Lesson 5

PHYSICAL SECURITY

Define Physical Security

- Physical Security measures are being used to defend, protect and monitor
property rights and assets. The measures consist of barriers and devices that
would deter, impede and prevent unauthorized access to equipment,
facilities, material and document and to safeguard against espionage,
sabotage, damage and theft.
- Physical security has the important elements:
a) The obstacles, to frustrate trivial attackers.
b) Alarms, security lighting, security guard patrols, closed-circuit television
cameras to make it like that attacks will be noticed; and
c) Security responses, to repel, catch or frustrate attackers when an attack is
detected.

Physical Security is a system of barriers placed between the potential intruders

and the matter to be protected.
Physical Controls:
 Discourage undermined intruders
 Offers psychological deterrents
 Delay determined intruders
 Provide security in depth
Physical control example includes:
 Fences and other barriers, locks, windows and doors bars
 Electronic Alarms, protective lighting, safes vaults and signs.

Four Layers of Physical Security:

1. Environment Design – the initial layer of security for a campus, building, office
or physical space use environment design to deter threats. Some of the most
common examples are also the most basic barbed wire, warning signs and
fencing concrete, metal barriers, vehicle height-restriction, site lighting.
 2. Mechanical and Electronic Access Control – includes gates, doors and locks.
Key control of the locks becomes a problem with large user populations and
any user turnover. Keys quickly become unmanageable forcing the adoption
of electronic access control.

3. Intrusion detection – monitors for attacks. It is less a preventive measure and

more of a response measure. Although some would argue that it is a
deterrent. Intrusion detection has a high incidence of false alarms.

4. Video monitoring – are some useful for incident verification and historical
analysis. For instance, if alarms are being generated and there is a camera
place, the camera could be viewed to verify the alarms. In instances when an
attack has already occurred and a camera is in place at the point of attack, the
recorded video can be reviewed.

Three Lines of Physical Defense

1. First Line of Defense – includes perimeter fence or barrier
2. Second line of Defense – include doors, floors, windows, walls, roofs, and grills
and other entries to the buildings.
3. Third line of Defense – include storage systems like steel cabinet, safe vaults
and interior files

Principle involved in Physical Security

1. The type of access necessary will depend upon a number of variable factors
and therefore may be achieved in a number of ways.
2. There is no impenetrable barrier
 3. Defense in dept is barriers after barriers
4. Delay is provided against surreptitious and non-surreptitious entry.
5. Each installation is different

Define Barrier
- Barrier can be defined as any structure of physical device capable of
restricting, deterring, delaying of illegal access to an installation.

Purposes in the use of Barrier:

a) Define the physical limits of an area;
b) Create a physical and psychological deterrent to unauthorized entry;
c) Prevent penetration therein or delay intrusion, thus, facilitating apprehension
of intruders;
d) Assist in more efficient and economical employment of guards and
e) Facilitate and improve the control and vehicular traffic.

Type of Barriers
1. Natural Barriers – it includes bodies of waters, mountains, marshes, ravines,
deserts or other terrain that are difficult to traverse.

2. Structural Barriers – these are features constructed by man regardless of their

original intent that tends to delay the intruder. Examples are walls, doors,
windows, locks, fences, safe, cabinets or containers, etc.
 3. Human Barriers – person being used in providing a guarding system or by the
nature of their employment and location, fulfill security functions. Examples
are guards, office personnel, shop workers, etc.

4. Animal Barriers – animals are used in partially providing a guarding system.

Dogs are usually trained and utilized to serve as guard dogs. German
shepherds are best suited for security functions, Goose and turkeys could be
also included.

5. Energy Barriers – it is the employment of mechanical, electrical energy

imposes a deterrent to entry by the potential intruder or to provide warning
to guard personnel. These are protective lighting, alarm system and any
electronic devices used as barriers.

Purpose of Perimeter Security

- The main purpose of perimeter barrier is to deny or impede access or exit of
unauthorized person. Basically, it is the first line of defense of an installation.
This is maybe in the form of defenses, building walls or even bodies of water.
The function and location of the facility itself usually determine the perimeter
of the installation. If the facility is located in a city whereby the building or
enterprise occupies all the area where it is located, the perimeter may be the
walls of the building itself.
Note: most of the Industrial Companies are required to have a wide space for
warehousing, manufacturing, etc.

Type of Perimeter Barriers:

1. Fences
2. Walls
3. Bodies of Water

Fence is a freestanding structure designed to restrict or prevent across a boundary.

Type of Fences
1. Solid Fence – constructed in such a way that visual access through the fence is
denied. Its advantage is that it denies the opportunity for the intruder to
become familiar with the personnel, activities and the time scheduled of the
movements of the guards in the installation. On the other hand, it prevents
the guards from observing the areas around the installation and it creates
shadow that may be used by the intruder for cover and concealment.

2. Full-View Fence – it is constructed in such a way that visual access is

permitted through the fence. Its advantages are that it allows the roving
patrols and stationary guard to keep the surrounding area of the installation
under observation. On the other hand, it allows the intruder to become
familiar with the movements and time schedule of the guard patrols thereby
allowing him to pick the time that is advantageous on his part.
Type of Full-View Fence
1. Chain link fence
 It must be constructed of 7 feet material excluding top guard.
 It must be of 9 gauges or heavier.
 The opening is not to be larger than 2 inches per side.
 It should be twisted and barbed salvage at top and bottom.
 It must be securely fastened to rigid metal or reinforced concrete.
 It must reach within 2 inches of hard ground or paving.
 On soft ground, it must reach below surface deep enough to compensate for
shifting soil or sand.

