• Chegan SRM

The Building Blocks of a Security System: Deter, Detect, Delay, Respond

Updated: Apr 18

The goal of security is to deter and therefore prevent unlawful access to a person, place or thing in order to safeguard against threats such as espionage, sabotage, terrorism, damage, and criminal activity. There's no single strategy that's 100% effective against all threats, as each situation is unique and a determined adversary can always find a way to their target depending on opportunity, motivation, capability, and determination.

Security-in-depth is a layered approach in which complementary security controls can be implemented in order to secure the overall integrity of the person, equipment or place. Think of an onion and all the layers it takes to get through to the center. As you begin to peel an onion, it takes more effort to reach the center.

Security works best when it is layered, it requires a symphony of solutions that work together to create a cohesive security plan made from interlocking components.

The 4 main components in a security system are: deter, detect, delay, respond.


There are two main types of deterrence: physical and psychological.

A physical deterrence is meant to render a facility as an unattractive target so an adversary abandons attempts to infiltrate or attack. Discouraging an attack puts less strain on other resources and prevents further risk to people, property and reputation.

A psychological deterrence increases the likelihood that a criminal’s actions will be observed and reported to peace officers. Deterrent measures are usually accomplished at the site perimeter using highly visible security elements. Although deterrent features can discourage an attack (or other unlawful activity) it cannot stop an attack.


Detection methods are used to identify threats during the planning, reconnaissance and deployment phase of an attack in order to initiate an early response. Detection methods are most effective as an early warning to monitor and identify the threat before it penetrates the site perimeter or building access points. Detection measures involve the use of devices, systems and procedures to signal that unauthorized access (or an attempt) has occurred.

Detection methods won’t deny access to a facility, but they may draw attention to the adversary enough to give up on an entry attempt.


Delaying an intruder usually equates to decreased opportunity. The longer it takes an intruder to complete an attack, the greater the probability they will be seen and apprehended.

By creating a buffer zone between the target and their objective, the attacker could be enticed to a non-critical part of the facility, thereby delaying the attack. If someone penetrates any one of the aforementioned components it will take them time and energy to get through to the next layer, providing additional time to make critical decisions in response.

Not all intruders will be put off by security measures or other deterrents. Prolonging the amount of time it takes for an intruder to accomplish their objective, decreases opportunity in the criminal mind and allows for a longer response time for an intervening force to intercept the attack.


Response may be broken down into three major categories:

  • Immediate onsite response

  • After the fact response

  • Recovery

The response component requires communication to a response force (peace officer, guard-force) to alert them that an unauthorized person is attempting to enter (or has entered) the facility. Once a breech is detected, the response force is required to intercept and neutralize the threat before an attack has occurred, or control the situation if the attack has been completed.

An after the fact response is used to limit the extent of the incident and avoid the situation from worsening. This element includes: recovering stolen items, initiating emergency medical services (if the incident incurred casualties) and initiating a business continuity plan (if applicable). Once the situation is stable, this phase includes:

  • Reviewing video surveillance, incident report writing, and interviewing key witnesses

  • Damage assessment

  • Notifying key personnel; stakeholders, business partners

The recovery phase is the entities long term plan to recover from the incident. Depending on the type of incident this phase can include (but not limited to):

  • Working with law enforcement and legal teams to determine culpability

  • Prosecuting guilty parties

  • Working with insurance agencies to recoup a financial loss

  • Review/revise security plans to determine if the system met/meets its needs

In summary

The purpose of security is prevention and protection. Each of the layered security controls has to be planned in conjunction to the others. A perimeter fence alone may be ineffective if there’s no detection system in place to alert someone of a breech. A sophisticated detection system may be ineffective if nobody’s around to respond to a triggered alarm.

If you would like further guidance, Chegan SRM can help identify flaws in your current system, give recommendations and provide referrals.

Preparing your your place of work? CheganSRM can provide; business continuity plans (BCP), incident response, SOP development and staff awareness campaigns. Contact us for more information.

65 views0 comments

Recent Posts

See All