Date: July 1st, 2009
Cate: Readings, Security

ASIS releases Facilities Physical Security Measures Guideline

Generally, the ASIS Guidelines and Standards are a good resource for practicing security professionals.  However, I’m not sure of the value of the Facilities Physical Security Measures Guideline as it simply provides an overview of the lines of defense concept (which you can also read about here:  http://www.threatanalysis.com/blog/?p=35) and defines the more common security measures used today.  It seems that this basic information could have been added to the Protection of Assets Manual.

Regardless of where the information rightfully belongs, the Guideline does a good job of identifying the purpose of various security measures, but fails in obvious ways.   For example, the information in the lighting section are sufficient to identify types of lighting and units of measurement, but noticeably absent are suggested illumination requirements for different facilities and areas.  Hmmm, guess we still need the IESNA afterall.

Bottomline, this Guideline may serve end user’s well, but will be of little value to security professionals.

ASIS members can download the guideline here:  www.asisonline.org

Date: June 19th, 2009
Cate: Crime Analysis, Foreseeability, Metrics, Negligent Security, Premises Liability

Web-based Crime Analysis launched

CrimeAnalysis™ is a web-based software application that was developed by Threat Analysis Group, LLC.  The application identifies the threat level at each of sites/facilities using actual crime records from the local law enforcement agencies where the sites/facilities are located. Security metrics generated by CrimeAnalysis™ can help security decision makers benchmark threats, select appropriate countermeasures, and reduce vulnerabilities. CrimeAnalysis™ is used by security professionals in many types of environments including retail stores, hotels, office buildings, banks, schools, restaurants, apartments, hospitals, and many more.

Security Professionals use CrimeAnalysis™ to:
- Identify threats to company assets (people, property, & info)
- Identify site-specific threat patterns and forecast future threats
- Prioritize and rank risks based on threats
- Effectively allocate security resources to protect assets
- Justify security decisions and spending
- Demonstrate due diligence and reduce liability exposure
- Achieve a measurable return on investment

Benefits of CrimeAnalysisTM

Real Crime Data – CrimeAnalysisTM uses actual crime data from law enforcement agencies.  This entails the use Calls for Service and Offense Reports to recreate the FBI’s Uniform Crime Report for each site/facility.

Violent Crime Verification – TAG verifies each violent crime and assault reported at the site/facility to ensure that the crime actually occurred at the site/facility and that the crime was reported accurately.

Site Specific – Crime data is provided for each specific site/facility which allows security professionals to accurately identify real threats at the site/facility.

Published & Peer Reviewed Methodology – The CrimeAnalysisTM methodology was originally published by Butterworth Heinemann in the book, Applied Crime Analysis, and is expanded upon in Strategic Security Management.

Measurable Return on Investment – Companies can obtain a measurable return on investment through cost savings on security personnel deployment, effective implementation of physical security measures, and reduced liability exposure.

Security Standard Compliant – CrimeAnalysisTM complies with security industry standards, specifically:

-ASIS-International’s General Security Risk Assessment Guideline

-NFPA’s Guide for Premises Security

-IESNA’s Guideline for Security Lighting for People, Property, & Public Spaces

-IAPSC’s Forensic Methodology

Free Web Application – CrimeAnalysisTM is accessible at www.crimetag.com.

Security Metrics – CrimeAnalysisTM allows you to identify crime existing and emerging crime trends at each site/facility, effectively allocate security resources based on temporal and spatial details of crime, and accurately compare the risk at each site/facility using crime rates.

Threat Typologies – CrimeAnalysisTM tells you the precise nature of each threat (i.e. shoplifting escalation, car-jacking, purse-snatchings, domestic assaults, etc)

Date: June 1st, 2009
Cate: Security

Two Approaches to Deploying Security Officers

While organizations use security officers (I prefer security officers over guards) for different reasons, there are at least two (and probably more) ways to deploy them efficiently.  In another post, Lines of Defense were discussed.  To summarize that post, security layering is a strategy wherein assets are situated behind multiple layers of security measures (lines of defense), each requiring penetration in sequence to reach the assets.

