This blog is meant as a resource for Security Professionals,Property Managers, Builders, Designing Consultants, Architects, Project Managers, Law makers, Building approving authorities, Facility Managers, Security & Safety Officers & System Integrators. From Now we add Automation write-ups. For Safety please visit http://bhadrafiresafety.blogspot.in/
If you found this is useful then donate some amount, pls read my complete profile in RHS.
The International Healthcare Security & Safety
Foundation (IHSS) has released the 2012 edition of the Security Design
Guidelines for Healthcare Facilities. The guidelines are intended to be used by
security and design professionals for renovations and new construction.
“In comparing the International Association for
Healthcare Security & Safety (IAHSS) Basic Industry Guidelines with the
Healthcare Facility Design Guidelines, readers should be aware that the Basic
Industry Guidelines are more operationally focused and less prescriptive,” the
guidelines claim. “By their nature, the Design Guidelines are more prescriptive
and developed to assist security leaders, design professionals and planning
staff to build security into each new construction and renovation project.
“By reasonably addressing security risks up front and
early on during design, organizations can cost effectively address the safety
and security of new or renovated space. These steps will help reduce the
potential for security features either not being designed into new space or
added on as an afterthought, or becoming 'value engineered' out as projects
face limited budget dollars. The intent of integrating these guidelines early
in the design process is to emphasize the importance, incorporate the work into
other aspects of the project and ultimately to avoid expensive change orders,
retrofits or other liabilities incurred by the omission of appropriate planning
for a safe and secure environment.”
Core Design Principles & Requirements
Security Vulnerability Assessment (SVA): A mandatory initial step led by a Qualified Healthcare Security Professional to identify specific facility risks.
Layered Defense: Utilizing "protection in layers" which includes defined zones, controlled access points, and specific circulation routes for patients and staff.
Weapons Screening and Detection: A new focus area in the 4th edition providing protocols for implementing screening technologies at entrances.
Integrated Technology: Unifying access control, video surveillance (CCTV), and IoT sensors (motion, sound, and pressure) into a single management platform to improve situational awareness.
Emergency Management & Surge Capacity: Designs must support "all-hazards" readiness, including the ability to repurpose spaces for patient surges and implement rapid lockdowns.
Key Specialized Areas
Emergency Departments (ED): Treated as a high-security zone with physical barriers between public and treatment areas, including specialized "crisis intake centers" for psychiatric or high-risk patients.
Behavioral & Mental Health: Focuses on "ligature-resistant" design and patient visibility to prevent self-harm and elopement while maintaining dignity.
Infant & Pediatric Facilities: Requires strictly controlled access to mother-baby units and the use of delayed egress hardware on all emergency exits to prevent infant abduction.
Pharmacy & Cashier Areas: Physical separation from the public and advanced biometric or multi-factor access for narcotics storage.
Outpatient Facilities: The latest edition introduces specific guidelines for medical office buildings and outpatient clinics, reflecting the shift toward community-based care
Security Technology & Infrastructure
Smart Surveillance: Use of AI video analytics to autonomously identify aggressive behavior or weapons and trigger automated responses.
Access Control: High-risk areas (e.g., drug rooms, data centers) should use role-based and biometric credentials, while patient-only corridors limit public exposure to vulnerable patients.
First Responder Coordination: Installing "first responder kits" at entrances with digital maps, key cards, and radios to aid law enforcement during an incident.
CCTV cameras are available with various voltage
requirements. These include 12VDC, 24VAC, and 115/230VAC. 115/230V models are
rarely used, due to the expense of providing local high-voltage power. 24VAC
models are quite common in that they can tolerate greater wire distances than
their 12VDC counterparts, and are generally more immune to ground-loops. A
significant portion of cameras today are wide-ranging in that they can operate
on 12VDC or 24VAC.
