Chapter 5: The Planning Process

• An organization's physical security program should address the following goals:
• Crime and disruption prevention through deterrence: fences, security guards, warning signs etc.
• Reduction of damage through the use of delaying mechanisms: layers of defenses that slow down adversary (e.g. locks, security personnel, and barriers).
• Crime or disruption detection: smoke detectors, motion detectors, CCTV etc.
• Incident assessment: response of security guards to detected incidents and determination of damaged level.
• Response procedures: fire suppression mechanisms, emergency response processes, law enforcement notification, and consultation with outside security professionals.
• To understand how effective the physical security program is or how beneficial it is to the organization, the program should be monitored through a performance-base approach. This means that you should devise measurements and metrics to gauge the effectiveness of your countermeasures. 

• The physical security team needs to carry out a risk analysis. The analysis will identify the organization's vulnerabilities, threats, and business impacts.  The team presents their findings to management and work with them to define an acceptable risk level for physical security program. The team then develops baselines (minimum level of security) and metrics to evaluate and determine if the baselines are being met by the countermeasures. The performance of the countermeasures should be continuously evaluated.