Automated office security devices protect office resources from hazards such as crime and accidents. These security systems are often developed and implemented following a risk assessment, which determines what internal and external factors pose the greatest threat and proposes means to reduce this threat. Technologies to diminish risk include the following:
In the 1950s, electronic locks preceded the modern access key and card control used today. These early electronic locks required keys that were not user-specific, and thus anyone with the correct key could access locked materials. Personal identification numbers (PINs) remedied this weakness in the 1960s by tying together facility access and individual password codes. The further development of smart cards incorporated individual access rights—optically or magnetically encoded on the card—and featured access options such as automatic logging and multiple access levels. These keys and individual codes were both required to gain access to resources. Biometric access controls were developed in the mid-1970s as a result of concerns over risks associated with PINs and coded information. Both keys and codes could be stolen. By examining unique human characteristics, biometric access controls provided more accurate identification and weren't as easy to counterfeit. Computer security measures such as passwords and encrypted information were also established to protect digital data.
As it applies to automated office security, risk management involves understanding and assessing threats from catastrophic events and unauthorized use of resources. Overall vulnerabilities to physical theft, data theft, destruction of resources, and access to sensitive information are all important risk considerations. Specifically, risk analysis for office environments addresses four basic factors: (I) the assets that need protection, (2) the kinds of threats to these assets, (3) the probabilities that these threats will materialize, and (4) the effects if a loss occurs. The type of automated security chosen is intended to be proportionate to the combined risks and their potential consequences.
Physical alarms that trigger when fire, smoke, or heat are detected provide against loss due to fire. Smoke, heat, and flame detectors offer early warning using audible sounds and signals to central control units. Modern systems include features like alarm verification, which momentarily disables and then reactivates an alarm, in order to reduce the occurrence of false alarms. Automatic sprinkler systems respond by attempting to quench the growth of a fire until the fire department responds. Newer sprinkler systems contain controls to prevent too much water being released in response to a minor fire or smoke problem, thereby reducing the amount of water damage. Advanced systems can also close or unlock fire doors as necessary and contact security personnel directly.
Access control measures ensure that only authorized personnel have access to restricted resources and thereby reduce the likelihood of criminal infiltration and misuse. Keypads, cards, and proximity systems are the most common automatic interfaces between the access system and personnel. Access controls are a common feature in increasingly sophisticated security management systems for offices. Not only can they deter unauthorized persons from gaining entry, but they may also track suspicious activities of authorized users, such as late-night visits and other unusual patterns.
A keypad system is a combination lock usually appearing as a plastic input device with at least ten numbered keys. The correct sequence of numbers must be selected in order to gain entry. The level of security provided is a function of the number of combinations available: the more available, the more secure the lock. Computer-controlled keypads consist of local and centralized devices that accept input and coded information. Keypad systems are vulnerable to brute force attacks when all possible numerical combinations have been tried. When keypad systems are in isolated areas, unauthorized attempts at entry might remain unnoticed for long periods. Even when keypads are located in well-lighted and public areas, long-term probing (attempts to guess codes over a long period) might also go unnoticed.
Such weaknesses in keypad systems may be overcome by placing them in visible locations and by incorporating frequent code changes, time penalties, and error alarms. Frequent code changes, while effective in minimizing long-term probing, require notification to all authorized entrants. Time penalties freeze or lock up the system when a correct code hasn't been entered within the allotted time. This penalty significantly increases the amount of required to break into a system using trial-and-error code guessing. Error alarms sound when incorrect codes are entered, drawing attention to the individual trying to gain entry.
Keycards are often used in conjunction with keypad systems to provide another layer of security. Keycards, some of which are smart cards with advanced anti-fraud features, contain magnetically or optically encoded information that is read and analyzed by a scanning device. A typical system, such as that used in some automated teller machines (ATMs), requires the user to insert or swipe the card and then type a password. This two-step process improves security effectiveness by reducing the chances of a lost or stolen card being used successfully.
Proximity or reaction systems rely on sensors to detect authorized or unauthorized persons without direct contact. One common use is to streamline secure entry into buildings. With a proximity system, authorized personnel carrying a special card or tag are detected from a distance and are admitted without needing to fumble for keys, pass a card through a reader, and so on. This method also reduces the need to replace cards due to wear. Proximity systems are either initiated by the user sending a signal or activated by a sensor detecting a signal. These systems fall into three basic transmission categories: (1) passive, (2) field-powered, and (3) transponder. Passive proximity devices consist of a reader that transmits radio frequency (RF) or acoustic signals to a passive tag or card carried by an individual or attached to equipment. The tag simply reflects the signal back to the reader in a prescribed manner, and if the signal is reflected correctly access is granted. Because radio signals are used, the tag doesn't need to be in direct sight of the reader. Field-powered devices employ a similar process, but in this case active signals are sent to a receiver from the individual or equipment using a powered transmitter. Transponder systems are sophisticated passive devices. An unpowered transponder in the form of a tag or other small object receives RF signals from a reader, stores a charge, and then based on the signal it received transmits back to the reader a predetermined response signal. This allows for passive recognition of a unique identity, such as for distinguishing between the owner of a car, who carries the transponder, and a car thief.
