Part 2: ‘How To’ Compare Security and Access Control Tech without a Method
There is a huge gap in the literature-base on how to compare security and access control technology; it is actually less of a gap and more of a chasm. On the one side are well intentioned but limited marketing articles that present a problem, usually in the form of a cyber-threat, and offer some product as the solution, usually some new technology. In this first camp, a majority focus on the ‘bad actors’ that seek to take advantage of the remote work explosion by exploiting cybersecurity weaknesses. That framework has led to an emphasis on “managing security” with technology. This is also why so many of them delve deep into the “new capabilities” of these systems as their main selling point.
Some will make their “imperative” more broad to include the human element in creating a complete system, “one that binds process, technology, and people together.” For example, in industries where both hygiene and asset management are already a top priorities, such as in healthcare spaces, a strong integration of automation and access control with organizational processes already exists. For those of the “unified” approach, merging a ‘systems philosophy’ into your technology will be a better method to remove those “bad actors.”
A smaller number will push the importance of testing and having a “consistent methodology” for comparing your security services and access control technologies, but even they leave out how to create one. They might outline some important metrics and measurement features, such as avoiding false positives, response volume, and security audits. Some will even provide a managed visitor system that makes the work easier. Despite that, they often fail to provide a cohesive vision for that unique and particular situation most consumers are dealing with, where often there are other philosophical principles at play, such as fiscal responsibility, seamless user experiences, scalability, or fair and equitable access for everyone that comes through, often a high priority among public institutions. Another relevant example of a conflicting value is privacy. While a few do discuss the privacy concerns associated with these new surveillance technologies, it is by far the exception to the rule. Often it is left to the buyer to make sure legal compliance and ethical use are ensured.
On the other side of the chasm are near expert level industry insider pieces that evaluate features for their technical effectiveness and scholarly papers that are so complicated they probably require a graduate technical degree to fully comprehend. They take the logic of methodology to a whole new level with their peer-reviewed framework geared toward creating mathematical formulas and pushing the field of engineering itself forward. Their concern is science, not customers. They are producing algorithms, not products. While they might strive towards, “building standard approaches for… a set of reference metrics for analytically evaluating,” the right service or technology, it is still fair to say that, at least from the perspective of a consumer, they do not offer a lot either in terms of easy-to-understand guides. So let’s get into it. Before we describe what makes Maslow’s Hierarchy of Human Needs one such guide to help you pick and choose what works best for you, we have to explain why it is such a great theory for bringing in the human element into our understanding of security.
 Whitehead, Mark. “How Security Testing Could Change After COVID-19.” Tech Target. May 2020. https://searchsecurity.techtarget.com/feature/How-security-testing-could-change-after-COVID-19 (accessed June 3, 2020).
 Goodchild, Joan. “Preparing for Security in Public Buildings Post-COVID-19.” ISC News. May 15, 2020. https://www.iscnews.com/preparing-for-security-in-public-buildings-post-covid-19/ (accessed June 3, 2020).
 Griffin, Joel. “Security Tech’s Role in Mitigating the Spread of Coronavirus.” Security Infowatch. May 1, 2020. (accessed May 28, 2020).
 Tech Cloud Link. “The Secrets of Evaluating Security Products.” Tech Cloud Link. March 3, 2020. https://techcloudlink.com/the-secrets-of-evaluating-security-products/ (accessed June 22, 2020).
 Abreu, Pedro. “How Hospitals Are Dealing with the Cybersecurity Challenge of COVID-19.” Forescout. May 15, 2020. https://www.forescout.com/company/blog/how-hospitals-are-dealing-with-the-cybersecurity-challenge-of-covid-19/ (accessed June 4, 2020).
 Security Magazine. “How to Evaluate Your Security System's Cyber Risk.” Security Magazine. April 1, 2017. https://www.securitymagazine.com/articles/87925-how-to-evaluate-your-security-systems-cyber-risk (accessed June 22, 2020).
 Dunn, Ernest. “6 Best Practices for Evaluating Cybersecurity Tools.” GuidePoint Security. August 2, 2019. https://www.guidepointsecurity.com/2019/08/02/6-best-practices-evaluating-cybersecurity-tools/ (accessed June 22, 2020).
 Crandall, Carolyn. “Measuring the Effectiveness of Your Security Controls.” Attivo Networks. March 6, 2017. https://attivonetworks.com/measuring-effectiveness-security-controls/ (accessed June 22, 2020).
 Liguori, Joseph. “Choosing An Access Control System.” Facility Executive. February 21, 2018. https://facilityexecutive.com/2018/02/facility-security-choosing-access-control-system/ (accessed July 7, 2020).
 Davis, Jessica. “COVID-19 Contact Tracing Apps Spotlight Privacy, Security Rights.” Health IT Security: Patient Privacy News. May 20, 2020. https://healthitsecurity.com/news/covid-19-contact-tracing-apps-spotlight-privacy-security-rights (accessed June 4, 2020).
 Zhang, Nan, Mark Ryan Dimitar Guelev. “Evaluating Access Control Policies Through Model Checking.” International Conference on Information Security. ISC 2005: Information Security. Singapore, September 20-23, 2005. 446-460.
 A. Li, Q. Li, V. C. Hu, and J. Di. “Evaluating the Capability and Performance of Access Control Policy Verification Tools,” Military Communications Conference, MILCOM 2015-2015. IEEE, pp. 366–371, IEEE, 2015. DOI: 10.1109/MILCOM.2015.7357470.