To document the importance of physical security controls as it relates to the massive pervasiveness of online theft and cyber crime
Background information on the identification and authentication of people.
With the advent of the internet it is often very difficult to properly identify the individual in which business is conducted with. With the extreme ease of the internet comes the secrecy of potential criminal lurking through the shadows. Identification and authentication therefore have profound impacts on how to better protect assets from criminals.
The importance of information systems security and how it relates to globalization
Information systems, particularly those that store personal information, often are very senstivie to criminal activity. Therefore physical store techniques mandate that sensitivity information be locked away and under intense surveillance. Aspects such as disposable drives, printers and workstations should also be considered.
C. Brief overview of the paper.
i. The remainder of this paper will discuss proper surveillance, key security features, infrastructure, and proper authentication (Merkow, 2006)
A. Definition and identification of smart cards
i. Memory Cards- Locking the door to the server room is a good first step, but someone could break in, or someone who has authorized access could misuse that authority. You need a way to know who goes in and out and when. A log book for signing in and out is the most elemental way to accomplish this, but it has a lot of drawbacks. A person with malicious intent is likely to just bypass it. A better solution than the log book is an authentication system incorporated into the locking devices, so that a smart card, token, or biometric scan is required to unlock the doors, and a record is made of the identity of each person who enters. (Shelfer, & Procaccino, 2002).
ii. Processing-enabled Cards- Processing-enabled cards are smart cards that include a semiconductor chip. The semiconductor and memory allows the card to perform cryptographic operations. Additionally, processing-enabled cards can reliably and securely store data for up to ten years. This aspect is important for physical security purposes because records are kept of those who use a facility, enter a facility, and exit a facility. It will therefore become easier to detect potential candidates of theft (Shelfer, & Procaccino, 2002).
B. Benefits of the use of Surveillance
i. Deterrent- In many instance surveillance is the best form of security control as it acts as a deterrent to potential criminals. It also reduces the likelihood that criminals will commit criminal acts knowing the company is observing their behavior. Furthermore surveillance can be used as a proactive measure to better predict criminal activity before it occurs
ii. Record Keeping- surveillance through the use of memory cards mentioned above can store vast amounts of information regarding those who have entered or exiting a particular facility. This allows the overall investigation to be conducted more seamlessly as law enforcement is better able to pinpoint threats
C. Potential Uses of Surveillance
i. Systemically important industry's
Surveillance is critical in many sensitive industries. These systemic industries have great implications for society and therefore should warrant the use of surveillance. The direct and indirect costs associated with theft have become staggering. Particularly for cyber theft, attacks can come from within or without the company. Just last week (May 6-12) $45 million was stole through ATM networks around the world. Surveillance allows these coordinated activities to be spotted and acted upon promptly. Smart cards can be used to help curtail the costs of identity theft, while providing a secure means of storing a person's financial data. This is yet another means of physical controls of sensitive information (Sullivan, 2008).
ii. Medical industry
Medical tourism is growing in its importance. As such patient data is stored in various capacities throughout the world. As such the medical industry, particularly due to the sensitivity of information prevailing in their systems, must use surveillance to monitor activity. The use of both surveillance and smart cards could allow for the much needed distributed storage solution (Chan, 2003).
iii. Identification and Authentication
Knowing who is using protecting systems is the most important aspect of physical security. Smart card can be used to store the credentials of users for identification and authentication purpose. When a user needs to be authenticated to a system they simply need to present their smart card to gain access (Shelfer, & Procaccino, 2002).
A. Locks, rack mount serves, limited access, and distribution of power
i. The infrastructure within a facility is key to protect the assets of those of the company or firm. Proper locks through the use of smart cards prevent unwarranted access. Limiting access to certain areas helps prevent entry and exit of very important entry points. Distribution of power allows access to only a handful of carefully selected individuals. These individuals will only have access to certain parts of the security infrastructure further enhancing security.
ii. Stop Tags
This product can be of value in laptop loss prevention and computer recovery. Laptop Tagging and Registration using the STOP (Security Tracking of Office Property) tag is offered by many Police Crime Prevention Units around the world. STOP tags are a loss prevention measure and are a visible deterrent against theft of small electronic devices. Once applied it takes 24 hours for the glue to cure. Then it takes up to 800 pounds of pressure to remove the tag. If removed, it leaves a tattoo stating stolen property. Registration allows for police to quickly find the rightful owners of stolen or lost laptops. GovConnection carries a few anti-theft devices with discounts for the MIT community. Just visit the catalog in Ecat and search on the term "theft" to find other theft-related products. Office supply stores, such as Staples and Office Depot, also carry these types of products iii. Secure disposal
When recycling or disposing of an old workstation, mobile phone or external drive, it is important to ensure that no critical data remains on the drive or flash card. Thieves will look in storage and trash removal areas to find anything that might be worth selling. Remove data in a manner that makes it impossible for anyone to retrieve it after disposal.
iv. Physical security while conducting business away from the facility.
A 2008 Ponemon Institute sponsored study found that 12,000 laptops are lost or stolen at airports EVERY WEEK in the United States! Use of backup date prior to leaving, stop tags, and encrypted entry are all viable deterrents in regards to physical security.
v. Hierarchy and trust
Cryptography has become the standard for very secure authentication, allowing for confidentiality, integrity, and authentication. Encrypting data and storage devices further deters unwarranted access in regards to physical security (Backhouse et al., 2003).
IV. BIOMETRIC AUTHENTICATION
A. Definition of biometrics
Biometrics used biological features to identify individuals. In regards to physical security, this feature provides a more secure method in protecting both assets and sensitive information. This is due to the unique nature of many human biological features. Aspects such as DNA, fingerprints and retina scans are unique to the individual and are thus perfect for physical security. (Boatwright & Lou, 2007).
B. Process and uses of authentication
Currently, national-scale applications, such as the national identity scheme, are prominent. Biometric passports, visas and other border control programs are increasingly using biometrics to address major concerns of impersonation and multiple identities. By supplementing existing document checks with biometrics, it is believed that instances of identify fraud in international travel can be substantially reduced. In the commercial sector, biometric recognition is typically used for physical access control to buildings and logical access control to IT systems. Financial institutions are making increasing use of speaker recognition systems for remote identification of customers telephoning call centers. Advantages include convenience to customers (no need to remember passwords), increased security and accountability, and lower administration costs. (British Standards Institution, 2013).
C. Problems with implementation as it relates to physical security
Biometrics is not foolproof. Due to this vulnerability, there is always the threat of someone impersonating an individual and stealing their identity by obtaining this data. Problems could later result for the individual being impersonated. Since the biometric data is supposed to be accurate due to its unique qualities an individual's innocence may be difficult to prove. Unlike passwords, biometric readings cannot be replaced with another one from the same person. Other potentially dangerous situations could also occur -- like a person cutting off the finger of another individual to gain access to a security system, vehicle etc.
D. Other issues
Security systems that scan and compare biometric data can give false positive and false negative readings. There can be a system breakdown if the scanning sensor fails to produce an accurate reading. This could result in a valid individual being denied access through the system or giving access to someone who should not be allowed entry. Other privacy issues with biometric technology concern the data being used to crosslink other information about an individual, such…