Security Organizations and Strategic Planning

IT Security Infrastructure
IT Security Infrastructure & Its Importance to Physical Security Planning and Infrastructure
IT security infrastructure requires a varied number of skills and knowledge to understand how it relates to creation of comprehensive security strategy. Information technology is an important part of physical planning. Risks of cybercrime having gone high, it has become important for information to run securely through cloud. Business have moved to it infrastructure to store up data. Encryption of data has heightened safety of data against cyber threats. Keeping IT infrastructure secure is a task that that never ends. To ensure infrastructure security, the software must be up to date. Thinking of the need to keep business infrastructure free from unauthorized access is thinking of taking measures that will ensure top security (Garcia, 2007).
Some of the IT infrastructure; for example data and email encryption, is important for business data security. Data backup has made it possible to store up data with encryption. Use of antivirus has made data storage even safer. This is because antivirus eliminates risks of corruption of operations and data-driven viruses. IT infrastructure security co-relates with physical planning and infrastructure in many ways. (Fennelly, 2016) Critical infrastructure such as airports require secured IT infrastructure to safely run its operations. Airports require secure IT infrastructure to safely help you keep track of its day to day sensitive activities. Creating cities strategically require secure IT.
Secure IT can help in creating a livable city free of terrorism. Spatial planning of strategic residential places, business or tourism attractions also require secure IT infrastructure. Creating policies, regulations and governance structures that promote sustainable growth require IT infrastructure. Physical security planning, work hand in hand with secure IT infrastructure. This is because security planning is critical and sensitive. Tracking day to day operations in companies with a secure IT infrastructure as a crucial component (Khairallah, 2006).
Business Continuity Plans and their Importance
Business continuity plans basically involve strategy creation, recognizing and putting into consideration risks. Business planning focuses on ensuring that business assets and personnel remain functional even when disaster strikes. A business continuity plan is crucial in defining potential business risks. It addresses how the risks may affect operations in the business. To ensure safety in implementing the plan, defining possible risks is an important factor. Mitigation measures are an important part of planning. Every proactive organization with a continuity plan they use to project ahead. A business continuity plan is useful in determining the steps to take, when and how. A business plan helps organize a plan on what to work on. Identification of the required skill and organization is a function of the business plan (Fennelly, 2016).
A comprehensive business plan identify the services to be rendered by the organization or business. A continuity plan prepares the business with ways to curb disaster if and when it strikes. It is important to implement business continuity plan. This is because a business continuity plan helps review weaknesses within the organization. Business continuity plans address basic concerns in the organization. Implementing a business continuity plan will help keep the original and basic function of the business. Implementing the business continuity plan is useful in case of labor disputes. It reveals back up plans. Implementing business continuity plan will ensure that company standards are complied with by all. This is because the plan points out how operations must be run in the organization. Valuable business data is gained through the implementation of continuity plan. It preserves the reputation of the organization. The impact of implementing a business continuity plan is positive in realizing organizational goal (Fennelly, 2016).
Physical Security: What a Physical Security Site Survey Entails & Its Benefits
Physical security involves the various security measures put in place to prevent unauthorized access to equipment, buildings, facilities and resources. It protects property and personnel from harm or damage such as theft, espionage or even terrorist attacks. Multiple layers of inter-related systems are used in physical security. They include CCTV surveillance, security guards, locks, protective barriers and access control protocols, among other methods. A physical security survey involves three major stages. The first stage involves intelligence gathering. In this stage, information is collected on the company, its objectives and operations, and a risk assessment carried out. The assessment identifies the business or company assets in need of protection and their value. It also defines the types of adversary likely to be encountered and possible threats such as trespass, robbery, insider attacks, etc.
The second stage of a physical security survey involves access to information about the facility or business and its location. Commercial rural and inner city include location information likely to be obtained. The building structure, boundary, history, condition and prevailing protective measures such as bolts, alarms and bars may include information about a business building or facility. Structured processes such as interviewing of important employees, insurance assessors and crime prevention officers, and observation are used to collect the necessary location or facility details. Crime records, historic data, and available site drawings and plans can supplement details on the facility. The third and last stage of physical security survey is the survey or walk through the site. It involves physical vulnerabilities assessment, existing security measures in place and their status, and system types and devices required to further prevent likely threats (Fennelly, 2013).