12VDC Operation
Should the camera operate off of 12VDC only, special considerations must be
taken to ensure correct operating voltage. These considerations include short
wire runs, thick wire gauge, or slightly increasing the power supply voltage to
achieve the correct voltage at the camera. Another consideration is that 12VDC
cameras often connect the power supply return lead to the camera’s ground. The
result can be that current from the power supply may flow through the shield of
the video path, a recipe for ground-loops. For this reason, it is recommended
that 12VDC cameras be powered from a local 12VDC supply that has a floating
(not grounded) output.
Some products that allow 4-pair UTP wire to be used to deliver camera Power,
Video, and if necessary, telemetry Data. Some “cable integrator” pass-through
devices that allow the use of an external power supply and RJ45
connectorisation for in-house wiring. This allows for inter-operability with
external low voltage power supplies, including those that deliver 12VDC. An
example might be a 4 watt 12VDC camera, which is limited to a wire distance of
43ft (13 meters). This is not a particularly impressive distance, but a better
solution is listed below after we discuss 24VAC operation. 24VAC Operation
Also in the UTP range are cable integrators that have built-in individually
floating 24 or 28 VAC power supplies. The 28 Volt setting allows 24VAC cameras
to operate at extended distances over 4-pair UTP wire. Here, a 4 Watt 24VAC
camera with a ±10% tolerance can operate up to 1,047ft (319m). Dual Voltage 24VAC/12VDC Operation
Many 24VAC and 12VDC cameras are specified to be powered from a source that is
±10%, which is a range of 21.6 VAC to 26.4 VAC or 10.8 VDC to 13.2VDC,
respectively. To reduce the number of camera models, most camera manufacturers
incorporate a switching power supply that will operate comfortably off any
voltage from 10.8 to 30 volts AC or DC. These wide-ranging switchers can
therefore operate off 24VAC or 28VAC at very long wire distances, allowing
cameras to be powered from the head-end control room. This allows for the
entire system to operate off of one UPS. Here, a 4 Watt camera can operate off
a 28VAC supply but tolerate a voltage of 14 VAC, yielding 1,467 feet (447 meters). A 2.75 Watt camera can go over 2,000ft (600m).
12VDC Cameras Powered from a 24VAC Supply Should the camera not operate over this
wide range, consider using Converter the camera to convert from 24VAC to 12VDC.
Easily operate off a voltage as low as 12VAC, allowing it to be powered from a
24VAC or 28VAC source. When calculating distance, set the Camera Minimum
Voltage parameter to 14V (half the 28VAC value is where we get maximum power
transfer), and set the Camera Power parameter to be 10% higher than the
camera’s published rating. The camera current should not exceed 400mA. A 4 Watt
12VDC camera can be 1,336ft (407m) away from the power supply. a 2.75 W 12VDC
camera can be 1,942ft (592m). If you are design analog based CCTV projects, consider per camera per power supply. Always power cameras from a local power source such as a small transformer / SMPS. This is a simple way to do it and will require less cable having to be run which may be fine in a small / Big installation. Do not used Multi-Camera power supply, sometimes called a PDU (power distribution unit) to provide power for the cameras.
So how do you determine the correct CCTV power supply for your security camera system?
There are two main selection criteria.
The number of cameras to be powered.
The total current draw.
You will need to get the power requirements of the camera from the spec sheet or from the camera itself. Typically the measurement you need to know is how many amps the camera will draw for AC or DC power. If you don’t know the amps you can divide the watts or VA by the voltage to find out. As an example a camera my show 5W at 24 VAC. How many amps is that? Based on the chart you would divide 5 by 24 for approximately 0.200 amps or 200 mA (milliamps). If you have 4A Power Supply then see what happend as in below exp:
Example 1: You have 2 domes drawing 1 Amp each and 6 cameras, drawing 150mA each. Your total current draw is 2.9 Amps, well within the total available current of 4 Amps. This is OK.
Example 2: You have 5 domes, drawing 1 Amp each and 3 cameras, drawing 150 mA each. Your total current draw is 5.45 Amps, exceeding the total available current of 4 Amps. This in not OK. Your installation will not work.
