Deep Physical IT Security - Essay Example

Physical Security Institution Name Tutor Course Date Physical Security Physical security can be described as protection of personnel and hardware together with software from physical actions or any other events which have the potential to cause serious loss and damages to the organization. Examples of such actions and events which protection covers are fire, natural disasters, and terrorism. Physical security has often been overlooked and thus their importances in most cases have been underestimated. It is worth noting that breaches of physical security can be carried out with brute force as well as with little and in most cases no Technical knowledge on the part of the attacker. Consistency regarding security advice has been found to be very difficult to achieve since the security concepts entail wide spectrum of activities together with skills which are spread over a vast array of contextual concern. Such include conceptions touching on the social contract which mainly applies to the concerns of the relations internationally and functioning of internal society regarding crime prevention which involves the government at both national and international levels (Miller & Shein, 2005). However, due to emerging diversity in all organizations, security as a profession has been found to lack consensus and thus its hierarchy needs stability as well as dependency. Application of Defense in Depth theory in security solely depends on controls which are intended to delay, with a low implementation regarding the manipulations which ought to show detection of such security attacks. Notably, such organizations are not aware that their physical security has been attacked. Studies carried out revealed that the majority of the physical security attacks are mostly perpetrated by the internal members of the organization who have different heinous motives of benefiting unscrupulously at the expense of the organization. In this regards, there is a need by the organizations to detect and most importantly prevent such actions. It should be also devised that all the personnel within the organization have various responsibilities regarding the physical security of their organization. Such should be established basing on the theory and the best principles acceptable to the organization. In order to include such a proposition which have been put in place, the organizati0omn should ensure that there is use of common meanings especially during presentation of the professional advice towards the protection of organizations assets (Symposium on Avoiding Technology Surprise for Tomorrow's Warfighter & National Research Council (U.S.), 2010). Various approaches relating to the protection of the assets collectively embraces the consistency of the strategies which will be perceived to work towards preventing theft and other activities which will cause destruction to the facilities. It should as well entail the protection of the personnel and most important information of the organization. In carrying out all these decisions, Defense in depth theory is used as it has proved to be effective and efficient. The defense-in-depth as well has been deposited to underpin the core functions of the security which entails deterrence and actual detection while causing delay and response so that immediate action can be taken to prevent theft and destruction to the organizations. Defense in depth has been found to be very effective as it has been applied to protection of assets for centuries basing mainly on the argument which poses that an asset ought to be enclosed by a variety of succession barriers which will indubitably restrict any form of penetration of the unauthorized access to the assets. This implies that the defense in depth is proving to be appropriate response and recovery. This depicts that the depth theory is sound and is mainly supported by the routines activities as well as rational choices theories from which the opportunity is perceived to be the prevention of such criminal routines. With the theory being in defiance with the rational choice theory which has been depicted to put into account the processes of decision making and potential rational adversaries, it is also argued that the rational theory depicts that a potential offender in all cases mainly focuses on the targets which they want. This is according to the perceptions, and the chances of such perpetrators being detected at levels which are also perceived to be difficult in achieving what they had planned for. This coherently makes the chances of them being apprehended to be high especially when related to its proclivity for violence. The defense in depth is designed to integrate people, procedures, and equipment to barrier system. This kind of approach will give a chance to the application of system thinking to realize that individual events from the part of a pattern of events. That is, for every approach which is used, there is the need to analyze and to understand the whole process of evaluation. For instance, a security door can form the building fabric which is meant to prevent intruders. At this point, the portal opening is checked to determine the strength of the door itself. The way the hinges were fitted and their strength. Also, the locking mechanism is reviewed so as to know its quality. The door is also ensured that it is fitted very well so as to minimize or to avoid the door having gaps which lead to its vulnerability (National Research Council (U.S.), 2011). The additional way in which security can be enhanced is by fitting the sensors so as to assist in detecting attempts made to bypass the door or any other opening. Every individual safety in the opening is designed in a way that it provides a level of difficulty as a portal measure. With the series of subsystems within the security layers, then it provides the extent of operational significance. When these methods are combined to enhance the security, then it is possible to have achieved the aim which is ensuring that the security has been enhanced. When all these methods are combined, it is possible to calculate the probability of the whole system being successful. When all these measures are functioning as per the expectations, then the security will be enhanced and therefore all the properties will be safe. Applications of security measures and controls are the psychological and procedural together with technical devices which are deemed to perform security tasks which enhance the security trough achievement of demarcation as well as division of physical space which are in most cases referred to as zones or protection rings. This approach potentially incorporates various multiple detection devices with multiple delay measures and response abilities. It is noted that such approach can effectively be implemented for protecting the movements mainly for unauthorized activities across single security zone. It can as well be implemented to ensure security of multiple security zones (International Conference on Networking Systems and Security, Association for Computing Machinery, Institute of Electrical and Electronics Engineers, Bangladesh University of Engineering and Technology, & Institute of Electrical and Electronics Engineers, 2016). It is coherently articulated that the principle regarding security zoning highlights that some of the areas in a facility are not under any restrictions completely and thus vulnerable to be stolen by the employees who lacks loyalty to their workplaces. Notably, there are some controlled areas which are based on the various valid reasons for it to be restricted. It is moreover pointed out by the studies carried out that the security zoning is effectively used can require additional access control authorizations which will help to ensure that the security does not tamper with. With regards to zoning principle, there is a clear distinction which exists between the security control and the security layer. Security layers can be described as the implementation of a given set of principles and set controls which can have the potential ability to stop defines acts and events which could have occurred and cause harm. Thus by referring to the security layer control, it can be noted that it extensively eliminates the risks and harm which could have been caused by some activities. This articulation can be deemed to lend itself some of the application into the various layers of the multilayered defenses. Therefore, it is coherent that the securities role with regards to management of threats which poses various risks should be taken out carefully as