Technopedia describes ‘Physical security’ as the measures that any organization designs to physically protect assets, facilities, equipment, personnel and other resources from physical threats inclusive of theft, vandalism, fire and from natural disaster. Operating our businesses and operations on the information technology, we have been becoming increasingly concerned regarding online security. The trend has however taken physical security somewhat into the background, and the same is not being regarded with as much importance. It does not conversely in any way imply that importance of physical security has in any way diminished.
The effective planning of a proper physical security proposal could seem like somewhat of a challenge at its inception. In order to make things easier, though, we can divide physical security into three levels. The outer perimeter security could be defined as the actual outer property boundaries. In order to control this level of security, the goal is to control who can gain access to property, personnel or any other resources which are of value to us and protect them from burglary or from damage. The outer perimeter security could be further divided into two security concepts being the natural access controls and territorial reinforcement.
Natural Access control involves the use of building features as well as the landscape in order to guide the people into places where they could enter or exit any particular territory. By limiting the options for entry and exit, we can implement controls to make sure that trespassers and crooks could be eliminated. The second core concept in outer perimeter security is Territorial reinforcement, the purpose of which is to prevent the entry of unauthorized persons by creating a clear distinction between public and private property. Examples could include the building of fences or bushes or by using other barriers to separate the physical property from the private.
The second layer of security is the inner perimeter security, the aim of which is to protect the inner parameters and preventing intruders from entering into office or personal buildings. Reinforcements that form part of this security layer include doors, windows and the walls of office and home buildings. The innermost layer of physical security is the Interior security which involves the securing of the insides of any buildings. Precautions may involve the use of security cameras, Electronic access control systems and the hiring of security guards to protect the innermost parameters.
The strengths and the weaknesses in any physical security system could be uncovered through a methodology termed as Physical security assessment. This approach aims at defining the vulnerabilities that exist in the physical security system and determining the points and different techniques that could be used to exploit these vulnerabilities and shortcomings in the security. The organizations of the present day very frequently seek the option of hiring security firms in order to identify security loopholes and come up with the methods of filling the possible gaps. The security assessment process comprises of the following few evaluations.
The security assessment procedures make careful observations of the past security breaches to identify possible points of attack and list down all of the areas where the security is exposed. The assessment process also involves the interviewing of the key individuals and the employees regarding what in their opinion the security strengths and weaknesses are and ask for ideas in which they could be overcome. A gap analysis is then performed to identify the areas where the company or any corporation is lagging behind and is not in sync with the latest security practices. The assessment process is subsequently concluded by providing an in-depth analysis of all of the shortcoming and also presents the points that could be improved upon along with all of the suggestions that could be applied towards the improvement of the physical security.
The physical controls are the controls that are put in place in order to make sure that the phenomenon of physical security is sufficiently applied. We have discussed a few of the physical controls when looking into the different layers of security. We are going to discuss a few more in the following few paragraphs. One control that could prove very efficient is a control in between the lobby and the rest of the security. One very basic idea could be an electronic employee scanning system or maybe a simple posting of a security guard. This measure is important because in the moments when the receptionist or the people in the lobby become distracted, people could slip through into the secure part of the building and gains access to sensitive information.
Another control could be the protecting of the workstations and other common servers through the use of passwords. This step is essential because, in times of very less activity within the facility, these workstations could easily be accessed for private and confidential information which could be used for less than noble objectives. This step is also important to stop the people within the organization from accessing information that they have no authority to access. This is because not all thieves walk from outside any organization. There could also be individual from within that could misuse the company’s assets and information for illicit purposes. Another control could be to secure the doors within a facility very properly. As we discussed earlier, measures like electronic recognition could be used to limit access to the authorized people only. We, however, know that it is not possible to electronically restrict all doors, so where these recognition systems do not exist, the security could be boosted by posting security guards at such doors.
Yet another security measure could be the use of surveillance cameras around the property which could be monitored by the security personnel at times of peak and minimum activity. This technique could not only alert the unauthorized personnel from making any threatening moves, but this method could also prove useful in performing disciplinary monitoring of the staff. The same surveillance could also be recorded in case there is any security breach in which case, these tapes could present proof of crime and could help in catching the culprit. The use of intrusion alarm could also prove an effective strategy. The problem, however, is that this control is less ideal for a corporate setup and could prove more useful in private property. This is because these alarm systems have to be manually shut down, a technique which is not very effective in a place where the coming and going to unfamiliar people is the norm.
We can enforce as much cyber security as we like but without these physical controls, people could always find ways around that security that we put in place. This is why physical security is as important today as it was a few decades from today. Physical and IT security have thus had to go hand in hand. Each one is not as effective without the other.
List of References
Convington, R. C. (2015, June 23). Physical security: The overlooked domain. Retrieved from Computer World: http://www.computerworld.com/article/2939322/security0/physical-security-the-overlooked-domain.html
Deutsch, W. (2014, November 24). How to Secure Your Building and Property. Retrieved from About money: http://bizsecurity.about.com/od/physicalsecurity/a/What_is_physical_security.htm
Kroll. (n.d.). Threat and Vulnerability Assessments. Retrieved February 28, 2016, from Kroll: http://www.kroll.com/en-us/security-risk-management/security-consulting/threat-vulnerability-assessments
Technopedia. (n.d.). Physical Security. Retrieved February 28, 2016, from Technopedia: https://www.techopedia.com/definition/14514/physical-security