Practically Major Camera showing Video Loss due to use of multi camera power supply (8 in 1, 4 in 1, etc) in India. Maximum Indian (Mainly Stores, Hospital, Small Office, Hotels etc) used multi camera power supply due to low price (In 2012 you can get 12V@5A Power supply Rs. 1200/-). Where as Power Plant, Big Organization etc used 12V@1A power supply per camera (In 2012 you can get it Rs. 300.00/-) Just Imagine if you have more then 08 nos of camera. Also Visit: http://arindamcctvaccesscontrol.blogspot.in/2012/11/voltage-amperage-guide-for-your-cctv.html
How you stream video has a major impact on quality and bandwidth. Typically, when people think streaming or encoding, CODECs such as H.264, MPEG-4, etc come to mind. However, regardless of the CODEC, one still needs to choose how the video stream handles changes in scene complexity. This is where streaming modes such as CBR and VBR come into play. They have a major impact on quality and bandwidth consumption. In this report, we provide a tutorial and recommendation on how to optimially choose and use streaming modes.
Choosing between CBR and VBR modes is typically overlooked:
CBR stands for constant bit rate and like the term implies aims for a constant or unvarying bandwidth level
VBR stands for variable bit rate and like that term implies allows the bit rate to vary
You need to determine whether and how much you will allow the bit rate levels to vary.
Why the Difference
What you are filming can vary dramatically in complexity:
If you have a camera zoomed in on a white wall during the day, that is a very simple scene. For a 'good' quality level, a 720p HD / 30fps stream might need 200 Kb/s for this.
By contrast, if you have a camera aimed at a busy intersection, this is a very complex scene. At the same exact settings as the first scene, you might need 20x the amount of bandwidth, or 4,000 Kb/s to maintain the 'good' quality level.
The more complex the scene, the more bits (i.e., bandwidth) you need to maintain the same quality level. It does not matter how 'good' or 'advanced' your codec is, this will always be the case.
Surveillance Challenges
The main practical surveillance challenge is that scene complexity can vary significantly even on the same camera and across just a few hours. Set the camera to use too little bandwidth and the image quality will suffer. Set the camera to use too much bandwidth and you will waste significant money on storage.
IP Camera Implementation Issues
Making the choice more challenging, two common issues arise:
Camera manufacturers have widely varying defaults - both in terms of encoding modes enabled and bit rates used. As such, two different camera's efficiency in using bandwidth can vary dramatically even if the frame rate and resolution are the same.
Manufacturers usually do not use the terms CBR or VBR, often creating novel controls or terminology that can be confusing to understand. It is easy to make a mistake or misunderstand what their controls allow.
With inexpensive options and the improvements in technology against false
alarms, more and more dealers and systems integrators are expanding their
security to the perimeter. While interior protection will always be a part of a
complete intrusion detection system, perimeter security allows end users,
on-site guards and remote monitoring centers to know the moment an intruder
steps onto the property. Below are ten tips to remember when planning a
successful perimeter security system:
Stay current with technology. Your manufacturers should provide in
house training at your office for your sales and installation teams at no cost
while updating you on trends, technology, and the latest equipment. Successful
dealers work directly with the manufacturer's sales personnel to help design,
propose, train, and even close your projects for you. Including your
manufacturer in the sales process, including sales calls, will lend you instant
credibility and close more sales all at no cost to you.
Assess how your client intends to use the site. Make sure that your
client understands how the products you are recommending work. This will help
to avoid any future problems such as the client moving things around the site
and accidentally blocking AIR paths or creating dead spots in front of PIR
detectors.
Become certified. Many times a manufacturer will provide
certification training on higher-end perimeter detectors at no cost. This not
only allows you to become familiar with the product and its applications, it
gives you the opportunity to offer more options to the client.
Use the tools available to you. If the manufacturer has
tools/appliances recommended to use during set-up, use them. Not only will they
make sure the products are set-up/calibrated correctly, they are often a huge
time saver during the installation process.
Confirm your design/site plan with the manufacturer. It's important
to do this before quoting your customer. Oftentimes the manufacturer will find
something you missed or ways to save you money with a different design.