stipulated by the theory of Defense in Depth. An example an application of such defense in depth theory is in the protection of the facility by use of two detections which one of it can be carried out by means of delay which is coupled into a layer which separates one of the access zones to form two access zones. Moreover, the detection components will as well include the intrusion detection systems which can be used in procedural security in detections of the activities such as unauthorized movement of the people across such access zones. Such detection systems are meant to detect a contraband that is moving across such secure zones trough the staffed portal (Mendell, 2007). It is as well noted that the defense in depth security is a theory regarding security which mainly represents the arguments which are meant to remove the opportunities which can make the asset of an organization to be vulnerable to attacks. Such assets as well are selected in which it ought to be layered in defense before each of the security zones are configured to detect and delay the responses so that various effective actions can be taken by the security personnel who are attached to the organization. In doing this, they will be able to take any related adversary actions. Consequently, the protection defense in depth entails application of various different individual components which have been designed to detect as well as delay and mostly importantly to respond to the adversary actions which are deemed to make up the securities to be specific layers which have been separated by the different security zones within the facility. However, the security defense in depth as well can be noted that it is a holistic approach in which the protection of assets is mainly based on the threats which are exposed to the organizational assets as well as to the entire organization. With various layers of security and levels of security control which is being implemented in the organizations, the assets will be protected as it will be under the restrictions which can only be assessed by the individuals having legitimate rights. In this regards, the in-depth defense security theory has been depicted to be very effective and most importantly reliable. There are considerations that security depth and defense depth are often thought of to mean the same but they are different. The argument on the defense depth is that it is a theory which speculates that for security to be effective in controlling access to the assets or a safety zone then there must be a way of detecting, delaying and responding to any attempts to unauthorized access to the premises. For the sensor to be useful, then interruption and neutralization have to occur before the crossing of the zone is successful. However, this strategy in most cases should be in many layers of controls, and some trusted insiders should have access to the places but not in all locations. For one to be allowed to those places, then it depends on the duties the person has and after clearance by the security (NATO Advanced Research Workshop on Physical Properties of Nanosystems, Bonc̆a, & Kruchinin, 2011). To separate the security zones, and then there should be a way of detecting, delaying and responding to attempts to cross to the restricted area by unauthorized people. Such places include physical and information technology zones. Depending on the risk, there is the need to put in place multiple detection constituents, numerous delays and also multiple responses for each zone hence it will be forming security layers in each region. As the defense in depth is supported by protection in depth gives the joint effort to secure individual and to offer security to the multiple security zones within a facility. However, these approaches to safety and security zoning should put into consideration the threats which can be as a result of trying to put in place the measures. These threats can be manifested against the information technology if it happens that the illegal people access these sites. These security risks may be reduced by increasing the performance in any of the security layers by merging the security layers; that is bringing more than one security layer to serve the same purpose. So, for these securities to be effective, then there is the need to have all the security layers being effective and reliable to ensure that security is maintained. Notably, it can be depicted that the concept of in-depth defense security layer is mainly provided so that the combination of controls can be achieved and helps in providing the combination controls which will seek to depict the security layer which is provided by such controls and thus contributing to reduction of threat capabilities regarding a layer trough their abilities to deter as well as detect and most importantly delay the responses as it is attempted by unauthorized persons (Perdikaris, 2014). The concept of Security in Depth theory is depicted to be supported since there are many layers which indubitably are needed since coherently it is difficult to build a layer which is a hundred percent perfect. This in turn due to various available different layers can be deemed to become more ineffective with regards to various threats. In this regards, such holistic approach to the security enhancement of the assets as well as organization is carried out considering the threats which are posed by the security system which ought to be considered for each of the articulated layers in this holistic plan where the defense level with regards to in-depth security defense at each of the available layers and protection in such layers are put into consideration. It has consequently justified that all the layers can be integrated together so as for the organization to achieve the considered security in-depth for its assets. This is because it has been proven to be consistent with the various approaches which are acceptable to security. With this approach as well, it has been depicted that it enables the achievement of various security resilience where security defense in depth can be easily achieved trough implementation of such protection debt. With the theory of Defense in Depth, it can be perceived that all access zones which exist within protected areas of the facility as well as in an organization can lead to logical controls which will ensure that access controls are achieved (Andress & Winterfeld, 2014). In summing up, it can be noted that the Defense in Depth represent the application of the Rational Choice theory where the Protection in Depth theory mainly entails the representation of the engineering principle which seeks to avoid the single point form of failure which in most cases are based on defined threat to the organization's assets and information which are stored at various departments in the organization. Each zone’s layer, relating to Security in Depth is perceived to entail a capable guardianship to the organization's assets and personnel from various attacks. Security in Depth as well can be depicted to be a total system which will enable security personnel to view security options and carry out incorporations of intelligence as well as other logical measures to the organization's security. References Andress, J., & Winterfeld, S. (2014). Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners. International Conference on Networking Systems and Security, Association for Computing Machinery,, Institute of Electrical and Electronics Engineers, Bangladesh University of Engineering and Technology, & Institute of Electrical and Electronics Engineers. (2016).Proceedings of 2016 International Conference on Networking Systems and Security (NSysS): 7-9 January, 2016, Dhaka, Bangladesh. Mendell, R. L. (2007). Document Security: Protecting Physical and Electronic Content. Springfield: Charles C Thomas Publisher, LTD. Miller, D., Bednarczyk, M., & Shein, R. (2005). Black Hat physical device security: Exploiting hardware and software. Rockland, MA: Syngress Pub. National Research Council (U.S.). (2011). National security implications of climate change for U.S. naval forces. Washington, DC: National Academies Press. NATO Advanced Research Workshop on Physical Properties of Nanosystems, Bonc̆a, J., & Kruchinin, S. (2011). Physical properties of nanosystems. Dordrecht: Springer. Perdikaris, J. (2014). Physical security and environmental protection. Symposium on Avoiding Technology Surprise for Tomorrow's Warfighter, & National Research Council (U.S.). (2010). Avoiding technology surprise for tomorrow's warfighter--symposium 2010. Washington, DC: National Academies Press. Read More