Intrusion detection systems use sensors, a control unit, and proximity alarms to discourage unauthorized entry. Early devices such as physical trip wires were clumsy and questionable deterrents, but improvements since the late 1960s and continuing through the 1990s have made intrusion detection considerably more effective. Intrusion detection systems may be triggered by such events as
Integrated systems may be customized for alarm verification, response time, and delaying actions.
Circuit-based sensors include magnetic contact switches, electrical switches, and pressure mats. Contact switches conduct electrical current when closed and activate when contact is interrupted. Pressure mats are weight-sensitive floor coverings that activate when stepped on; a reverse pressure mat activates when weight is removed from the mat (e.g., an object that is not supposed to be moved is lifted).
Sound sensors identify vibrations by using microphones to detect forced or unauthorized entry. Devices placed on floors, walls, and valuable objects relay sound, and thereby activate an alarm. Sound systems are most effective when background noise is minimal.
Light sensors activate when a light beam is interrupted by an intruder. One drawback is that in simple systems an intruder may be able to see the beam and evade it. Outdoor light sensors also perform erratically in adverse weather conditions such as rain and snow.
Motion detectors employ microwave and ultrasonic technology to sense movement. Both use analysis of acoustical patterns of energy to identify spatial distortions that accompany movement. Motion can also be detected using an electronic proximity field device, which senses changes in the electrostatic field of the area being monitored.
Closed-circuit television (CCTV) employs cameras, lenses, signal transmission, video recorders, monitors, and other accessories to monitor offices for access and intrusion. Two generic types of CCTV include tube and solid-state sensors. Tube cameras use electron beams to scan the area, while solid-state cameras use charge-coupling techniques in which electrical charges collected by the camera are converted to a video signal. CCTV systems may be actively monitored by security personnel and/or passively taped for record keeping. CCTV systems may also use multiplexers that allow input from up to a dozen cameras to be viewed in panels on the same monitor screen, rather than needing 12 separate monitors. Other innovations have included the development of cameras that produce better images in lowlight conditions. The integration of CCTV with other automated office security measures can significantly reduce the threat of intrusion and damages from theft or vandalism.
Biometrics is one of the most advanced and accurate security technologies because it is based on relatively permanent and unique human features such as fingerprints, retinal patterns, and voice, face, and signature matching. All biometric systems rely on a baseline image or recording of the human feature being matched, e.g., a sample fingerprint is obtained through a special electronic scanner. At each attempt to access the protected resource, the individual's features are compared to the baseline for verification. Biometric technology remains more expensive than traditional access controls since large amounts of digital storage and processing capacity are required to operate it. As a result, biometric devices tend to be used at only the highest-security facilities, although the technology is growing more mainstream and prices have fallen from earlier levels. Some experts have asserted that in the long run biometric systems are cheaper to operate than card- and password-based systems because they require less maintenance and materials to operate.
Securing corporate data is an increasingly important concern in automated office security. The three most common forms of information security are transactional, transformational, and systems monitoring. The primary transactional security measure is the use of computer device and software passwords. These systems can not only limit access to the individual supplying the correct password, but they can also respond to anomalies like repeated failed log-in attempts or incorporate multiple levels of access that are determined by the password provided. Transformational security measures consist primarily of encryption and encoding technology that renders data unreadable without the proper decryption software. Systems monitoring involves using software, often on the network level, to track movement of files, user patterns, and other events on a system. An information security program may also include software tools for monitoring electronic mail and telephone calls.
Bintliff, Russell L. The Complete Manual of Corporate and Industrial Security. Englewood Cliffs, NJ: Prentice Hall, 1992.
Biometric Consortium. The Biometric Consortium. Washington, 1999. Available from www.biometrics.org .
Clegg, Brian. "Searching for Your Identity." Computer Weekly, 8 April 1999.
Fay, John J., ed. Encyclopedia of Security Management. Boston: Butterworth-Heinemann Ltd., 1993.
Patterson, Maureen. "Technology Today & Tomorrow: Safety/Security." Buildings, December 1998.
San Luis, Edward, Louis A. Tyska, and Lawrence J. Fennelly. Office and Office Building Security. 2nd ed. Boston: Butterworth-Heinemann Ltd., 1994.
Security Management, monthly.