Use recommended manufacturing mounting hardware and accessories. When
bundled with photobeam towers, premier manufacturers will mount and assemble
your perimeter detectors at no additional cost. This allows for a tremendous
amount of savings on labor and opportunity cost. The cost of driving to your
local hardware store and standing in line to buy simple items can be saved many
times over by having the manufacturer assemble and ship your equipment directly
to your job site. This also provides a professional look to your installation.
Go wireless! Eliminate the additional expense of costly labor and
wiring to gain more jobs and provide a better-designed system. There are many
options for reliable wireless detection for outdoor/perimeter applications.
Utilize video monitoring/verification wherepossible. When
you're dealing with outdoor systems, legitimate activations by an animal or
person can often be considered "false alarms" when there is no
evidence as the police or client responds 30 minutes later. The majority of
photobeam and PIR detectors can easily be set up to trigger a camera.
Strategize and plan your detection coverage. Use redundant measures
for true security such as double stacking your photoelectric beams to keep
intruders from “jumping over” or crawling under. Along with protecting the
perimeter, use rugged outdoor high mount PIR detectors with false alarm
prevention technology for spot protection – they are low cost, reliable, and
provide a interior trap.
Verify your perimeter's limitations. For example, when using
Photobeams as a perimeter, make sure you have enough space between the wall or
fence and the detector so that an intruder cannot jump over the beam and bypass
the perimeter. If using PIR devices as your perimeter, allow yourself ample
room to make sure there will be no bleed-thru beyond the fence line.
Following these simple tips can mean the difference between a problem free
perimeter security system and one that will cause headaches for you and your
client. With the assistance of a quality manufacturer and advancement of new
technologies, there is no reason to not have a successful install.
PoE
was, and is, supposed to make the powering of devices easy. You take your
camera or other device that accepts power via the Ethernet port, you plug in
the RJ45 jack to the port, and you walk away. Inside the head end, you plug the
other end of the same Ethernet cable into a PoE switch or PoE injector and
voila, power is magically delivered to the device along with the data
connection. In theory, all of the normal worries are gone. AC power or DC power
is irrelevant, and you don't even have to worry about over-powering a camera
that, were you to fry it, could potentially set you back a few thousand dollars
in equipment costs and man hours!
PoE
was supposed to be this way, but practical reality has diverged from the perfect
world concept in such a way that the actual installation is almost never that
easy. So set aside the “perfect world” notions you have, and let’s start with
the basics, so you can understand how PoE works.
There
are four classes of PoE: Class 1, 2, 3 and 0. Each PoE classification denotes a
range of power that is available to the end device as well as the power that
must be available on the port of the power sourcing equipment (PSE):
PoE
Classifications
Class 1 -- 4.5
watts at PoE port; 3.84 watts at device
Class 2 -- 7.5
watts at PoE port; 6.49 watts at device
Class 3 -- 15.4
watts at PoE port; 12.95 watts at device
Class 0 -- 15.4
watts at PoE port; .44 to 12.95 watts at device
In
the world of PoE there are two kinds of switches that can provide PoE; the kind
that operates with a “guarantee per port” and the kind that operates with a
“total power budget”. Both kinds of switching are useful but there is a
significant difference between them. If you happen to have a switch nearby,
look at it and see if you can tell into which one of the above two categories
your switch falls.
A
switch that guarantees a certain wattage per port -- 15.4 watts per port, for
example -- means that you can be sure that no matter how many Class 3 or Class
0 devices are plugged in, the switch will be able to power them. Of course,
these switches tend to be bigger, more expensive and ill-suited for use outside
of a nice climate controlled room, but they do prevent errors in power
planning.
The
second type of switch mentioned above -- the kind with a total power budget --
can only power as many PoE devices as it has power to spare. Imagine that you
are working with a 4-port switch that carries a total power budget of 30 watts.
This kind of switch could power four Class 2 cameras (4 devices x 7.5 watts =
30 watts needed). It could also easily power four Class 1 devices (4 devices x
4.5 watts = 18 watts needed). Continuing with that math, it would be able to
power Class 3 or Class 0 devices, but it could only power two of those types of
devices.
