Chapter 5: Steps to take before a physical security program can be rolled out

1. Identify a team of internal employees and/or external consultants who will build the physical security program through the following steps.
2. Carry out a risk analysis to identify the vulnerabilities and threats and to calculate the business impact of each threat.
3. Identify regulatory and legal requirements that the organization must meet and maintain.
4. Work with management to define and acceptable risk level for the physical security program.
5. Derive the required performance baseline from the acceptable risk level.
6. Create countermeasure performance baseline from the acceptable rick level.
7. Create countermeasure performance metrics.
8. Develop criteria from the results of the analysis, outlining the level of protection and performance required for the following categories of the security program:
1. Deterrence
2. Delaying
3. Detection
4. Assessment
5. Response
9. Identify and implement countermeasures for each program category
10. Continuously evaluate countermeasures against the set baselines to ensure the acceptable risk level is not exceeded.