Chapter 1: Introduction

By purchasing this study guide, you have taken an important first step towards professional
credentialing. The Physical Security Professional (PSP) designation is awarded only to individuals
who demonstrate a comprehensive level of competence in the field of physical security.
Achieving this important designation can garner you the respect and recognition you deserve as
a professional. Certification will set you apart from your colleagues and other practitioners. It
also provides you with more opportunities and a greater chance of professional advancement.
Learning is a unique process, and study guides like the one you are reading allow you to learn at
your own pace and in a manner best suited to your individual learning style. To further assist
you, tips are occasionally used to bring your attention to important items or points.
Although this book is designed to provide information geared towards professional certification,
it is also meant to be a resource for security practitioners to quickly reference key concepts and
information that may be useful while performing daily responsibilities.
Learning Objectives
By reviewing the material in this chapter, you should be able to accomplish the following:
• Have a better understanding of physical security concepts and practices.
• Describe concepts involving the physical security functions within an organization.
• Understand security officer operations and the requirements to perform duties more
effectively.

Physical Security Origins

What is physical security? Physical security is the integration of people, procedures, and
equipment deployed to safeguard people, property, and information, and to prevent
unauthorized access to assets.
When we look at physical security, there is a tremendous amount of history regarding the
protection of life, property, and information dating back to the earliest times on earth. The

1
origins of physical security can be traced to the beginning of mankind when people lived in caves
and used handmade weaponry and stones to ward off dangerous animals or other outsiders.
In the Dark Ages, countries like France and England had teams of workers who removed trees
and brush from the sides of roadways in an attempt to stop thieves and robbers from using
them for concealment. In larger cities and towns, men were assigned as "watchmen" to monitor
access points and alert the citizens in the event of an attack. These watchmen were, in fact,
among the first groups of organized physical security professionals.
The American Society for Industrial Security, now ASIS International, was formed in 1955. This
is the year when the modern practice of physical security begins.

Physical Security Fundamentals

There are several concepts used by physical security professionals that form the cornerstone of
a physical protection program.
The Four Ds
First are The Four Ds of physical security. The Four Ds are the foundation of every physical
security project and should be part of the overall protection strategy. Additionally, The Four Ds
must be performed in sequence to effectively protect each asset. The Four Ds are:
1. Deter (always the first objective)
2. Detect (must include assessment)
3. Delay (begins after detection and communication to the response force)
4. Deny (prevent access)
When it comes to physical security, it is always preferable to deter the criminal act before it is
ever attempted. If you cannot deter the adversary, then you must detect (and assess) while
delaying the attack until a response force can interrupt and neutralize the adversary.

It is important to note that the function of Detection must include Assessment to be effective. If
you cannot determine what caused an event, it is not considered to be "detected."
2
Defense-in-Depth
Also referred to as layered protection or protection-in-depth, defense-in-depth is a fundamental
concept used in physical security. It consists of placing multiple layers of concentric security
features that provide 360-degree protection without gaps or weaknesses. It is important that
each layer of security has the same level of protection all the way around the asset, including
above and below the asset. This is referred to as having "Balanced Protection.

Defense-in-Depth
Although there can be many layers of security when it comes to defense-in-depth strategies, a
simple approach uses three main layers:
1. Outer layer
2. Middle layer
3. Inner layer
The outer layer may consist of barriers, protective lighting, signage, and intrusion detection
systems. The use of control measures at the perimeter (outer layer) typically defines the
property boundary and channels both people and vehicles to designated access points. The
middle layer comprises the exterior of the buildings on the site and may include doors, windows,
building facades, walls, and other openings such as ventilation intakes and skylights. The inner
layer often consists of window and door protection devices, barriers, reinforced walk doors,
access control devices, intrusion detection systems, video surveillance, protective lighting, and
signage. Typically, the highest value assets of an organization are located within the innermost
layer of security protection.
Understanding how each layer of protection works in regard to deterrence, detection, delay,
and deny is key when assessing the effectiveness of your protection program. However, to
calculate the effectiveness of the physical security features, one must first identify the assets to
be protected, the adversary's skills, tools, and tactics, as well as the pathway an adversary might
use. The result of this analysis is commonly referred to as the Design Basis Threat (DBT).
3
Another piece of crucial information when it comes to building your layered protection is
understanding the Critical Detection Point (CDP) for each asset. The CDP is the point where the
delay time exceeds the response force time. Simply put, it is the time it takes for the detection
and response functions to interrupt (stop) the adversary before they can compromise or destroy
an asset (deny). Layers of protection can help to slow the adversary, and after detection and
communications, allow the response force time to stop them. This is why it is so important to
develop an effective design for your physical security protection program.