Power
planning is where the rubber meets the road, and it brings up a challenge in
our industry.
What happens if a chosen device (i.e., a PoE powered camera) does not
clearly specify the PoE class and instead simply gives an operating wattage?
You might think that this is OK since a camera which says “6.01 watts” is
within the Class 2 specifications and therefore must be Class 2. But that’s
where reality often diverges from common sense. In theory, what is supposed to
happen is that a device is clearly labeled with a PoE classification so that
when said device is plugged into a PSE device, the power budget has been worked
out such that each device will receive its required PoE.
What I believe the security industry needs – right now, since PoE is
happening today -- is clear labeling of the correct classification of PoE on
each and every device that uses PoE. It is all well and good to place the
operating or maximum wattage on the device, but industry manufacturers need to
take the next step!
Manufacturers should label the device, print it on in large type and with
bold colors, CLASS 1, CLASS 2, CLASS 3, CLASS 0, or whatever PoE Plus will hold
as a classification. It's OK if your device actually only draws 3 watts during
normal operation but for some reason is Class 0. Just tell your integrator
channel partners and end users by labeling the device in the manner in which it
was intended to be used. This lets system designers know the classification so
that they might properly create a power plan and buy the correct devices. No
one wants to be in the field trying to get a project done on time and only then
realize that their switches don’t have enough power for the devices they’ve
purchased.
While I am solidly standing on my PoE soapbox, let me also make a plea for
PoE classification to be a priority on data sheets and marketing slicks. Some
camera manufacturers make wonderful versions of these spec sheets. You’ll find
photos, technical illustrations, cross reference charts, and more -- and often not
a hint of PoE classification to be found anywhere. As someone who works with
PoE, it sometimes seems as though PoE has become the crazy uncle that everyone
has and who no one wants to invite to the party. Unfortunately for all of us,
the crazy uncle could actually be the life of the party -- he makes it easy to
entertain the guests and always has enough cash to pay for pizza -- but we
haven't managed to take advantage of him yet!
PoE is supposed to make things easy, and between the standards bodies, the
independent PoE offerings, the lack of classification usage, the errors in PoE
chip usage within devices, and the propensity of some manufacturers to create
Class 0 signatures in devices that draw minimal wattage, PoE's original purpose
has been obfuscated in a way only rivaled by the current explanation of the
financial bailout.
Why has it become so
complex? Who knows! Unfortunately it has, and confusion has also shared a taxi
with a lack of education on the road to PoE's widespread acceptance. People see
a label on a device that says “802.af” or “IEEE Compliant” and then
automatically assume that they can plug it into a PoE switch or midpsan and
have it work with no problem. What makes the education problem worse is that
often it does work with no problem, and this leads people to the assumption
that PoE is really nothing more than Windows “plug and play” for power. Unlike
Windows, however, there is no “blue screen of death” when using PoE. Instead
there is a device that does not power on, or (in rare cases) a device that does
power on followed by smoke, the smell of singed chip boards and fried
capacitors, and then what was a very expensive security device becomes an
equally expensive paperweight.
Until now in the world, eBay still remains one of the
biggest auction websites. Millions of items are sold through eBay all over the
world, including surveillance cameras.
Although its network is huge and it is well managed, you
are still not satisfied with the products you purchase form the website,
especially if it is a video security camera system. According to the report of
Metropolitan Police in UK,
there are over 100 eBay related crimes every month.
Here are some tips for you when you are purchasing a
surveillance camera on eBay, you can take a note if you think it is useful.
1. Know the seller. It is very important
that you can vouch for the credibility or trustworthiness of the seller. Read
the reviews. Ask for feedback straight from the buyers themselves.
2. Search extensively. There are thousands
of surveillance cameras and sellers you can find in eBay. It is going to be
purpose defeating if you are going to simply opt for one seller and one kind of
camera. There are different ways on how to search comprehensively in eBay. You
can read the tutorials or guides available in the website.
