This glossary of definitions and terminology is provided to support PSN members as a ready-reference guide. The glossary should be useful in everyday communication between protective security professionals and their stakeholders.

Common use of terminology and definitions within teams and the broader stakeholder group can be critical to the outcomes from a time-critical assessment and responses.

Another reason for a glossary is that the common use and accepted use of terminology and definitions will assist explanations during any subsequent incident investigation or government enquiry.

The glossary should also assist PSN members in their initial stage of research in their professional areas of interest and responsibilities.

The glossary does not attempt to be a complete list of definitions and terminology largely because of changing operations for protective security and the influences from other areas outside the realm of physical protection, for example cyber security, food security, resources security etc.

Other sources of terminology and alternative definitions should be sought, for example from International Standards Organisation – ISO 22300’Security and resilience – Vocabulary


It is not unusual for terminology to have its origin in other professional areas and adapted for protective security applications. For example, protective security has borrowed terminology from cyber security and emergency management, often with definitions being adapted to make them fit for purpose. 

Some terminology and definitions listed in this publication have alternative definitions usually influenced by the period of origination (e.g. pre ‘9/11’ attacks against the USA and post ‘’9/11’) , the context (e.g. a specific purpose or hazard), the geography (e.g. country published).

It is recommended to first seek and consider terminology and definitions relevant to your jurisdictional context, such from legislation and industry standards. For example, in Australia and New Zealand, the International Standard AS/NZS ISO 31000 ‘Risk Management Principles and guidelines’ is a go-to authoritative source.

Because of the nature of the development of terms and their definitions in the protective security field, true origins are often obscured. No attempt has been made in this ready-reference guide for practitioners to identify the original sources. A list of primary sources is provided that may assist in uncovering origin if required.

Members wishing to contribute to this Glossary are most welcome. This Glossary will evolve with input from members.

Terms and Definitions


Defensive measures used to reduce the vulnerability of individuals and property to terrorist acts, to include rapid containment by local military and civilian forces 


A specific supposition of the operational environment that is assumed to be true, in the absence of positive proof, essential for the continuation of planning.

Business Continuity Plan (BCP)          

The holistic management process that allows an organisation to identify potential threats and impacts to business operations, if realised, might cause, and which provides a framework for building organisational resilience with the capability to effectively manage disruption related risks against critical business functions.


The outcome of an event affecting objectives.


1. Objectives may or may not be clear, e.g. a public event should have safety objectives articulated by the organisers, whereas a passenger on a bus will unlikely have articulated safety objectives, however, it should be assumed to be implied.

  1. Often risk assessments only consider single consequences. However, in reality there are likely to be multiple consequences of an event or incident.


Contingencies are the back-up arrangements available to respond to events should the planned responses when implemented deviate or deteriorate against the desired outcomes.


Activities and operations taken to neutralize terrorists and their organizations and networks to render them incapable of using violence to instil fear and coerce governments or societies to achieve their goals. Also called CT.


A situation that is beyond the capacity of normal management structures, resources and processes to deal with effectively.

Critical infrastructure protection       

Actions taken to prevent, remediate, or mitigate the man-made or natural risks to critical infrastructure and key assets.

 Crowded Places           

Crowded places are locations or environments which are easily accessible by large numbers of people on a predictable basis.


A method to exploit or manipulate human characteristics or situations. There are various forms including:

  • the use of stolen or cloned ID
  • use of access control credential (e.g. cards) of persons no longer authorised such as cessation of employment or contract – but not removed from ‘system’
  • verbal deception
  • a trojan (disguised) vehicle.

This method may be accompanied by a decoy action intended to focus the attention of security to some other location at the site.


In an estimate of the situation, a clear and concise statement of the line of action intended to be followed by the protective security element as the one most favourable to the successful accomplishment to achieve security and safety objectives.

Decision point              

A point in space and the latest time when the senior security team member or the chief warden anticipates making a key decision concerning a specific course of action.


The prevention of action by the existence of a credible threat of unacceptable counteraction and/or belief that the cost of action outweighs the perceived benefits.

Due Diligence              

Taking reasonable steps to ensure your business (or the service that you provide) complies with its legal obligations, for example under health and safety legislation.


Pressure or harm imposed on an occupant or authorised visitor to enter a protected property.

For example, the driver of a legitimate vehicle to carry a hostile payload into a protected site, or say, duress imposed on a person (e.g. security officer) to grant vehicular access through a vehicle access point.

Dynamic risk assessments (DRA)       

The assessment process during an event reflecting the tasks/objectives to be achieved, the hazards identified and the likelihood of harm from those hazards.

