Effective Physical Security
Lawrence J. Fennelly
Table of Contents
Chapter 1. Encompassing Effective CPTED Solutions in 2017 and Beyond: Concepts and Strategies
Questions to be Answered During an Assessment
CPTED Survey for Colleges and Universities: 30 Vulnerabilities Based on CPTED Assessments
Psychological Properties of Colors
CPTED Landscape Security Recommendation
Chapter 2. Introduction to Vulnerability Assessment
Risk Management and Vulnerability Assessment
Risk Assessment and the Vulnerability Assessment Process
Statistics and Quantitative Analysis
Vulnerability Assessment Process Overview
Planning the Vulnerability Assessment
Reporting and Using the Vulnerability Assessment
Systems Engineering and Vulnerability Assessment
System Design and Analysis
System Installation and Test
Chapter 3. Influence of Physical Design
Crime Prevention Through Environmental Design
Chapter 4. Approaches to Physical Security
Levels of Physical Security
The Value of Planning
Security Surveillance System (CCTV)
The Security or Master Plan and Countermeasures
Convincing Oneself That a Proposal Is Justified
Designing Security and Layout of Site
Chapter 5. Security Lighting
Types of Lamps
Twenty-Five Things You Need to Know About Lighting
Chapter 6. Electronics Elements: A Detailed Discussion
Alarm/Access Control Systems
Server (and Business Continuity Server)
CCTV and Digital Video Systems
How Digital Video Differs From Analog
Wireless Digital Video
Lenses and Lighting
Analog Versus Digital
Command/Control and Communication Consoles
Workstation and Console Specifics
Guard Console Functions
Questions and Answers
Chapter 7. Use of Locks in Physical Crime Prevention
Lock Terminology and Components
Door Lock Types
Attacks and Countermeasures
Locks and the Systems Approach to Security
Appendix 7A: Key Control
New Standard Set for Exit Devices, Locks, and Alarms
Electrified Panic Hardware
Appendix 7B: Key Control and Lock Security Checklist
Chapter 8. Internal Threats and Countermeasures
Physical Security Countermeasures
Chapter 9. External Threats and Countermeasures
Methods of Unauthorized Entry
Chapter 10. Biometrics in the Criminal Justice System and Society Today
History of Biometrics and Fingerprinting in the United States
Biometrics Usage Today
The Federal Bureau of Investigation’s Biometric Center of Excellence
Biometric Modalities and Technology
International Biometrics: India’s Private Usage of Biometrics on Society
Future Advancements of Biometrics
Chapter 11. Access Control Systems and Identification Badges
Access Control Systems and Protocols
Identification Badging System
Chapter 12. Chain-Link Fence Standards
Design Features and Considerations
Typical Design Example
Chapter 13. Doors, Door Frames, and Signage
Exterior Number Sizing
The Function of a Door
Standards for Doors
Chapter 14. Glass and Windows
Types of Glass
Glass and Security
Chapter 15. The Legalization of Marijuana and the Security Industry
Marijuana—the Pros and Cons
Should Marijuana be Legal for Medicinal and/or Recreational Purposes?
The Short-Term Effects of Marijuana
The Long-Term Effects of Marijuana
Is Marijuana Addictive?
