¶ … components and regulations concerning the design of a physical security system for a privately owned company. This essay will create a system that reflects the needs of the customer. The customer is an office, and paper and computer storage facility that is private in nature and requires certain security requirements that can meet this customers specific and unique needs.
The essay will first describe the necessary standards and credentials that this security design plan will use to base its construction. This design will correspond to the ASIS private company standards and will consist of three main components; Exterior, Functional Areas and Building Standards. Through the explanation of each component, the customer will have a thorough understanding of how and why the specifications will be met according to accepted practiced and professional standards
ASIS
ASIS is an international organization that organizes security professionals. ASIS is one of many these types of groups that contributes to the professional standards of security management. According to their website, "ASIS International is the leading organization for security professionals, with more than 38,000 members worldwide. Founded in 1955, ASIS is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programs and materials that address broad security interests, such as the ASIS Annual Seminar and Exhibits, as well as specific security topics. ASIS also advocates the role and value of the security management profession to business, the media, government entities, and the public."
ASIS provides a very useful series of standards that security management professionals can reference and adhere to in order to strengthen the unity of the organization and eventually the profession as well. The PSC Series of Standards was developed by more than 200 experts from many countries around the world. These standards will be used in the development of this project and provide a foundation of knowledge that can be very beneficial for the project itself by reflecting strongly upon the high levels of professional standards that are inherent within this codified group of instructions.
The essence of this code is related in the standards themselves. It is noted that "The PSC series provides the principles and requirements for a Quality Assurance Management System (QAMS) for PSCs. The goal of the QAMS is to assure a high quality of security services while protecting human rights and fundamental freedoms in circumstances where the rule of law has been weakened due to human or natural events while allowing for the PSCs to achieve their objectives, and that of their clients. A QAMS will promote a culture in the organization that bonds quality of service with respect for international law, local laws, and human rights."
Step 1 Implement Strategic Policy
Before any plan may be put into place, it should be understood that the manifested reality will certainly reflect the aforementioned thought. To create a physical security plan that is consistent with intent, policies must be created and utilized in order to guide the project. A risk analysis is the first step of this preliminary action where NIST guidelines are applied in this developing strategy. The intent of this risk analysis is to identify baseline rules and set a method of command and control for the project. This is essential in dealing with security measures, as a tactical and cautious operational outlook is recommended. Creating records, logs, access reports and security incident tracking measures should also be included in this first step.
Step 2: Assign Security Responsibility
The human resources aspect of developing a physical security plan is very important as finding the right person for the right job can make the difference between success and failure. To assist in this step of the operation it is necessary to identify the necessary security officials and assign areas of responsibility. Additionally, the proper policies and rules should also align with these areas of responsibilities. Since the nature of this private business is computer and data storage, this data must be treated with appropriate levels of security and handling procedures. During this step, various assignments of security levels are created to allow access to certain levels of information. For this design there are simply 5 Levels of data security, and can be divided in this manner as the executive sees fit.
It is once again important to align this step of the plan with the greater objectives of the organization. Since profits and money are inherently part of this organization's aim, it will be necessary to minimize costs where applicable and security may need to be sacrificed in some aspect in order to maintain financial objectives which more than likely will preempt the security...
Security of the data is only important as to how it can maintain profits. It may be understandable to forgo security measures if risk management techniques are also in agreement with this approach. Regardless responsibility assignment is a delegation of authority that originates from leadership sects of the organization.
Step 3: Workforce Security
Workforce security training may be necessary and can be done non-linearly with the other steps. In other words, this training can be going on all the time with added components and subjects that may need to be revisited. Training the trainer is an essential part of any physical security implementation plan and may require a varying degree of resources.
Including this step is certainly recommended by authority agents as an essential step in finding success in physical and information security procedures and management techniques. "NIST Special Publication 800-50, Building An Information Technology Security Awareness and Training Program, provides guidance for building an effective information technology (IT) security program and supports requirements specified in the Federal Information Security Management Act (FISMA) of 2002 and the Office of Management and Budget (OMB) Circular A-130, Appendix III. A strong IT security program cannot be put in place without significant attention given to training agency IT users on security policy, procedures, and techniques, as well as the various management, operational, and technical controls necessary and available to secure IT resources, " (Wilson & Hash, 2003).
Step 4: Creating Security Incident Procedures
Certain policies and rules are needed to help guide the process of when a security incident occurs. Procedures are created to identify and respond to possible or known security incidents or problems. These incident procedures should also be designed to help learn and identify causes of the problems. Another aspect of this step, is that it assists in documenting the necessary information in a security incident.
A contingency plans can also be included in this part of the planning process. In this part of the plan, procedures should be developed to salvage or save the data being stored at the facility from emergency or other disaster. The same planning cycle should also be compiled for the human resources of the company as well. This would include fire escape planning, and building evacuation technique planning as well.
Step 5: Exterior Elements
The exterior of the building presents the setting and overall security tone of the building, but also must maintain its presence as a place of business as well. The balance between subjective appeal and security must be manifested in the planning phase but there are certain elements of the exterior that must be addressed:
As much as possible, integrate security measures around the perimeter of the facility such as landscape berming, short barrier walls, or combination of short wall, pilaster and cable. Protection of main entries requires special consideration. Parking must be managed as well and understanding the boundaries of the parking lot is essential in the physical design. The signage that is used is also important and can provide added security measures as well. The use of signage is a very effective technique that can add extra levels of security.
Entry Control
The entries to the buildings provide the most vulnerable aspect of the security of the building and eventually the contents within the building. Securing the entrances of these buildings is essential and necessary to comply with high security standards. The facility entries and entry paths should be easily identifiable to first-time visitors. Entries should be kept to as few as possible. Provide one main visitor entry into the building and at least one secure entry (usually on the opposite side of the building from the main entry). A third entry may be desirable for visitors. This entry should be screened with landscaping from the main parking area and the secure parking area, to avoid compromising business operations.
Lighting
The exterior of the building should be well lit and the plan should provide photocell-controlled lighting for safety and security in all parking areas and walkways. An added level of security can be met by installing additional lighting outside the building for loading and unloading equipment and materiel at night.
Step 6: Interior Elements
Entry Control
The business requires more internal entry control measures with added security measures. All visitors must be first screened in the screening room / waiting room by the appropriate gate keeper / administrative security professional. Visitors can by assigned a level of security freedom as to where they may travel within the building and with…
