Skip to content


Information on the protective security measures that can achieve the protective security principles of Deter, Detect, Delay, Mitigate and Response in relation to a building.

Last Updated 18 March 2021


Building covers:

  • Any structure containing critical functions essential to the operation of the asset
  • Access points into any structure (portals, wall, doors, windows and roofs)
  • Any structure containing information sensitive to the asset, and which would have  significant security implications to that asset or sector if compromised



  • Dissuade an adversary from conducting an attack through the use of robust visible security measures; and/or creating uncertainty around security measures (particularly within a building) to frustrate the planning of an attack
  • Utilise effective security communications and signage to amplify the effectiveness of security measures 
  • Minimise the profile of the asset such that other non-critical areas are more appealing


  • Describe the use of effective security measures and a culture of security within the workforce on the corporate website without disclosing any details useful for attack planning
  • Limit the details of the function of the building and the location of sensitive assets on the corporate website and on signage within the building


  • To identify threat or attack behaviours at every stage of an attack - planning, reconnaissance, deployment
  • Initiate an appropriate response to a threat or attack as early in the attack timeline as possible
  • Detect the loss of information or assets which have been moved off site
  • Identify unauthorised intrusions into access controlled areas within the building


  • Forming strong relationships with the local community to increase the likelihood of detecting hostile reconnaissance 
  • Use intrusion detection systems on the outer fabric of the building to ensure detection occurs at the earliest opportunity
  • Use an access control system to zone the building minimising access to the most sensitive areas and detect where intrusion(s) have taken place


  • Utilise the building structure and associated protective security furniture/measures to maximise the delay to an asset
  • Maximise the time required for an adversary to penetrate through the building and reach critical assets through the use of multiple varied protective security technologies and structures 


  • Strengthen the building fabric, create multiple approved security layers (walls, portals, floors, locks) between the building fabric and the asset
  • Ensure that different measures are used in the path to the asset and that the information on these layers is appropriately protected


  • Use of building protection measures to minimise the impact of any attack whilst considering the potential of any measures to add to the effect of an attack
  • Ensure access points are suitably protected and can be rapidly secured


  • Where glazing is used as part of building fabric careful consideration must be given to the selection of materials to minimise hazards posed during an attack
  • Access control systems configured to lock down access points from the security control room


  • Determine what response is required at your building and access points to the range of threats that your site faces and ensure measures are tied into the response
  • Where appropriate exercise response plans with relevant stakeholders, ensuring your lockdown procedures and the protections afforded are understood
  • Consider the ability of a response force to access an incident, including where the incident has affected access points
  • The response to an incident must consider whether invac/evacuation is the most appropriate


  • Reception has clear procedures for alerting security control room to an incident in reception enabling deployment of appropriate response
  • Use of internal CCTV to track an intruder and direct security officers

The following pages provide more information on the protective security measures which can be used to achieve the protective security principles above. Considering the impact a measure has on Deter, Detect and Delay is important to ensure the measures are complementary and all three Ds have been covered.



Did you find this page useful? Yes No