Security for Marijuana Farms and Dispensaries
Chapter 16. Designing Security and Working With Architects
Leadership in Energy and Environmental Design
Crime Prevention Through Environmental Design Planning and Design Review
Physical Security Systems
Chapter 17. Standards, Regulations, and Guidelines Compliance and Your Security Program,
Including Global Resources
Chapter 18. Information Technology Systems Infrastructure
Basics of Transport Control Protocol/Internet Protocol and Signal Communications
Transport Control Protocol/User Datagram Protocol/Real-Time Protocol
User Datagram Protocol
Network Infrastructure Devices
Creating Network Efficiencies
Managing Data Systems Throughput
Interfacing to Other Enterprise Information Technology Systems
Chapter 19. Security Officers and Equipment Monitoring
Best Locations for Closed-Caption Television
Introduction to Access Control and Biometrics
Designated Restricted Areas
Chapter 20. Video Technology Overview
Quads and Multiplexers
Hard-Copy Video Printers
Glossary for CCTV
Chapter 21. Understanding Layers of Protection Analysis
Chapter 22. Fire Development and Behavior
Stages of Fire
How Fire Spreads
Four Ways to Put Out a Fire
UL Standard 217, 268 and NFPA 72
Water Supply for Sprinklers and Tanks
Appendix: A Fire Safety Inspection
Administrative and Planning Phase
General Physical Inspection Phase
Extinguisher Inspection Phase
Stand Pipe, Fire Hose, and Control Valve Inspection Phase
Sprinkler System Inspection Phase
Hazardous Materials Inspection Phase
Alarm System Inspection Phase
Chapter 23. Alarms Intrusion Detection Systems
Components of Alarm Systems
Alarm Equipment Overhaul
Appendix 23A: Smoke Detectors
Appendix 23B: Alarm Certificate Services Glossary of Terms Certificate Types
Appendix 23C: Fire Classifications
Use of Fire Extinguishers
Appendix 1. Glossary of Terms
Butterworth-Heinemann is an imprint of Elsevier
The Boulevard, Langford Lane, Kidlington, Oxford OX5 1GB, United Kingdom
50 Hampshire Street, 5th Floor, Cambridge, MA 02139, United States
Copyright © 2017 Elsevier Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording, or any information storage and
retrieval system, without permission in writing from the publisher. Details on how to seek
permission, further information about the Publisher’s permissions policies and our arrangements
with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency,
can be found at our website: www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the
Publisher (other than as may be noted herein).
Knowledge and best practice in this field are constantly changing. As new research and
experience broaden our understanding, changes in research methods, professional practices, or
medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in
evaluating and using any information, methods, compounds, or experiments described herein. In
using such information or methods they should be mindful of their own safety and the safety of
others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors,
assume any liability for any injury and/or damage to persons or property as a matter of products
liability, negligence or otherwise, or from any use or operation of any methods, products,
instructions, or ideas contained in the material herein.
Library of Congress Cataloging-in-Publication Data
A catalog record for this book is available from the Library of Congress
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library
For information on all Butterworth-Heinemann publications visit our website at
Publisher: Todd Green
Acquisition Editor: Steve Merken
Editorial Project Manager: Nate McFadden
Production Project Manager: Stalin Viswanathan
Designer: Matthew Limbert
Typeset by TNQ Books and Journals
It is with great happiness that we dedicate this book to our two very special daughters-
in-law, Annmarie Carr Fennelly and Janet Mansfield Fennelly. Both of these strong
women are working mothers, have three beautiful children each, and are wonderful
Mothers, Wives, and our Daughters.
Larry and Annmarie Fennelly
A manager designs and develops security, physical security, safety and investigative programs.
Louis A. Tyska, CPP
This book is your road map to decoding and developing an effective security strategy beginning
with the design build phase and addressing everything in between including life safety issues.
Larry Fennelly and Marianna Perry have the knowledge and experience to see these complicated
and ever-changing security challenges from a unique and multifaceted viewpoint. They both share
their insight with the reader and that is why every security practitioner needs to read this book.
Most security books focus on one topic, i.e., Risk Analysis or Security Surveillance Systems (CCTV)
and access control and biometrics. I love this text because it has so much material in it that we need
to address our everyday problems.
The baby boomers are retiring and the millennium generation is taking over. The face of security
is also changing. Research is being done to advance the security profession to provide the highest
level of protection while at the same time, increasing the bottom-line profitability of the
organization. College courses are changing. Going forward, the combination of business as a major
field of study and security or information technology as a minor is becoming the new norm. This
change is being implemented to prepare security professionals to properly protect corporate assets.
The new “buzz words” from 2015 to 2020 will be the following:
1. What kind of “skill set” does the candidate/officer have?
2. What “certifications and specializations” does the candidate/officer have?
3. Both “physical security and informational security” will be merging with the move toward
4. “Career pathways” will be used by way of “internships.”
5. Your “certifications” will be the bar for testing qualifications.
6. Education for a career in security is being “redesigned.” Are you ready?
7. The holistic approach is preferred over independent components or “silos” as a logical approach
to security systems.
8. 5.0 Megapixel cameras on phones and monitors with full (or true) HDTV—1080 are standard.
Do not be left behind! Plan for the future now!
The top crime threat problems according to recent reports are (1) cyber/communications security,
(2) workplace violence, (3) business continuity, (4) insider threat, and (5) property crime.
