Using attached Annotated outline provide a 5-page paper Physical Security Controls. I attached Annotated Outline Physical Security Controls. You references I Annotated Outline.
The advancement in technology has given rise to numerous computer security threats. It has become quite difficult to identify people online because many people use the internet with fake identities. This has made it easy for people to conduct criminal activities online. Online security of computer systems should be combined with physical security to ensure that no unauthorized person gain access to the systems. A physical security control can be termed as any obstacle used to delay serious attackers, and frustrate trivial attackers. This way a company or organization can be assured of the security if its information and computer systems. Majority of organizations use computer systems to store sensitive company information and employee data. This data needs to be properly secured to ensure that identity theft does not occur or trade secrets revealed. Physical security involves securing information systems in safe and inaccessible areas. Servers for the organization should be stored in secure and secluded area. The area should be under surveillance 24/7 and access provided only to authorized personnel. The organization should also ensure that any computer systems been disposed off are completely erased of any data, and measures taken to ensure that no information can be recovered from the drives or printers.
This paper will analyze the various methods of physically protecting computer systems. Authentication of persons using biometrics, security cards, and constant surveillance are some of the methods to be discussed.
The server room is the most sensitive area for any organization. Combining intrusion detection software with physical control will ensure that the organization's servers are secured all the time. Surveillance will keep track of people who are accessing the server room and will also monitor their activities. When people know that they are been watched it is unlikely that they will perform any criminal activity. Together with surveillance there is a need to limit access to the server room by use of authentication. Employees authorized to access the server room should be provided with access cards for unlocking the server room doors. This way a log can be kept on who accessed the server room and the duration of their stay within the server room Shelfer, 2002()
There is potential for authorized personnel to perform criminal activity in a server room. Authorized personnel are not likely to be suspected of any criminal activity, which makes it quite easy for them to access the server room and misuse their access. Using surveillance and security rounds constantly will deter these personnel. Restricting access of all employees and also proper vetting of employees could ensure that access is only given to authorized and credible employees. Using cards that have microprocessors will also improve the physical access control. These cards have semiconductor chips that allow the cards to perform cryptographic operations. This will allow an organization to protect its systems and ensure that any data stored on the cards cannot be replicated. Encrypting the data stored on the cards ensures that only those with the decryption key can access the data or information. These cards are able to store records for long durations, which make them good for physical control as the information stored in the cards is secure and can be used for long periods. The cards also store information regarding persons authorized to access the server room.
Benefits of using surveillance
Surveillance can be a deterrence to potential criminals. This is because anyone thinking of performing any criminal activity will face the surveillance obstacle. Therefore, outsiders can be discouraged from attacking the organization's computer systems using surveillance. Authorized personnel are also deterred from performing anything illegal as they know their every move is been watched. Using surveillance a company can be able to prevent any criminal activity from occurring, which makes surveillance a proactive security measure.
Surveillance can be used for record keeping purposes, which can assist in any investigation. Making use of memory cards, the organization can store all information captured, and this would be vital in case there is a breach of security. Law enforcement agencies would be able to identify the threat and also identify the person involved. Using memory cards for the storage of information would also reduce the overall storage capacity and would make it easier to store the data in a different location.
There are various kinds of infrastructures that can be used for physical security controls. They include stop tags, locks, power distribution, limiting access, and secure disposal. In order to protect the computer systems within a facility, proper locks should be put in place. The locks will make use of smart cards and passwords for one to gain access. This will prevent any unwarranted access and also limit access to sensitive areas within the facility. Power distribution ensures that only trusted individuals are allowed access, but they will also be limited to specific areas, which will further enhance security. All data within the organization's facility should be encrypted. This will deter any unauthorized access in terms of physical security Backhouse, 2003()
Another infrastructure is using Security Tracking of Office Property (STOP) tags. Laptop theft has become very prevalent, and this causes organizations to lose sensitive data. Using a STOP tag will help prevent the theft of laptops within an organization. These tags are offered by many crime prevention units. The STOP tags help prevent losses, and they can be seen by any offender. This tag cannot be removed easily, and if a person manages to remove it there is an indelible mark written "stolen property." Since the tag requires registration, it becomes easy for police to identify the rightful owners.
During the disposal of old laptops, servers, workstations, mobile phones, tablets, or hard drives, it is vital for the organization to ensure that these devices are completely cleaned of any data. Failure to do this would result in critical data been discovered by thieves who rampage through the trash for valuable goods. The data should be removed in a method that would ensure it is not recovered using any recovery tool.
Biometric authentication makes use of traits or characteristics of an individual for identification and authorization. Biometric authentication uses an individual's physiological characteristics like fingerprint, palm print, DNA, face recognition, retina, iris recognition, hand geometry, and scent Boatwright & Luo, 2007.
These are just some of the examples. Biometrics authentication provides a heightened security method for protecting an organization's computer system and sensitive information. Biometric authentication has been in use since the 1980's, but due to the speed of the computer systems back then they were only used for securing high security areas. Currently, computer systems have improved speed and become cheaper. This has made biometrics quite accessible and helped increase its interest especially for physical access control.
Biometrics is used for controlling access to buildings and sensitive areas within a company. This way a company is able to limit access to its computer systems. Biometrics is also used for national security. They have been implemented to help reduce the cases of identity theft and impersonation. Making use of biometrics the cases of identity theft will reduce drastically. In the financial sector, biometrics is used for identifying customers remotely. This is done via voice recognition. The advantage to using biometrics is that customers do not have to remember passwords, there is increased accountability, security, and it lowers administration costs.
Problems of implementing biometrics
Biometrics has some vulnerability as a criminal can impersonate an individual, which would result in identity theft. Once a person's biometric data has been stolen it would be difficult to prove their innocence as this data is normally unique. Another problem of biometrics is that unlike…