Basic Design Concepts

The proper design and strategy of the physical security program should be considered during
the earliest stages of the design and planning process. At a minimum, the design concept should
consider the following five elements:
• Facility layout and utilization
• Protection strategy
• Structural and electronic security systems
• Security officer operations and other human support
• Physical security program management
It is important to note that risk assessment and analysis should be applied to every step of the
design phase and throughout the overall comprehensive protection strategy. Conflict avoidance
with the organization's culture, mission, and other departments should be accounted for and
designed into the program.
The Physical Protection System (PPS) should be balanced between the various forms of security
measures (structural, electronic, and procedural) to be effective. The objective should be to
provide adequate protection against all DBTs and to maintain a balance between cost, safety,
mission, and culture.
Point security can be defined as any site where the outer perimeter is loosely controlled with a
primary focus on individual buildings within the perimeter or spaces within the buildings, such
4
as restricted areas. Area security, on the other hand, refers to a site where the perimeter and
entry portals have a higher level of control and security features.
When designing a site or facility, there are a few key considerations that planners should take
into account:
• Placement of hazardous materials
• Air intake and exhaust design
• Utilities, including water, electric, natural gas, communications, sewer, drainage culverts,
etc.
• Neighboring facilities and operations
• Contingency planning
Design criteria is how the security practitioner evaluates the elements of the design and then
the entire PPS as a system. There are two ways this is typically accomplished. The first is by using
performance criteria for each subsystem or component, based on the contribution they make
to the overall PPS performance. The second, less preferable method, uses feature-based criteria
that relies on the features present but not on the performance of the subsystem or component.
An example of feature-based criteria would be having an exterior surveillance camera installed
but not testing the camera to ensure it captures the required field of view, or installing a camera
and not testing it for operability at night or during inclement weather conditions. Other
examples are:
• Feature criteria: Fence sensor is installed and operational.
• Performance criteria: Fence sensor can detect climbing, cutting, tunneling, and bridging
during all environmental conditions.
Although performance criteria are preferable, many security programs use a combination of
both feature and performance criteria to determine the effectiveness of the PPS. The final
protection scheme should be comprehensive in design, not just a piecemeal of protection
elements.

5
Security Officers and the Human Element
The number of security officers being deployed around the world is continuing to rise. It is
anticipated that the deployment of protection officers in the United States will see an
approximate 12 percent increase from 2012 to 2022. Despite technology being deployed more
than ever before to monitor, detect, and assess security-related incidents, the human element
is also developing and expanding.
Security services are fraught with challenges, and according to several leading security
professionals, the three main contemporary challenges are standards and guidelines, emerging
technology, and security education.
Emerging technology requires a protection officer to be proficient in computer programming
and use and to manage several technical platforms while on duty. The ability of the security
officer to adapt and learn multiple systems such as video management, electronic access
controls, visitor management, intrusion detection systems, protective lighting, network
troubleshooting, and various other systems is necessary to maximize security effectiveness.
Security education can range from specific topics such as active shooter training to a
comprehensive knowledge of industry practices and standards that security officers should
comprehend, such as the Certified Protection Officer (CPO) designation from the International
Foundation for Protection Officers (IFPO).
In general, security personnel are the most expensive line item in the security budget, so it is
common sense that these critical positions bring value to the organization and mission. The first
consideration is why you need the human element within your protection program. A few
determining factors for staffing the security officer function may be:
• The ability to quickly distinguish between people, events, objects, and varying
circumstances
• The need to have rational and professional dialogue with other human beings
• The need to have a security officer present to deter, delay, or have the threat of physical
force to restrain others
6
 • The ability to communicate reports for incidents, daily activities, and issues
• Requiring logical judgment and responses to random circumstances and activities

Security Officers: Roles, Training, and Metrics

Roles and Responsibilities
Security officers play a crucial role in the protection of property and enforcement of rules within
an organization. Their performance is influenced by several factors including training, local
management, and the individual officer's ambition. The core characteristics of an effective
security officer include mental stability, emotional maturity, good character, ethical behavior,
neat appearance, and a deep understanding of job requirements and education. Essential traits
also include loyalty, courage, discipline, and alertness, with a strong emphasis on courtesy,
restraint, and interest.