We mention this because if you are going to be addressing crime problems you first need to know
what they are. To make recommendations and solve problems, you first have to make sure that you
have correctly identified the issue. If a security assessment is not completed to determine the root
causes of a security issue or vulnerability, the security practitioner may simply keep putting policies
or procedures in place that address the symptoms and countermeasures of a problem and not the
actual problem itself. This will be a frustrating (and sometimes costly) situation that can be avoided
if, before any action is taken, an assessment is completed by a knowledgeable security professional
to accurately identify security vulnerabilities. This will ensure that the true issues and concerns are
being addressed, not just the symptoms.
The most demanding problem for managers and supervisors within a protection department is
the physical security devices under his/her control. The supervisor’s role should be to assist in
enabling the manager to provide a level of support within the organization. Supervisors must take
responsibility for corporate regulations, moral and ethical tone as well as providing the required
level of security and customer service required.
Managers work with budgets and other resources (equipment, uniforms, technology, software,
etc.) to ensure that the protective mission is achieved. Managers oversee processes (procedures) that
accomplish organizational goals and objectives. Staff functions without a supervisory span of
control over line employees may be performed by managers. Training, technical support, auditing,
etc., are staff functions. A manager coordinates activities rather than supervises them. Turnover and
job rotation can create overall improvement and a challenge. Staying current on industry trends and
events by reviewing news sources, trade publications, and webinars and sources such as ASIS
International and others.
Active shooter/active assailant’s incidents, stabbings, and random unthinkable acts of violence
are happening in our workplaces and on our televisions everyday. We cannot escape these mindless
crimes and thefts that impact every segment of the security management operation. “Security
Matters” now more than ever! Trying to decide which security concepts are right for your
organization is a daunting full-time task. However, I suggest that you start off with a professional
security assessment, so you can identify your security needs.
This book is your road map to decoding and developing an effective security strategy beginning
with the design build phase and addressing everything in between including life safety issues. The
authors have the knowledge and experience to see these complicated and ever-changing security
challenges from a unique and multifaceted viewpoint. They both share their insight with the reader
and that is why every security practitioner needs to read this book. Most security books focus on
one topic, i.e., Risk Analysis or Security Surveillance Systems (CCTV) and access control. I love this
text because it has so much material in it that we need to address our everyday problems.
Today’s security books are more and more complicated and technical. We, as practitioners must
stay ahead of the curve, to keep up. Books like this, and those of Thomas Norman, CPP, David
Paterson, CPP, Sandi Davis (Women in Security), James F. Broder, CPP, Michael Fagel PhD, and Dr
Jennifer Hestermann are security professionals and future educators along with Larry Fennelly and
Marianna Perry. Writing a book listing 150 things…etc., is not an easy task. I commend these
authors and those that I mentioned, for their vision and dedication that will keep us ahead of the
Linda Watson, MA, CPP, CSC, CHS-V, Whirlaway Group LLC
We completed this book in about 6 months. Normally, this undertaking would take 18 months.
We know that it is hard to believe, but it is true. We both know that the faster we could complete
this book, get it published and into the hands of those who are responsible for those practitioners in
security, then possibly the information will get out there and be of further help to our profession.
This is basically a very hard book to finish. The first 35 are easy the next 35 are ok, then it gets
harder and harder. We went through two drafts and then after having a strong handle on it, we
keep adding and adding to the various pieces. A perfect example is the section on body cameras, I
saw a report that was negative, then I found another report that was positive, so we add a piece I
felt this was the best part of the book, because it was getting better and better.
Physical security is a big topic, cybercrimes and cyberterrorism, workplace violence, emergency
management, and IT security issues will continue to be the top issues going forward.
Regulations and Compliances and security standards for your corporation will continue to be
developed and aid in the improvement of your security assessment. Follow CPTED principles and
security best practices and master plan development. After you have done so, call your local media
to promote your accomplishments. Let the bad guys know that you take crime prevention and
effective security at your school serious!
Times have changed and you must change as well, I was reading a deposition recently and the
security manager said quote “We have been doing it this way for 30 years.” Of course, you have
that is why a man died and your being sued.
Social media need to monitored and included in your assessment process.
We are concerned because we know that many of you do not have good security and do not have
adequate security in place to protect your assets. We are not advocating that you make your
corporate or place of work a fortress into a cold, uninviting fortress. Instead, we want you to have
not only a safe environment but also has effective security in place to address vulnerabilities and
have continuous assessments to improve the process.
Enterprise risk management (ERM): (1) It looks at a holistic approach to ERM, which breaks
down silos between physical and technological security and provides comprehensives risk
management solutions. Eugene Ferraro recently said, (2) “We owe it not only to this country, but
also to the free world, to think further ahead about future threats and what the solutions look like.