2. Barbed wire fence

 Standard barbed wire is twisted, double-strand, 12-gauge wire with 4 point barbs
spaces in an equal distance apart.
 Barbed wire fencing should not be less than 7 feet high excluding top guard.
 Barbed wire fencing must be firmly affixed to posts not more than 6 feet apart.

Note: the distance between strands must not exceed 6 inches at least one wire will be
interlaced vertically and midway between posts.

3. Concertina wire fence

 Standard concertina barbed wire is commercially manufactured wire coil of high
strength steel barbed wire clipped together at intervals to form a cylinder.
 Opened concertina wire is 50 feet long and 3 feet in diameter.
Perimeter Barrier Opening
1. Gates and Doors – when not in use and controlled by guards, gates and doors
in the perimeter should be locked and frequently inspected by guards. Locks
should be changed from time to time and should be covered under protective
locks and key control.

2. Side-walk-elevators – these provide access to areas within the perimeter

barrier and should be locked and guarded.

3. Utilities Opening – sewers, air intakes, exhaust tunnels and other utility
openings which penetrate the barrier and which have cross sectional areas of
96 square inches or more should be protected by the guards.

4. Clear Zones – an obstructed area or a “clear zone” should be maintained on

both sides of the perimeter barrier. A clear zone of 20 feet or more is
desirable between the barriers and exterior structures and natural covers that
may provide concealment for assistance to a person seeking unauthorized
entry.

Additional Protective Measures:

1. Top Guard – additional overhang of barbed wire placed on vertical perimeter
fences upward and outward with a 45 degree angle with 3 to 4 strands of
barbed wires spaced 6 inches apart. This increases the protective height and
prevents easy access.

2. Guard Control Stations – this is normally provided at main perimeter

entrances to secure areas located out—of-doors, and manned by guards on
full-time basis. Sentry station should be near a perimeter for surveillance at
the entrance.

3. Tower Guard – this is house-like structure above the perimeter barriers. The
higher the tower, the more visibility it provides. It gives psychological
unswerving effect to violators by and large guard towers, whether permanent
or temporary must have a corresponding support force in the event of need.
Towers as well as guard control stations should have telephones, intercoms
and if possible two-way radios connected to security headquarters or office to
call for reserves in the event of need.

4. Barrier Maintenance – fencing barriers and protective walls should always be

regularly inspected by security. Any sign or attempts to break in should be
reported for investigation. Destruction of fence or sections thereof should be
repaired immediately.
5. Protection in Depth – in large open areas or ground where fencing or walling
is conspicuously placed. The depth itself is protection reduction of access
roads and sufficient notices to warn intruders should be done. Use of animals,
as guards and intrusion device, an also be good as barriers.
 6. Signs and Notices – “control Signs” should be erected where necessary in the
management of unauthorized ingress to preclude accidental entry. Sign
should be plainly visible and legible from any approach and in an understood
language or dialect.

Protecting Lighting
- Lighting can provide improve protection for people and facilities is as old as
civilization. Protective lighting is the single most cost-effective deterrent to
crime because it creates a psychological deterrent to the intruders.

Purpose of Protecting Lighting

1. It provides sufficient illumination to the areas during hours of darkness.
2. Lighting can help improve visibility so that intruder can be seen and identified
and, if possible, apprehended.
3. It serves as deterrent to would be thieves.

Types of Protective Lighting

1. Continuous lighting – the most familiar type of outdoor security lighting, this
is designed to provide the specific results; glare projection or controlled
lighting. It consists of a series of fixed luminaries at range to flood a given area
continuously during the hours of darkness.

2. Standby lighting – is designed for reserve or standby use or to supplement

continuous systems. A standby system can be most useful to selectively light a
particular in an occasional basis.
 3. Movable or Portable lighting – this system is manually operated and is usually
made up of movable search or floodlights that can be located in selected or
special locations which will require lighting only for short period of time.

4. Emergency lighting – this system is used in times of power failure or other

emergencies when other systems are inoperative.

General Types of lighting Sources

1. Incandescent lamp – it is the least expensive in terms of energy consumed
and has the advantage of providing instant illumination when the switch is on.

2. Mercury vapor lamp – it is considered more efficient that the incandescent

and used widespread in exterior lighting. This emits a purplish white color
caused by an electric current passing through a tube of conducting and
luminous gas.

3. Metal Halide – it has similar physical appearance of higher mercury vapor but
provides a light source of higher luminous efficiency and better color
rendition.
 4. Fluorescent – this provides good color rendition, high lamp efficiency as well
as long life. However, it cannot project light over long distance and thus are
not desirable as flood type lights.

5. High-pressure sodium vapor – this has gained acceptance for exterior lighting
of parking areas, roadways, building and commercial interiors installations.
Constructed on the same principle as mercury vapor lamps, they emit a
golden white to light pink color and this provide high lumen efficiency and
relatively good color rendition.

Type of Lighting Equipment

1. Floodlights – these can be used to accommodate most outdoor security
lighting needs, including the illumination of boundaries, fences and building
and for the emphasis of vital areas or particular buildings.