Duties of Security Officers

The security officer is tasked with protecting property, enforcing rules, and directing
pedestrian and vehicular traffic. These tasks may involve dealing with senior officials and
company leaders and the security officer must be emotionally mature and confident in their
ability to be effective in providing such services.
The ability to perform well under stress is another characteristic of a good officer because some
of their duties may involve stressful incidents such as a fight between coworkers or an active
assailant on the premises. For example, during a partial bomb evacuation, the security officer
should assist the evacuation by focusing on the floor involved with the suspected bomb, and the
floors immediately above and below the floor involved.
If a security officer is not mature, stable, and confident, such incidents will be more problematic
and the officer's role in communicating, responding, and protecting the organization less
effective. Some of the basic functions a security officer may encounter are listed below:
Security officers are responsible for various tasks, including but not limited to:
7
 • Access control (for people, vehicles, and materials)
• Screening of individuals, vehicles, and packages
• Patrolling protected areas (both on foot and mobile)
• Responding to security incidents
• Inspecting security, fire, and safety measures
• Escorting individuals and materials
• Monitoring and operating security devices
• Emergency response (e.g., bomb evacuation, first aid)
• Dealing with disturbed individuals sensitively
• Performing special assignments
• Keeping accurate records
One of their most important functions is maintaining detailed written records. This includes
incident logs and formal written reports to inform leadership. Effective written communication
is essential, thus training in this area is recommended.
Proprietary vs. Contract Security Officers
Organizations can choose between proprietary (direct-hire) officers or contract security officers,
or a hybrid approach:
• Proprietary Officers: Offer more control, loyalty, performance, and understanding of the
organization, but involve more rigorous screening.
• Contract Officers: Usually cost less, offer more flexibility, reduce administrative tasks, and
may transfer some liability to the contract firm.
• Hybrid Approach: Combines benefits of both proprietary and contract officers, often used
to reduce costs and manage peak periods effectively.
Preemployment Screening
Preemployment screening for security officers should include:
• Minimum age requirements (18 for unarmed, 21 for armed positions)
• Legal working status
8
 • Verifiable identity and addresses/telephone numbers for the past seven years
• High school diploma or equivalent
• Criminal history check
• Verified employment history for the past seven years
• Drug screening
• Verification of applicable licenses or certifications

Roles of Security Officers

Security officers often act as the first contact for visitors, employees, and customers, serving as
a public relations/ management representative of the organization. Their roles can include:
• Enforcement agent (ensuring rules are followed)
• Intelligence agent (collecting information)
• Legal consultant (understanding torts, negligence, and contracts)
• Physical security specialist (advising on crime prevention and security improvements)

Deciding to Arm Security Officers

Arming security officers involves additional liability and costs for training, equipment, insurance,
and regulatory compliance. A test to determine the need for armed officers includes:
1. Assessing whether life safety is at greater risk without an armed officer
2. Determining if the officer might reasonably be expected to use fatal force
Organizational responsibilities when arming officers include:
• Training
• Selecting appropriate firearms and ammunition
• Ensuring proper maintenance by a qualified gunsmith
• Maintaining firearms records
• Purchasing adequate liability insurance