And if we can reach consensus around these solutions, we will be in a better position to build
We wish to sincerely thank all of our contributors who made this book possible. We truly believe
that compiling the knowledge of many security professionals is a more comprehensive approach to
addressing the issue of physical security. We thank you for your professionalism as well as your
contributions to our profession.
Lawrence J. Fennelly
Marianna A. Perry, CPP
1Enterprise Security Risks and Workplace Competencies, ASIS, University of Phoenix & Apollo
Education Group, 2016.
C H A P T E R 1
Encompassing Effective CPTED Solutions in
2017 and Beyond
Concepts and Strategies
Lawrence J. Fennelly, CPOI, CSSI, CHS-III, CSSP-1, and Marianna A. Perry, MS, CPP, CSSP-1
We are delighted to be a part of the series of white papers for School Dangers.Org. It is appropriate to say a few words about
Tim Crowe and Crime Prevention through Environmental Design (CPTED), before you read our paper.
Tim Crowe wrote Crime Prevention Through Environmental Design (1991) based on a security assessment that he conducted for a
school district in Florida. Tim’s book (which was updated and modernized by Lawrence Fennelly in 2013) was and is still
considered a primary resource for crime prevention practitioners in the security industry to help them better understand the
relationship between design and human behavior. CPTED is a proactive approach to manipulate the physical environment
and bring about the desired behavior of reduced criminal activity as well as reduced fear of crime. Tim Crowe and Larry
Fennelly lectured for Rick Draper in Australia on the concepts of CPTED.
CPTED color; Design; Design concept; Deterrences; Environment; Fear of crime; Hot spots; Landscape security; LED;
Maintenance; Measuring and evaluation; Methods; Police procedures; Programs Tim Crowe; QR code; Rick Draper; Strategies;
Target hardening; Three-D concept
Deterrence’s, CPTED Design, Policies and Procedures, Training Programs and Security Awareness
Thomas L Norman, CPP, PSP, CSC 2016.
We are delighted to be a part of the series of white papers for School Dangers.Org. It is appropriate
to say a few words about Tim Crowe and Crime Prevention through Environmental Design
(CPTED), before you read our paper.
Tim Crowe wrote Crime Prevention Through Environmental Design (1991) based on a security
assessment that he conducted for a school district in Florida. Tim’s book (which was updated and
modernized by Lawrence Fennelly in 2013) was and is still considered a primary resource for crime
prevention practitioners in the security industry to help them better understand the relationship
between design and human behavior. CPTED is a proactive approach to manipulate the physical
environment and bring about the desired behavior of reduced criminal activity as well as reduced
fear of crime. Tim Crowe and Larry Fennelly lectured for Rick Draper in Australia on the concepts
Tim Crowe’s comprehensive set of guidelines were developed with one goal in mind—to reduce
opportunities for crime in the built environment. His work is the “gold standard” for security
practitioners and others who implement CPTED concepts as a crime prevention tool. Crowe’s work
is frequently used as a training tool for law enforcement, town planners, and architects. These
guidelines have been used in hundreds of training sessions and cited in numerous publications.
Tim Crowe was a professor at the National Crime Prevention Institute (NCPI) at the University of
Louisville in Louisville, Kentucky. Marianna Perry is the former Director of NCPI and together both
she and Tim have presented training sessions on CPTED.
We included this information because we want you to understand the origination of Tim Crowe’s
work on CPTED.
The conceptual thrust of a CPTED program is that the physical environment can be manipulated to
produce behavioral effects that will reduce the incidence and fear of crime, thereby improving the
quality of life. These behavioral effects can be accomplished by reducing the propensity of the
physical environment to support criminal behavior. Environmental design, as used in a CPTED
program, is rooted in the design of the human–environment relationship. It embodies several
concepts. The term environment includes the people and their physical and social surroundings.
However, as a matter of practical necessity, the environment defined for demonstration purposes is
that which has recognizable territorial and system limits.
The term design includes physical, social, management, and law enforcement directives that seek
to affect positively human behavior as people interact with their environment.
Thus, the CPTED program seeks to prevent certain specified crimes (and the fear attendant on
them) within a specifically defined environment by manipulating variables that are closely related
to the environment itself.
