– STUDY KNOWLEDGE BASE
Study Knowledge Base
A reference library covering physical security standards, network infrastructure guidance, OT and ICS frameworks, compliance frameworks, and the installation, configuration, and design work that depends on them. Maintained by Hans Study. Updated as the underlying standards evolve and as field experience surfaces gaps.
37 entries · 14 standalone · 23 chapters across 1 multi-chapter reference · being built out actively
If you arrived from securitystandards.ca, this is the destination. The redirect was configured because the standards reference work and the consulting practice are the same person.
Multi-Chapter References
1 referencePhysical Security
6 entriesAccess control head-end
Access control head-end design for Canadian institutional installs. Platform selection, server sizing, Mercury hardware, HID Aero, Software House C-CURE, Genetec Synergis, Hirsch Velocity for high-security, database and high-availability, integration with directory and identity systems.
Access control at the door
Access control hardware at the door for Canadian institutional installs. Reader selection, OSDP vs Wiegand, electric strikes, maglocks, exit devices, door operators, REX devices, door position switches, fire alarm release, wiring topology, mounting heights, ADA compliance.
CCTV and video
Video surveillance for Canadian institutional installs. Camera type by application, resolution and PPF/PPM, lens selection, mounting heights and angles, VMS platforms, storage sizing, retention, privacy and regulatory compliance, banned manufacturers, network design.
Intrusion detection
Intrusion detection for Canadian institutional installs. ULC-S304 / S319 compliance, panel selection, sensor types (PIR, glassbreak, contact, beam, LiDAR), zone design, supervised wiring, central station monitoring, false alarm reduction, EOL resistor supervision.
Detention and high-security
Detention and high-security installs for Canadian institutional work. Anti-ligature hardware, pick-proof sealants, RGS-only pathway, sallyport interlocks, holding cell coverage, evidence room access, courtrooms, secure document handling, federal compliance, Hirsch ScramblePad for high-security PIN entry.
Security Controls for CCTV and Access Control Networks
Ten practical security controls every physical security network needs. Hardening, VPN, segmentation, logging, credentials, MFA, and more.
Structured Cabling
5 entriesCable selection by environment
Cable selection by environment for Canadian institutional security installs. Cat 6A, Cat 6, plenum (CMP), riser (CMR), general purpose (CM), outside plant (OSP), shielded vs unshielded, alien crosstalk, indoor-to-outdoor transition splice, 15 m rule.
Fiber optic cabling
Fiber optic cabling for Canadian institutional security installs. OS2 single-mode, OM4/OM5 multimode, fiber count planning, loose-tube vs tight-buffered, LC/SC connectors, UPC vs APC, splice trays, splice enclosures, pigtail-and-splice termination, Sumitomo splicers, Corning and CommScope cable.
Termination procedures
Termination procedures for Canadian institutional security installs. Cat 6A keystone and patch panel terminations, T568A/B wiring, wire-to-wire junction connections, DIN-rail terminal blocks at panels, fiber pigtail-and-splice, service slack and strain relief, dressing and labelling at termination.
Cable testing and certification
Cable testing and certification for Canadian institutional security installs. ANSI/TIA-568.2-D parameters, permanent link vs channel test, autotest, Tier 1 OLTS fiber test, Tier 2 OTDR, manufacturer warranty programs, Fluke DSX-8000 series, certification report format.
TIA-568 Structured Cabling: Reference for Security Networks
What TIA-568 actually requires for the cabling that physical security systems run on, and where integrators commonly fall short of it.
Switch Configuration
6 entriesNetwork devices for security
Network device selection and configuration for Canadian institutional security installs. Managed switches, PoE budget management, VLAN segmentation, configuration baseline, Cisco Catalyst, Aruba CX, industrial DIN-rail switches, distribution and core layers.
Juniper EX Series Base Configuration for CCTV and Security Networks
Juniper EX series (Junos OS) configuration template: VLANs, SSH, AAA, Virtual Chassis, port security, BPDU guard, aggregated Ethernet, QoS, and syslog for physical security networks.
ALE OmniSwitch 6360 and 6560 Base Configuration for CCTV and Security Networks
Alcatel-Lucent Enterprise OmniSwitch 6360/6560 (AOS 8) configuration template: VLANs, SSH, AAA, Virtual Chassis, port security, BPDU guard, link aggregation, QoS, and syslog for physical security networks.
Aruba CX 6200 and 6300 Base Configuration for CCTV and Security Networks
Aruba CX 6200/6300 (AOS-CX) configuration template: VLANs, SSH, AAA, VSF, port security, BPDU guard, LACP LAG, QoS, and syslog for physical security networks.