2. Street lights – these are lighting equipment received the most widespread
notoriety for its value in reducing crime.

3. Search lights – these are highly focused incandescent lamp and are designed
to pinpoint potential trouble spots.
 4. Fresnel lights – these are wide beam units, primary used to extent the
illumination in long, horizontal strips to protect the approaches to the
perimeter barrier. Fresnel projects a narrow, horizontal beam that is the
degrees in the horizontal and from 15 to 30 degree in the vertical plane.

Protective Lighting Requirements

1. Protective lighting needs at installation and facilities depend on each situation
and the areas to be protected. Each situation requires careful study to provide
the best visibility practicable for security duties identification of badges and
people at gate inspection of vehicles, prevention of illegal entry and detection
of intruders and inspection of unusual or suspicious circumstances.
2. When such lighting provisions are impractical, additional security posts,
patrols, sentry dog patrols or other security means will be necessary.
3. Protective lighting should not be use as a psychological deterrent only. It
should be used on a perimeter fence line only where the perimeter fence is
under continuous or periodic observation.
4. Protective lighting may be desirable for those sensitive areas or structures
within the perimeter, which are under specific observation. Such areas include
vital buildings, storage, and vulnerable control points in communication,
power and water distribution system. In interior areas where night operations
are conducted, adequate lighting or the areas facilities detection of
unauthorized persons approaching or attempting malicious acts within the
area.
General Considerations in Protective lighting:
1. The determination of lighting needs must be dependent upon the threat
perimeter extremities.
2. Protective lighting must be designed to discourage unauthorized entry and to
facilitate detection of intruders approaching or attempting to gain entry into
protected areas.
3. The protective lighting must be continuously operates during periods of
reduced visibility and that standby lighting is maintained and periodically
tested for use during times of emergency and mobilization alerts.
4. Cleaning and replacement of lamps and luminaries, particularly with respect
to costs and means required and available.
 5. The effects of local weather conditions may be a problem in cases where
fluorescent units are used.
6. Fluctuating or erratic voltages in the primary power sources.
7. Requirements for grounding of fixtures and the use of common ground on an
entire to provide a stable ground potential.

Areas to be lighted:
a) Perimeter fence
b) Building face perimeter
c) Pedestrian and vehicle entrance
d) Parking area
e) Storage, large opened working areas, piers, docks and other sensitive areas.

Protective Alarms and Communication System

- Protective alarm is one of the important barriers in security. It assists the
security in detecting, impeding or deterring potential security threat in the
installation. Basically, its function is to alert the security personnel for any
attempt of into a protected area, building or compound. Once an intruder
tampers the circuitry, the beam or radiated waves of the alarm system. It will
activate an alarm signal.

Note: The use of communication equipment in the installation helps security in

upgrading its operational efficiency and effectiveness.

Three Basic Parts of Alarm System

1. Sensor or trigger device – it emits the aural or visual signals or both.

2. Transmission line – a circuit which transmit the message to the signaling

apparatus.
 3. Annunciator – it is the signaling system that activates the alarm.

Type of Protective Alarm System

1. Central Station System – a type of alarm where the control station is located
outside the plant or installation. When the alarm is sounded or actuated by
subscriber, the central station notifies the police and other public safety
agencies.
2. Propriety system – centralized monitor of the propriety alarm system is
located in the industrial form itself with a duly operator. In case of alarm, the
duty operator calls whatever is the primary need; fire-fighters, police, an
ambulance or a bomb disposal unit.
3. Local Alarm – this system consist of ringing up a visual or audible alarm near
the object to be protected. When an intruder tries to pry a window, the alarm
thereat goes off.
4. Auxiliary alarm – company-owned alarm systems with a unit in the nearest
police station so that in case of need, direct call is possible. The company
maintains the equipment and lines both for the company and those in the
police, fire and other landlines or cell phones can avail of the auxiliary system.

Kinds of Alarms
1. Audio Detection Device – it will detect any sound caused by attempted force
entry. A supersonic microphone speaker sensor is installed in walls, ceiling and
floors of the protected area.
2. Vibration Detection Device – it will detect any vibration caused by attempted
force entry. A vibration sensitive sensor is attached to walls, ceilings or floors
of the protected area.
3. Metallic foil or wire – it will detect any action that moves the foil or wire. An
electricity charge strips of tinfoil or wire is used in the doors, windows or glass
surfaces of the protected area.
4. Laser Beam Alarm – a laser emitter floods a wall or fencing with a beam so
that this beam is disturbed by a physical object, an alarm is activated.
5. Photoelectric or Electric Eye Device – an invisible/visible beam is emitted and
when this is disturbed or when an intruder breaks contact with the beam, it
will activate the alarm.
Utilization of Alarm Devices
a) Nature of the area or installation
b) Criticality of the area or complex
c) Vulnerability of the area or complex
d) Accessibility
e) Construction and type of building
f) Hours of normal operation
g) Availability of other type or protection
h) Initial and recurring cost of installed alarm system
i) Design and salvage value of desired equipment
j) Response time of the security force and local police
k) Saving in manpower and money for a period of time if alarm is used.

