Security risk analysis, also termed as risk assessment, is very important when it comes to the security of any institutions or firms. It is important in confirming that procedures and cost associated are completely proportionate to the risks to which the firm is exposed. Anyhow several traditional methodologies for doing security risk analysis are now a days very much indefensible in the areas of usability, scalability and also in terms of the output they generate for its user(Shon, 2005).When it comes to Security risks security systems are usually reactive. Before forming the ultimate decision to establish access control we must ensure that cost analysis and advantage proportion is pretty reasonable for the organization. Utilizing solutions that implement access control obligate eminent resource coordination (Shon, 2005). A well balanced and enforced access control system can efficiently mitigate risk and potentially increase the performance to the deepest point—unless the system is either over utilized or not sufficient for the particular needs it is expected to address.
The very important security risk of an access control system is termed as "tailgating" or "piggybacking (security)" which refers to the system by which an unauthorized individual following a credentialed person via an open entrance. Tailgating means that the individual who is authorized does not know that another individual has followed him through the entrance, while piggybacking means that the authorized person has permitted to let another individual through the open entrance (British Standard, 1999).
There is a prevalent risk that a hacker could access an entrance by tampering with exit button circuitry. Usually in all cases exit button’s input side is normally open. If the hacker attempts to short the input circuit of exit button, the electric mechanism of the lock may get unlocked since the system is forced into believing that the exit button was pressed, and there will be no alarm sounds produced as many of the access control systems regard exit button press event unimportant (British Standard, 1999).
The hacker could also open an entrance by contact wires shorting in the entrance and disconnecting the wires leading to the electric lock or, dependent upon the variety of the lock, giving power to it from a transportable source. The door contact input provides a normally closed contact; therefore if the wires were shorted no door open alarm would be generated.