Security Science: The Theory and Practice of Security

be.

Preface

The writing of this book has been a true adventure, as we believe that we have made a quantum step in the understanding of the design, application, operations, and education of security by having a theoretical foundation for our security content. We consider that a theoretical foundation to the understanding and application of security at the national and commercial levels will enhance the future development of the discipline.

Professional development is an essential component of professional employment, as it allows individuals to maintain currency in their chosen career field. A characteristic of professional development is that it is both ongoing and directed—that is, to maintain the confidence of the community in the knowledge and skills base of a profession, an individual must continue to strive to be at the leading edge of knowledge in his or her chosen discipline.

The security industry has become an integral part of business enterprise and human activities, wherever businesses engage in wealth-creating activities and people congregate into groups for leisure or living. The functional aspects of security are necessary to ensure protection and safety of individuals and assets. The security of persons, assets, and information remains the responsibility of government, large organizations, and the community. At best, the study of security can only be considered as an emerging discipline, and in some minds still a component of criminology. However, over the past decade sufficient new knowledge in the domain of asset protection has been published that there is a case for the claim of security to be considered as a distinction and discrete body of knowledge.

The purpose of this book is to seek regularity and internal consistency within the knowledge domain of security, and to demonstrate the underlying principles applied in the understanding of security to those of the scientific method. That is, much of the knowledge domain of security can be discussed in terms of theory, either as newly developed paradigms for asset protection or as well-established theories within other disciplines. Thus, by borrowing theories from other disciplines, it may be possible to enhance the understanding and therefore development of the emerging discipline of security science.

Using theories to apply methods of protection allows a degree of prediction and provides a robust test for the discipline. Nevertheless, for security and, in particular, the security industry to reach such a state requires further professionalization at many levels. To be considered a profession requires defined concepts that form a body of knowledge that has structure. Knowledge is being defined within the broader context of security; however, the relevance and relationship of such knowledge has to be determined. If security is an emerging discipline, what concepts are more related to security than others and how do they relate to the knowledge structure? An understanding of how security knowledge is structured, and its interrelationship and interdependencies, are an important element in achieving regularity and consistency. Ultimately, a structure of security knowledge may be formed that supports a discipline of security science.

The principal themes of this book are according to our philosophy of the structure of knowledge in the discipline of security science, and, as such, will influence the arguments and discussions on the future directions in the study of the protection of assets. These themes of the book include an understanding of the concept and management of security, together with security risk and the management of security risk. Thus, by developing a theoretical context for these principal themes of the knowledge base, it is possible to build a knowledge structure that can be applied to security aspects that can be operationalized to fulfill the function of protecting an organization’s assets. According to these themes, the understanding of the ideas of asset protection has been strongly influenced by Bloom’s taxonomy, where a hierarchy of understanding of concepts and principles has been presented to ensure that advanced-level thinking is applied to the preservation of well-being and safety.

This book presents a case for the future direction in the development of security science through the understanding of the knowledge associated with asset protection and the processes to achieve asset protection. On the concept of security, Chapter 1 discusses the notion of asset protection according to sociological traits, and the perceptions of the functions of security. A description of the scientific method is presented to establish the basis for theories of security. Chapter 2 discusses the principles of security management within the concept of resilience applied to asset protection. The principles of risk, security risk, and security risk management are presented and applied in Chapter 3. The social and cultural theories associated with the risk management process are considered to evaluate the theories that underlie decision making within security risk management. Chapter 4 compares and contrasts the security strategies that may be used to improve the built environment, considering such techniques as physical measures, crime prevention through environmental design, lighting and the landscape, and the interrelationship between facilities and security.

Chapter 5 presents the need for physical security for the protection of assets, and considers the defense-in-depth principle as an important approach. The applications of the routine activity theory through defense-in-depth and crime prevention through environmental design are appropriate applications in security. The applications of critical path analysis and universal element conceptual mapping in Chapter 6 are suitable strategies for assessing physical attacks on facilities. Also the types and functions of detection systems are discussed, with understanding of the possibility of being defeated. Furthermore, Chapter 7 describes the principles of access control with an emphasis on biometric identification. The modes of attack on biometric systems are considered in order that these might be prevented. Chapter 8 discusses knowledge management as strategies and practices in an organization to consolidate the corporate understanding of its information. The importance of security intelligence applied to the security management plan is presented, together with some discussion on espionage and insider security threats. The importance of the four stages of business continuity management in the context of a crisis is presented in Chapter 9. Finally, Chapter 10 discusses the future of the concept of security in short-, medium-, and long-term predictions for its future directions and outcomes.

The foundation for the continued development of formal knowledge of security and its applications for the protection of assets in the national and international contexts will depend on understanding the principles and concepts of the emerging discipline of security science. A theory-driven learning program at the undergraduate and graduate levels of study will ensure that the formal understanding of security will prevail. The knowledge base for the emerging discipline of security will be enhanced by ongoing research, both in the fundamental context of theory development and the applied context such as knowledge management and business continuity management. Such emergence will provide the foundation for the formal discipline of security science, providing organizational security with an element in becoming a profession.