Desirable Characteristics of Alarm System

1. A detection unit initiate the alarm upon intrusion of a human being in the
area or vicinity upon intrusion of a human being in the area or vicinity to the
protected area or object.
2. Panel board central annunciator operating console monitoring activities
should be manned at all times.
3. An annunciaotr console indicating the audible and/or aural signal and the
specific location of incident so that proper action can be made by security and
other units.
4. Fail-safe features which give alarm in the annunciator when something is
wrong with the system.
5. System should be difficult to tamper or render ineffective by outsiders,
competitors or saboteurs.

Summed-up on Protective Alarm Device

a) Alarm devices are physical safeguards used to assist security but not a
replacement in the protection of assets and lives in the installation.
b) It assists the guards to extend their hearing and vision even in areas where
they are not physically present.
c) The alarm system whether a local, a central propriety or an auxiliary type are
to inform the guard either visually or aurally of an attempt or a break-in
within the premises being protected.
d) Maintenance of alarm system must be regularly made, the signal line must
protect and there must be alternate source of power.
e) New and improve intrusion hardwired are being developed and placed in the
market but again, the human guard is irreplaceable in spite of
 computerization and the arrival of upper sophisticated devices in security
alarm systems.

Communications System in Security

- Regular communication facility of a plant is not adequate for protective
security purposes. Security needs a special communication system that will
vary in size, type, nomenclature and cost commensurate with the importance,
vulnerability, size, location, radio propagation, and other factors affecting the
security of the installation.

Equipment Used in Communication:

a) Local telephone exchange
b) Commercial telephone service
c) Intercommunication
d) Two-ways radios
e) Paging and recall systems
f) Bullhorns or megaphones
g) Amplifier or loud speaker systems
h) Cellular or mobile phones

Protective Locks and Key System

- Lock is one of the most widely used physical security devices in the asset
protection program of an installation. It complements other physical
safeguards of the installation against any possible surreptitious entry.
However, the owner of the installation or his security officer needs to
understand the weaknesses and strength of each type of locks including the
doors, window or walls to be used to achieve maximum benefit from the
application. This is because highly skilled burglars more often concentrate in
the lock and its surroundings mechanism in order to make forcible entry. It is
for this obvious reasons that locks and considered as delaying devices which
cannot really stop a determine intruder from destroying the lock just to
launch an attack.

Lock Defined
- A lock is defined as a mechanical, electrical, hydraulic or electronic device
designed to prevent entry into a building, room, container or hiding place.

Types of Locks:
 1. Key-operated mechanical lock – it uses some sort of arrangement of internal
physical barriers (wards tumblers) which prevent the lock from operating
unless they are properly aligned. The key is the device used to align these
internal barriers so that the lock may be operated.
Three (3) Types of Key-Operated Lock:
 Disc or Wafer tumbler mechanism
 Pin tumbler mechanism
 Lever tumbler mechanism
2. Padlock – a portable and detachable lock having a sliding hasp which passes
through a staple ring and is then made fasten or secured.
3. Combination lock – instead of using the key to align the tumblers, the
combination mechanism uses numbers, letters or other symbols as reference
point which enables an operator to align them manually.
4. Code-operated lock – a type of lock that can be opened by pressing a series of
numbered button in the proper sequence.
5. Electrical lock – a type of lock that can be opened and closed remotely by
electrical means.
6. Card-operated lock – a type of lock operated by a coded card.

Key Defined
- A key is a device which is used to open a door. A key consist of two parts: the
BLADE, which is inserted into the lock and the BOW, left protruding so that
torque can be applied. The blade of a key is normally designed to open one
specific lock, although master keys are designed to open sets of similar locks.

Type of Keys
a) Change Key – Is specific key, which operates the lock and has a particular
combination of cuts which match the arrangement of the tumblers in the lock.
b) Sub-master Key – a key that will open all the lock within a particular area or
grouping in a given facility.
c) Master Key – a special key capable of opening a series of lock.
d) Grand Master Key – a key that will open everything in a system involving two
or more master key groups.

Effective Key Control:

a) Key cabinet -a well-constructed cabinet will have to be procured. The cabinet
will have to be sufficient size to hold the original key to every lock in the
system. It should be secured at all times.
 b) Key record – some administration means must be set-up to record code
numbers and indicates to whom keys to specific locks have been issued.
c) Inventories – periodic inventories will have to be made of all duplicate and
original keys in the hands of the employees whom they have issued.
d) Audits – in addition to periodic inventory, an unannounced audit should be
made of all key control records and procedures by a member of management.
e) Daily report – a daily report should be made to the person responsible for key
control from the personnel department indicating all persons who have left or
will be leaving the company. In the event that a key has been issued, steps
should be initiated to insure that the key is recovered.

Security Cabinet
- The final line of defense at any facility is in the high security storage where
papers, records, plan or cashable, instrument, precious metals or other
especially valuable assets are protected. These security containers will be of a
size and quantity, which the nature of the business dictates.
In protecting property, it is essential to recognize that protective containers
are
designed to secure against burglary or fire. Each type of equipment has a
specialized function and it will depend the owner of the facility which type has
is going to use.