Emergency preparedness

Measures taken in advance of an emergency to reduce the loss of life and property and to protect from all types of hazards through a comprehensive emergency management program of preparedness, mitigation, response, and recovery.

Emergency response procedures

Established procedures for situations in the event of a hostile vehicle attack and the possible outcomes such as:

  • structural collapse
  • casualty management
  • evacuation
  • emergency first responder access.


A hostile vehicle that enters an area unimpeded without the need for the deliberate ramming of perimeter to gain access into building or a crowded space.

The opportunity for encroachment may come from poor perimeter defence for example:

  • incomplete or incorrectly spaced countermeasures (such as the distance between fixed security bollards).
  • tailgating a legitimate vehicle through a vehicle access control point.


An occurrence or change of a particular set of circumstances.


A real property entity consisting of one or more of the following: a building, a structure, a utility system, pavement, and underlying land.


A condition with the potential to cause injury, illness, or death of personnel; damage to or loss of equipment or property; or mission degradation.

Hostile reconnaissance

The purposeful observation by terrorists (or other criminals) with the intention of collecting information.

Typically, this activity by terrorists is to qualify a location as a target, discover weak spots (vulnerabilities), assess the level and type of security, inform the best time to conduct the attack, the resources needed and assess the likelihood of success.

Improvised explosive device (IED)     

A device made or placed in an improvised way that incorporates destructive, lethal, noxious, pyrotechnic or incendiary chemicals and is designed to destroy, incapacitate, harass or distract.


An occurrence, caused by either human action or natural phenomena, that requires action to prevent or minimize loss of life or damage to, loss of, or other risks to property, information, and/or natural resources.

Insider threat 

The threat presented by a person who has, or once had, authorised access to information, facilities, networks, people, or resources.  With this privileged position, deliberately intends to sabotage, cause loss or degradation of capabilities, services or denial of services including information and other resources, or to cause harm or death to persons or animals, or harm to the environment or stakeholder confidence.

Historically, the insider threat would be a person working on site. With modern IoT, the insider threat may include people, working off-site with legitimate remote access to physical security-related systems over the internet.

They term is also shared with the cyber security field.

Internet of Things (IoT)

IoT refers to an infrastructure of interconnected objects, people, systems, and information resources together with intelligent services to allow them to process information of the physical and the virtual world and react.

Layered Attack           

A combination of methods by terrorists to achieve the attack mission, typically reflecting the strengths and weakness (vulnerability) in physical security of the targeted site.

This scenario is sometimes called a ‘complex’ attack.

The attack methodology may more reasonably characterised as a Marauding Terrorist Attack (‘MTA’)

Level of risk                 

The magnitude of a risk or combination of risks, expressed as a combination of consequences and their likelihoods.


The chance of something happening.

Lone attacker

A single terrorist attacking a target.

These individuals are often radicalised online and motivated to commit to violence.

When the lone attacker does not have a clear group affiliation, they are challenging to identify, investigate, and disrupt.

A lone attacker can also be radicalised, trained or influenced by a terrorist group or a charismatic group leader, as seen in many suicide attacks around the world.

The terms ‘lone actor’ and lone wolf’ are sometimes used.

Pattern setting

Routines that are observable (during ‘hostile reconnaissance’) and assessed by terrorists (or other criminals) and exploited during an attack.

Pattern setting includes routines by security officers, cleaners, deliveries etc.

Penetrative attack     

The use of the front or rear of a vehicle to ram and breach the perimeter of a site to get a hostile vehicle further to the intended target.

Port security                

The safeguarding of vessels, harbours, ports, waterfront facilities, and cargo from internal threats such as destruction, loss, or injury from sabotage or other subversive acts, accidents, thefts, or other causes of similar nature.

Positive security culture        

Encourages and expects personnel to be security aware and report security observations or concerns, without fear of negative social consequences from management or peers.

Preventive maintenance        

Care and service of equipment and facilities in satisfactory operating condition by systematic inspection, detection, and correction of incipient failures either before they occur or before they develop into major defects.

Protective Security Element (PSE)     

The collective of personnel including security and non-security personnel working together to provide robust and effective situational awareness at a property or crowded place.

The PSE incorporates security and non-security personnel, typically personnel with customer facing functions or in positions conducive to observation. Examples may include facility personnel, concierge, cleaners, housekeeping personnel, receptionists, cleaners, dock masters and car park supervisors. The non-security component of the PSE should receive appropriate situational awareness training.

