SECURITY ACCESS CONTROL EFFECTIVENESS DESIGN

Abstract

South Africa’s infrastructure has faced a barrage of security attacks that has led to the promulgation of the Critical Infrastructure Protection Act (CIPA) No. 8 of 2019. Residual risk (i.e., that which remains after the threats have been mitigated) must be assessed for the critical infrastructure security system as part of the total security system design. One area that requires attention is access control. This paper demonstrates how to approach such a design, with a particular focus on the effectiveness of the access control system and how to choose the biometric or digital key (such as access cards) system. The approach starts by defining access control events that in turn are used to define access control effectiveness in respect of the probability of invalid access and of anomaly detection. The theoretically derived results are validated by a simulation. Based on these models, guidance is provided for the design of access control for critical infrastructure.