3. Determine how much you are willing to pay. You
can search for surveillance cameras based on their price. Thus, it will be
easier for you to purchase one that fits your budget. If the one you like does
not, you can always practice the art of negotiating or haggling with the
sellers. As long as they can confirm your authenticity and your faithfulness to
the transaction, they may offer you with a good discount.
4. Read the descriptions. It
is not enough that there are surveillance camera images. They should also have
their corresponding descriptions, and they must be very detailed. This means
that if there are minor defects, these should be listed to ensure that you know
what to expect from the product.
5. Read the policies. Though eBay has its
own general policies, every seller may implement their own. It is wise to read
about their rules in shipping and purchasing before you proceed with the
transaction. It is unfair to cry out fraud if the neglect is actually committed
at your end.
Normally, sellers would accept cash or credit card
payments. They would also send surveillance cameras for free if you are very
close to the seller’s residence or business address.
6. Obtain a guarantee. Never purchase a
surveillance camera if the seller cannot provide you with a warranty or
guarantee. You have to remember that you cannot test the equipment before
purchase. A guarantee will make sure that you can return the item if ever it
does not work as expected.
7. Decide what you need. There
are different kinds of surveillance cameras you can choose from. You can spend
less time in eBay as well as prevent yourself from the sweet talks of sellers
if you already have an idea of what you need. For instance, if you want to
observe people inside buildings, you can opt for spy cameras.
Knowing well above these tips, you can have a great
shopping experience on eBay, save time and money most of the times.
CCTV
systems collect all types of information for a wide range of reasons. While the
equipment is valuable, it is almost always the records, and the information
they hold, that matter the most.
Many
CCTV systems record images of people, especially if they are set up in a public
space. This type of record is 'personal information', which is protected under
privacy legislation. As a result, every effort should be made to keep the
records secure and avoid misuse.
Managing
the risk to records protects the CCTV owner as well as the individual being
recorded. CCTV records may be used as evidence in criminal proceedings. They
can also be used to demonstrate that an innocent activity was genuinely
innocent. Either way, the records should be stored securely until they are
handed over to the police. For private operators, there may also be good
commercial reasons for ensuring confidentiality of the records.
At
a basic level, the question is: what can go wrong, and how much does it matter?
CCTV
systems are exposed to a range of intentional physical security risks such as
tampering with camera placement, power supplies, communications cabling and
controlling equipment. These risks may be prevented with physical control
measures, such as housing these items in locked enclosures appropriate to the
risk and environment (such as equipment that is accessible to the
public). Procedural security can be used to deter and detect attacks on
CCTV infrastructure by visual inspection and review of indicative alarms.
Natural
disasters also present risks. You can't prevent fires, floods, or earthquakes,
but you can minimise the risk of damage or loss of data from your CCTV system.
While insurance can cover the loss of equipment, data is not replaceable.
A good offsite backup system for electronic data, such as CCTV video,
configuration data, usage logs etc, can reduce this risk. Systems that
instantaneously backup data provide less likelihood of data loss when compared
to scheduled periodic backups.
Modern
digital CCTV systems are typically dependent on computing equipment performing
continuously. Protection from inevitable hard disk failure is usually
provided with redundant disk storage systems (using RAID arrays). Once a
disk failure has been detected (automated detections should be tested
regularly) it can be substituted with a replacement disk onto which the missing
data is automatically copied. This rebuilding process can take many hours due
to the large storage capacity which presents additional risks; the storage
system may not cope with rebuilding load resulting in missing data, and data
from any further coincidental disk failure(s) may not be protected (depending
on the redundancy design). Whilst it may be impractical to have
full CCTV system redundancy it may be prudent to maintain service spares of
essential components. For example, power supplies are required for
interrogation of system data or access live CCTV resources. As such
battery backup and/or alternate utility supplies may be warranted.
Attacks
on CCTV information from human threats can be grouped as:
Availability; the information is not required when needed. Information may
have been deleted accidentally or maliciously, or normal access prevented
through disruption to normal processes, such as physically damaging
equipment and communications or inundating communication channels.
Accuracy; the information has been compromised. This may include substitution
of real data with artificial data, or breaching evidential requirements
for handling information that casts doubt on its authenticity.