Physical security surveys provide the information required to design secure business systems, taking into account processes, people and technology required to meet business objectives. The survey leads to the system design phase. A business’ security is as strong as its weakest point. However, identification of a security system’s weakest points is not easy. Businesses face various challenges when it comes to protecting assets and properties. Emerging security threats call for better security to counteract the risks, hence the essence of regular physical security site surveys. The surveys eliminate liability risks, determine prevailing security system weaknesses, and help meet prevailing security law requirements. They also support wise spending of money on effective security forms, and give business owners and their employees peace of mind.
Importance of Access Control to Overall Physical Security
Businesses with highly distributed systems and assets should protect the confidentiality of their resources. Just like the administrative and technical aspects of security features, physical security offers protection of business facilities and assets to protect the business at large and employees. Without physical security protection, other security measures become meaningless. Physical security is all about safeguarding confidential information, critical data, software, networks, facilities, equipment, personnel and business assets. (Garcia, 2007) Malicious attacks such as vandalism, terrorism and theft, and natural disasters such as fire, floods, earthquakes and power fluctuations can cause loss of critical data, making retrieval hard or even impossible in case of permanent data loss. Different organizations face different kinds of physical security threats.
Despite the essence of physical security, it is often overlooked. It is important for protecting information from destruction in case of a natural disaster or unauthorized access. Attackers and hackers are motivated by financial gains, revenge, personal gains or simple access to a vulnerable target. Physical security is increasingly becoming more challenging due to availability of sensitive devices such as laptops, USB drives, smartphones, tablets, etc. that foster smooth and easy data theft. With more focus on technology-oriented security, fewer physical security measures are adopted. As a result, attackers have a better chance to exploit vulnerabilities such as open ports and data. They adopt the use of unauthorized schemes to gain entry into business systems and networks. However, employees also make up internal business security threats because they have access to all aspects of the company, easing assets theft (Erbschloe, 2005).
Intentional malicious attacks and unintentional natural disasters can affect a company’s existing physical security. Natural disasters such as fires and floods can destroy data, making it hard to recover. On the other hand, malicious attacks such as theft, hacking and terrorism can lead to the misuse of critical and confidential business information. Attackers use vulnerabilities and weak system points to exploit highly classified data or information, gaining unauthorized access and penetrating business networks. Businesses must deploy various physical security aspects to prevent criminals and unauthorized users from bypassing security layers. Building management, access control, camera, alarms, sensors, ID management, safe locks, perimeter security such as fences, mantraps, turnstiles and gates, and backup devices such as the cloud (Garcia, 2007).
Safe locks are difficult to duplicate while badges support employee identification and verification. However, access control is the most important aspect of physical security. Surveillance cameras are installed in hidden places and vulnerable devices and/or portables protected from being tampered with. Backups are installed in various places without access to unauthorized users. The right access control techniques can help protect business systems, assets and other critical information from destruction or loss. (Fennelly, 2013) A strong set up can reduce data, assets and equipment loss. A strong physical security system is layered to prevent attackers and/or criminals from gaining easy access to business assets; they would have to bypass several security layers to attain their malicious objective. The tight security system makes it harder for the attackers to accomplish their goal. It becomes hard for an intruder to scale the various equipment techniques in place, reducing security threats.
What is more, access control is at the top layer of a security system. It can be implemented both at the physical and system layers, further strengthening the security systems from different points and levels. Access controls prevent vendors, strangers, visitors and other unauthorized users from gaining access to information or equipment they are not authorized to access. Card swipes or proximity cards prevent the public from accessing sensitive assets or information. They also offer an audit trail valuable for tracking a malicious insider’s movements within the business premise (Garcia, 2007).


References
Erbschloe, M. (2005). Physical security for IT. Amsterdam: Elsevier Digital Press.
Fennelly, L. J. (2013). Effective physical security. Waltham, Mass: Butterworth-Heinemann.
Fennelly, Lawrence J. (2016). Effective Physical Security (5th ed.). Butterworth-Heinemann.
Khairallah, M. (2006). Physical security systems handbook: The design and implementation of electronic security systems. Amsterdam: Elsevier/Butterworth-Heinemann.
Garcia, M. L. (2007). Design and evaluation of physical protection systems. Elsevier.