The safety and security of our surroundings, whether at home, in the workplace, or in public spaces, has become increasingly important. As we move through different environments, we want to identify and clearly define the key terms related to physical security. Below is a list of security terms often referenced within Safe Haven’s written content. These terms are industry standard and are crucial to understand, as they define security practices and the various actors and elements involved in these scenarios.
Physical Security Risk Management Glossary
Adversary. The people or systems that represent a threat.
Threat. Who might attack, when they might attack, where, how, what goals and resources they have, and the probability of an adversary attacking in any given day, week, month or year.
Threat Assessment. An attempt to predict the likely threats.
Threat Modeling. A process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified and enumerated, and countermeasures prioritized. The purpose of threat modeling is to provide defenders with a systematic analysis of what controls or defenses need to be included, given the nature of the system, the probable attacker’s profile, the most likely attack vectors, and the assets most desired by an attacker. Threat modeling answers questions like "Where am I most vulnerable to attack?", "What are the most relevant threats?", and "What do I need to do to safeguard against these threats?"
Vulnerability. In contrast to a threat, a vulnerability is a security weakness that could be exploited by the threat(s) in order to cause undesirable consequences.
Vulnerability Assessment. (VA) Involves discovering and potentially demonstrating a vulnerability, but also provides ways to defeat a security device, system, or program..i.e. attacks.
Use Protocol. The informal ways security products, technologies, or strategies are used.
Attack Scenario. A potential method and sequence of events undertaken by adversaries to defeat security. (VA's seek to discover not just vulnerabilities, but also potential attack scenarios)
Security/Facility Feature. Is some element of a security device, program, facility, building, or infrastructure. (Not to be confused with assets or vulnerabilities)
An Asset. Is something that needs to be protected from threats. Valuable Assets can be people, equipment, raw materials, products, services, money, artifacts, buildings, networks PII, intellectual property, etc.
Risk. The probability-weighted cost of loss and/or harm.
Risk Management. The process of eliminating risk by deciding on priorities, like what to protect, how to protect it, and how to deploy security resources.
Risk Assessment. Attempts to identify and quantify risks.
Security Surveys. A walkthrough of a facility using a checklist. The goal of a Survey is to see if the security measures planned for a facility, organization, or infrastructure are being implemented and are effective.
Security Audits. Checking to see if the organizational or infrastructure security is in compliance with regulations, laws, policies, standards, and guidelines.
Physical Security Assessments. A software based Security Survey for physical security.
Red Teaming. In a nutshell, security testing.
This guide from Safe Haven outlines industry standard terminology critical for defining security practices and potential scenarios. It is subject to change as the risk landscape evolves.
Source Material
Much of the Security Terminology provided here derives from Dr. RG Johnston’s seminal book, Vulnerability Assessment: The Missing Manual for the Missing Link.
Copyright 2023 SAFE HAVEN RISK MANAGEMENT LLC . All Rights Reserved. | Website Design + Development by JasonHunter Design