How to increase security through building design

Crime Prevention through Environmental Design, or CPTED, is a method used in security planning that focuses on design, placement and the way the building is used as a means to increase security in an aesthetically pleasing manner.

Crime Prevention Through Environmental Design, or CPTED, is a method used in security planning that focuses on design, placement and the way the building is used as a means to increase security in an aesthetically pleasing manner.

“CPTED tends to provide a purposeful sense of orderliness in developing a security program,” says William Nesbitt, president of SMSI. “It’s geared at trying to not only have an effective security program, but to have that program be perceived as being effective. It has to do with both the appearance and the perception.”

CPTED principles can vary from place to place and firm to firm, but the three that are fairly standard are Natural Surveillance, Natural Access Control, and Territorial Reinforcement. These principles, though most easily used when designing a new building, can be used in virtually any type of building or scenario, new or existing.

Natural surveillance

“Doing a lighting study is one of the most important pieces of the Natural Surveillance principle,” says Toby Heath, electromechanical specialist at ASSA ABBLOY. “That involves measuring the light output every 10 feet throughout parking lots and the perimeter of a building.”

Because light starts degrading as soon as you install a light bulb, chances are good that existing lighting isn’t particularly safe if it has been around for a while, says Heath. “One of the biggest things that people don't understand is that you have to look at light uniformity, which is the difference between the lightest and the darkest spot. You want to have certain thresholds so that when people are driving by or people are in the building, they can actually see what's happening.”

The 3-7 rule is an important component of natural surveillance as well, says Heath. This means that all landscaping around the perimeter of the facility should be no taller than three feet for shrubs and plants and there should be no foliage below seven feet for trees. This leaves a clear view of people, making criminal activity easier to spot. Heath says not following the 3-7 rule is a common oversight at facilities because people don’t realize that landscaping obstructions may cause points of vulnerability.

“The idea of surveillance in and of itself has a deterrent value,” says Nesbitt. For example, having parking lots adjacent to a building with no obstruction to the view no matter what floor you’re on may cause criminals to pause. For schools, putting the bike rack near classroom windows where it can be seen deters thieves, Nesbitt says.

Making sure windows are unobstructed and clear is another component, particularly in a public space, says Heath. “K-12 schools are a big violator because teachers like to put artwork up on the windows,” he says. “You need two-way visibility so people can look in and you can look out.”

Natural access control

“It’s really important to minimize the points of entry to a building to one, for visitors as well as employees,” says Heath. “It’s completely inconvenient, but there’s always that balance between security and convenience to find your sweet spot.” In a related matter, all doors should be inspected to make sure they close completely and by themselves. Having open doors creates huge vulnerability points.

[ ALSO ON CSO: Skip the picks, expert uses hammer to open a Master Lock ]

Wayfinding is also hugely important in the quest for natural access control, both Heath and Nesbitt say. “It's really important because as buildings get older, obviously there are renovations, improvements and additions. Within hospitals, departments move around all the time over the course of years and places can be marked incorrectly or not at all,” says Heath. “Having people coming into your facility and not being able to find where they’re going is a catalyst for a crime of opportunity.”

For new buildings, “designing sidewalks and entryways with not just a sign, but inviting you to go in a certain direction” employs this principle of natural access control, Nesbitt says. “In some hospitals you sometimes see where they have different colored lines that help people find their way. All of these things can be done through design.”

Territorial reinforcement

“Territorial reinforcement basically tells you where your property begins. There is no defining property line, so to speak, so if you give cues as to where the property is and what’s under your control and maybe some signage, it helps you establish the foundational basis that you have control over this piece of land from this point inward and it’s not common area,” says Nesbitt.

Changing the way that areas around and inside the facility are used is one aspect of territorial reinforcement. “Over time, some places get used more than others. People go to certain areas and some areas are avoided,” Heath says. “It’s important to be aware of where those areas are because obviously the opportunity for crime is way higher in the non-used areas.”

Putting safe activities in unsafe places helps. “An unused space could have a bench or a winding walkway or nice shrubbery, something to invite the public to use that space, which forces the crime out of the area. It’s a slow migration. You want to reinforce that the whole territory is a safe place,” says Heath.

Natural landscaping is also a big part of territorial reinforcement and of CPTED, Heath says. Buildings that once had beautiful shrubs and landscaping often don’t keep up maintenance or landscaping gets cut in the operational budget. “Putting that back in place and creating that delineation of public to private space is a big deal,” says Heath.

Parting thoughts

Understand CPTED principles thoroughly. “Don’t substitute CPTED for traditional methodologies,” warns Nesbitt. “CPTED provides harmony between the more traditional methods and human behavior. It takes a little study to understand it, but the more you do, the more you will come up with ways to apply it that are unique to your situation.”

Flexibility is key to the successful use of CPTED. “Security is hugely situational. There is no universality. Everything is about reducing the probability of things happening, since we can’t stop them from happening,” Nesbitt says. “Something may pop up that causes you to need to change the environment. Using CPTED principles will make any security program that much more effective than it would be without.”

For more information about CPTED, visit the International CPTED Association website.

Join the CSO newsletter!

Error: Please check your email address.

More about CSO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by By Sarah E. Ludwig

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place