Control PhysicalPatrols

A public space with a boundary, so it can feasibly be checked or inspected despite being a public space. The boundary may be a physical perimeter (e.g. as in a public building), or non-physical (e.g. a region within an open space whose boundary is specified on a map). Note that access to the space cannot be restricted. A separate PrivateSpace type is used for bounded spaces with a secure perimeter and access restrictions.

Represents a bounded physical space that can be secured to restrict access.

Device Gateway is physically monitored to rapidly detect if it has been physically removed, altered or substituted, so its manager HostManager can address any physical compromise. This strategy represents a contingency plan included in the system operating policies and practices, e.g. to repair or replace the affected device. Activation of the plan restores normal service, but if the device was stolen the attacker still has possession of the original which could still be misused.

Device Gateway having found to be physically removed, altered or substituted, action has been taken by its manager HostManager to restore normal service. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To implement the plan at runtime, signal HostManager that the problem was detected with Gateway which may need repair or replacement.

Device Host is physically monitored to rapidly detect if it has been physically removed, altered or substituted, so its manager HostManager can address any physical compromise. This strategy represents a contingency plan included in the system operating policies and practices, e.g. to repair or replace the affected device. Activation of the plan restores normal service, but if the device was stolen the attacker still has possession of the original which could still be misused.

Device Host having found to be physically removed, altered or substituted, action has been taken by its manager HostManager to restore normal service. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To implement the plan at runtime, signal HostManager that the problem was detected with Host which may need repair or replacement.

The physical space Space is patrolled at frequent intervals to ensure it is free of intruders. Note this does not prevent intrusion, e.g. to steal a device, but it does prevent some types of attacks where the intruder would need uninterrupted access, e.g. use of a device in the space for a significant period.