In response to detecting an incident at a building, a risk assessment for the building is performed. The risk assessment identifies dynamic security constraints for different locations at the building. A set of behavioral rules for controlling a sensor system at the building is updated based on the risk assessment to obtain an updated set of behavioral rules. The sensor system operating under the updated set of behavioral rules is referenced to detect a visitor at a location of the building during the incident. The location of the visitor is correlated to the risk assessment to determine a specific information security risk posed by the visitor. A recommended follow-up action is generated based on the specific information security risk.