Cisco Catalyst 9200 and 9300 Base Configuration for CCTV and Security Networks
Complete Cisco Catalyst 9200/9300 configuration template: VLANs, SSH, AAA, port security, DHCP snooping, DAI, QoS, and syslog for physical security networks.
VLAN Segmentation for Physical Security Networks
The segmentation conversation is one I have had hundreds of times. Usually after something has already gone wrong. A workstation on the same network as the...
Standards Reference
2 entriesWhy this exists
Why this reference exists, who it is for, what it is not.
Codes and standards
Canadian codes and standards that govern institutional security install work. CEC, OBC, NBC, CSA T-series, ULC alarm and central station standards, ANSI/TIA, BICSI, NFPA, OHSA. How to read them, when they apply, and how to handle AHJ interpretation.
Compliance Frameworks
0 entriesNo entries published in this category yet. In progress.
Installation Guidance
13 entriesSecurity System Hardening Guide
End-to-end hardening reference for physical security network infrastructure. Switches, servers, workstations, cameras, access control panels, RADIUS via NPS, vulnerability assessment, and checklists.
Pathways and conduit
Conduit, raceway, and supports for Canadian institutional security installs. Conduit type by environment, support spacing, fittings, pull boxes, backboxes, fill, expansion, sealing, mounting heights, surface raceway, cable tray, J-hooks, underground pathway, detention envelope.
Power, UPS, and redundancy
Power and UPS design for security systems in Canadian institutional installs. Branch circuits, dual-cord PDUs, surge protection, UPS sizing, runtime calculation, voltage drop tables, PoE budgets, generator coordination, breaker locks, identification.
Grounding and bonding
Grounding and bonding for Canadian institutional security installs. CEC Section 10, CSA T607 / ANSI-J-STD-607-A, TMGB and TGB sizing, telecommunications bonding backbone (TBB), rack bonding, cable tray bonding, equipment bonding, ground resistance measurement.
Firestopping
Firestopping for Canadian institutional security installs. ULC-S115 systems, fire-rated wall and floor penetrations, smoke barriers, 3M and Hilti firestop products, putty pads, intumescent sealants, foam, identification labels.
Identification and labelling
Identification and labelling for Canadian institutional security installs. ANSI/TIA-606-B, cable label format, patch panel labelling, conduit colour banding, rack and equipment lamacoid plates, panel directories, asset tagging.
Rack and cabinet hardware
Rack and cabinet hardware for Canadian institutional security installs. 19-inch rack standards, U-space planning, floor and wall-mount racks, cable management, airflow, PDUs, ground bonding hardware, environmental cabinets, lockable doors and access control.
Tools of the trade
Tools for Canadian institutional security install work. Hand tools, power tools, cable installation and termination tools, test instruments, software platforms, truck stock, calibration and maintenance schedule.
Commissioning and acceptance
Commissioning and acceptance for Canadian institutional security installs. Pre-commissioning verification, CAN/ULC-S1001 integrated systems testing, per-system commissioning, final acceptance walkdown, training, post-substantial-completion follow-up, documentation handover.
Hardening Windows Server 2016, 2019, and 2022: Audit Logging
Advanced Audit Policy, domain controller GPO, event log sizing, Windows Event Forwarding, Sysmon, key event IDs, and log retention for Windows Server.
Hardening Windows Server 2016, 2019, and 2022: Hardening with Group Policy
GPO structure, password policy, Kerberos, NTLM restriction, Advanced Audit Policy, Defender, SMBv1 removal, and LAPS via Group Policy.
Hardening Windows Server 2016, 2019, and 2022: Getting Started
Baseline Windows Server hardening: update management, roles audit, local accounts, Windows Firewall, services, NTP, PowerShell logging, and TLS.
Hardening Windows Server 2016, 2019, and 2022: Other Considerations
TLS 1.2 enforcement, legacy exceptions, Remote Desktop hardening, SMB signing, LAPS, and certificate management for Windows Server.
OT and ICS
1 entryNetwork Design
4 entriesHealthcare environments
Healthcare security installs for Canadian institutional work. CSA Z32 patient-care areas, hospital-grade power, infant abduction systems, elopement prevention in long-term care, behavioral health anti-ligature, pharmacy and controlled substances, privacy frameworks (PHIPA, HIPAA), audio recording defaults.
Education and transit
Education and transit security installs for Canadian institutional work. K-12 lockdown integration, post-secondary residences, transit stations and platforms, vandal-resistant hardware, outdoor cabling in Canadian climates, mass notification, help-point integration.
Building a Network for CCTV and Access Control
Most physical security deployments I walk into are not engineered. They are assembled. Somebody ran cable, somebody plugged in cameras, somebody configured...
IP Addressing for Security Integrators: What You Actually Need to Know
The IP addressing conversation comes up on every deployment. Not always at the right time. I have walked into more than a few projects mid-installation whe...