Chapter
1.2. Threats and the Components of Risk
1.2. Threats and the Components of Risk
1.4. Security Risk Trade-Offs
1.4. Security Risk Trade-Offs
1.5. Security Risk in Context
1.5. Security Risk in Context
1.7. Counterterrorism Controls
1.7. Counterterrorism Controls
1.8. Counterterrorism Methods
1.8. Counterterrorism Methods
1.9. Operational Requirements
1.9. Operational Requirements
1.10. Performance Specifications
1.10. Performance Specifications
1.11. Security Risk Assessment Frameworks, Security Standards, and Security Risk Metrics
1.11. Security Risk Assessment Frameworks, Security Standards, and Security Risk Metrics
Chapter 2: Organizing and Assessing Terrorism Risk
Chapter 2: Organizing and Assessing Terrorism Risk
2.1. A Taxonomy of Terrorism Threats
2.1. A Taxonomy of Terrorism Threats
2.2. Counterterrorism Standards and Risk Metrics
2.2. Counterterrorism Standards and Risk Metrics
2.3. The Cost of Risk Mitigation
2.3. The Cost of Risk Mitigation
2.5. Simple Risk Assessments
2.5. Simple Risk Assessments
Chapter 3: Uncertainty and Terrorism
Chapter 3: Uncertainty and Terrorism
3.2. Uncertainty, Entropy, and Randomness
3.2. Uncertainty, Entropy, and Randomness
3.3. The Normal Distribution
3.3. The Normal Distribution
3.4. Uncertainty Applied to Terrorism
3.4. Uncertainty Applied to Terrorism
Chapter 4: Physical Models of Terrorism
Chapter 4: Physical Models of Terrorism
4.2. Point Sources of Radiation
4.2. Point Sources of Radiation
4.3. Exponential Growth and Decay
4.3. Exponential Growth and Decay
4.4. Harmonic Motion and the Single Degree of Freedom Model
4.4. Harmonic Motion and the Single Degree of Freedom Model
Chapter 5: Exploiting Terrorism Uncertainty
Chapter 5: Exploiting Terrorism Uncertainty
5.1. Introduction: Addressing Terrorism Risk Factors
5.1. Introduction: Addressing Terrorism Risk Factors
5.2. Risk Factor-Related Incidents; Indirect Measurements of Security Risk
5.2. Risk Factor-Related Incidents; Indirect Measurements of Security Risk
5.3. The “Probability of Protection” Method
5.3. The “Probability of Protection” Method
5.3.1. The Minimum Number of Required Security Officers
5.3.1. The Minimum Number of Required Security Officers
5.3.2. Explosive Blasts and the Probability of Window Protection
5.3.2. Explosive Blasts and the Probability of Window Protection
5.4. The Probability of Protection Method Summary
5.4. The Probability of Protection Method Summary
5.5. Physical Access Control System Risk Statistics
5.5. Physical Access Control System Risk Statistics
Part 2: Measuring Terrorism Risk
Part 2: Measuring Terrorism Risk
Chapter 6: Conventional Explosive Threats and Risk Mitigation
Chapter 6: Conventional Explosive Threats and Risk Mitigation
6.2. Applying the Single Degree of Freedom Model
6.2. Applying the Single Degree of Freedom Model
6.3. Explosive Overpressure and Impulse Parametric Scaling
6.3. Explosive Overpressure and Impulse Parametric Scaling
6.4. Blast Effects: A Qualitative Description
6.4. Blast Effects: A Qualitative Description
6.5. The Effects of Distance and Payload
6.5. The Effects of Distance and Payload
6.6. Vehicle-Borne Explosives
6.6. Vehicle-Borne Explosives
6.7. Vehicle-Borne Explosive Risk: A Simple Calculation
6.7. Vehicle-Borne Explosive Risk: A Simple Calculation
6.8. Barriers and Bollards
6.8. Barriers and Bollards
6.9. Assessing Bollard Effectiveness
6.9. Assessing Bollard Effectiveness
6.11. Explosive Detection
6.11. Explosive Detection
6.12. X-Ray Inspection Technology
6.12. X-Ray Inspection Technology
6.13. The Dangling Crane: Terror Without Terrorists
6.13. The Dangling Crane: Terror Without Terrorists
Chapter 7: Nontraditional Terrorist Threats and Risk Mitigation
Chapter 7: Nontraditional Terrorist Threats and Risk Mitigation
7.2. Radiological Dispersion Devices (RDDs)
7.2. Radiological Dispersion Devices (RDDs)
7.2.1. The RDD as a Weapon
7.2.1. The RDD as a Weapon
