Threat Analysis Group, LLC

Between July 2006 and November 2006 the City of Philadelphia installed 18 CCTV cameras at various locations in the city. Two types of cameras were installed. Phases I and II saw the installation of 10 police monitored cameras at four locations. These cameras are monitored by Philadelphia Police Department (PPD) officers, and have the capacity to pan, tilt and zoom (PTZ). Phase III took place during November 2006 and saw the installation of a total of 8 PODSS cameras at 8 locations in the city. These cameras are not monitored at police headquarters, but officers can monitor video feeds wirelessly from within patrol cars in the vicinity of a camera. Furthermore the PODSS cameras record the street scene continuously on a digital hard drive. If a crime is known or suspected to have been committed within the view of a camera, police officers retrieve the hard drive manually from the camera and review the recording.

The evaluation suggests that while there appears to be a general benefit to the cameras, there were as many sites that showed no benefit of camera presence as there were locations with a noticeable impact on crime. Discussions with police commanders and camera operators may explain the disparity between the various sites. An in depth study of the dynamics of individual camera locations and the arrest patterns at these sites may also explain the findings. These conversations and research will inform a greater understanding of the best locations to place cameras, and potentially help the city get a better cost benefit return on the city’s future investment by deploying forthcoming cameras in locations that provide the best potential crime prevention benefit.

Read the Philadelphia CCTV Study

….for 2007.

Preliminary figures indicate that, as a whole, law enforcement agencies throughout the Nation reported a decrease of 1.4 percent in the number of violent crimes brought to their attention in 2007 when compared with figures reported for 2006. The violent crime category includes murder, forcible rape, robbery, and aggravated assault. The number of property crimes in the United States from January to December of 2007 decreased 2.1 percent when compared with data from the same time period in 2006. Property crimes include burglary, larceny-theft, and motor vehicle theft. Arson is also a property crime, but data for arson are not included in property crime totals. Figures for 2007 indicate that arson decreased 7.0 percent in 2007 when compared to 2006 figures.

Read the Preliminary Report

Organizations can obtain a measurable return on investment through cost savings on security personnel deployment, effective implementation of physical security measures, and reduced liability exposure. Using data driven security, an organization can add to the bottom line in three ways:

1. Effective Selection and Deployment of Security Measures - Security measures are costly. Proper data driven security can define the exact nature of the problem at each or the organization’s properties which allows security professionals to select the appropriate security measures (personnel, lighting, alarms, cameras, etc.) to prevent future crimes. Data driven security also defines where the problems exist, inside or outside the facility and when the crimes are occurring. The latter is critical to the effective deployment of security personnel. When threats are high, security personnel may be deployed to deter crimes. Effective selection and deployment of security measures leads to a quantifiable return on investment.

2. Reduced Liability Exposure through Demonstration of Due Diligence - Data driven security helps security professionals demonstrate due diligence, and thus reduce liability exposure in the event of civil litigation for inadequate security. Return on investment can be calculated based on two factors as it relates to liability exposure. The first factor is to reduce the cost of settlements, while the second factor is based on using data driven security to demonstrate a lack of foreseeability and thus persuade the judge to grant a motion for summary judgment. Both factors can be used to obtain a sizeable return on investment.

3. Constant Monitoring of Threat Levels to Ensure Security Program Efficiency - Re-deploying (withdrawing) security resources based on reduced threat levels ensures that the security program is operating in an efficient manner. Data driven security provides the necessary information to constantly monitor threat levels so security spending can be reduced as the threat level drops. Constant threat monitoring can also provide a sizable return on investment.

Read more about Return on Investment

The International Association of Professional Security Consultants now have a blog. Check it out:

IAPSC Blog

Beyond Fear by Bruce Schneier

Unlike most security readings, this book speaks to broader issues of perceived risk vs actual risk and understanding the trade-off’s in various security strategies.  Schneier does a great job of describing how new technologies provide advantages to both defenders and attackers.

I have always been a believer in interviewing people intimate with a facility during a security assessment. People that work at the facility have a better understanding of the security problems than I do when I first walk into a new facility.

Recently, I’ve had some unique opportunities to conduct “fact-finding” missions for a couple of clients. Rather than working from a formal list of questions, the interviews were less structured and more conversational. This has proven to be a valuable method for getting to the facts.

For one of the clients, the goal of the “interviews” was to determine what the real security problems are at their facilities so a security program could be designed. For the other client, the goal was to determine how best to reduce security costs. In both cases, the conversational, unstructured interview elicited significantly more facts that were expected and likely more than would have come to light in a formal interview.

While the facts were more plentiful and the depth of understanding greater using this method, the downside is the time it takes to elicit the information. Each interview can take anywhere from 30 minutes to two hours. In structured interviews of comparable interviewees, it usually takes 25 - 50% of that time. For clients and consultants alike, time is money. Understandably, some clients don’t see the value of this approach as it takes their employees away from work for a longer period of time and ultimately they pay for both the employees time and the consultants time. Worse yet is the consultant who doesn’t dedicate the necessary time to gather the facts.