Three (3) type of Security Cabinet

1. Safe – a metallic container used for the safekeeping of documents or small items in
an office or installation. Safe can be classified as either robbery or burglary
resistance depending upon the use and need.
 Its weight must be at least 750 lbs, and should be anchored to a building
structure.
 Its body should at least one inch thick steel
2. Vault – heavily constructed fire and burglar resistance container usually a part of the
building structure used to keep and protect each, documents and negotiable
instruments. Vaults are bigger than safe but smaller than a file room.
 The vault door should be made of steel at least 6 inches in thickness.
 The vault walls, ceiling, floor reinforce concrete at least 12 inches in thickness.
 The vault must be resistive up to 6 hours.
3. File Room – a cubicle in a building constructed a little lighter than a vault but of
bigger size to accommodate limited people to work on the records inside.
 The file room should at most be 12 feet high.
 It must have a watertight door and at least fire proof for one hour.
Personnel Identification and Movement Control
- In every installation the use of protective barriers, security lighting,
communication and electronic hardware provides physical safeguards but
these are insufficient to maximize the effort of the guard force.
The most practical and generally accepted system of personnel
identification is the use of identification cards, badges or passes. Generally
speaking, this system designates when and where and how identification cards
should be displayed and to whom. This helps security personnel eliminate the
risk of allowing the access of unauthorized personnel within the establishments.

Types of Personnel Identification

a) Personal Recognition
b) Artificial Recognition – identification cards, passes, and passwords.

Use of Pass System

1. Single pass system – the badge or pass coded for authorization to enter
specific areas is issued to an employee who keeps it in his possession until his
authorization is terminates.
2. Pass exchange system – an exchange takes place at the entrance of each
controlled area. Upon leaving the personnel surrenders his badge or passes
and retrieve back his basic identification.
3. Multiple pass system – this provides an extra measure of security by requiring
that an exchange take place at the entrance of each restricted area.

Badge and Pass Control

a) The system should have a complete record of all badges and identification
cards issued. Return, mutilated or lost by serial number and cross-indexed
alphabetically.
b) The supervisor from time to time for its accuracy and authenticity should
checks the lists.
c) Passes and badges reported lost should be validated and security at entrance
be informed through conspicuous posting.
Visitors Movement Control
a) Visitors Logbook – all visitors to any facility should be required to identify
themselves and should be given a visitor’s ID by the security. Visitor’s logbook
should be filled up with the named of visitors nature and duration of visit.
b) Photograph – taking of photograph should also be considered. Extreme
caution must be exercise in areas where classifies information is displayed to
 preclude unauthorized taking of pictures of the installation. If a visitor has
camera and it is prohibited to take picture, said camera should be left in the
care of security with corresponding receipt.
c) Escort – if possible visitors should be escorted by the security to monitor their
activity within the establishment and guide them where to go.
d) Visitor entrances – separate access for visitors and employees of the
establishment should be provided.
e) Time –traveled – if there is a long delay or time lapse between the departure
and arrival, the visitors may be required to show for the delay.

Package Control Movement

1) No packages shall be authorized to be brought inside the industrial
installation, offices and work area without proper authority. This basic precept
help reduce if not eliminate pilferage, industrial espionage or sabotage.
2) Outgoing package carried by personnel should be closely inspected and those
in vehicles should also be checked as many pilfered items are hidden in the
surface of the vehicles leaving the compound.
3) Any personnel/visitor entering the installation with a package should deposit
the same to the security and in return receives a numbered tag, which he/she
will use in claiming his/her package upon departing.

Vehicles Movement Control and Identification

1. Privately owned vehicle of personnel/visitor should be registered and are
subject to the identification and administrative procedure.
2. Vehicle should be subjected for search at the entrance and exit of the
installation.
3. All visitors with vehicle should provide the security of the complete details of
their duration to visit or person to be visit and other information.
4. All vehicles of visitors should be given a sign/sticker to be placed on the
windshield.
5. Traffic warning signs should be installed in all entrance.
6. Security personnel must constantly supervise parking areas and make
frequent spots searches of vehicles found there.

Building Access Control

- At any physical barrier, a security system must possess the ability to
distinguish among
authorized persons, unauthorized visitors and other unauthorized persons. This is to
assist the security personnel protects sensitive are and information within the
installation.
Appropriate warning signs should be posted at the building perimeter. Special
restricted entry facilities to public access should be provided. This will be dependent on
the degree of security needed for the protection of property, activity and other
processes within the building.
The access to the restricted area shall be limited to authorize personnel who
have the direct
involvement with the installation, construction and operation and maintenance of the
equipment and systems and/or use of the materials contained within the restricted
area. A clear-cut policy on the access control should be disseminated to all personnel of
the installation.

Lesson 6
Document or Information Security

Document Security
- It is the protector of records from its entire document life cycle. It also
connotes in this context the safeguarding classified matters.
- In government view, document and information is based on the premises that
the government has the right and duties to protect official papers from
unauthorized and improper disclosure.