Thus, the first way to deploy security officers is on a functional basis.  For example, you may have one or two officers at the perimeter entrances (at or near the property line), another patrolling inside the perimeter, and another patrolling sensitive areas.  Sensitive areas are different for each type of property.  In a data center, the server hall is sensitive.  In a hospital, there are many sensitive areas including the EC, blood bank, surgery areas, etc.  On other properties, senstive areas may be vulnerable areas.  For example, in an apartment complex or residential neighborhood, the sensitive areas may be the public amenities such as the pool or clubhouse.  In a hotel, the lobby and perimeter entrances may be the sensitive areas.  You get the point.

Deploying security officers functionally means that you’d have one or more officers specifically assigned to one or more lines of defense.   The number of officers needed should be driven by the results of a comprehensive security risk assessment that identifies the lines of defense and the protection needs for each line.

The second way to deploy security officers is on a threat basis.  Understanding the nature of threats at a particular facility can help assess the need for security officers and if needed, when and where the officers should be posted.  Looking at actual, inherent, and conceptual threats spatially and temporally can be used to deploy security officers efficiently.  A simplistic example may be to look at a 3-year crime history of a property, identify an obvious trend on Thursdays and Fridays between 3pm and 9pm (temporal analysis) and deploy an officer on those days, during those hours.  The crime history may also show that the crimes are primarily occurring in the parking lot (spatial analysis) and thus, the officer would primarily patrol the parking lot.

These two approaches and simple examples illustrate the possibilities of deploying security officers.  For more information, check out Strategic Security Management.

Date: May 13th, 2009
Cate: Crime Analysis, Foreseeability, Metrics, Security

Economy Down, Crime Up

“A survey conducted of Americas largest retailers reports an increase in retail crime associated with the economic downturn, according to new research from the Retail Industry Leaders Association released in early May.”

While this contradicts a prior study by the St. Louis Fed, an economic downturn of this magnitude was not considered in the Fed study.

Read the full story on Security Director News

Access the RILA Study

Related Post

Date: May 4th, 2009
Cate: Hospital Security, Security

IAHSS publishes Security Risk Assessment Guideline

In April 2009, the International Association for Healthcare Security and Safety (IAHSS) published their Security Risk Assessment Guideline.  “Healthcare Facilities (HCF’s) and Healthcare Organizations (HCO’s) are responsible for providing a safe and therapeutic environment while respecting the rights and privacy of those entrusted to their care.  These guidelines are intended to assist healthcare administrators in fulfilling their obligation to provide a safe, secure and welcoming environment; while carrying out the mission of their healthcare organization.”

Click here to download the IAHSS Security Risk Assessment Guideline

Date: April 6th, 2009
Cate: Metrics, Security

Measuring the maturity of your security program

Benchmarking a security program against peers and other industries is fairly common nowadays. While some of these efforts yield useful data that can be used for improvement, another approach is to benchmark against a Maturity Model. ISACA, an information security association, developed an IT governance framework that can be adapted to measure the maturity of a physical and operational security program. This framework, called COBIT, defines the maturity levels:

0. Non-existent When
There is no awareness of the need to protect the facilities or the investment in computing resources. Environmental factors, including fire protection, dust, power, and excessive heat and humidity, are neither monitored nor controlled.

1. Initial / Ad Hoc When
The organization has recognized a business requirement to provide a suitable physical environment that protects the resources and personnel against man-made and natural hazards. The management of facilities and equipment is dependent upon the skills and abilities of key individuals. Personnel can move within the facilities without restriction. Management does not monitor the facility environmental controls or the movement of personnel.

2. Repeatable But Intuitive When
Environmental controls are implemented and monitored by the operations personnel. Physical security is an informal process, driven by a small group of employees possessing a high level of concern about securing the physical facilities. The facilities maintenance procedures are not well documented and rely upon good practices of a few individuals. The physical security goals are not based on any formal standards, and management does not ensure that security objectives are achieved.

3. Defined Process When
The need to maintain a controlled computing environment is understood and accepted within the organization. The environmental controls, preventive maintenance and physical security are budget items approved and tracked by management. Access restrictions are applied with only approved personnel allowed access to the computing facilities. Visitors are logged and escorted depending on the individual. The physical facilities are low profile and not readily identifiable. Civil authorities monitor compliance with health and safety regulations. The risks are insured with minimal effort to optimize the insurance costs.