Real property 

Lands, buildings, structures, utilities systems, improvements, and appurtenances, thereto that includes equipment attached to and made part of buildings and structures, but not movable equipment.

Record of Decisions   

The contemporaneous log of decisions in line with the unfolding event.

Recording decisions may not be possible at the commencement and early stage of the event, but post-incident scrutiny of decisions or official enquiry with a particular focus on earliest decision making. Include in event records photographic evidence of comments in white board and CCTV recordings.


The process used by terrorists to practice an attack as far as practicable and to gain further knowledge about the security strengths (capabilities) and security weaknesses (vulnerabilities) at the targeted site.

The rehearsal may be used to test assumptions about security integrity (including the displayed vigilance by security officers).


The ability to withstand and disrupt organised criminal activities as a whole rather than individual markets through political, economic, legal and social measures.  Resilience refers to countries’ measures taken by both state and non-state actors.


The effect of uncertainty on objectives.

The graded severity of impact to security through realisation of a vulnerability of a threat.

Risk acceptance           

An informed decision to take on a particular risk.

Risk appetite

The amount of risk, on a broad level, that an organisation is willing to accept in pursuit of its strategic objectives.

Risk assessment         

The overall process of risk identification, risk analysis and risk evaluation.

The identification and assessment of hazards (first two steps of risk management process).

Risk control                  

A measure (including a process, policy, device, practice or other action) that is modifying a risk.

Risk description

A structured statement of risk containing the following elements: source, events, causes and consequences.

Risk identification        

The process of finding, recognising and describing risks in terms of the source, event, cause and consequences.

Risk management      

Coordinated  activities to direct and control an organisation with regard to risk.

The process to identify, assess, and control risks and make decisions that balance risk cost with mission benefits.

Risk management plan

A plan identifying the strategy, resources, responsibilities and timeframes for implementing and maintaining risk management in an organisation.

Risk management framework

The set of components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organisation.

Risk management guidelines 

Companion to AS/NZS ISO 31000:2009

Risk management policy        

A statement of the overall intentions and direction of an organisation regarding risk policy.

Risk management process     

The systematic application of risk management policies, procedures and practices to the tasks of communication, consultation, establishing the context, and identifying, analysing, evaluating, treating, monitoring and reviewing risk.

Risk owner      

The person with ultimate accountability for managing risk within an organisation.

Note: Sometimes referred to as risk sponsor.

Risk profile                   

A description of any set of risks.

Risk register                 

A record of information about identified risks.

Risk standard               

AS/NZS ISO 31000:2018

Risk tolerance              

An organisation or stakeholder’s readiness to bear the risk after the risk has been treated, to achieve the organisation’s or stakeholder’s objectives.

Risk treatment             

A process to modify risks

Residual risk                

The risk remaining after risk treatment.

Security posture         

The strength and weaknesses (vulnerabilities) perceived or assessed by an observer of a location’s security officers (in particular their vigilance and engagement with customers) to detect, deter, delay, report and respond to suspicious and actual incidents.

Note: Perceptions relating to security posture are developed by stakeholders such as customers and tenants as well as terrorists during hostile reconnaissance.

Security Risk Management Handbook            HB:167:2006 (Australian Standards)

Situational maturity   

The ability to:

  • quickly recognise and interpret an event,
  • make sound decisions based on those interpretations,
  • establish early, effective and continuous lines of communication,
  • providing ongoing site reps.

Threat actor   

Any person, group, organisation, or government that conducts or has intent or has the power to cause, conduct, transmit or support malicious activities.

Threat landscape         

A collection of threats in a particular in a particular domain or context, with information on identified, threatsthreat actors and observed trends.

Vehicle-Borne IED       

A vehicle (or motor bike) with and IED onboard and driven to the target site. The vehicle may be moving or stationary when the IED detonates.


A weakness in a system that can be exploited by a threat, ultimately compromising the security of the system, place or property

Primary sources:

  1. Australian Government.
  2. Digital NSW.
  3. Global Organised Crime Index 2021.
  4. Harris Security Management.
  5. International Standards Organization.
  6. Queensland Health, Business Continuity Management Standard, QH-IMP-070-2-2017.
  7. Standards Australia.
  8. The Intelligence and National Security Alliance (INSA).
  9. Protective Security Network.
  10. TPP12-03b Risk Management Toolkit for NSW Public Sector Agencies: Volume 1
  11. UK Government.
  12. S. Department of Defense (DOD) Dictionary of Military and Associated Terms.

Version 1. Published May 2022 .   Content subject to change.

© Protective Security Network, 2022.

error: Content is protected !!