Introduction
Physical security usually entails the measures and strategies that are implemented with the main objective of preventing unauthorized access, attacks and incidental intrusion from physical access to buildings, restricted areas, resource and stored information (Anderson, 2001). Physical security also outlines the guidelines that are required to implement structures that have the ability to with stand hostile acts or events. The effectiveness of physical security depends on various variables that are directly related to physical design, risk assessment and management. Physical design is mainly concerned with the physical outlook, risk assessment entails pre-determining of the potential security threats and deploying strategies within the physical design and management aspect to curb such threats and reduce the vulnerability of the facility to the identified threats. Management is mainly concerned with controls regarding the access and restrictions with respect to the usage of the facility, resource or the stored information. It is arguably evident that an integration of physical design, risk assessment and management plays an integral role in determining the effectiveness of physical security (Fennelly, 2004). An effective physical security deploys the aspect of layered defense, with the principal objective of deterring and delaying intrusions (passive defense), and detecting and responding to intrusions (active defense). This makes it difficult for a potential attacker/ intruder to initiate intrusions. The main objective of this paper is to explore the influence of physical design, risk assessment and management on physical security.

The influence of physical design
The physical design, as it relates to physical security comprises of obstacles, detection systems, security response, environmental design, mechanical and electronic controls, intrusion and personnel identification. Obstacles are mainly deployed to frustrate the efforts of potential attackers and delay serious attacks through explosion protection. Detection systems are used to facilitate and inform the attackers that there are likely to be noticed (Blyth, 2008). Detection systems include surveillance systems, guard patrols, alarms and security lighting. Security response on the other hand is deployed with the principal objective of catching or frustrating the intruders once an attack has been identified. In a well implemented physical design, the above features have to complement each other in order to increase the effectiveness of physical security. The layers in physical design mainly entail environmental design, mechanical, electronic and procedural controls, intrusion detection and personnel identification. The main objective of physical design is to inform the intruder that the costs associated with intrusion are more than the value associated with the initiation of an attack. In addition, an effective physical design that deploys the aspect of layered security is vital in creating territoriality within the physical space that contains the resources to be protected (Purpura, 2007). The major purpose of the layered defense approach in physical design is to delay the onset of the potential threat rather than prevent the attacker from breaking into the physical space. In order for the strategy to be effective, it must implement effective threat detection mechanisms and effective measures to counter the threats in its physical design (McCrie, 2006).
The first layer of the physical design entails the use of crime prevention through environmental design, which serves the main purpose of deterring potential security threats by eliminating opportunities that can be exploited to initiate threats, reducing the probability that a threat will occur and the creation of fear of crime because of the environmental conditions in relation to the physical space that is to be created (Blyth, 2008). The aspects covered by crime prevention through environmental design can be applicable to all facilities and resources irrespective of the specific threats. This results to an increased physical security as an important element of the physical design. According to the Defensible Space Theory, modeled by Oscar Newman, a defensible space is based on the aspect of territoriality, natural surveillance, image and setting (Fennelly, 2004). Territoriality creates the perception that the physical space is sacred, natural surveillance establishes the connection between the physical characteristics of the space and the ability to observe what is happening (Purpura, 2007). Image on the other hand represents the capability of the physical space to create as sense of security, while milieu refers to other aspects that are likely to affect security like seclusion, closeness to a police base and so on. An integration of the above aspects of the Defensible Space Theory in the physical design plays an important role in enhancing the physical security of a physical space or resource. Crime prevention through environmental design can be used to enhance physical security through access control, which may entail aspects such as physical guidance to entry, guard and patrol stations and control devices; territorial reinforcement, which is created by characteristics of the physical design that portray a sense of ownership and reinforcing territoriality by use of physical barriers, procedural barriers, symbolic markers and natural markers; surveillance, which entails the positioning of physical features, activities and people within the facility with the main objective of enhancing their visibility by other people when undertaking their daily tasks; image and maintenance, which involves the use of vigilant sites and facility maintenance to create a perception that the resource or the physical space is under regular use, attendance and possible occupation. Image and maintenance mostly constitute the management aspect of physical security rather than physical design (McCrie, 2006).
