
Sensitive Compartmented Intelligence Smart card, 197–198

Facility (SCIF), 61 encryption, 198
Sensor(s) programmable memory, 197
Smart detection devices, 132
acoustic, 121, 122 Smart telephones, 229
application and evaluation of, 112 Smart terminals, 263
audio, 128 Smoke detector, 132
balanced pressure, 130 Software
capacitance, 128 development of custom, 171
categories of, 113, 116 encryption, 294
chemical, 131 houses, 253
combinations of, 131, 132 off-the-shelf, 171
combustion product, 136 restricted-access, 90
dual-technology, 123 sabotage, 271
electromechanical, 123 system, 281
electronic, integration of, 158 SOL, see Single occurrence loss
fire, factors to consider when selecting, Source illumination, wavelength of, 336
Special report, 315
135 Speed bumps, 370
fixed-temperature, 135 Spreadsheet programs, 257
glass break, 120, 121 Stairtower lock, 103, 104
ionization, 138 Stalking, 508
microwave, 127 Standard Accident Insurance Co. v. Roberts,
monitoring of, 170
passive infrared, 116 433
photoelectric, 129 Standards, documentation of, 287
rate-of-rise, 136 Standby power, 172, 174, 176
selection, 134
shock, 122

552

Index

State digital, estimating cost of, 165
crimes, definition of, 391 elements, examples of, 164, 166
law, 389 evaluation technique, 40–41
sovereignty, 430 life cycle, 293
outages, 269
Statute violation, 313 programmers, sharing of passwords by,
Stealth, barrier penetrated by, 55
Stipulation, definition of, 424 282
Stockholder’s suit, 6 software, 281
Stored program computing, 249 -specific policy, 286
Storeroom function lockset, 98 Systems considerations, 153–185
Street crime, 344, 347 alarm termination, 153–158
Strength-of-field readers, 193
Strike, electric, 102, 103 central station termination, 154–156
Structural barriers, 55–77 direct police or fire department

bomb protection, 70–75 termination, 156–157
building openings, 62–70 local alarm termination, 153–154
proprietary termination, 157–158
concrete block barriers, 67–70 termination combinations, 158
doorways, 62–64 automated security system, 163–172
other openings, 66–67 centrally controlled systems,
windows, 65–66
building surfaces, 57–60 163–164
ceilings, 60 control center, 164, 172
concrete structures, 58 costs, 165
exterior walls, 57 other security system tasks, 170–171
floors, 58 personnel control, 165–170
interior walls, 58–60 programming of system, 171
roofs, 57 system expansion and flexibility, 172
categories, 56–57 systems computer applications, 164
evaluation of building surfaces, 60–61 cost reduction and protection
vehicle barriers, 75–77
Subpoena, 311, 434 improvement, 158–162
Substance abuse, 3 closed-circuit TV and personnel
Sun, natural lighting provided by, 325
Surveillance reductions, 161–162
CCTV, 385 patrol reduction, 160–161
concerns about, 525 protection enhancement, 160
covert, 336 emergency power, 172–176
electronic, 413 continuous power, 173–176
natural, 343, 353, 357 standby power, 172–173
remote, 296 glossary of fire terms, 182–185
shoplifting, 386 glossary of security terms, 177–181
strategies, organized, 362 systems design, 158
tools, mechanical, 369
Suspicion question, 498 T
Suspicious events, investigation of, 280
Switch(es) T&A control, see Time and attendance
biased, 125 control
magnetic, 124, 190
options, 124 Tailgating, 168
parts, 125 Tape-recorded statement, 501
mechanical, 124 Tape recorders, voice-activated, 415
System(s), see also Information systems Target
biometric, 167
controllers, 131, 132 availability, perception of, 349
hardening, 342, 351, 362
Telecommunications failure plan, 214, 217
Telephone
cellular, 131, 222
circuits, protection of, 253

553

ASSET PROTECTION AND SECURITY MANAGEMENT HANDBOOK

entry systems, 187, 188 phased withdrawal of protective
satellite, 222 personnel, 525–526
Temporary substitute cost, components of,
plan in event of termination, 521–523
31 plan for situation reassessment, 525
Temporary workers, access to information securing interview site and

by, 1 assessment personnel, 520
Tennessee v. Garner, 404 summary assessment and plan for
Termination notice, 521
Territorial influence, perceived zones of, 353 further action, 520–521
Territorial messages, 370 concept of threat management, 506–507
Terrorism, 21, 290, 344 incident management process, 513–514
Terrorist(s) incident management team and

activity, 213 supporting resources, 512–513
bomb, 70 liability and legal considerations,
Theft
crimes based upon, 400 507–508
finished goods inventory, 37 minimum qualifications for outside
inventory, effect of security program on,
consulting team members,
44 528–529
occurrence of, 38 additional legal support, 529
Thermostat, 135 licensed psychological or psychiatric
Third-party negotiations, 479 professional, 529
Threat(s) security and investigations
accidental, 213 professional, 528–529
assessment, 512, 523 model policy for workplace threats and
bomb, 4, 456 violence, 527–528
earthquake, 290 normal incident assessment/resolution
high-frequency/low-impact, 290 process, 530
high–low, 292 overview, 505–506
human, 213 physical security, 510–511
laws criminalizing, 508 access control, 510
low-frequency/high-impact, 290 closed-circuit television, 511
model, 36, 37, 38 furniture and equipment
natural, 213 configuration, 511
occurrence rate estimates, 289 lighting, 510
types of, 213 policy statement and reporting
verbal, 507 procedure, 511–512
vulnerability of assets to, 288 pre-employment screening, 509–510
workplace, 505 psychological dynamic of workplace
written, 507 violence, 508–509
Threat management, plan for, 505–530 Thunderstorm, 213
assessment phase, 514–526 Time and attendance (T&A) control, 171
Time-delayed egress door, 189
additional interviews, 515–516 TNT, 74
decision to interview offender, Token-based one-time passwords, 299
Tornado, 213
518–519 Tort(s), 405, 429
establishment of continuing definition of, 445
intentional, 445
communications, 524–525 of negligence, 445
extensive background investigation of slander, 445
willful, 445
of offender, 516–518 Total loss, calculated, 44
extended security and incident Total problem, comprehensive solution to, 8
Touch card, 194
monitoring, 523–524 Touchpads, 187
initial information collection by DMR,