Standard Rule of Document Security

1. The authority and responsibility for the preparation and classification of
classified matter rest exclusively with the originating office.
2. Classified matter should classify according to their content and not to the file
in which they are held or of another document to which they refer, except
radiograms or telegrams referring to previously classified radiograms or
telegram.
3. Classification should be made as soon as possible by placing the appropriate
marks of the matter to be classified.
4. Each individual whose duties allow access to classified matter, or each
individual who possesses knowledge of classified matter while it is in his
possession and shall insure that dissemination of such classified matter is on
the “need-to-know” basis and to properly cleared persons only.
Documents Security System
- Document Security system is that aspect of security which involves the
application of security measures for the proper protection and safeguarding
of classified information.
Classified categories is official matter which requires protection in the
interest of
national security shall be limited to four categories of classification which in
descending order of importance shall carry one of the following designations:

a) Top Secret, Secret, Confidential and Restricted

In Document and Information Security, a “matter “includes everything,
regardless of its
physical character, or in which information is recorded or embodied. Documents,
equipment, projects, books, reports, articles, notes, letters, drawings, sketches,
plans, photographs, recordings, machinery, models, apparatus, devices and all
other products or substances fall within the general term “matter”. Information,
which is transmitted orally, is considered “matter” for purposes of security.
b) Security Clearance – Is the certification by a responsible authority that the person
described is cleared for access to classified matter the appropriate level. Or refers
to the administrative determination that an individual is eligible for access for
classified matter.
c) Need to Know – is the principle whereby access to classified matter may only be
given to those persons to whom it is necessary for the fulfillment of their duties.
Persons are not entitled to have access to classified matter solely by virtue of
their status or office. It is a requirement that the dissemination of classified
matters be limited strictly to persons whose official duty requires knowledge or
possession thereof.
d) Certification of Destruction – is the certification by a witnessing officer that the
classified matters describe therein has been disposed of in his presence,
approved destruction methods.
e) Classified – refers to assign information by one of the four classification
categories.
f) Compromise – means lose of authority, which results from an authorized persons
obtaining knowledge of classified matter.
g) Compartmentalization – is the grant of access to classified matter only to
property cleared persons in the performance of their official duties.
h) Declassify – is the removal of security classification from classified matter.
i) Reclassify/Re grading – is the act of changing the assigned classification of matter.
 j) Up-grading – is the act of assigning to a matter of higher classification to a
classified document.

Top Secret Matter Defined

- These are information and material (matters) the unauthorized disclosure of
which would cause exceptionally grave damage to the nation, politically,
economically or from a security aspect. This category is reserve for the
nation’s closest secret and is to be used with great reserve.
Classification Authority
The original classification authority for assignment of TOP SECRET classification
rests exclusively with the head of the department. This power may however, be
delegated to authorized offices in instances when the necessity for such arises.
Derivative classification authority for TOP SECRET classification (authority for) may be
granted these officers who are required to give comments or response to a
communication that necessitates TOP-SECRETS response.
Examples of Top Secret Documents;
1 Very important political documents regarding negotiation for major alliances.
2 Major governmental projects such as proposal to adjust the nation’s economy.
3 Military-Police defense class or plans.
4 Capabilities of major successes of Intel services.
4 Compilations of data individually classified as secret or lower but which
collectively should
be in a higher grade.
5 Strategies plan documenting overall conduct of war.
6 Intel documents revealing major Intel production effort permitting an
evaluation by
recipients of the success and capabilities of Intel documents.
7 Major government project like drastic proposals.

Secret Matter Defined

- These Information and material (matter) the unauthorized disclosure of which

would endanger national security, cause serious injury to the interest or
prestige of the nation or of any government activity or would be of great
advantage to a foreign nation.

Classification Authority – same as TOP SECRET matter.

Secret grading is justified if;

 1) It materially influences a major aspect of military tactics.
2) It involves a novel principle applicable to existing important projects.
3) It is sufficiently revolutionary to result in a major advance in existing
techniques or in the performance of existing secret weapons.
4) It is liable to compromise some other projects so already graded.

Examples of Secret Documents

1. Those that jeopardize or endanger Intel relations of a nation.
2. Those that compromise defense plans, scientific or technological
development.
3. Those that reveal important intelligence operations.
4. War plans or complete plans for future war operations not included in top
secret.
5. Documents showing disposition of forces.
6. New designs of aircraft projections, tanks, radar and other devices.
7. Troop movement to operational areas
8. Hotel plans and estimates and
9. Order of battle info.

Confidential Matter Defined

- These are information and material (matter) the unauthorized disclosure of
which, while not endangering the national security, would be prejudicial to
the interest or prestige of the nation or any government activity or would
cause administrative embarrassment or unwarranted injury to an individual or
would be or advantage to a foreign nation.

Confidential grading is justified if;

1. It is a more than a routine modification or logical improvement of existing
materials and is sufficiently advanced to result in substantial improvement in
the performance of existing CONFIDENTIAL weapons.
2. It is sufficiently important potentially to make it desirable to postpone
knowledge of its value reaching a foreign nation.
3. It is liable to compromise some other project already so graded.

Classification Authority – any officer is authorized to assign confidential classification to

any matter in
the performance of his duties.

Examples of Confidential Documents

 1. Plans of government projects such as roads, bridges, building, etc.
2. Routine service reports like operations and exercise of foreign power.
3. Routine intelligence reports.
4. Certain personnel records, staff matters

Restricted Matter Defined

- These are information and material (matter) which requires special protection
other than that determined to be TOP SECRET, SECRET OR CONFIDENTIAL.

Classification Authority – authority to classify shall be the same as for CONFIDENTIAL

matter.
Reproduction is authorized. Transmission shall be through the
normal dissemination system.

Control of Classified Matters

Custody and accounting of classified matter, Head of Departments handling
classified matter shall issue orders designating their respective custodians of classified
matter. Custodian shall:
1. Store all classified matter.
2. Maintain a registry of classified matter showing all classified matter received
and to whom transmitted.
3. Maintain current roster of persons authorized access to classified matter for
each classification in the office.
4. Insure physical security for classified matter.
5. Conduct an inventory of all TOP SECRET and SECRET matter by inventory and
transmit the same to his successor.