7.2.2. Dentists, Bananas, and the Natural Radiation Background
7.2.2. Dentists, Bananas, and the Natural Radiation Background
7.2.3. Radioisotopes as Weapons
7.2.3. Radioisotopes as Weapons
7.2.4. Radioactive Flux, Absorption, and Shielding
7.2.4. Radioactive Flux, Absorption, and Shielding
7.2.4.1. Radioactive Flux
7.2.4.1. Radioactive Flux
7.2.4.2. Radioactive Absorption
7.2.4.2. Radioactive Absorption
7.2.4.3. Radioactive Absorption in Human Tissue
7.2.4.3. Radioactive Absorption in Human Tissue
7.2.4.4. Radioactive Shielding
7.2.4.4. Radioactive Shielding
7.2.5. Radiation from an Extended Source
7.2.5. Radiation from an Extended Source
7.2.6. Theft of Radiological Material from a Hospital
7.2.6. Theft of Radiological Material from a Hospital
7.3. Biological Threats and Risk
7.3. Biological Threats and Risk
7.3.1. Assessing Biological Risk
7.3.1. Assessing Biological Risk
7.3.2. Aerosolized Biological Agents
7.3.2. Aerosolized Biological Agents
7.3.3. Sheltering-in-Place
7.3.3. Sheltering-in-Place
7.3.4. Particulate Filtering
7.3.4. Particulate Filtering
7.3.5. Ultraviolet Germicidal Irradiation (UVGI)
7.3.5. Ultraviolet Germicidal Irradiation (UVGI)
7.3.6. Combining Particulate Filtering and UVGI
7.3.6. Combining Particulate Filtering and UVGI
7.4. Chemical Threats and Risk
7.4. Chemical Threats and Risk
7.4.1. Chemicals and Chemical Weapons
7.4.1. Chemicals and Chemical Weapons
7.4.2. Sorbent Filters [2]
7.4.2. Sorbent Filters [2]
7.5. Electromagnetic Pulse Threats and Risk
7.5. Electromagnetic Pulse Threats and Risk
7.5.1. Basic Electromagnetic Theory and Attack Vectors
7.5.1. Basic Electromagnetic Theory and Attack Vectors
7.5.2. Unshielded Data Centers
7.5.2. Unshielded Data Centers
7.5.3. Shielded Components in Data Centers
7.5.3. Shielded Components in Data Centers
Chapter 8: Electronic Terrorism Threats, Risk, and Risk Mitigation
Chapter 8: Electronic Terrorism Threats, Risk, and Risk Mitigation
8.1. Introduction to Electronic Security
8.1. Introduction to Electronic Security
8.2. Denial-of-Service (DoS) Attacks and Security Controls
8.2. Denial-of-Service (DoS) Attacks and Security Controls
8.2.1. Abuse of Administrative Commands
8.2.1. Abuse of Administrative Commands
8.2.2. Exploitation of a Software Bug
8.2.2. Exploitation of a Software Bug
8.2.3. Abuse of a Lengthy or Resource-Intensive Process
8.2.3. Abuse of a Lengthy or Resource-Intensive Process
8.2.4. Link Saturation by Overwhelming a Service with Requests
8.2.4. Link Saturation by Overwhelming a Service with Requests
8.2.4.1. Risk Mitigation for Link Saturation
8.2.4.1. Risk Mitigation for Link Saturation
8.2.5. Collateral Effects of a DoS Attack
8.2.5. Collateral Effects of a DoS Attack
8.2.6. DoS Preparedness Checklist
8.2.6. DoS Preparedness Checklist
8.3. Advanced Persistent Threats (APT)/Malware, Client-Side Exploits, and Security Controls
8.3. Advanced Persistent Threats (APT)/Malware, Client-Side Exploits, and Security Controls
8.3.2. Content Monitoring
8.3.2. Content Monitoring
8.3.3. Behavior Monitoring
8.3.3. Behavior Monitoring
8.3.4. Interzone Network Monitoring
8.3.4. Interzone Network Monitoring
8.3.4.1. Monitoring Traffic from an Internal Network to a DMZ
8.3.4.1. Monitoring Traffic from an Internal Network to a DMZ
8.3.4.2. Monitoring Traffic from an Internal Network to the Internet
8.3.4.2. Monitoring Traffic from an Internal Network to the Internet
8.3.4.3. Monitoring Traffic from a DMZ to the Internet
8.3.4.3. Monitoring Traffic from a DMZ to the Internet
8.3.4.4. Monitoring Traffic from the Internet to a DMZ or Internal Network
8.3.4.4. Monitoring Traffic from the Internet to a DMZ or Internal Network
8.3.4.5. Monitoring General Interzone Traffic
8.3.4.5. Monitoring General Interzone Traffic
8.3.5. Enhanced Network Risk Mitigation for APTs
8.3.5. Enhanced Network Risk Mitigation for APTs
8.3.6. Identifying Internal Network Vulnerabilities