514–515

554

Index

Trade associations, 480 Vault(s)
Trade secret, definition of, 413 door, time lock on, 61
Traffic analysis, 168 fire-resistant barriers for, 67
Training exercises, 234, 235
Trait objections, 500 Veazey v. Communications and Cable of
Transaction logs, 297 Chicago, Inc., 417
Trespassing, 365, 508
Try keys, 94 Vehicle
Tumblers, picking of through keyway, 93 barriers, 75, 76
Turnstiles, 169, 188 doorways, 62
Two-man rule, 199 parking garages, 201

U Verbal threat, 507
Very Early Smoke Detection Apparatus
UL, see Underwriters Laboratories
Ultrasonic detector, range of, 126 (VESDA), 138
Ultrasonic sensors, 126, 127 VESDA, see Very Early Smoke Detection
Unauthorized entry, crimes based upon, 400
Undercover investigative reports, 316 Apparatus
Underwriters Laboratories (UL), 113, 157, Vibration sensors, 128
Vicarious liability, 443
189, 439 Victim
Uniform Criminal Extradition Act, 395
Uniformed security officers, 13 apparent, 404
intimidation of, 403
approval, required, 114 Video compression, 162
standards, 114 Video-recorded statement, 501
Uninterruptible power supply (UPS), 173, Video recorders, activation of when PIR is

329 triggered, 118
United States Code (USC), 430 Violence
United States criminal law, see Criminal law,
precursors to, 507
United States workplace, 525
UNIX, 253 Violent offender, plan for removal of, 522
Unjust compensation, 480 Visi-Calc, 257
Unrestricted zones, 365 Visual light levels, 326
UPS, see Uninterruptible power supply Vital records, examples of, 224
U.S. Attorney General, 414 Voiceprints, 167, 195
USC, see United States Code Voice stress analyzer, 417, 425, 426
U.S. Congress, 412 Volcano, 213
U.S. Constitution, 389, 410, 478 Vouch question, 498
U.S. Department of Defense, 197 Vulnerability
User ID, failure to disable, 281 analysis, 9, 289
U.S. Government, restrictions on exporting assessment, 25, 28
eliminating of common, 37
of cryptography, 299 perception of, 348
U.S. law, basic document for, 389 prime, 36
U.S. Postal Service, 405
W
V
Wafer tumbler cylinder, 87
Value-added network, 300 Walk-through drills, 234
Vandalism, 507 Wall(s)

cost of doing business driven up by, 359 design criteria, concrete block, 73
form of, 370 relative time required to penetrate, 59
threat of, 368 types of foundations used in
Vandal-resistant materials, 371
Vapor trace analyzers, 131 construction of, 70
vulnerability of, 57
WAN, see Wide area network
War, 20, 290
Warded lock, 80

555

ASSET PROTECTION AND SECURITY MANAGEMENT HANDBOOK

Warning notices, 405 Workplace
Warrant accidents, 3
assaults, 505
arrest, 407 harassment, 505
search, 407 homicide, 505
Warranties, 437, 438 obligation to provide safe, 528
Warrantless arrests, 407 threats, 505
Water violence, 12, 21, 525
flow indicators, 135, 137 prevention of, 42
outage, 213 program, union endorsement of, 512
Watermark magnetics, 193 psychological dynamic of, 508
Weapons /trauma plan, 214
brandishing dangerous, 508 use of CPTED to address acts of, 344
deadly, 480
screening, 205 Work slowdowns, 507
Weather disaster, 384 Worm attack, Morris, 300
Web surfing, 301 Wrist proximity badges, 205
Weigand cards, 194 Write-once media, 298
Welfare organizations, requirement to Written confession, 502
Written threat, 507
success of, 195 Wrongdoing, evidence of, 393
Westinghouse CPTED model, 346, 354 Wrongful death charge, 395
White-collar crime, 350
Wide area network (WAN), 163, 264, 272 X
Willful torts, 445
Window(s), 253 X-ray machines, 208
screening of baggage by, 205
awning, 65 screening of mail by, 206
casement, 65
classes of, 65 Y
design of, 65
double-hung, 65 You question, 498
glass, ways of installing, 66
horizontal sliding, 65 Z
jalousie, 65
penetration times, comparative, 68–69 Zero tolerance, 511
picture, 65 Zones
projected, 65
Wireless microphones, 415 controlled, 365
Wire strain gauges, 125 design goals, 365
Witnesses, conflicting data reported by, 306 restricted, 365
Workers, motivation of, 457 sensors grouped in, 111\

556