Clifton L. Smith and David J. Brooks

September, 2012

Chapter 1

Concept of Security

Objectives

• Discuss what constitutes a traditional approach to the nature of security.

• Critique the scientific method and engineering design process for the study of security science.

• Examine the diverse and interrelated disciplines and practice domains of security.

• Evaluate theories or concepts that provide definitions of security.

• Appraise the need to provide context when defining the concept of security.

• Defend a framework that supports a contextual definition of security science.

Introduction

The traditional academic disciplines have evolved and developed over centuries to reach their current state of refinement. These traditional disciplines, such as astronomy, physics, mathematics, medicine, and, more recently, biology and environmental science, exhibit a set of characteristics by which each can be designated as a discipline. Some of the characteristics of a discipline would include:

1. Body of knowledge: A well-defined and inclusive body of knowledge.

2. Structure of knowledge: An internal structure of the knowledge, achieved through internal relationships between concepts so that consistency and logic prevail.

3. Concepts and principles: The building blocks of the knowledge of a discipline are concepts, and the relationships between concepts are governed by principles.

4. Theories: Theories are predictive in function and provide the ultimate test for a discipline, as outcomes can be predicted.

The knowledge domain of security has yet to achieve the status of being designated an academic discipline, as it lacks validity in the characteristics of the traditional disciplines. However, the emerging security science discipline will aspire to these characteristics with future ongoing research applied to the characteristics of a discipline, to provide the context for knowledge, structure, principles, and predictive theories.

Security lacks definition and, therefore, lacks structured knowledge. In addition, security is diverse, cross-disciplined, and without a defined or specified knowledge or skill structure (Hesse and Smith, 2001). Nevertheless, this should not lead to a conclusion that security does not contain a definable knowledge structure. The diversity and cross-disciplined nature of security will evolve as the discipline becomes more professional, concepts are developed and defined, and tertiary education programs increase. Professional development is an essential component of professional employment, as it allows the individual to maintain currency in their chosen career. Thus, professional diversity has to be bounded by structured knowledge concepts. A characteristic of professional development is that it is both ongoing and directed—that is, to maintain the confidence of the community in the knowledge and skills base of a profession, you must continue to strive to be at the leading edge of knowledge in your chosen discipline.

The foundation for the continued development of formal knowledge of security and its applications for the protection of assets in the national and international contexts will depend on an understanding of the principles and concepts of the emerging discipline of security. Research and development in the structure of the discipline of security is crucial for the professional application of a new generation of conceptual principles of security for the protection of assets. As Fischer et al. (2008, p. 482) suggested, the future of security is very positive considering the growth indicated in the discipline.

Security lacks characteristics of a discipline, with a defined and inclusive definition, as the concept of security is diverse and multidimensional. Nevertheless, security can be defined given context. Therefore, this chapter introduces the concept of security and provides definition through context and the presentation of supporting theories, models, and frameworks. Thus, a definition goes some way in achieving such understanding as to why security is multidimensional in nature through a staged approach, commencing from security of the individual to security of national and international systems. Security is a human characteristic that is objective, perceived, expected, and demanded by people in many different forms. It is perhaps one concept that over many decades has not changed in its original use; rather, it has become more broadly used to encompass greater and more diverse meaning.

Scientific method in support of security science

The development of the knowledge base in security science depends on its advancement as a discipline, and the extent of interaction between academia and professional practitioners of the security industry. The knowledge base for the emerging discipline of security will be enhanced by ongoing research both in the fundamental context of theory development and the applied context of asset protection. It is necessary for government, academia, and the commercial security industry to contribute to this knowledge base.

The stages in the development of a scientific discipline depend on the application of the scientific method to the knowledge base under consideration. The scientific method is a process for experimentation to seek cause-and-effect relationships between observable factors in the information of data gathered. For example, does the presence of a person in an e-field detector distort the field so that intrusion can be registered? From a social perspective, do people use utility theory when accessing security risk or do they take a heuristic approach? Whether in the hard or soft sciences, the scientific method seeks the cause-and-effect relationship by controlling the variables in the experimentation of the phenomenon.

A definite feature of a science is that there are a set of procedures that demonstrate how outcomes are produced, and these procedures are sufficiently detailed so that others may replicate the process to verify or refute the outcomes. The scientific method is a process of inquiry that regards itself as fallible, and as a result purposely tests itself and criticizes its outcomes to correct and improve itself. Although there are several versions of the scientific method, a basic approach involves a four-stage model to develop knowledge of a natural phenomenon:

1. Gather data by measuring or recording the observations of the phenomenon.

2. Construct an idea of how the phenomenon operates or functions in the form of a hypothesis.

3. Test or evaluate the idea or hypothesis by designing an experiment to show the operation or function of the phenomenon.