9
Security Training
Security training encompasses three learning domains:
• Cognitive Learning: Knowledge and theory applied to practice
• Affective Learning: Attitudes and perceptions related to cultures, adversaries, and asset
protection
• Psychomotor Learning: Physical skills and hands-on training
The modern security officer needs to understand training, be able to retain it, and apply the
knowledge when necessary. Part of the process requires socialization of the officer to the
organizational values. Professional expertise can be summarized in the following equation:
Education + Training + Guided Experience = Development
However, a security officer's development is dependent upon his or her supervisor. Effective
security leadership requires good coaching, collaboration, teaching, and counseling skills.
Training should be based on the regulatory requirements, client contracts, union agreements,
insurance requirements, and standards and guidelines.
The benefits of training go beyond the investment required to develop an officer into a
professional. A few benefits to mention are:
• Improved job performance
• Increased motivation
• Reduction in turnover
• Decreased liability
• Reduction in supervision (due to fewer issues)
There are many methods to deliver training, including distance learning, on-the-job training,
lectures, mentoring, job aids, and case studies. Distance learning can be used to instruct
multiple sites with consistent information. On-the-job training is an excellent method to transfer
the knowledge from the instructor to the officer. Lectures can be an effective method of training
if they are short in length and dynamic. Mentoring offers the officer a great way to socialize into
the organization and bridges any gaps in the officer's training. Job aids are usually a supplement
10
to other training methods, using items such as laminated cards or signs to remind the officer.
Case studies are most effective when delivered in a forum that allows for active group
discussions.
One of the biggest issues with training is the cost to the organization. There are several ways to
maximize a training budget:
• Use free training offered by the government or community associations
• Join professional organizations such as ASIS or the International Foundation for
Protection Officers (IFPO)
• Share instructional materials if permitted
• Purchase off-the-shelf training materials
• Outsource training to a technical school or community college
• Seek a grant from various government (local, state, federal) funded programs
Training programs can vary, but here are a few common topics that security officers often train
on: workplace violence, active shooter, use-of-force, investigations, ethics, legal authority,
conflict resolution, report writing, emergency care, observation techniques, security systems
operation, fire prevention, and safety.
Security leadership should avoid the "Frog Syndrome." This is where a manager starts a training
program by personal instruction (jumps in), and then when their workload increases, they
abandon (jumps out) the training program, leaving it incomplete.
Managing Security Officers
The deployment of security officers should follow rational and objective business criteria. This
process includes an assessment and analysis of the need. The human element is always
necessary within a security program, but how many officers and how they operate can be
debated. There are three kinds of orders that direct security officer operations:
1. General orders
2. Post orders
3. Special orders
11
General Orders are bodies of principles for the officer. They include items such as prohibiting
smoking, eating, and personal cell phone use while on duty, and guidelines on how they will
maintain their post, wear their uniform, and use company equipment. Special Orders,
conversely, may be developed to address special events such as a board meeting, holiday party,
or public function. Special orders have a specific timeframe and scope.
Post Orders, also known as Standard Operating Procedures (SOPs), are the most important
document for the security force as they list officer duties, explain any policies and procedures,
and provide a basis for training. Post orders should be written clearly and be easy to understand,
using the following criteria as a guide:
1. Each order should deal with a single subject.
2. Each order should be concise.
3. Each order should be easy to understand.
4. Orders should be indexed based on content.
5. Orders should be available at every post.
6. Orders should contain a coordinated set of instructions (no contradictions).
The ability of each security officer to understand and implement post orders cannot be
understated. It is up to the direct supervisor to ensure that post orders are read and
comprehended by each officer. There are three techniques that a supervisor can use to make
sure the post orders are reinforced and understood:
• Ask the security officer specific questions about the orders.
• Observe the security officer in a situation that requires application of the orders.
• Set up a hypothetical situation that requires the officer to illustrate a working knowledge
of the orders.
It is important to note that policies differ from procedures in that policies are strategic security
objectives and priorities for the organization. Policies are statements of principles that each
employee must follow while performing business functions. There are four main areas that
policies address:
12
 1. General - general objectives, responsibilities of staff, accountability, reporting, auditing,
etc.
2. People - workplace violence, emergency evacuation, prohibited items, security
awareness, etc.
3. Property - acceptable use of equipment, investigations, key control, safeguarding
property, etc.
4. Information - disclosure, marking, storage, handling, destruction of documents, etc.
Procedures, on the other hand, are detailed instructions on how to perform daily work, often
using a step-by-step process or a written list of duties. Procedures change more often than
policies to meet changing demands and conditions and are used to carry out security policies.
Policies typically require approvals from executive leadership, whereas procedures can often be
approved at a manager or director level. Procedures address three main areas:
1. People - response to threats, evacuations, visitor management, employee access badging,
etc.
2. Property - securing assets, marking property, key issuance, officer duties (post orders),
etc.
3. Information - marking, storage, destruction of information, and technical surveillance
countermeasures (anti-eavesdropping), etc.
Policies and procedures must be communicated effectively to all staff and can be used to
implement corrective measures such as addressing inappropriate employee behavior and
underperformance.
Supervision of the security force has changed in recent years. The older trend was to follow a
paramilitary model, which has been replaced by organizing the management function along the
lines used by businesses. Supervisors are responsible for Quality Control (QC) and Quality
Assurance (QA). QC focuses on the officer's deliverables while QA is related to service quality.
The use of independent third-party inspectors to perform QC inspections can help foster an

13
environment of open sharing, can be more objective, and can offer a more realistic scenario
when the security officer is being tested.
Security Personnel Metrics
Developing metrics for security officers is a key component of the physical security program.
Metrics provide a tool for management to track, measure, and understand the appropriate
number of security officers needed and the required budget necessary. There are two
measurable performance categories for security officers: response and training.
Response metrics can comprise the following:
• Guard force response: This is the time it takes to respond to duress alarms, intrusion
alarms, and other security events. Often in the contract, there is a baseline response time
requirement that officers can be measured against.
• Response to customer requests: This is the time it takes to resolve customer requests,
often made via telephone or online. Requests should be time-stamped and assigned a
tracking number. This metric is the most important metric that an organization can
monitor because it provides a good look into the reputation of the security function and
can help determine the resources needed.
• Security-related activities: Measuring daily activities such as access badge issuance,
requests for access, lost or stolen card requests, key requests, parking violations, and
other security activities is important to track for the security function. Such information
is valuable to management for resource and budget allocation.

