DefCon: Physical security, you are doing it wrong
By A.P. Delchi
Delchi’s talk evolves around an imaginary assignment to design the physical security system of a high security facility with CCTV, and the methodology how to handle this assignment.
If you want to design such a system you need to follow the steps of:
- Assessment – What do we secure? What is the status? What are the risks?
- Assignment – Which area gets which security? Prioritize. What external requirement do you have?
- Arrangement – Find the most effective locations for you security devices. Consider security and ergonomics.
- Approval – get quotes from multiple vendors. Consider lifetimes and service plans and take expansions into account. E.g. Will you require biometric in the future.
- Action – Lets implement it. Build, train and test.
Next Delchi encourages us keep failure into mind. Physical security systems will go wrong, building the systems will go wrong as well.
Delchiās final section of the talk outlines the various problem security professions will encounter when dealing with various parties involved in the process. Management, vendors, people who know better, users and construction workers. With funny and concrete examples he shows what to expect and how to handle these groups.