Assessing The Vulnerablity Of Office Buildings

Updated: June 30, 2010

First we have to admit there is a problem. Our office buildings are soft targets; meaning they are vulnerable in numerous ways to terrorists and criminal activity. They may have CCTV, perimeter barriers, alarms and an onsite security force. Some will have x-ray and metal detectors if they house high risk or high profile clients. Most however do not have a comprehensive security/safety plan, nor are their security forces adequately trained or prepared to recognize, assess and deal with these types of incidents in order to preserve lives, property and infrastructure. I work with many clients who are based out of office towers. When I visit them at their workplace I get to observe just how vulnerable they are firsthand. Multiply this vulnerability by the number of office buildings in your city and you begin to see the scope of the problem.

So why don't we take the time to institute an operational security plan and ensure that any onsite security has adequate training to implement the plan in case of an emergency? Well, it comes down to money. You see having a security audit conducted and developing an operational security plan is not cheap. Companies that specialize in this area have a breadth of knowledge and experience to ensure that all aspects of safety/security are addressed. Diligence and Superior Protection & Consultancy and are two excellent examples.

Properly equipping and training security personnel takes time, training, experience and money. Properly instituted security can be minimally intrusive while ensuring that adequate protection is instituted based on a realistic threat assessment. Obviously buildings with high profile or high risk clients (consulates, federal or provincial government agencies) would need a much greater level of security in place. What it comes down to is Risk Management and Mitigation. Now multiply this cost and use of resources by the number of office buildings just in your city and you begin to see the cost of remediation.

Some of the common areas of concern that need to be addressed in the security plan are;

  • Fire/Arson
  • Theft (information, technology, infrastructure, data, blueprints, key personnel)
  • Explosive Devices (bomb threats, suicide bomber, mail bombs, truck bombs, etc)
  • Cyber Attacks
  • Criminal Activity
  • Weapons Related Incidents
  • Hostage Situations
  • Biological/Radiological Incidents
  • Attacks on Utilities Infrastructure (power, gas, communications, information/data, emergency response)

Buildings have unique characteristics that must be analyzed and accounted for to ensure the safety of the buildings tenants and employees. Some of the factors that should influence security planning are;

  • Proximity to High Value Targets
  • Building Design
  • Types of Tenants/Occupations
  • Potential for Collateral Damage
  • Fire Suppression Limitations/Vulnerability
  • Site and Perimeter Vulnerability
  • Access Control Vulnerability (tenants, visitors, parking, loading docks, elevators, food services, stair wells, etc)
  • Vulnerability by Design
  • HVAC Vulnerability
  • Infrastructure/Operations and Utility Vulnerability
  • Emergency Response Vulnerability
  • Information/Data Vulnerability

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more