Various approaches relating to the protection of the assets collectively embraces the consistency of the strategies which will be perceived to work towards preventing theft and other activities which will cause destruction to the facilities. It should as well entail the protection of the personnel and most important information of the organization. In carrying out all these decisions, Defense in depth theory is used as it has proved to be effective and efficient. The defense-in-depth as well has been deposited to underpin the core functions of the security which entails deterrence and actual detection while causing delay and response so that immediate action can be taken to prevent theft and destruction to the organizations.

Defense in depth has been found to be very effective as it has been applied to protection of assets for centuries basing mainly on the argument which poses that an asset ought to be enclosed by a variety of succession barriers which will indubitably restrict any form of penetration of the unauthorized access to the assets. This implies that the defense in depth is proving to be appropriate response and recovery. This depicts that the depth theory is sound and is mainly supported by the routines activities as well as rational choices theories from which the opportunity is perceived to be the prevention of such criminal routines.

With the theory being in defiance with the rational choice theory which has been depicted to put into account the processes of decision making and potential rational adversaries, it is also argued that the rational theory depicts that a potential offender in all cases mainly focuses on the targets which they want. This is according to the perceptions, and the chances of such perpetrators being detected at levels which are also perceived to be difficult in achieving what they had planned for. This coherently makes the chances of them being apprehended to be high especially when related to its proclivity for violence.

The defense in depth is designed to integrate people, procedures, and equipment to barrier system. This kind of approach will give a chance to the application of system thinking to realize that individual events from the part of a pattern of events. That is, for every approach which is used, there is the need to analyze and to understand the whole process of evaluation. For instance, a security door can form the building fabric which is meant to prevent intruders. At this point, the portal opening is checked to determine the strength of the door itself.

The way the hinges were fitted and their strength. Also, the locking mechanism is reviewed so as to know its quality. The door is also ensured that it is fitted very well so as to minimize or to avoid the door having gaps which lead to its vulnerability (National Research Council (U.S.), 2011). The additional way in which security can be enhanced is by fitting the sensors so as to assist in detecting attempts made to bypass the door or any other opening. Every individual safety in the opening is designed in a way that it provides a level of difficulty as a portal measure.

With the series of subsystems within the security layers, then it provides the extent of operational significance. When these methods are combined to enhance the security, then it is possible to have achieved the aim which is ensuring that the security has been enhanced. When all these methods are combined, it is possible to calculate the probability of the whole system being successful. When all these measures are functioning as per the expectations, then the security will be enhanced and therefore all the properties will be safe.

Applications of security measures and controls are the psychological and procedural together with technical devices which are deemed to perform security tasks which enhance the security trough achievement of demarcation as well as division of physical space which are in most cases referred to as zones or protection rings. This approach potentially incorporates various multiple detection devices with multiple delay measures and response abilities.

Read More