Volume 3 (2009)

The Journal of Physical Security 3(1), 2009

The first issue of The Journal of Physical Security (JPS) hosted by Argonne National Laboratory is there!

DOWNLOAD: PDF [54 pages, 1.25MB] - You may also download the articles separately (see below).

CITE as: Journal of Physical Security, Vol. 3 no. 1, 2009, http://jps.anl.gov/

Editor's Comments
Roger G. Johnston

This is the first issue of The Journal of Physical Security (JPS) hosted by Argonne National Laboratory. We’d like to thank Argonne for their support.
  JPS will continue to be a scholarly, peer-reviewed, multidisciplinary journal devoted to physical security research, development, modeling, and analysis. Papers from both the technical and social sciences are welcome.
  As always, the views expressed by the editor and authors in JPS are their own and should not necessarily be ascribed to Argonne National Laboratory, the United States Department of Energy, or the United States Government.
  This issue contains an eclectic mixture of topics...

DOWNLOAD: PDF [13 pages, 148KB]

CITE as: Journal of Physical Security, Vol. 3 no. 1, 2009, http://jps.anl.gov/

Paper 1 - Security Through Transparency: An Open Source Approach to Physical Security
John P. Loughlin

“Security through obscurity” has never been a sensible approach and now -with the Internet- is no longer achievable. A Google query on “lock picking” generates about 4,500,000 returns. There are about 10,000 videos on YouTube related to lock picking. Many bypass methods have gained wide attention including bumping and shimming as well as more sophisticated attacks on “high security” locks...

DOWNLOAD: PDF [5 pages, 94KB]

CITE as: Journal of Physical Security, Vol. 3 no. 1, Paper 1, 2009, http://jps.anl.gov/

Paper 2 - The Hobbyist Phenomenon in Physical Security (*)
Eric C. Michaud

Pro-Ams (professional amateurs) are groups of people who work on a problem as amateurs or unpaid persons in a given field at professional levels of competence. Astronomy is a good example of Pro-Am activity. At Galaxy Zoo [1], Pro-Ams evaluate data generated by professional observatories and are able to evaluate the millions of galaxies that have been observed but not classified, and report their findings at professional levels for fun. To allow the archiving of millions of galaxies that have been observed but not classified, the website has been engineered so that the public can view and classify galaxies even if they are not professional astronomers. In this endeavor, it has been found that amateurs can easily outperform automated vision systems...

(*) Editor’s Note: This paper was not peer reviewed.

DOWNLOAD: PDF [3 pages, 82KB]

CITE as: Journal of Physical Security, Vol. 3 no. 1, Paper 2, 2009, http://jps.anl.gov/

Paper 3 - Upgrading the Physical Protection System (PPS) To Improve the Response to Radiological Emergencies Involving Malevolent Action
W.F.Bakr and A.A.Hamed

Experience in many parts of the world continues to prove that movements of radioactive material outside of the regulatory and legal framework may occur. The aim of this article is to discuss a proposed physical protection system for improving the protection of radioactive sources used for medical purposes.

DOWNLOAD: PDF [8 pages, 178KB]

CITE as: Journal of Physical Security, Vol. 3 no. 1, Paper 3, 2009, http://jps.anl.gov/

Paper 4 - A Model for How to Disclose Physical Security Vulnerabilities(^)
Roger G. Johnston

When security vulnerabilities are discovered, it is often unclear how much public disclosure of the vulnerabilities is prudent. This is especially true for physical security vis a vis cyber security. We never want to help the “bad guys” more than the “good guys”, but if the good guys aren’t made aware of the problems, they are unlikely to fix them. This paper presents a unique semi-quantitative tool, called the “Vulnerability Disclosure Index” (VDI), to help determine how much disclosure of vulnerabilities is warranted and in what forum. The VDI certainly does not represent the final, definitive answer to this complex issue. It does, however, provide a starting point for thinking about some of the factors that must go into making such a decision. Moreover, anyone using the VDI tool can at least claim to have shown some degree of responsibility in contemplating disclosure issues.

(^) Editor’s Note: This paper was not peer reviewed.

DOWNLOAD: PDF [19 pages, 222KB]

CITE as: Journal of Physical Security, Vol. 3 no. 1, Paper 4, 2009, http://jps.anl.gov/

Paper 5 - Confidentiality & the Certified Confidentiality Officer: Security Disciplines to Safeguard Sensitive/Critical Business Information
John Kanalis

Confidentiality is the ethical and professional duty not to disclose inappropriate information to a third party. Confidentiality may apply because of the legal or ethical requirements of certain professionals, such as those who hold Certified Confidentiality Officer (CCO) certification (See http://www.becca-online.org/ccoprogram.html) In business, confidentiality exists to protect the privacy of a business entity, including its critical or sensitive business information. Policies and procedures are needed to safeguard against espionage and/or intentional or unintentional disclosure of sensitive or proprietary information. These policies and procedures may be mandated by laws or regulations, or by the professional ethical obligations of employees. These policies and procedures may also be implemented as a best practice to help decrease insider or outsider access to critical business information...

DOWNLOAD: PDF [4 pages, 97KB]

CITE as: Journal of Physical Security, Vol. 3 no. 1, Paper 5, 2009, http://jps.anl.gov/