8.3.6. Identifying Internal Network Vulnerabilities
8.3.7. Exposing Expired or Faulty Network Identities and Privileges
8.3.7. Exposing Expired or Faulty Network Identities and Privileges
8.3.8. Prevention of Pernicious Lateral Movements and Information Segregation
8.3.8. Prevention of Pernicious Lateral Movements and Information Segregation
8.3.8.1. The Prime Directive: Restrict Lateral Movement
8.3.8.1. The Prime Directive: Restrict Lateral Movement
8.3.8.2. Network Air Gaps
8.3.8.2. Network Air Gaps
8.3.8.2.1. Separate Internal Workstations
8.3.8.2.1. Separate Internal Workstations
8.3.8.2.2. Separate Internal Connections
8.3.8.2.2. Separate Internal Connections
8.3.8.2.3. Internal Virtual Private Network Gateway
8.3.8.2.3. Internal Virtual Private Network Gateway
8.3.8.2.4. Internal Citrix Access Gateway
8.3.8.2.4. Internal Citrix Access Gateway
8.3.8.2.5. Two-Pronged Network
8.3.8.2.5. Two-Pronged Network
8.3.8.4. Variations on a Virtual Air Gap
8.3.8.4. Variations on a Virtual Air Gap
8.3.8.5. Layer 7/Application-Level Security
8.3.8.5. Layer 7/Application-Level Security
8.3.8.6. Avoiding Death by Spearphishing:
8.3.8.6. Avoiding Death by Spearphishing:
8.3.8.6.1. Strict Segregation of Email, Web Access, and Applications
8.3.8.6.1. Strict Segregation of Email, Web Access, and Applications
Chapter 9: The Convergence of Electronic and Physical Security Risk
Chapter 9: The Convergence of Electronic and Physical Security Risk
9.1. Introduction: Cultural and Organizational Drivers of Security
9.1. Introduction: Cultural and Organizational Drivers of Security
9.2. Electronic and Physical Security Vulnerabilities of a Physical Access Control System
9.2. Electronic and Physical Security Vulnerabilities of a Physical Access Control System
9.3. Physical Security of Data Centers
9.3. Physical Security of Data Centers
9.4. An Indicative Data Center Physical Security Standard
9.4. An Indicative Data Center Physical Security Standard
9.4.1. Principal Threats and Threat Attack Vectors
9.4.1. Principal Threats and Threat Attack Vectors
9.4.2. Security Principles
9.4.2. Security Principles
9.4.3. Facility Security Requirements by Area
9.4.3. Facility Security Requirements by Area
9.4.3.1. Perimeter Security Controls
9.4.3.1. Perimeter Security Controls
9.4.3.2. Lobby/Reception Area Security Controls
9.4.3.2. Lobby/Reception Area Security Controls
9.4.3.3. Data Field Security Controls
9.4.3.3. Data Field Security Controls
9.4.3.4. Cage Area Security Controls (Colocation Facilities)
9.4.3.4. Cage Area Security Controls (Colocation Facilities)
9.4.3.5. Loading Bay Security Controls
9.4.3.5. Loading Bay Security Controls
9.4.4. General Security Controls
9.4.4. General Security Controls
9.4.4.1. Background Investigations
9.4.4.1. Background Investigations
9.4.4.2. Security Incident Response
9.4.4.2. Security Incident Response
9.5. Virtualized Environments and the Concentration of Information Security Risk
9.5. Virtualized Environments and the Concentration of Information Security Risk
9.5.1. Introduction to Virtualization and Security Risk
9.5.1. Introduction to Virtualization and Security Risk
9.5.2. Virtualization and Physical Security Risk
9.5.2. Virtualization and Physical Security Risk
9.5.2.1. Compromise of the Virtual Hard Drive
9.5.2.1. Compromise of the Virtual Hard Drive
9.5.2.2. Backup Repositories and Storage Devices
9.5.2.2. Backup Repositories and Storage Devices
9.5.2.3. The Holy Grail: Attacks on the Hypervisor
9.5.2.3. The Holy Grail: Attacks on the Hypervisor
9.5.2.4. Virtual Library Checkout
9.5.2.4. Virtual Library Checkout
9.5.2.5. Migration Attacks
9.5.2.5. Migration Attacks
9.5.3. Some Security Benefits of Virtualization
9.5.3. Some Security Benefits of Virtualization
9.5.4. Virtualization and Denial-of-Service Attacks
9.5.4. Virtualization and Denial-of-Service Attacks
9.5.5. Physical Theft of Virtual Machines
9.5.5. Physical Theft of Virtual Machines