The second layer of the physical design is mechanical controls, which mainly involves the use of gates, locks and other forms of physical barriers. The significant challenge associated with controlling the locks is an increase in the number of the user populations and their respective rates of turnover. As a result, there is a likely hood of the unmanageability of the keys; this can be avoided by incorporating electronic access in the physical design of the space to be protected (Fennelly, 2004). Electronic access control enhances physical security in areas that have large numbers of user populations, individual points of access. Procedural control is mainly involved in the management aspect of physical security, which is mainly involved with controlling the times of physical access and authorized personnel. Mechanical and electronic access control is incorporated into the physical design in order to enhance physical security of the resource (Blyth, 2008).
Intrusion detection is also an important layer in the physical design that serves to monitor activities that pose potential threats to the resource such as unauthorized access. This is more of a proactive strategy than a reactive approach. Intrusion detection serves to report malicious activities on the physical space and resource to the security management stations (Anderson, 2001). Intrusion prevention basically involves the carrying out of intrusion detection and taking of necessary responsive measures to contain the threats. Incorporating intrusion detection on the physical design can also be helpful in logging the information concerning the security breaches such as frequency of alarms, and reports them to the security management for security management (Purpura, 2007).
The last layer in the physical design involves the use of video monitoring. Security cameras can serve to deter threats, but their efficiency is as a result of incident verification and facilitating historical analysis of the events leading up to the security threat within the physical space (Blyth, 2008). For instance, if alarms are generated, and a camera is installed, the camera can be used in verification of the alarms. It is also important that monitoring video does not necessarily imply a human response translates to intrusion. This means that the video must be monitored on a real time basis in order to facilitate incident response (Blyth, 2008). Placement of video cameras is an element of the physical design, while monitoring is the management aspect of physical security. Video cameras should be placed in locations whereby their potential damage is limited, although it is important to inform the potential attacker that the facility or the resource is under surveillance in order to avoid incidences associated with damaging the video camera (McCrie, 2006).
The underlying principle behind the functionality of the layered defense on physical design is that it creates multiple layers between the attacker and the resource or the physical space that is to be protected; in the sense that the deeper the attacker attempts to gain access into the restricted area, the more difficult it becomes for the attacker to gain entry. The multiple layer approach serves to prevent direct intrusion (Fennelly, 2004). Furthermore, the layered physical design offers natural platforms for the deployment of effective intrusion detection. In an ideal world, the physical layered security design should be able to delay potential security breaches, and provide sufficient time so that the organization can respond to a threat, thereby decreasing its impacts, which could be in terms of cost, prevention of theft and ensuring safety of the resources from being compromised (McCrie, 2006).

The influence of risk assessment on physical security
Risk assessment refers to the process of evaluating the impacts that a potential security threat imposes to the organization. It also entails determining the needs and priorities that are required for immediate emergency strategies in order to rescue organization’s critical resources and control the damage to the resource during an attack or an event that is considered to be a disaster (McCrie, 2006). Physical security risk assessment is an essential management task that is required for an effective decision making process, planning and control of the disaster response measures. Physical security risk assessment should be undertaken on all the phases of disaster/security threat that are identifiable in order to ensure that the planning and recovery strategies are effective (Purpura, 2007). In addition, the assessment offers vital information that can be used in the resource allocation during instances of security threats and events because it entails an identification of the key characteristics and vital process for effective response and long term recovery (Fennelly, 2004). Therefore, it can be argued that disaster situational assessment is the process through which the decision makers reorganize and eliminate the chaos that was imposed by a disaster. Disaster situational assessment activities offer important information that can be used to facilitate the process of emergency decision making and long-term recovery from the threats imposed by the security attack or event (Fennelly, 2004).
Physical security assessment primarily entails the identification of the assets in order to evaluate their value and criticality to the organization, conducting an assessment of the nature of the security threats in order to determine the scope of the problem, carrying out a physical security survey in order to recognize the physical security vulnerabilities and undertaking a risk analysis with the main objective of developing effective countermeasures to address the potential threats in a proactive manner (Purpura, 2007).