4. Managed and Measurable When
The need to maintain a controlled computing environment is fully understood, as evident in the organizational structure and budget allocations. Environmental and physical security requirements are documented and access is strictly controlled and monitored. Responsibility and ownership have been established and communicated. The facilities staff has been fully trained in emergency situations, as well as in health and safety practices. Standardized control mechanisms are in place for restricting access to facilities and addressing environmental and safety factors. Management monitors the effectiveness of controls and the compliance with established standards. Management has established Key Performance Indicators (KPI) and Key Goal Indicators (KGI) for measuring management of the computing environment. The recoverability of computing resources is incorporated into an organizational risk management process. The integrated information is used to optimize insurance coverage and related costs.

5. Optimized When
There is an agreed long-term plan for the facilities required to support the organization’s computing environment. Standards are defined for all facilities, covering site selection, construction, guarding, personnel safety, mechanical and electrical systems, protection against environmental factors (e.g., fire, lighting, flooding). All facilities are inventoried and classified according to the organization’s ongoing risk management process. Access is strictly controlled on a job-need basis and monitored continuously, and all visitors are escorted at all times. The environment is monitored and controlled through specialized equipment and equipment rooms have become ‘unmanned’. KPIs and KGIs are consistently measured. Preventive maintenance programs enforce a strict adherence to schedules, and regular tests are applied to sensitive equipment. The facilities strategy and standards are aligned with IT services availability targets and integrated with business continuity planning and crisis management. Management reviews and optimizes the facilities using KPIs and KGIs on a continual basis, capitalizing on opportunities to improve the business contribution.

In some ways, the maturity model is analogous to Maslow’s Hierarchy of Needs wherein the security program provides only the most basic level of protection at one end of the spectrum (Maturity Level 0 / Basic Needs) and a measurable and optimized level at the other end (Maturity Level 5 / Self Actualized). How mature is your security program?

To learn more, please contact us

To download the COBIT framework, visit the ISACA website

Date: April 2nd, 2009
Cate: Readings, Residential Security, Security

DOJ releases “Improving Street Lighting to Reduce Crime in Residential Areas”

This guide reviews the use of street lighting to help reduce crime in residential areas, discusses the factors to examine when considering upgrading or improving street lighting, and recommends steps to take when implementing a street lighting improvement plan. It explains why improved street lighting can help reduce fear of crime, summarizes the literature on the effectiveness of better lighting, and suggests measures that can be used to assess the effectiveness of lighting solutions that have been implemented.

Read the Department of Justice Report

Date: April 1st, 2009
Cate: Hospital Security, Security

Physical and electronic security systems for Hospitals

You’re a very busy hospital security manager. At 2 pm on one of your normal busy days, you receive a call from a man saying he represents a security consulting firm. He explains that one of the company’s specialties is technical expertise in electronic security design. He asks if you have any upcoming projects or concerns and if you would like to meet with a company representative. Why should you not just politely say no and end the call? What could this firm do for you that you cannot do yourself? After all, you understand how to perform a risk assessment, have your hard earned certifications, and no one is more familiar with the electronic security needs of your facility than you are. While this may be true, the use of a security design consultant can be an extremely valuable tool to help you do your job.

While security management consultants deal with the full risk assessment and the entire security program, security design consultants deal with a specific and specialized piece of the assessment and security program, electronic security. Therefore, while the advantages to using a security management consultant are more ‘big picture’, such as budget verification or independent review, the advantages of using a security design consultant are more specific, dealing with issues like access, visual verification, detection, deterrence, and response. That is not to say that security design consultants do not deal with the total electronic security picture or how that fits into the overall security program. In fact, that is exactly what they do. In general, the services of a security design consultant fit into three categories: assessment, design and project management.

Assessment

Assessment services are the services most commonly attempted by the security manager or security department. It is thought, correctly so, that you have the most knowledge about the overall security needs of the facility. However, having that knowledge does not necessarily mean you know what electronic security devices are required to deal with those security needs, where they should be placed to be most effective, how much they will cost, or how they should be integrated with all of the other facets of your security program. Let’s say you have a visitor control issue that you have identified because of certain incidents or just by your observations of your facility. It is necessary to develop a needs assessment report outlining the type of electronic security devices that can help remedy the situation, where they should be located, how much they will cost and how will they be integrated with the rest of your security program such as guard force and existing monitoring capabilities. What do you do?