9.5.6. Managing Security Risk in Virtual Environments
9.5.6. Managing Security Risk in Virtual Environments
9.6. The Integration of Physical and Electronic Security within Active Directory [14]
9.6. The Integration of Physical and Electronic Security within Active Directory [14]
9.7. Physical Security Risk and Electronic Vulnerabilities
9.7. Physical Security Risk and Electronic Vulnerabilities
Part 3: Counterterrorism Controls
Part 3: Counterterrorism Controls
Chapter 10: Authentication, Authorization, and Affiliation
Chapter 10: Authentication, Authorization, and Affiliation
10.2. Organizational affiliation
10.2. Organizational affiliation
10.3. Background Investigations
10.3. Background Investigations
10.4. Insider Threats and Risk Mitigation
10.4. Insider Threats and Risk Mitigation
10.5. A mantra for affiliation
10.5. A mantra for affiliation
10.6. Confirming Authorization for Access to Restricted Space
10.6. Confirming Authorization for Access to Restricted Space
10.7. Physical Access Control IDs and Credentials
10.7. Physical Access Control IDs and Credentials
10.8. Contactless Smart Cards and Proximity Cards
10.8. Contactless Smart Cards and Proximity Cards
10.8.1. Contactless Smart Cards
10.8.1. Contactless Smart Cards
10.9. Radiofrequency IDs (RFID)
10.9. Radiofrequency IDs (RFID)
10.10. The Security of Contactless Smart Cards Versus Magnetic Stripe Technologies
10.10. The Security of Contactless Smart Cards Versus Magnetic Stripe Technologies
10.11. Multifactor Authentication of Identity
10.11. Multifactor Authentication of Identity
10.12. Biometric Authentication of Identity
10.12. Biometric Authentication of Identity
10.12.1. Biometric Error Statistics
10.12.1. Biometric Error Statistics
10.12.2. Comparative Biometric Performance
10.12.2. Comparative Biometric Performance
10.12.3. Biometric Deployment Considerations
10.12.3. Biometric Deployment Considerations
Chapter 11: Closed Circuit Television
Chapter 11: Closed Circuit Television
11.2. Analog and IP CCTV Cameras
11.2. Analog and IP CCTV Cameras
11.3. CCTV Cameras and Optics
11.3. CCTV Cameras and Optics
11.5. Focal Length and f-Number
11.5. Focal Length and f-Number
11.6. Angle-of-View and Field-of-View
11.6. Angle-of-View and Field-of-View
11.9. Signal-to-Noise (S/N) Ratio
11.9. Signal-to-Noise (S/N) Ratio
11.10. CCTV Image Creation
11.10. CCTV Image Creation
11.11. CCTV Image Recording
11.11. CCTV Image Recording
11.12. CCTV Signal Bandwidth and Storage Requirements
11.12. CCTV Signal Bandwidth and Storage Requirements
11.13. CCTV Image Resolution
11.13. CCTV Image Resolution
11.14. Resolution Requirements for Submegapixel CCTV Systems
11.14. Resolution Requirements for Submegapixel CCTV Systems
11.15. Resolution Requirements for Megapixel CCTV Systems
11.15. Resolution Requirements for Megapixel CCTV Systems
11.16. CCTV Video Compression
11.16. CCTV Video Compression
11.17. CCTV and Security Systems Integration
11.17. CCTV and Security Systems Integration
11.18.1. Coaxial Cable (Coax)
11.18.1. Coaxial Cable (Coax)
11.18.2. Unshielded Twisted Pair (UTP) Cable
11.18.2. Unshielded Twisted Pair (UTP) Cable
11.18.3. Fiber Optic Cable
11.18.3. Fiber Optic Cable
11.19. CCTV Signal Security
11.19. CCTV Signal Security
11.20. CCTV Operational Summary
11.20. CCTV Operational Summary
11.21. Special CCTV System Requirements
11.21. Special CCTV System Requirements
11.21.1. Wide Area Coverage
11.21.1. Wide Area Coverage
11.21.2. Nighttime Monitoring
11.21.2. Nighttime Monitoring
11.22. CCTV System Performance Specifications
11.22. CCTV System Performance Specifications
11.22.1. Optical Features
11.22.1. Optical Features
11.22.2. CCTV System Architecture e
11.22.2. CCTV System Architecture e
11.22.3. Security Incident Triggering and Interfacing
11.22.3. Security Incident Triggering and Interfacing
11.22.4. CCTV Image Recording
11.22.4. CCTV Image Recording
11.22.5. CCTV System Security, Resilience, and Additional Features