Unauthorized Keeping of Private Records – All government personnel are

prohibited keeping private records, diaries or papers containing statement of facts or
opinions, either official or personal, concerning matters which are related to or which
affects national interest or security. Also prohibited is the collecting of souvenirs or
obtaining for personnel use whatsoever any matter classified in the interest of national
security.
Dissemination – Dissemination of classified matter shall be restricted to properly
cleared persons whose official duties required knowledge or possession thereof.
Responsibility for the determination of “need to know” rests upon both each individual
who has possession, knowledge or command control of the information involve and the
recipient.
Discussion involving classified matters
1. Indiscreet discussion or conversation involving classified matter shall not be
engaged in within the presence of or with unauthorized persons.
2. Which a lecture, address or information talk to a group includes classified
matter; the speaker shall announce the classification at the beginning and end
of the period.
3. All personnel leaving the government service shall be warned against unlawful
disclosures of classified matter.

Disclosures to other departments of classified information originating from

another department. Classified matter originating from another department shall not
be disseminating to other departments without the consent of the originating
department.

Release of classified matter outside a department

General Policy, no person in the government shall convey orally visually or by
written communication any classified matter outside his own department unless such
disclosures has been processed and cleared by the department head or his authorized
representative.

Release of classified matter to congress

Government personnel, when giving oral testimony to the congressional
committee involving classified matter, shall advice the committee of the classification
thereof. Government personnel called upon to testify shall obtain necessary and prior
instruction from his department head concerning disclosure. When congressional
members visit government offices, department heads are authorized to release
classified matter which is deemed and adequate response to an inquiry provided that it
is required in the performance of official functions.

Disclosure to Foreign Government or Nationals

1. Its use shall be closely for the purpose for which the classified matter is
requested.
2. It shall be treated or handled in accordance with the classified categories of the
originating office.
3. Handling shall be made by security-cleared personnel.
4. Reproduction and dissemination shall not be made without the consent of the
department head.

Disclosure of classified matter for publication

 Classified matter shall be released for public consumption only upon the consent
of the department head or his authorized representative. However, in instances where
there is a demand or need for releasing classified information, extreme caution must be
exercised to analyze in detail contents of the classified matter before release. Normally,
all information is released through Public Information Officers. Public Information
Officers should be assisted in the analysis of classified information by the Security
Officer.

Purposes of Protecting Classified Materials

a) Deter and impede potential spy.
b) Assist in security investigations by keeping accurate records of the moments
of classified materials.
c) Enforce the use of “need to know” principle.

Categories of Document for Security Purposes:

1. Category A
 Information which contains reportable time, sensitive, order of battle and
significant information.
 It should be given priority because it is critical information.
 It must be forwarded without delay.
 It is critical to friendly operations.
 It requires immediate action.
2. Category B
 Anything that contains communications, cryptographic documents or systems
that should be classified as secret and requires special handling.
 Higher authorities should declassify it.
3. Category C
 Other information which contains something that could be an intelligence value.
 Contains exploitable information regardless of its contents.
 Unscreened materials/documents should be categorized as Category C.
4. Category D
 No value, yet lower level will never classify documents as category D.
 No decision must be made at the lower echelon that document has no value. It
has the responsibility of the higher Headquarters.
Rules for classification of Documents
1) Documents shall be classified according to their content.
2) The overall classification of a file or of a group of physically connected therein.
Pages, paragraphs, sections or components thereof may bear different
 classifications. Documents separated from file or group shall be handled in
accordance with their individual classification.
3) Transmittal of documents or endorsement which do not contain classified
information or which contain information classified lower than that of the
preceding element or enclosure shall include a notation for automatic
downgrading.
4) Correspondence, Indexes, receipts, reports of possession, transfer or
destruction, catalogs or accession list shall not be classify if any reference to
classified matter does not disclosed classified information.
5) Classified matter obtained from other department shall retain the same
original classification.

Information Security Defined

Information security means protecting information and information systems from
unauthorized access, use, disclosure, disruption, modification or destruction.
The terms information security, computer security and information assurance are
frequently
used interchangeably. These fields are interrelated and share the common goals of
protecting the confidentiality, integrity and availability of information; however, there
are some subtle differences between them. These differences lie primarily in the
approach to the subject, the methodologies used, and the areas of concentration.
Information security is concerned with the confidentiality, integrity and availability of
data regardless of the form the data may take: electronic, print or other forms.
Government, military, financial institution, hospital and private businesses a mass
great deal
of confidential information about their employees, customers, products, research and
financial status. Most of the information is now collected, protected and stored to
electronic computers and transmitted across networks to other computers. Should
confidential information about the business customers or finances or new a breach of
security could lead to lost business, law suits or even bankruptcy of the business.
Protecting confidential information is a business requirement and in many cases also an
ethical and legal requirement. For the individual, information security has a significant
effect on Privacy, which is viewed very differently in different cultures.

Protection of Sensitive Information

Proprietary information is information that in some special way relates to the
status or activities of the possessor and over which the possessor asserts ownership. In
the business community proprietary information elates to the structure, products or
business methods of the organization. It is usually protected in some way against
caused or general disclosure. All propriety information is confidential, but not all
confidential information is propriety.