Unfortunately, what is done a lot of the time is some devices are identified to be placed in locations to deal with the perceived issue at that time. Many times these devices are merely extensions or additions to existing access control or CCTV systems which were not designed at the time to deal with your specific issue. It is easier and more cost effective to add to existing systems in the hope of resolving the problem rather than starting from scratch with a new approach. You may solicit the help of your existing installation firm or even call in a new one to help you place new devices and add them to your existing system. They may even suggest different ideas than you had to deal with your specific issue. The problem is they are in the business of selling you equipment, not coming up with the best solution for your problem. That is not to say they are acting unethically, just that their reason for being there is different than your objective.

Let’s say you make the correct decision and decide to evaluate the problem from scratch and figure out the exact needs of the facility, do you or members of your department have the specific expertise to make those decisions? Do you have a good understanding of all the functions and capabilities available in today’s electronic security systems? Can you evaluate every reasonable option available to determine the best fit for your needs? Do you know how much these systems cost? If any of your answers to these questions is no, what do you do? You have the option of doing the best you can which may or may not be good enough, or finding a professional who can assist you in making the correct decisions when it comes to your electronic security needs.

A security design consultant has the expertise in evaluating the security needs of your facility and determines the best electronic security options to meet those needs. Additionally, the consultant has an understanding of how those options will integrate with all the other elements of your security program. The consultant can determine optimal device placement, deal with regulatory and code issues with the devices (especially with access control systems) and prioritize the importance of system functions and capabilities to make sure the ultimate equipment chosen matches the security needs. Finally, the consultant can provide realistic cost estimates so budgets can be set and no surprises come up during system procurement. All of these evaluations and recommendations from a needs assessment report that can be used to support your claim that a security need exists and should be addressed, ultimately helping you do your job even better.

System Design

Now that you know what types of electronic security devices should go where and what their functions and capabilities should be, the necessary system needs to be designed. Let’s say you have a complete and correct electronic security needs assessment showing all the correct device types, locations and functions. Do you have the expertise to know which products in the marketplace are the best fit for your needs? Do you know the correct things to look for in a product to determine if it fits your need? Do you know what things to avoid? Do you know how competitive the bidding would be based on those product choices? Probably not. This is no slight on you, the industry is just so complicated and fast changing that it would be impossible for you to keep up on all those issues and still do your job. What do you do as the security manager handling this project?

Unfortunately, a lot of the times you call a large installation firm (if they werem’t already called in the assessment phase) that also advertise themselves as ‘security consultants’. If you need specifications written for the project to go out to competitive bid, they may offer to write the specifications for you. And, to your good fortune for budget purposes, they will write the specifications for no charge. While you may think this is a bargain, it probably will cost more money in the long run. What typically happens is that company will write the specifications to make it extremely difficult and sometimes impossible for any products to be used other than their proprietary ones, making them the only company able to competitively bid the project. This creates two major problems: first is the equipment specified is more than likely not the best fit for your needs and second you will pay far more than you should for the installed system because it in effect becomes sole source.

What if, instead of having an installation firm write the specifications, you invite several reputable firms into your facility, explain to them what exactly you are looking for based on your needs assessment, and ask them to give you a proposal with products that will meet those needs and associated costs. Sound better? While it probably is better, it is still inherently flawed. Installation firms usually have certain manufacturers that they use the majority of the time either because they have a comfort level with that manufacturer or they have an actual agreement with that manufacturer to sell a certain amount of its equipment per month. What happens is the equipment is made to fit the needs even if it is not close to the best fit or the most cost effective option. Additionally, do you have the expertise to sift through the proposals to determine which equipment is the best fit for your needs?

A security design consultant is independent of any manufacturer or installation firm. Their product choices are based solely on the needs of the client. They match the product to the need rather than the need to the product. The consultant can prepare design specifications in two specific ways: for a Request for Proposal (RFP) or Invitation to Bid (ITB). A Request for Proposal describes in detail the system and equipment requirements as determined by the needs assessment and gives general criteria that the bidder must fulfill for their bid to be acceptable. The installation firm will then propose equipment to meet those needs and give a cost for the installation. The consultant will then evaluate all the proposals and make a recommendation as to which proposal best meets the needs of the client. An Invitation to Bid actually spells out the exact equipment that will be bid. The consultant will have already made those determinations based on expertise and industry best practices. The installation firm merely bids a cost for what is specified. In either case the product decisions are based solely on the needs of the facility and client rather than any other factors.