Facility characterization is a vital process during risk assessment, it mainly involves the identification of the potential security threats and events and their corresponding critical resources. Facility characterization with regard to physical security involves analysis of the current operating states and conditions of the physical space or resources that are to be protected. This warrants a description of the geographical location, the points of access within the facility, building locations and the floor plans for the facility (Fennelly, 2004). The processes within the facility also need to be described and identification of the current physical security measures deployed within the organization and their relative effectiveness. This data can be attained from the blue prints of the facility, reports regarding safety analysis, descriptions of the processes, surveying the sites and statements regarding environmental impacts. The next step involves an analysis and interpretation of collected data (Purpura, 2007). This involves the evaluation of the effectiveness of the current physical security strategies that are used in the organization. In addition, data analysis is used to determine the readiness of the organization to address and respond to any imminent security attack and or event (Blyth, 2008).
The most important characteristic to look for during risk analysis is the extent to which the security threat/event imposed loss of lives, fatal injuries and minor injuries. For the purposes of complimenting this, the extent of the property damage is also analyzed during a security event. It is also vital to identify the priorities of the people affected by the disaster and the entire magnitude of damage associated with the disaster (Fennelly, 2004). This is vital in the risk analysis of an area organization towards a disaster. In addition, it can be used in determining the effectiveness of the current disaster mitigation approaches (Fennelly, 2004). The next key characteristic to take note of during risk analysis is the time duration for the disruption of normalcy and the provision of critical services as a result of the disaster such as disruption of water and electricity supply (Anderson, 2001). This is important in ascertaining the criticality of the hazard, which in turn can be used in the development of long term and emergency response strategies. The third key characteristic to take into account in the event of a security threat is to evaluate whether there are any physical security measures on the ground and their relative effectiveness in handling the threat (Blyth, 2008). This involves identifying the emergency response capacity of the organization and the logistical resources that are available during the disaster (Blyth, 2008). This is vital during the process of designing or modifying emergency response and long term disaster recovery planning. Another important characteristic to be taken into consideration in the event of a disaster is the disaster preparedness of the organization. With regard the impacts of the disaster on physical assets of the organization; the following classification is developed when determining the severity of security attack and event (McCrie, 2006).
catastrophic Results to multiple deaths, severe damage of more than 50 % of property and shutdown of the major facilities in the town for at least one month
critical There are numerous severe injuries, facilities are completely shut down in a duration of at least two weeks and a severe damage of 25 % of property
Limited There are some injuries, facilities are completely shut down in a duration of at least one week, and severe property damage of about 10 %
Negligible There are minor injuries, facilities are only shut down for less than a day and property that is extremely damage is less than 10%

The influence of management on physical security
Management serves to compliment the core aspects of physical security by ensuring that the elements of a physical design are reinforced to enhance security. Security management ensures that access to the physical space should be limited within the organization perimeters, regulatory requirements also need to be put in place so as to monitor the activities within the space to be protected (Fennelly, 2004). Stringent policies regarding the disclosure of the organization’s information should also be implemented in order to ensure that outsiders cannot exploit the vulnerabilities imposed by the constraints in the management of physical security (Purpura, 2007). The mostly ignored common phenomenon by majority of organizations is that major security breaches are usually from within the organization rather than by outsiders. Management of physical security does not only delay the onset of the threats, but also provide avenues that could be used to detect potential threats and help an organization to take necessary control measures to contain the threat, thereby decreasing the consequences that associated with the security breaches (Purpura, 2007).
Management of physical security also involves the management of people, who are intertwined within the layers of physical security. Guards play an important role in all the layers of physical security. In the environmental design, guards serve as patrols and are positioned within the check points at the points of entry within the facility (Blyth, 2008). Within the second layer, they serve to facilitate the process of electronic access control, while in the third layer; they serve to respond to the alarms and other intrusion detection systems. In the fourth layer, they have the responsibility of monitoring and analysis of video (McCrie, 2006). Users too play an important role in questioning and reporting suspicious activities that may jeopardize the security of the physical space under protection. It is arguably evident that people management is central towards enhancing physical security, this is because people the human life is given priority in physical security in cases of disasters, security attacks and breaches (McCrie, 2006).