11.22.5. CCTV System Security, Resilience, and Additional Features
11.22.6. CCTV System Security Risk Metrics
11.22.6. CCTV System Security Risk Metrics
Chapter 12: Physical Access Restriction, Incident Detection, and Scenario Monitoring
Chapter 12: Physical Access Restriction, Incident Detection, and Scenario Monitoring
12.2 . Electric Strikes and Magnetic Locks
12.2 . Electric Strikes and Magnetic Locks
12.4 . The Ten Plus One Commandments of Physical Access
12.4 . The Ten Plus One Commandments of Physical Access
12.5 . The Importance of Physical Access Control System Specifications
12.5 . The Importance of Physical Access Control System Specifications
12.6 . Physical Access Control System Architecture and Signaling
12.6 . Physical Access Control System Architecture and Signaling
12.7 . Physical Access Control System Specifications *
12.7 . Physical Access Control System Specifications *
12.7.1 . General Networking and Security Requirements
12.7.1 . General Networking and Security Requirements
12.7.2 . Physical Access Control System Authorization and Authentication Requirements
12.7.2 . Physical Access Control System Authorization and Authentication Requirements
12.7.3 . Physical Access Control System Security Conditions, Locking, and Signaling
12.7.3 . Physical Access Control System Security Conditions, Locking, and Signaling
12.7.4 . Physical Access Control System Information Storage and Transmission
12.7.4 . Physical Access Control System Information Storage and Transmission
12.7.5 . Physical Access Control System Event Logging and Reporting
12.7.5 . Physical Access Control System Event Logging and Reporting
12.7.6 . Physical Access Control System Security and Resilience
12.7.6 . Physical Access Control System Security and Resilience
12.7.7 . Physical Access Control System Security Risk Metrics
12.7.7 . Physical Access Control System Security Risk Metrics
12.8 . Security Incident Monitoring and Detection
12.8 . Security Incident Monitoring and Detection
12.8.1 . Security Sensors
12.8.1 . Security Sensors
12.8.2 . Security Sensor Performance and Statistics
12.8.2 . Security Sensor Performance and Statistics
12.8.3 . Security Sensor Operational Requirements
12.8.3 . Security Sensor Operational Requirements
12.8.4 . Passive Infrared Sensors
12.8.4 . Passive Infrared Sensors
12.8.5 . Ultrasonic Sensors
12.8.5 . Ultrasonic Sensors
Appendix A: Linearity, Nonlinearity, and Parametric Scaling
Appendix A: Linearity, Nonlinearity, and Parametric Scaling
Appendix B: Exponents, Logarithms, and Sensitivity to Change
Appendix B: Exponents, Logarithms, and Sensitivity to Change
Appendix C: The Exponential Functions ex and e−x
Appendix C: The Exponential Functions ex and e−x
Appendix D: The Decibel (dB)
Appendix D: The Decibel (dB)
Appendix E: Parameters for Anti-Explosive and Bullet-Resistant Window Treatments
Appendix E: Parameters for Anti-Explosive and Bullet-Resistant Window Treatments
Typical Design Guidelines for Blasts
Typical Design Guidelines for Blasts
Properties of 3 M Scotchshield™ Ultra Safety and Security Window Films
Properties of 3 M Scotchshield™ Ultra Safety and Security Window Films
Recommendations of the British Security Service (MI5)
Recommendations of the British Security Service (MI5)
Tempered Glass Properties
Tempered Glass Properties
Appendix G: Near Fields from Radiated Radio-Frequency Identification (RFID) Power Data
Appendix G: Near Fields from Radiated Radio-Frequency Identification (RFID) Power Data
Deduction of M from the radiated power
Deduction of M from the radiated power
Magnetic field magnitude in the near field
Magnetic field magnitude in the near field
The Science and Technology of Counterterrorism
:Measuring Physical and Electronic Security Risk
Disclaimer: Any content in publications that violate the sovereignty, the constitution or regulations of the PRC is not accepted or approved by CNPIEC.