4. Analyze the results of the experiment to see if the hypothesis is true or false; if it is true, then the idea may be formalized as a theory.

Scientific Method

The model of the scientific method can be expanded with preplanning for background research or information seeking before the hypothesis testing stage, and the model can be extended with an outcomes communication or reporting stage after the analysis to disseminate findings to practitioners and interested people (Figure 1.1). The strength of the scientific method is that a formalized process is applied to the problem, and an outcome will either be gained or rejected. A feature of the scientific method is that the hypothesis of the problem can be tested time after time, and if the hypothesis continues to be accepted then it is accepted as knowledge. However, if the hypothesis is rejected once, then the model will not be accepted. The strength of the scientific method is that anyone can conduct the hypothesis testing for the problem, and thus establish the validity of the model.

Figure 1.1 Stages of the scientific method showing the hypothesis testing of an idea.

The regularization of observations of a phenomenon can eventually be presented as a theory, provided the phenomenon is scrutinized many times from a variety of viewpoints and with the same outcomes for each experiment. Figure 1.1 shows that if the result of hypothesis testing is false or partially true, then a modified hypothesis must be tested. When consistency of testing the hypothesis is obtained, then the idea becomes a theory and provides a coherent set of propositions that explain a class of phenomena. The theory can be considered as a framework to explain further observations, from which predictions can be made.

The strength of the scientific method is that it is unprejudiced—that is, it is not necessary to believe the results or outcomes of a particular researcher, as one can replicate the experiment and determine whether the results are true or false. The outcomes of the hypothesis testing do not depend on a particular experimenter, so that faith or belief does not play any part in the logical proof or material evidence on whether a scientific idea or theory is adopted or discarded. Thus, a theory is accepted, not based on the proponent, but rather on the quality of the results obtained through observations or experiments. Results obtained through the process of the scientific method are repeatable and reproducible.

An important characteristic of a scientific theory or hypothesis is that it must be falsifiable. That is, if any single experiment relevant to the hypothesis is shown to be negative or untrue, the hypothesis must be rejected. Thus, theories cannot be proven when the hypotheses are tested, but only rejected when a negative test results from an experiment. The philosopher Wittgenstein (1953) in his analyses of experimentation claimed that there is no independent criterion of correctness, so that the scientific method must continue to test the validity of its knowledge.

In a tested scientific hypothesis, a prediction is a rigorous, often quantitative, statement forecasting new outcomes under specific conditions of the idea being considered. The scientific method is formulated on testing assertions that are logical consequences of scientific theories, developed through repeatable experiments or observational studies of a phenomenon. Thus, a scientific theory of which the assertions are contradicted by observations and evidence will be rejected. The ability of an idea or hypothesis to predict further outcomes is a strength of the scientific method in its regularization of information from observation of experiment. Therefore, the power of the scientific method is to be found in the ability to predict further outcomes from the original hypothesis of the phenomenon. This important outcome of prediction from the scientific method is a strong indicator of validity of the process, as logical predictions of an idea can then also be hypothesis tested for acceptance or rejection. The philosopher Karl Popper (1963) sought to show that challenges to the scientific method are based on a series of misconceptions about the nature of science, and about the relationship between scientific laws and scientific prediction.

The application of the scientific method to ideas in natural phenomena has scientific researchers propose hypotheses as explanations of the phenomena. Thus, they are able to design experimental studies to test these hypotheses and make predictions that can be derived from the hypotheses. The process must be repeatable, to safeguard against mistakes, confusion, or prejudice by a particular experimenter. Theories that embrace wider domains of knowledge from similar fields of study may coalesce several or many independently derived hypotheses together in a coherent supportive knowledge structure. These knowledge structures are the foundations for the development of an academic discipline and are particularly relevant to security science.

The scientific method is an enduring cycle that constantly develops more accurate and comprehensive methods and models. For example, when Einstein developed the special and general theories of relativity, he did not refute or discount Newton’s principia, which was the foundation for Newtonian mechanics in physics. Newtonian physics was correct in its day and was true for the observations in nature. But Newton’s equations could not cope with the enormity of mass in the universe, the tininess of particles in the atom, and the huge speeds of objects in space, which became observable data in the twentieth century. So Einstein’s theories are extensions and refinements of Newton’s theories, and therefore increase our confidence in Newton’s ideas of the natural world.

Engineering Design Process

The application of the scientific method has evolved over centuries, but interestingly, the engineering design process has more recently been developed to service the needs of the engineer who creates new products or processes. For engineers, the engineering design process is a set of phases or actions that establishes a need for a product, system, or environment. Table 1.1 shows the methodology of the engineering design process, and also the correspondence with the scientific method.

Table 1.1

Scientific Method versus Engineering Design Process

The engineering design process defines the problem by seeking responses to the following questions as a reason to engage in the development of a product, system, or