In: Categories » Computers and technology » Data security » Facilities and Physical Security Considerations
| In this inter-networked age, many people often associate security with the more virtual aspects—network, operating system and application security, the underground, crackers, and all of the media-hyped fear, uncertainty, and doubt that surrounds these aspects. Prior to this time, the term security conjured images of armed guards or large, burly men posted by each door. Physical security is a large component of any security policy, and rightfully so. The front door is the most easily utilized point of attack. The site and infrastructure security policy should outline the methods used to provide and control physical access to the building and the conditions under which access is granted. Important elements are · Methods of physical access · Procedures by which access is granted, modified, or denied · Access restrictions based on employee status · Hours of operation · Points of contact for access · Procedures for incident handling and escalation levels Physical access methods describe the actual means of accessing the facility, offices, labs, or other areas. These are often a lock and key, proximity cards, or biometric methods. Consideration should also be given to guidelines for the appropriate use and handling of the keys. The procedures used to obtain keys/cards and by which access is granted or modified should be outlined clearly, as it is often a point of confusion for both new and long-time employees. Equally important is a list of the people and departments to whom an employee must go to gain access to the business site—filling out forms or asking approval becomes futile if the person to whom these request should be addressed is unknown. Many organizations distinguish between full-time, part-time, and contract employees and limit facility access based on these categories. Along with the hours of operation, the site security policy should specify any restrictions for special employees during and outside of regular working hours. Related to the segmentation of employees, the segmentation of the facility is also common. Labs, offices, and storage areas often merit access restrictions in order to prevent unauthorized entry. Should an incident occur, the procedures for incident handling are vital to the security of an organization, as well as the safety of the employees. Incidents vary in nature, from unauthorized visitors and broken access methods to the removal of employees. Many organizations have security personnel to assist in these matters and suggested methods to react to specific situations. Defined escalation levels help an employee understand incident seriousness and to decide when is the appropriate time to notify external support, such as local law enforcement and legal counsel. Company Z has installed and uses proximity-based card readers at all external entrances, lab doors, storage closets, and key financial offices for access control. The administration has defined the following security policy that regulates access into the facility: · During weekday business hours—between 8 a.m. and 6 p.m.—card access is not required for full-time and part-time employees. · Contract employees are required to sign in with the receptionist. · All external doors are locked outside of normal business hours, and card access is required for full-time and part-time employees. · Contract employees are restricted from access outside of normal business hours unless specialized access forms are filled out and approved by the hiring manager. · Access to restricted labs, storage areas, and financial offices is gained via specialized access forms and management approval. · Access cards are obtained at the security office after the hiring manager approves access forms. · Misplaced or stolen access cards must be reported immediately to security. · Access cards should be kept on the person at all times; cards should not be loaned to anyone or left unsecured. The following security policy for incident response is also provided to employees: In order to ensure safety and security within the Company Z facility, employees should read and understand the following guidelines for dealing with incidents: · In the event of an unauthorized visitor, the employee should immediately notify the security department and request assistance for removal of the visitor. · Should the visitor be witnessed committing an act of larceny, attack, or destruction of property, notify the security department, and they will then contact the appropriate authorities. · All witnesses should provide the security department with an affidavit indicating their presence and the details of the incident, and should be available for further questioning by security and the appropriate authorities. · All doors, locks, and access methods that are non-functional should be reported to the security department. Security will coordinate with maintenance to fix the broken equipment. · Managers should be notified when an employee is involved with a breach of security. · Employees should not handle these situations alone, but instead should notify security and allow the security staff to control the situation. This example demonstrates important aspects of a site and infrastructure security policy. Constraints on physical access are defined, including the actual methods that employees use to enter the facility and the differentiation between employee types. The processes and procedures used to control access and to acquire the appropriate privileges are outlined, including the identification of the responsible individuals. The response guidelines for any incidents are clearly outlined with the safety of the employee in mind. Individuals trained to handle incidents of this nature are identified and involved in each response method.
 |
legal disclaimer
1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.
related articles
A network security incident isany network-related activity with negative security implications. Security incidents on the Internet can come in all shapes and sizes, launched from specific systems or networks. An intrusion may be a comparatively minor event involving a single site or a major event in which tens of thousands of sites are compromised. A typical attack pattern consists of gaining access to a user's account and using the victim's system as a launch platform for attacks on other sites. The following are other example...
2. The Most Common Network Security Tools and Technologies
The following taxonomy is useful in understanding the security systems, technologies and authentication tools widely available to support secure transmission and storage of information in a networked e-business environment. Firewalls Firewalls are used to keep a network secure from intruders. A firewall is a network node consisting of both hardware and software that isolates a private network. In order to understand how a firewall works, one should have an understanding of packets, IP addresses and DoS attacks. Howev...
3. Securing Multiple Servers and Domains with SSL
As organizations and service providers enhance their Web sites and extranets with newer technology to reach larger audiences, server configurations have become increasingly complex. They must now accommodate: Redundant server backups that allow Web sites and extranets to maximize site performance by balancing traffic loads among multiple servers Organizations running multiple servers to support multiple site names Organizations running multiple servers to support a s...
4. How to protect against Unexpected Inputs
When you surf the Internet, you download one of two types of Web pages to your computer: static or dynamic. A static Web page sits on a Web server until a client computer sends a request for it. Once requested, the Web page is then downloaded to the client computer exactly as it was created, where the Web browser then views the page. A static Web page is really nothing more than a brochure or advertisement, and does not allow the true power of the Internet to be expressed. However, a static page is relatively safe from hackers....
5. What are Buffer Overflows
Exploiting a buffer overflow is an advanced hacking technique. However, it is a leading type of security vulnerability. To understand how a hacker can use a buffer overflow to infiltrate or crash a computer, you need to understand exactly what a buffer is. A computer program consists of many different variables, or value holders. As a program is executed, these different variables are assigned a specific amount of memory as required by the type of information the variable is expected to hold. For example, a short integer ...
6. Protecting the Security of Information
The first and best line of defense against unwarranted intrusions into personal privacy is for individuals to employ e-commerce technology to protect themselves. Industry-developed and supplied encryption technologies and firewalls, for example, provide individuals with substantial tools to guard against unwarranted intrusions. Encryption is technology, in either hardware or software form, which scrambles e-mail, database information, and other computer data to keep them private. Using a sophisticated mathemati...
7. Why Is Authenticated SSL Necessary
Notions of identity and authentication are fundamental concepts in every marketplace. People and institutions need to get to know one another and establish trust before conducting business. In traditional commerce, people rely on physical credentials (such as a business license or letter of credit) to prove their identities and assure the other party of their ability to consummate a trade. In the age of e-business, authenticated SSL certificates provide crucial online identity and security to help establish trust between ...
8. Virus Prevention ~ How to protect against Internet Viruses
There are several elements to a good virus defense. The most important element requires some self-control—you must NEVER open a file/program unless you are 100% sure it is not infected. No matter how attractive the file is, where it came from, or what it promises you, you can never assume that a file is what it claims to be. For example, the Melissa virus reproduced through email and sent copies of itself to every one in the victim's address book. Because of this, relatives and friends of the victim were soon infected as ...