Confidentiality; the information has been disclosed to unauthorized persons.
This may have occurred with or without knowledge of the CCTV system
owner. An obvious example of this is the unauthorized duplication
and dissemination of video to media outlets - made easier if operators
have ready access to high speed internet connections. A less obvious
example may be an unauthorized access by computer 'hackers' where CCTV
systems are interconnected with other data networks.
Integrity; the information has been compromised. This may include substitution
of real data with artificial data, or breaching evidential requirements
for handling information that casts doubt on its authenticity.
Even
with the best of intentions, mistakes can and do happen. They include
accidentally deleting records or even entire hard drives, overwriting backups,
forgetting to maintain a system, placing cameras in the wrong place, or
forgetting to make a regular, scheduled backup. Some of these can be prevented
by information management policies that include user training and restricting
access to system resources, usually with logical access control (such as user
sign log-on accounts). This can also help reduce the chances of deliberate
actions aimed at destroying or stealing data or equipment. Personnel
security vetting is often included in licensing requirements and can reduce
risks of inappropriate usage by CCTV operatives.
Cybersecurity Measures (Protecting the Network)
Change Default Credentials: Immediately change default usernames and passwords for cameras, routers, and Network Video Recorders (NVRs) to strong, unique credentials.
Implement Network Segmentation: Place CCTV cameras on a dedicated Virtual Local Area Network (VLAN) to isolate them from critical business IT networks.
Update Firmware Regularly: Check for and install firmware updates from manufacturers to patch known security vulnerabilities.
Disable Unnecessary Services: Turn off unused features like UPnP (Universal Plug and Play), HTTP, and unused network ports.
Use Encryption: Ensure data is encrypted in transit (using HTTPS or VPNs) and at rest (using AES-256 for storage).
Secure Remote Access: Avoid direct port forwarding. Use a VPN for secure remote access to the system
It
is worth considering how you will manage these and other risks to the security
of your CCTV equipment and records. Most strategies fall into one of four
categories:
Avoid the risk - for
example, by moving a camera out of reach of vandals, or locking a door
after hours.
Transfer the risk -
for example, by outsourcing the CCTV system and ensuring that contracting organizations,
within the contract, are responsible for the security of records.
Accept the risk - for
example, by relying on default settings in CCTV equipment because you
believe the risk is low.
Reduce the risk - for
example, ensuring only authorized people have access to CCTV computer
systems and information.
In
most cases, the final approach uses several strategies and depends on
individual circumstances. It ultimately depends on the value of the records,
the risk of loss or damage, and the consequences. These decisions are best made
before the records are collected and, if possible, before a CCTV system is even
installed. It is advisable to have an Information Security Management
Plan that includes CCTV systems to ensure that risks are treated
appropriately. The policies and procedures used to apply information
security should be competently reviewed and executed.
Physical Security Measures (Protecting the Hardware)
Lock Down Equipment: Secure recorders (DVRs/NVRs) and network switches in locked cabinets or access-controlled rooms.
Protect Cabling: Use cable conduits to prevent tampering, "smash and dash" thefts, and environmental damage.
Anti-Vandal Enclosures: Use cameras with IK10 impact-resistance ratings for high-risk, accessible areas.
Regular Maintenance: Clean lenses and inspect cameras for tampering, ensuring they have not been moved or covered
Government
organizations have an additional obligation to consider the security
classification of CCTV records and may consider implementing an information
classification policy in accordance with the relevant government regulations.
The agency's security officer should be contacted for advice in these
cases.
Personnel and Operational Security
Employee Training: Educate staff on the risks of phishing, the importance of password security, and how to report suspicious activity.
Manage Staff Turnover: Immediately revoke access to the CCTV system for departing employees.
Work with Professionals: Utilize reputable, certified installers who understand both physical and cybersecurity requirements
Information
classification should be considered by private CCTV system owners, particularly
with the advent of computer based CCTV system designs and high capacity
portable media.
This
process helps provide assurance that CCTV records information will be handled
appropriately to reduce negative risks.
