top of page

FOUR OF THE BEST THINGS YOU CAN BUY TO PASS THE CISSP EXAM

71OMr0D4FrL._SL1500_.jpg
119159849_10158061653118813_5314694876572739015_n.jpg
four video.png
71eSH5cSYiL._SL1377_.jpg

Stories of a CISSP: CPTED


Winter is always a time of continuous critical thinking on this complex topic: what to do with the kids instead of being in the house all day?

My day consists of thinking about what problems were solved on the firewalls at work, what new CISSP content to create for the member's portal, catching up on email, answering direct messages, and what new fun activity will occupy two pre-preschoolers while maintaining my own frustration threshold?

Today: going on the subway.

It was a brand new above ground metro rail with fancy new seats and digital screens showing a mix of safety tips, safety awareness, and some advertisements for local businesses. Just enough distractions to keep the kids occupied for 2 stops and then back again. The metro itself was adjacent to a pretty ritzy city zone.

I had never been there before and came to see signs that all the parking was located underground. The first and second parking levels were only to be occupied if you were parking for the shopping mall, proof of which is provided by your validated ticket from one of the stores. So, we had to park in the third floor for metro parking. No big deal, just had to take the elevator up from there, no big deal...

I started to get a weird feeling after going down the 2nd floor ramp and entering the third floor. It was still early in the morning on a Sunday so it was kind of barren. It was also cold. The screeching of the galvanized rubber tires was echoing throughout the garage as well. There was nobody else in sight, even though there were a few other cars. These factors all slowly added to the heightened stress levels. Only thing going through my mind was "Man, I'm responsible for everyone in this car. Better toughen up and accrue some bravery...".

It's a safe neighborhood and all, but as a father you still get a little bit defensive and your primal instinct just kicks in. My imagination thought of all sorts of scenarios: your standard carjacking or robbery. Even just anyone, malicious or not, coming up to the car and asking questions or even just talking to me. Or maybe a group of rowdy teenagers would try to vent out their angst by hurling vulgar comments. I even went as far as to think that 3-4 vampires would appear out of nowhere and bathe in our blood. I guess we think of all these scenarios in our imagination to mentally prepare for them just in case, just so it's not a total surprise if it happens. Even though none of these things have ever happened to me and the chances are low to none.

But all these crazy thoughts were carefully being mentally discarded as my CISSP studies started to take over. I was counting on the fact that there had to be Crime Prevention Through Environmental Design, otherwise known as CPTED from Domain 3: Security Engineering of our CISSP studies.

CPTED is influencing human behavior through physical design without being blatant about it. CPTED has branched out from being used in organizations and facilities to places of public development, like metro parking garages. CPTED serves two important necessities: reducing the fear of crime (my current state), and the ability to commit a crime (or at least having a high chance of being caught if done). These were the two types of security controls I was desperately hoping were in place.

At a high-level, there was just no way I was the first person to feel nervous in this micro-environment of a garage and there was no way the architects would not consider safety of human life first above everything else (just like for CISSP exam).

Some examples of CPTED being used which we may not even realize are things like benches and playgrounds around urban or suburban landscapes. These encourage usage by the public, which brings in more eyes on the area just in case something occurs. These provide a place of not just comfort and activity, but a place for people to observe other people.

Continuing to drive in the third level parking garage, I put my faith into security and started to just take in some casual observations while pretending to look for an unmarked parking spot. I wasn't about to park in the first open spot without completely checking out the area first with the quickest route to the elevators. This was a new building in a ritzy area so I knew some high-tech surveillance, monitoring, and lighting would be here, along with a relative amount of safety features. I mean, the cars I was around were for the most part luxury foreign imports and one of the corporate offices belonged to a giant online search engine provider.

The picture below is my view while driving:

In the third sub-basement level parking garage the cars are sparse and separated with concrete pillars. Although they did not help my situation right now, these pillars not only support the upper levels, but also force cars to take careful turns at slow speeds - lowering a violent impact to other cars and pedestrians.

I noticed from the tires and getting out of the car that every sound echoed throughout the vicinity. This would allow me to hear any footsteps or other cars approaching my area - whether this was unintentional or a part of CPTED design, it worked for audible security.

This is the view when getting out of the car:

The ISC2 CISSP Fourth Edition study guide says it is best to have "high lighting levels to illuminate the exterior of the parking facility." It also goes on to say that "increasing visibility to paint the walls of the structure white to reflect light. Lighting fixtures should also be strategically placed to bounce light off the walls and reduce dark corners where criminals or attackers could hide". Everything recommended by the study guide is practiced in this picture, except for completely white walls, but there is a good amount of reflection nonetheless.

I didn't exactly measure it out at the time, but the distance between lights was pretty close as to reduce dark corners. The idea being that you can identity someone's face coming at you from 10 feet away. You can see in the picture near the fan on the right, there were also small boxed enclosures attached to the pillars which looked like something you'd push if there was a fire, but it was actually to call for help. You didn't have to hold the button down, but just press it once and it would contact building security through an open speakerphone. When they spoke, they can hear not only you but every other noise going on around you (like the noise of two people fighting, screaming, or gunshots).

Also notice that those fire suppression systems were most likely wet pipes, as I saw some dripping water. Wet pipes have water running through them all the time. Dry pipes do not fill with water until activated. It's all in your CISSP books. I also talk about it in a complete video in the member's portal of this site.

Stress levels started to go down as I started pushing the stroller in one hand and held my other kid's hand in the other hand as we came up to the elevator.

This is the view to the elevator area:

Notice the clear glass door and wall? This gives others a view from the outside if anything is going on in there. We can imagine the things an assailant may do to a victim in that enclosed space. Clear glass doors provide another CISSP concept from Shon Harris 7th Edition known as "natural surveillance". The walls in there are also painted white, as suggested earlier. Others can see what is going on even though they are not at that location at the time. It is also brightly lit with small little helpful stickers you can take with you to remind you which level you were parked in. These stickers serve as little friendly gestures which make you feel good and not think about why the security measures are designed the way they are. They are controlling the environment's security without letting you know, without freaking you out about it. After all, this is a family area and not all of us are Green Berets or mixed martial arts experts or comfortable carrying a weapon or even know how to use one. Some of us just believe people are good in general and go by statistics and try their best not to be one.

You will notice that there are also bollards installed in front of the main doors. Bollards are concrete barriers. They are there so someone can't just drive their car through the door and into the elevator waiting area, a place where a lot of people can converge.

Although not 100% effective (like all security controls), these CPTED measures made me a lot more comfortable in my surroundings as the odds of a crime being committed here was fairly low, which is the exact intention of crime prevention through environmental design.

My insecurities were secured by knowing my CISSP concepts. Just another benefit of studying the CISSP content, regardless of whether you pass or fail the exam.

My kids had no idea about my thoughts and remained care-free, as they should be. They enjoyed the metro ride along with a pizza lunch and a small ice cream treat afterwards, while their dad thanked his lucky stars to be in the security industry.

Thanks for reading.

CISSP Take-Away Concepts

Domain 3: Crime Prevention Through Environment Design

  • Lighting, glass doors, parking spaces, emergency help buttons, bollards, and the general architecture of the parking garage contributed to a well-designed environment with security

bottom of page