The program does not purport to develop crime prevention solutions in a broad universe of
human behavior but rather solutions limited to variables that can be manipulated and evaluated in
the specified human/environment relationship. CPTED involves design of physical space in the
context of the needs of legitimate users of the space (physical, social, and psychological needs), the
normal and expected (or intended) use of the space (the activity or absence of activity planned for
the space), and the predictable behavior of both legitimate users and offenders. Therefore, in the
CPTED approach, a design is proper if it recognizes the designated use of the space, defines the
crime problem incidental to and the solution compatible with the designated use, and incorporates
the crime prevention strategies that enhance (or at least do not impair) the effective use of the space.
CPTED draws not only on physical and urban design but also on contemporary thinking in
behavioral and social science, law enforcement, and community organization.
The continuum of space within a residential complex (that is, a property consisting of one or more
buildings containing dwelling units and associated grounds or, more broadly, a neighborhood
consisting primarily of residential uses) may be divided into four categories:
• Public. Space that, whatever its legal status, is perceived by all members of a residential area or
neighborhood as belonging to the public as a whole, which a stranger has as much perceived
right to use as a resident.
• Semipublic. Space accessible to all members of the public without passing through a locked or
guarded barrier. There is thought to be an implied license for use by the public, and strangers will
rarely be challenged. This is generally associated with multifamily housing.
• Semiprivate. Space restricted for use by residents, guests, and service people on legitimate
assignments. In multifamily housing, this is usually secured by protection officers (or doormen),
locks, or other forms of physical barriers. Strangers can be expected to be challenged as potential
• Private. Space restricted for use by residents of a single dwelling unit, their invited guests, and
service people, with access generally controlled by locks and other physical barriers.
Unauthorized use is always challenged when the opportunity for challenge presents itself.
The emphasis on design and use deviates from the traditional target-hardening approach to crime
prevention. Traditional target hardening focuses predominantly on denying access to a crime target
through physical or artificial barrier techniques (such as locks, alarms, fences, and gates). Target
hardening often leads to constraints on use, access, and enjoyment of the hardened environment.
Moreover, the traditional approach tends to overlook opportunities for natural access control and
surveillance. The term natural refers to deriving access control and surveillance results as a by-
product of the normal and routine use of the environment. It is possible to adapt normal and
natural uses of the environment to accomplish the effects of artificial or mechanical hardening and
surveillance. Nevertheless, CPTED employs pure target-hardening strategies either to test their
effectiveness as compared with natural strategies or when they appear to be justified as not unduly
impairing the effective use of the environment.
As an example, a design strategy of improved street lighting must be planned, efficient, and
evaluated in terms of the behavior it promotes or deters and the use impact of the lighted (and
related) areas in terms of all users of the area (offenders, victims, other permanent, or casual users).
Any strategies related to the lighting strategy (e.g., block-watch or neighborhood watch, 911
emergency service, police patrol) must be evaluated in the same regard. This reflects the
comprehensiveness of the CPTED design approach in focusing on both the proper design and
effective use of the physical environment. Additionally, the concept of proper design and effective
use emphasizes the designed relationship among strategies to ensure that the desired results are
achieved. It has been observed that improved street lighting alone (a design strategy) is ineffective
against crime without the conscious and active support of citizens (in reporting what they see) and
of police (in responding and conducting surveillance). CPTED involves the effort to integrate
design, citizen and community action, and law enforcement strategies to accomplish surveillance
consistent with the design and use of the environment.
There are three overlapping strategies in CPTED (as shown in Fig. 1.1):
1. Natural access control
2. Natural surveillance
3. Territorial reinforcement
Access control and surveillance have been the primary design concepts of physical design
programs. At the outset of the CPTED program, access control and surveillance systems—
preexisting as conspicuous concepts in the field of CPTED—received major attention. Access
control and surveillance are not mutually exclusive classifications since certain strategies achieve
both, and strategies in one classification typically are mutually supportive of the other. However,
the operational thrust of each is distinctly different, and the differences must be recognized in
performing analysis, research, design, implementation, and evaluation.
FIGURE 1.1 Overlapping strategies in CPTED.
Access control is a design concept directed primarily at decreasing crime opportunity. Access
control strategies are typically classified as organized (e.g., security officers), mechanical (e.g., locks,
lighting, and alarms), and natural (e.g., spatial definition). The primary thrust of an access control
strategy is to deny access to a crime target and to create a perception of risk in offenders.
Surveillance is a design concept directed primarily at keeping intruders under observation.
Therefore, the …