Combination of measures

Areas of operation that are deemed critical on the grounds of national security or need to be protected against terrorism must have adequate protective security arrangements. Such arrangements must be commensurate with the type and scope of activities carried out, and with other relevant circumstances. Critical areas, whether physical or electronic, must be identified and documented in a security analysis to be carried out on a recurring basis.

Protective security involves devising a combination of protective components to resist attack, in order to prevent offences against national security, such as espionage, sabotage and terrorism.

Protective security system components 

Protective security measures are generally based on three basic capabilities: detecting attacks, resisting attacks and responding to attacks. This applies to all areas of protective security (physical security, information security and security screening). 

Physical security

Physical security refers to the capability to prevent, detect, resist and respond to physical attacks or unauthorised access. These capabilities are to be assessed individually, but also jointly, to assess the total capability to withstand attacks. Physical security measures may include:

  • perimeter protection,
  • intruder detection and alarms,
  • access control systems and division into zones, 
  • shell protection,
  • surveillance and guarding,
  • physical barriers, and
  • explosives and ballistics protection.
  • Information Security

Society is becoming more critically dependent on the accessibility (and reliability) of information technology (IT) in delivering vital services to its citizens. As electronic attacks could cause serious disturbance to these services, IT systems should have security measures in place to guard against such attacks.  Measures to prevent electronic attacks include:

  • access control for computer networks,
  • intruder detection and alarms for electronic attacks,
  • identification and authentication measures,
  • hardening of IT components and their networks, and
  • segmentation of computer networks

Security screening

Protection from insiders necessitates guidelines and procedures for the identification and handling of risks associated with employees or contracted staff using their access to do harm. Disloyal activities may be motivated by anything from criminality or revenge to terrorism. They could be in the form of physical as well as electronic attacks. Measures to protect against insiders could include security screening of prospective employees. This may involve a records check, i.e. checking the person against various police records.