Security policies are an integral element of physical security management because they offer a framework through which security personnel are required to undertake their security activities in regard to the elements of physical design. Security policies ensure accountability, which is an important concept in physical security (Fennelly, 2004). Accountability means that individuals are answerable for any operations that take place within their allowable limits of access. It is therefore evident that computer use and security policies play an important role in ensuring accountability in an organization, which is an effective management requirement that guarantees the effectiveness of physical security (Fennelly, 2004).
Threat reporting procedures are also an important aspect of physical security management that enhances the effectiveness of response operations in the event of an attack or security breach. Effective threat reporting procedures should be based on the fundamental aspects of effective communications that ensures that it reaches the largest audience as possible. This can be implemented both in the physical security design and management aspects of security since it is initiated at the management level (McCrie, 2006). Threat reporting within the organization should be fast enough in order to reduce the potential loss that may be accrued from the disaster. it is important that the management ensures that there are effective reporting channels and procedures with minimal constraints. Threat response procedures should be in line with the evacuation policies and procedures, which are usually deployed in cases whereby the physical security parameters have been completely overwhelmed (Blyth, 2008).
Disaster recovery plans are also an important aspect of physical security; this is because there is no guarantee that the implemented physical security measures can effectively contain the threat. New threats are being facilitated by technology, implying that physical security platforms are not 100 percent effective; the organization must therefore have a provision for disaster recovery, in situations whereby the physical recovery has been overwhelmed. The main objective behind the implementation of a Disaster Recovery Plan is to normalize the organization’s activities after a major disruption (Fennelly, 2004). As a risk management strategy, a DRP is implemented prior to speculations of an impending disaster; this are moments that that the organization cannot intrinsically support its core activities (Fennelly, 2004). An important aspect of disaster recovery plan is that it should run automatically, with minimal cases of decision-making scenarios during occurrences of disruptions. Security threat response entails communication of the threat, containment of the damage imposed by the incident and minimizing the potential risks through protection of critical assets against potential attacks and minimizing the interference regarding the use of such facilities (Blyth, 2008).
Incident response and disaster recovery are also an important element of the physical security management. The main objective of incident response is to facilitate a quick and efficient recovery from a security incident. It also aims at reducing the impacts imposed by the threat, or a critical disruption of the functionality of the facility or resources in cases whereby an incident has taken place (McCrie, 2006). The plan of approach is basically systematic in accordance with the standard procedures of physical security in order reduce the possibility of reoccurrence. It is also important that the organization should establish a balance between the operational requirements and the security needs in the expected budgetary limits (Fennelly, 2004).

Conclusion
It is arguably evident that the effectiveness of physical security depends on the physical design, risk assessment and physical security management. These concepts are intertwined in order to enhance the effectiveness of physical security. The main objective of physical design is to inform the intruder that the costs associated with intrusion are more than the value associated with the initiation of an attack. In addition, an effective physical design that deploys the aspect of layered security is vital in creating territoriality within the physical space that contains the resources to be protected. Management on the other hand serves to add-on the core aspects of physical security by ensuring that the elements of a physical design are reinforced to enhance security. Security management ensures that access to the physical space should be limited within the organization perimeters, regulatory requirements also need to be put in place so as to monitor the activities within the space to be protected.

References
Anderson, R. (2001). Security Engineering. New York: Wiley.
Blyth, M. (2008). Risk and Security Management: Protecting People and Sites Worldwide. New York: John Wiley and Sons.
Fennelly, L. J. (2004). Effective physical security. Burlington, MA: Elsevier Butterworth Heinemann.
McCrie, R. (2006). Security Operations Management. Burlington,MA: Butterworth-Heinemann.
Purpura, P. (2007). Security and Loss Prevention: An Introduction. Burlington, MA: Butterworth-Heinemann.