A note about using project architects to do the assessment and design work described above. This could be a good or bad thing. You need to ask some questions up front in order to make that determination. Does the architect use their own independent security consultant? If not, if they use an engineer or do it themselves, what expertise do they have in the assessment and design of electronic security systems? Unfortunately you will find that some architects also use security installation companies to do this work for them. While they are getting the services for free, you are being charged. Additionally, you are getting far from the best system for your needs. This is certainly not always the case, there are a lot of excellent architects out there that either have the proper expertise or hire that expertise. You just need to ask the questions to make sure you are getting the best for your money.


Project Management

Once the procurement process is complete and an installation firm has been chosen to install the designed systems, someone must make sure the systems are installed per the specifications and industry best practices. It stands to reason that the best person to provide that oversight is the person who actually wrote the specifications. If the same firm who wrote the specifications is doing the work, that is not very reliable oversight. In many cases you as the security manager can do this project management oversight yourself or through your department with little difficulty. However, if the security design consultant has been involved in the project through the assessment and design phases, he is best able to evaluate the quality and thoroughness of the installation. Also, for more complicated systems and installations, having project management performed by someone with the technical expertise to understand what to look for in the oversight process is a great advantage.

So the nest time you receive that phone call at 2pm on a busy day, perhaps you should consider hearing what they have to say. The consultants’ job is not to upstage the security manager or in any way take away from the overall security program, but rather to enhance the capabilities of the security manager and the department in general by helping you do your job in the best manner possible. No one is expected to know everything, but you are expected to find people with the necessary knowledge when an issue arises. Take advantage of it.

Date: March 31st, 2009
Cate: Commercial Security, Crime Analysis, Foreseeability, Negligent Security, Premises Liability, Security

Shopping Center Security

Strip shopping centers face unique threats not common to other properties. Often considered a safe haven by customers, strip centers contain various types of businesses and stores that create high traffic levels of both vehicles and pedestrians. Shopping centers often contain an anchor store which draws the bulk of the traffic, such as grocery stores and department stores. Grocery stores, in particular, face numerous crime challenges as they meet many customer needs beyond groceries.

The two biggest threats to shopping centers are victimization of employees and customers and the liability associated with such events. The inherent nature of the facility lends itself to high traffic, because diverse businesses are located within the center. This high traffic creates an abundance of targets for criminals. Other factors that can contribute to higher traffic and higher risks are external payphones, banks and automated teller machines (ATM), and the location of the center at major cross streets or near highways. These factors along with other considerations are typically what the real estate department is looking for when selecting and planning new shopping centers as the factors also contribute to marketability. Thus, a fine line exists between marketability and security.

Determining True Risk

Having outlined some of the concerns at strip centers, it should be noted that the focal point of this article is how to determine the true risk at these facilities, rather than the reasons for the risk. As such, we turn to the way in which risk can be determined.

Shopping center managers face a formidable challenge in determining the true risk at their properties because their addresses are often used by crime victims, witnesses, and even the police to report criminal incidences. Adding to this problem is the fact that many people without phones in their residences use the payphones at shopping centers to report crimes that happened elsewhere. Even crimes that occur on the public street can get reported using the center’s address. These issues necessitate the need to thoroughly investigate each crime of violence to determine the true location.

The most accurate method for determining crime risk at a site is police crime data, which, not surprisingly, is the most commonly accepted method in court. This crime analysis methodology far surpasses the reliability of other methods, such as demographic data and security reports. Crime Analysis, as defined in Applied Crime Analysis, is the logical examination of crimes which have penetrated preventive measures, including the frequency of specific crimes, each incident’s temporal details (time and day), and the risk posed to a property’s inhabitants.

As an industry best practice, the objectives of crime analysis are:

1. To reduce crime on the property

2. To evaluate and aid in the selection of security measures.

3. To justify security expenditures.

4. To provide a system of monitoring the effectiveness of security measures.

5. To provide a continual evaluation system of the site’s crime situation.

6. To reduce liability.

Having outlined the objectives of crime analysis, we should take a look what crime analysis is and is not. Crime analysis is not demographic data that determines risk for an area using unknown data points and some far reaching social disorder theory, nor is it data from other unrecognized sources. To the contrary, crime analysis is based on actual crime data pulled from law enforcement databases. The difficult part here is accessing those databases from each and every police department where a store is located. Despite the difficulty in some jurisdictions, it can be done.