Type of Propriety Information

1. Trade Secrets – this consist of any formula, pattern, device or compilation of
information which is used in one’s business and which gives him an
opportunity to gain an advantage over competitors who do not know or use
it. It may be a formula for a chemical compound a process of manufacturing,
treating or preserving materials, a pattern for machine or device, or a list of
customers. It differs from other secret information as to single or ephemeral
events. A trade secret is a process or devise for continuous use in the
protection of the business.
2. Patents – this is a grant made by the government to an inventor, conveying or
securing to him the exclusive right to make, use or sell his invention for term
of years.

Primary Distinction between Patents and Trade Secrets

1. Requirements for obtaining a patent are specific. To qualify for a patent the
invention must be more than novel and useful. It must represent a positive
contribution beyond the skill of the average person.
2. A much lower of novelty is required of a trade secret.
3. A trade secret remains secret as long as it continues to meet trade secret tests
while the exclusive right to patent protection expires after 17 years.

Propriety Information Protection Program

Realizing that the most serious threat to trade secrets is the employee, a
measure of protection is often relies through the use of employee agreement which
restrict the employee’s ability to disclose information without specific authorization to
the company the following countermeasures may be adopted:
a. Policy and procedure standards regarding all sensitive information.
b. Pre and post employment screening and review.
c. Non-disclosure agreements from employees, vendors, contractors and
visitors.
d. Non-competitive agreements with selected employees.
e. Awareness programs
f. Physical security measures
g. Informed monitoring of routine activities.

Basic Principle of information Security

 1. Confidentiality

Confidentiality is a requisite for maintaining the privacy of the people who’s

personal information the organization holds.
Information that is considered to be confidential in nature must only be
accessed, used, copied or disclosed by persons who have been authorized to access,
use, copy or disclose the information and then only when there is a genuine need to
access, use, copy or disclose the information. A breach of confidentiality occurs when
information that is considered to be confidential in nature has been or may have been,
accessed, used, copied or disclosed to or by someone who was not authorized to have
access to the information.
For example permitting someone to look over your shoulder at your computer
screen while you
have confidential data displayed on it would be a breach of confidentiality if they were
not authorized to have the information. Giving out confidential information over the
telephone is a breach of confidentiality if the caller is not authorized to have the
information.

2. Integrity
In information security, integrity means that data cannot be created, changed
or deleted
without authorization. It also means that data stored in one part of a database system
is in agreement with other related data stored in another part of the database system.
For example a loss of integrity can occurs when a database system is not
properly shut down
before maintenance is performed or the database server suddenly loses electrical
power. A loss also occurs when an employee accidentally or with malicious intent,
delete’s important data files. A loss of integrity can occurs if a computer virus released
onto the computer.

3. Availability
The concept of availability means that the information, the computing
systems used to
process the information and the security controls used to protect the information are
all available and functioning correctly when the information is needed. The opposite of
availability is denial service.

Types of Control Information Security

 1) Administrative Control – consists of approved written policies, procedures,
standards and
guidelines. Administrative control form the framework for running the business and
managing people. They inform people on how the business is to be run and how day to
day operations are to be conducted. Laws and regulations created by government
bodies are also a type of administrative control because they inform the business. Some
industry sectors must be followed the Payment Card Industry (PCI), Data Security
Standard requires by Visa and Master Card is such an example. Other examples of
administrative controls include the corporate security policy, password policy, hiring
policies and disciplinary policies.
2) Logical Controls (also called technical controls) - use software and data to
monitor and
control access to information and computing systems.
Example: passwords, network and host based firewalls, network intrusion
detection systems, access control lists and data encryption are logical controls. An
important logical control that is frequently overlooked is the “principle of least
privilege”. The principle of least privilege requires that an individual program or system
process is not granted any more access privileges than are necessary to perform the
task. A blatant example of the failure to adhere to the principle of least privilege is
logging into windows as user administrative to read email and surf the web. Violations
of this principle can also occur when an individual collects additional access privileges
over time. This happens when employee job duties change or they are promoted to a
new position or they transfer to another department. The access privileges required by
their new duties are frequently added into their already existing access privileges which
may no longer be necessary or appropriate.
3) Physical controls – monitor and control the environment of the work place
and computing
facilities. They also monitor and control access to and from such facilities. Examples,
doors, locks, hearing and air conditioning, smoke and fire alarms, fire suppression
system and cable locks, etc. Separating the network and work place into functional
areas also called physical control.
An important physical control that is frequently overlooked is the separation of
duties.
Separation of duties ensures that an individual can not complete a critical task by
himself. Example, an employee who submits a request for reimbursement should not
also be able to authorize payment or print the check. An applications programmer
should not also be the server administrator or the database administrator these roles
and responsibilities must be separated from one another.
Cryptography is Information Security
Cryptography is the practice and study of hiding information. Information
security uses cryptography to transform usable information into a form that renders it
unusable by anyone other than an authorized user; this process is called encryption.
Information that has been encrypted can be transformed back into its original usable
form by an authorized user, who possession the cryptographic key, through the process
of decryption.
Cryptography is used in information security to protect information from
unauthorized
or accidental disclose while the information is in transit (either electronically or
physically) and while information is in storage.
Cryptography provides information security with other useful applications as well
including improves authentication methods, message, digest, digital, signatures, non-
repudiation and encrypted network communications.