Training metrics comprise the following:

• Inward-facing training metrics: These cover the training required for the performance of
the officer's duties. The baseline requirement is 100 percent compliance for this metric.
The scores achieved, percentage of staff completing the training, average scores, and
proficiency demonstrated can all be used as metrics for inward-facing programs.

14
 • Outward-facing training metrics: These are metrics that the security department
documents when providing training to others within the organization. A few examples are
active shooter training, security awareness on policies and procedures, workplace
violence prevention, IT security, emergency procedures, and travel security training
programs. Courses developed, courses delivered, and the total percentage of participants
should all be tracked and measured. A baseline of 100 percent for each metric should be
the goal.
• Customer satisfaction survey: It is important to get feedback from the customer who
participates in the training. An anonymous reporting method should be used to get
honest feedback from the participants.
Legal Considerations
There are many considerations when looking at response and operating procedures as they
relate to the security function. Incident response policies and procedures should be reviewed
periodically by the legal department to determine if the procedures:
• Are legally defensible and enforceable.
• Comply with other organizational policies and procedures.
• Follow best industry practices by demonstrating duty of care.
• Conform to national, state, and local laws and regulations.
• Protect the staff and organization from lawsuits.
There are a few terms and concepts that the security manager should consider regarding
improper procedures and training in the effort to prevent lawsuits:
• Foreseeability: Events or actions that may cause loss, harm, or damage, that are known,
or should have been known, to the organization and/or the security officers before the
event occurred.
• Proximate cause: When an officer is the immediate cause of an injury to a victim.
• Breach of duty: When officers engage in unreasonable conduct.
• Failure to adhere to duty guidelines: When officers engage in conduct beyond their duties.
15
Chapter 1 Key Points
• The Four Ds of Security: Deter, Detect, Delay, Deny
• Layered Protection (Defense-in-Depth): Consists of multiple security measures around
an asset.
• Balanced Protection: Ensures all protective measures are evenly deployed around an
asset.
• Defense-in-Depth: When applied in a basic format, it includes three layers of protection:
1. Outer layer
2. Middle layer
3. Inner layer
• Design Basis Threat (DST): Basis of Physical Protection System (PPS) design used to
protect an asset by analyzing adversary skills, tools, tactics, and pathways an adversary
might use.
• Critical Detection Point (CDP): The point where delay time exceeds response force time.
• Physical Protection System (PPS): Should be balanced between various forms of security
measures (structural, electronic, and procedural) to be effective.
• Point Security: Defined as any site where the outer perimeter is loosely controlled, with
primary focus on individual buildings within the perimeter or spaces within the buildings.
• Area Security: Where the perimeter and entry portals have a higher level of control and
security features.
• Performance Criteria: For each subsystem or component is based on the contribution the
device or component makes to the overall PPS performance.
• Feature-Based Criteria: Relies on the presence of a feature or component, not on its
performance.
• Security Officer Tasks: Protecting property, enforcing rules, and directing pedestrian and
vehicular traffic.
16
• Partial Bomb Evacuation: Security officers should focus on the floor involved with the
suspected bomb and the floors immediately above and below that floor.
• Contract Security Services: Often less expensive than proprietary security officers.
• Armed Security Officer Necessity Test: There is a greater danger to life safety without the
armed officer, and the security officer may reasonably be expected to use fatal force.
• Learning Domains:
1. Cognitive Learning
2. Affective Learning
3. Psychomotor Learning
• Development Equation: Development = Education + Training ± Guided Experience
• Orders Directing Security Officer Operations:
1. General Orders
2. Post Orders
3. Special Orders
• Post Orders: The most important written document for the security force, listing officer
duties, policies, and procedures, and providing a basis for training.
• Policy Areas:
1. General
2. People
3. Property
4. Information
• Procedure Areas:
1. People
2. Property
3. Information
• Security Policies: Strategic principles that must be followed and require executive-level
approval.
17
• Security Procedures: Steps to accomplish day-to-day tasks in meeting policy
requirements, changing more often than policies. Post Orders (also known as SOPs) are
an example of security procedures.
• Security Officer Metrics:
1. Response Metrics
2. Training Metrics
• Training Metrics:
1. Inward-facing programs
2. Outward-facing programs

18