Having been exposed to the values of this method, I am now a true believer. Here are some basic guidelines for conducting this type of interview:

1. Do NOT prepare questions in advance - if you know what information you need, you’ll get there without a written list of questions

2. Let the discussion evolve rather than forcing it

3. Build rapport early - find something common with the other person before hammering out questions

4. If possible, try not to take notes, type on a laptop, or use tape recorders

5. Validate the interview - once you finish the interview, type the interview notes and send them to the interviewee to verify the facts and make changes as necessary

6. Take your time

Try this method once and let me know how it works out for you.

I find my industry falling behind. Where are all the physical security bloggers? Try running a search for them on Google and not surprisingly you’ll find plenty of information security bloggers and some blogging on convergence, but few focused on physical security. Where are the new Sennewald’s and Dalton’s rattling away on a keyboard every week sharing their knowledge in real-time? Are books and magazines still the way physical security professionals are going to share information? In the time it takes to write, edit, and publish a book, the information within is often dated. I knew this when I wrote my last book, Strategic Security Management so I included a link [www.ssminfo.com] where readers could find updates to the book in real-time. That site has a direct link back to this blog where readers can read my latest ruminations (for what thats worth) and provide their thoughts, feedback, and disagreements.

Is it a fear of real-time writing and self-editing that keeps the physical security bloggers away? I doubt it as most of my peers are not afraid to speak their minds….even those with the constant taste of shoe leather in their mouths. My guess is that they just don’t know how to set up a blog. If thats the reason, I’ll make an offer: Anyone with anything good to say can be an author here or I will show you how to set up your own blog.

I love books, I always will. But the gap between ideas developing in the mind and the publication of a book is far too long. I suspect that my days of book writing are over.

In most cases, there is a fairly obvious answer to this question. Typically, security personnel are deployed in the protection of people and property. In some environments, however, the assets in need of protection are not so obvious. Take a high tech environment, for example, where the assets may be design features of equipment. Or the design characteristics of a car manufacturer’s new models. Are security officers aware that unauthorized people, such as competitors, can learn enough about the equipment or the cars even from seeing them from a distance?

In one of those environments where the assets are less obvious. you might be surprised to hear a security officer’s answer to the question, “what are you protecting?”

Rethinking Corporate Security in the Post 9-11 Era by Dennis Dalton

1. Opportunities play a role in causing all crime

2. Crime opportunities are highly specific

3. Crime opportunities are concentrated in time and space

4. Crime opportunities depend on everyday movements

5. One crime produces opportunities for another

6. Some products offer more tempting crime opportunities

7. Social and technological changes produce new crime opportunities

8. Opportunities for crime can be reduced

9. Reducing opportunities does not usually displace crime

10. Focused opportunity reduction can produce wider declines in crime

Rutger’s School of Criminal Justice professors Marcus Felson and Ronald V. Clarke developed Ten Principles of Opportunity and Crime which describes how opportunities, or vulnerabilities, are the root cause of crime.

The first principle, opportunities play a role in causing all crime, implies that security decision makers can design facilities which either encourage or discourage crime.

Their second principle is crime opportunities are highly specific . The specific nature of each type of crime must be analyzed in order to select proper countermeasures, measures that are custom tailored to the crimes in question. Robberies in a parking lot of a grocery store require different security measures than a robbery of the grocery store’s cash handling office.

Felson and Clarke’s third principle is crime opportunities are concentrated in time and space. This principle emphasizes that dramatic differences in crime levels can be found from one facility to the next even when both are in high crime areas. The reason for this is that crime shifts temporally (time and day) as opportunities change.

The fourth principle is crime opportunities depend on everyday movements of activity. Expanding on principle 3, crime shifts are due to criminals and their victims moving about in time (hour of the day, day of the week) doing their routine activities of work, school, home, and recreation.

Principle 5, one crime produces opportunities for another, is of primary concern to security decision makers. Repeat attacks by the same or different offenders leads to major increases in risk to the facility.

Principle 6 is well known to retailers, some products [targets] offer more tempting crime opportunities. Assets high in value and easily accessible are at higher risk than low value or inaccessible assets. Over the counter drugs, for example, are often targeted by criminals in grocery stores.

Social and technological changes produce new crime opportunities is Principle 7. A timely example of principle 7 is the theft of mp3 players, particularly the Apple iPod.

Principle 8 is the basic premise behind vulnerability assessments, crime can be prevented by reducing opportunities. Reducing opportunities is accomplished by increasing risks to would-be offenders and reducing rewards if the crime is successful.

Principle 9 is reducing opportunities does not usually displace crime. Crime displacement means that by blocking crime at one facility, security measures will force crime to another, less hardened facility. While displacement does occur, it is not absolute.

Finally, principle 10 is focused opportunity reduction can produce wider declines in crime. This is the concept of diffusion of benefits. Diffusion is a process where increased security measures at one location may also benefit neighboring facilities.

For more information, see Chapter 8 of Strategic Security Management