Using Police Data

Given that we now know that crime analysis uses actual crime data, we should define, step by step, the methodology that is proven, considered a best practice, and most important, accepted in court. The first step is to obtain the police department data for each store. This data usually comes in the form of Calls for Service (CFS), which provide a fairly accurate portrayal of criminal and other activity and consist of each call to the police to report crimes or other activity from the location. With this initial data, we can begin to build our database of crime at each store.

To get to 100% accuracy, we have to go one step further by obtaining the offense report for each incident that concern us. Offense reports are the written narrative of a call for service that resulted in an actual crime. Offense reports are especially important at shopping centers for a number of reasons. First, it is common for people to use the pay phones at shopping centers to report crimes that may not have occurred at the store. Offense reports give us the critical information to weed out those crimes that happened elsewhere. Second, shopping centers often have inflated crime levels because police dispatchers and officers use the main address of the shopping center. The police report will disclose the business where the crime actually occurred. Third, crimes are sometimes misreported by victims and witnesses. Offense reports disclose the actual crime, not the reported crime. For example, offense reports may tell us that a reported robbery from the shopping center was actually a burglary at an apartment complex across the street.

Analyzing the Information

Once we have our database of actual crimes, we can analyze the specific risk at each site. There are a number of queries that will assist in creating an effective security program. The first is a property-specific analysis which helps us differentiate between crime risks when comparing sites. For resource allocation, it is imperative that the analysis is focused at the property level. Given a security budget of $1,000,000 per year, this analysis allows us to compare risks at each site and allocate accordingly.

The next query is a crime-specific analysis which focuses on the type of crimes committed on the property. Knowing what crimes have occurred on the property will aid loss prevention managers in selecting specific prevention measures to prevent future occurrences as it tells us what particular asset is being targeted.

Temporal analysis is the third query. This analysis tells us when the risks are high and helps us efficiently allocate our security resources when threats are more likely. Various methods for learning a property’s crime patterns can be considered including time of day, days of week, week of month, seasonal trends, and, on the extreme, crime trends during full moons. Temporal analysis is where security managers will gain the highest return on investment.

You will find that crime analysis does not stop with these analyses and applications of security measures, but takes further steps to monitor the crime situation. Crime analysis continually monitors the crime picture, typically on an annual basis so we can test the program’s effectiveness and revise if necessary. Crime analysis makes a static security program dynamic, providing for change.

Conclusion

A crime analysis case study was recently completed by the author’s firm and is pending publication in the American Society for Industrial Security’s (A.S.I.S.) Security Business Practices Reference, Volume 6. The results of the case study indicated that a sizable return on investment was realized within a year of implementing a crime analysis program. The first year’s savings, or cost avoidance, was $9.2 million, or 41% of the security budget. This savings reflected a number of changes to the security program, but primarily constitutes the deployment of security personnel during higher risk times. There is another category of cost avoidance that cannot yet be measured. That category is generated by reducing crime and avoiding security litigation.

The necessity to develop and maintain a well-balanced security program is elementary and essential to the protection of customers and other assets. Crucial to such a program are the balanced applications of crime analysis, security selection & implementation, and monitoring. In addition, potential liability can be avoided if management responds appropriately to the property’s crime experience. Premise security cases are much less supportable if management conducts crime analysis, anticipates certain activity, and implements reasonable crime countermeasures.

Like most other tasks that security managers must do, there are two solutions. The first is to hire, train and supervise a person or team of people to pull the data from each police department where we have a store. The other option is to out-source this task. Outsourcing appears to be the most common alternative as it reduces costs substantially and brings third-party objectivity to the project. Also, the expertise to conduct crime analysis is somewhat limited given the high demand for it today.

Related post: Texas Supreme Court rules on shopping center’s liability in negligent security case


For further information, please contact
Threat Analysis Group, LLC
(281) 494-1515
www.ThreatAnalysis.com

Date: March 26th, 2009
Cate: Negligent Security, Premises Liability, Security

Forensic Methodology for Assessing Security Adequacy

The IAPSC has published the latest version of its Forensic Methodology Best Practice. This methodology is used by security consultants when evaluating a property’s security adequacy. While it is entitled forensic methodology, it is used outside of litigation to assess security pro-actively. A recent Kentucky case validated this methodology.

IAPSC Forensic Methodology

Todd Childress, et al v. Kentucky Oaks Mall Company, et al

« Older Entries