The integration of security systems not only depends on the quality of the equipment, but on a previous study of the company to be insured, its risks and needs and a clear conception by the integrator of these analyses.
By Horacio Cantú
Reduced risks and increased security
Previously, integration moved in two worlds; the world of security and the world of electronics, today we must add a new world, that of telecommunications; where network owners have a decisive role in the selection of equipment and consequently in security solutions.
Let's analyze the environment. Integrators of security solutions see aspects related to technical and electronic elements, such as detection and alarm systems; fire systems; access control systems; CCTV systems; adequate levels of illumination; etc. They also see what is related to the elements of human reaction, such as police, white guards, etc;; as well as its different applications, static, dynamic, etc; and they also carry out an exhaustive review of the structure of the buildings, structuring the security tactics and identifying the restricted areas of those that are not; vital and sensitive areas, perimeter protection, interior protection, quantity, quality and style of visitors and attraction of the place; thus forming a very general analysis of resigo.
Risk study
The most experienced security solution integrators analyze the possibility of success of the offender (PED), the advantages of the offender (VD), and the level of damage (ND).
Within the PED is taken into account on the one hand, the ease and difficulty to detect the objectives, the ease and or the impediment to physically reach them, in addition to the technical elements that are required to achieve the objective, such as the type of armament, the escape vehicles, the number of participants, or the ease or difficulties of escape both inside and outside the property. They also study the different internal physical obstacles to reach the objectives, such as armored doors, or walls; in addition, external communication channels are analyzed.
As I mentioned before, the VDs are also studied, since the criminal chooses the day and time of the attack looking for his convenience on the security implemented in the place; this point is critical since, for example, on a hot day the security guard after eating is physically relaxed and therefore, consequently, security is weakened. Other DV factors are weather, the elements that are required to achieve the goal, and how it will leak; all of the above relates to the level of damage, which are the consequences of the target being affected, damaged, stolen, stolen or removed, etc. The Israelite risk analysis technique knows four basic levels of damage:
1. Vital to the company or activity
2. Of considerable damage
3. Less damage
4. Minimal damage
Let's give an example: for a bank, a vital damage would be that which would be generated in its computer center, managing to paralyze the operation of the bank in its entirety. This damage can be caused by an attacker or by a fortuitous condition, such as a fire, an earthquake etc., so the above serves to conceptually define the risk.
We will define risk as the variation of the possible outcomes that exist in the nature of a situation, specifically the variation of expectations.
Determining the level of damage helps us to effectively allocate resources for security, as a result of this type of analysis security is defined in all areas, both in technology, procedures and infrastructure.
Risk and security analysis
Another level of integration is related to the interconnection of electronic security equipment, these being typically electronic alarm detection systems, closed circuit television systems, access controls, fire systems and some other branches; however, at this point the integrator does not know the degree of security that the equipment must keep in relation to the risk analysis, that is, the integration of security solutions provides the integrator of electronic equipment, the levels with which it would have to integrate as far as the degree of security is concerned, high, medium or low; if the integrator of the equipment does not know this information or has no experience, he will incur, in the selection of equipment by price and will not be able to justify the technical characteristics by not being able to relate them to ND, PED, VD.
One of the reasons why some integrations fail is that they were not designed according to the degree of security they required, generating uncertainty that produces fear or overconfidence if the risks are overestimated. Resources can be allocated incorrectly and can have an effect on real risks, this responsibility falls on the integrator of the equipment, since within the daily safety operation their equipment will be operated, used and challenged, which will obviously expose their work. Many end users base the decision of equipment and integration on the price, running, the vast majority of the time, the risk without evaluating it.
Meeting needs
The responsibility of a team integrator from the knowledge base is to be able to transmit to the end user the interpretation of their risks to technological solutions that are related to the degrees of affectation to which the client is exposed.
Some of you will be thinking that I am talking about equipment as a solution and it is not so, in all cases technology supports security solutions, and it is not really the solution that perishes, but most of the time the end user believes so, transferring all responsibility for safety to the team, which is wrong.
A good team integration is the one that starts from the first level, considering all the safety variables and placing the weight and responsibility of the equipment punctually within the solution.
The world of telecommunications
Convergence with the world of communications opens a larger gap, even on successful integrations (taking as successful solutions to security problems). Among these three worlds, which are not always understood, we find gaps where the winner is the one with the highest organizational weight, this being typically the systems area (with honorable exceptions). The risk that is run, is that in the computer and telecommunications world there is no knowledge of security and management of physical risk, so instead of evaluating the degrees of damage with an overview, we find ourselves evaluating the bandwidths, and it is understandable, since the blood of the company that sustains the core business circulates through the networks.
Then the need arises for the team integrator to acquire deep knowledge of security and deep knowledge of systems and telecommunications, so that once speaking all the languages, he can lead the integration projects from all points of view and justifying all the proposals.
Today, the way in which it is integrated has changed and forces manufacturers, wholesale distributors, integrators of all sizes and security consultants to face new challenges.
The rapid technological change has caused many of the integration products to be unstable, which is why it is necessary for integration channels to carefully select their products based on international quality standards.
