Areas of operation that are deemed critical on the grounds of national security or need to be protected against terrorism must have adequate protective security arrangements. Such arrangements must be commensurate with the type and scope of activities carried out, and with other relevant circumstances. Critical areas, whether physical or electronic, must be identified and documented in a security analysis to be carried out on a recurring basis.
Protective security involves devising a combination of protective components to resist attack, in order to prevent offences against national security, such as espionage, sabotage and terrorism.
Protective security measures are generally based on three basic capabilities: detecting attacks, resisting attacks and responding to attacks. This applies to all areas of protective security (physical security, information security and security screening).
Physical security refers to the capability to prevent, detect, resist and respond to physical attacks or unauthorised access. These capabilities are to be assessed individually, but also jointly, to assess the total capability to withstand attacks. Physical security measures may include:
Society is becoming more critically dependent on the accessibility (and reliability) of information technology (IT) in delivering vital services to its citizens. As electronic attacks could cause serious disturbance to these services, IT systems should have security measures in place to guard against such attacks. Measures to prevent electronic attacks include:
Protection from insiders necessitates guidelines and procedures for the identification and handling of risks associated with employees or contracted staff using their access to do harm. Disloyal activities may be motivated by anything from criminality or revenge to terrorism. They could be in the form of physical as well as electronic attacks. Measures to protect against insiders could include security screening of prospective employees. This may involve a records check, i.e. checking the person against various police records.