The development of a physical security plan necessitates a thorough grasp of numerous major aspects that influence the degree of safety exhibited by a structure. It is a difficult task that necessitates an assessment of all threats to the chosen space. The plan must address all potential system vulnerabilities (Shahzad, 2014). It should have a foresight into the institution's day-to-day operations. A physical security plan protects a facility or property from both external and internal threats. It protects the integrity of all resources under its authority.
The security plan must forbid any assault on itself or facilities within its scope from progressing. It musts deploy a plethora of resources within its disposal to neutralize unauthorized access and must maintain a log of all processes it is involved it. A sufficient physical security plan typically offers varying degrees of privileges to different positions as it is set to. It must differentiate between the various clearance levels and must only authorize entry to persons permitted to the particular station. The plan must feature contingencies for when emergencies or unusual events occur (Fennelly, 2016). It must allow for override on specific instances where sufficient functioning is not guaranteed. Above all else, a security plan must be convenient in handling everyday access challenges. It must not be an impediment to those who use neither should they need elevated technical expertise to utilize it. All these factors must often be considered when developing a plan.
The proposed security plan is designed to offer maximum protection for Equitax, a credit reporting institution that has been the recipient of numerous physical and online attacks. The company has undergone sustained attempted incidences of unauthorized entry, managing to prevent and in some instances, contain the intruders. They plan to establish a new corporate location and require advice on how best to manage their systems. This report is a recommendation of best practices assumed to guarantee optimal facility and system security.
Best Practices
There are several fundamental conventions that must be observed in the day to day running of an organization’s security infrastructure. The purpose of the arrangement must be clear. All person accessing or exiting the facilities must understand the reason behind its existence beyond the pedestrian understanding that it control entry into the building. The public must appreciate the capability of the system to secure the location, hence, discourage any would be attackers (Fennelly, 2016). It should adequately compliment the human component overseeing its operation.
The success of any physical security arrangement relies adequate management. Persons manning such systems must often be competent and keen to ensure events that may compromise the integrity of the facilities do not occur. The roles and responsibilities of each person must be clearly outlined. A given set of protocols to be pursued in the course of normal or unusual events must always be provided. Such resources provide structure, routine and predictability, the cornerstone of successful physical security. Attackers commonly institute anomalies in systems or procedures to facilitate their entry and perpetrate their crimes. As such, it is imperative that normalcy is maintained at all times (Shahzad, 2014). All posts must always be manned with any factors that potentiate the movement of an individual from one’s post seriously vetted. Any irregular requests must be treated with utmost suspicious and must only be addressed by the concerned parties.
Efficiency of physical security arrangements is often dependent on the public’s understanding of the security requirements of the public. As such, clear policies must always be put in place. These ensure that everyone is acquainted with what is required of them. Persons accessing the facility are aware of material that is disallowed from the organization and consequently avoid them. Individuals found contravening clearly stated policies are consequently held in contempt. Additionally, any abnormal conduct, however insignificant, is viewed with suspicion and thoroughly investigated (Shahzad, 2014). This recommendation is commonly implemented by placing legible notices in frequently places. The instruction boards are placed in full view of the public, making the expression of restricted behavior significantly troubling.
Another key recommendation critical to the physical protection of the location is the definition of area security. Area security is the designation of spaces and structures within a given premise by their perceived importance. Highly critical facilities are awarded an elevate level of protection while less significant ones are secure averagely. Priorities are awarded on the basis of the significance rating with facilities with the highest security ranking commonly sheltered before all the others.
Common designations recommended by the Department of Homeland Security include categories 1-10 (Fennelly, 2016). Category I is a maximum security level. It typically enjoys the highest level of protection as it contains defense mechanisms and security interest. Gaining access to category one sites often awards an individual the power to significant impact the system’s capabilities. Attackers often target such installations as it allows them to disable self-protective or destructive features that would have otherwise rendered the system useless to the offender. Additionally, the attacker gets the privilege of changing how the systems work and lock genuine system administrators out, greatly disadvantaging the firm (Peltier, 2013). They may steal key information which they may the sell to competitors thus diminishing the company’s vast influence. The level of significance of the categories decreases as they tend towards 10. Category II, for instance, consists of advanced security capabilities. It commonly contains sensitive information vital to the firm’s everyday operations. It may also contain defense potential and unauthorized penetration may have significantly adverse consequence. Category three may not contain confidential information but it does pilferable material (Fennelly, 2016). Substances of monetary or strategic importance and placed in this category. Intruders may be attracted to this category primarily because acquiring its contents would represent a god paydays for them. The zone may contain materials such as computers, drives, vaults, and deposit boxes.
To realize the most success from a select security arrangement, the firm must employ a highly comprehensive access control mechanism. The system should be greatly discriminative and should flag even the most benignly suspicious discrepancy (Shahzad, 2014). It should place restrictions on the movement and access into critical areas. It should also outline restrictions levied on vehicles owned the firm or employees, materials, and personnel. Some of the key areas Equitax should be particularly wary of include unit personnel, visitors, identification and control, contractor and maintenance personnel, authority and privilege of access, and emergency service and response protocols.
The company must explore a number of considerations, some being as non-complex as the physical location in which the building is situated. With the successful implementation of the physical security recommendations mentioned, Equitax will realize a fairly efficient protection system.
References
Fennelly, L. (2016). Effective physical security. Butterworth-Heinemann.
Peltier, T. R. (2013). Information security fundamentals. CRC Press.
Shahzad, F. (2014). State-of-the-art survey on cloud computing security Challenges, approaches and solutions. Procedia Computer Science, 37, 357-362.
