Integrated Physical Security: Fraud and Information Security - Case Study Example

 Integrated Physical Security Abstract This paper will discuss the integrated physical security, and define the factors to be considered when providing integrated physical security protection for a high, rise multi-tenanted office building in an inner city location, parts of which are in use 24 hours a day, seven days a week. The basic aim of this research is to present a framework for the integrated physical security, and implementation factors. This paper will streamline the main threats and hazards which current organizational structures have to face; these threats can be intrusion, terrorist attack, information theft, and several other factors. These factors are continually increasing and presenting a real danger for the physical security. This paper will discuss and present a solution oriented approach for resolving these problems. Introduction Nowadays security is more complicated and significant than ever before, however it does not signify that the similar solutions are appropriate for each business. Integrated Security Technologies identify that every business and entity has its own restricted set of disputes and one broad requirement, to remain their public (employ), assets and data safe, while upholding the upmost feasible return on their asset. Traditional security and risk administration carry out, scrutinize, and tackle potential fear to a business by giving importance to them and conveying apposite procedures and technologies to tackle every threat. For instance, classifications are frequently destined as stand-alone explanation to compact with precise states and lighten harm without affecting the business as an entire. Integrated security symbolizes an extraordinary approach and engages the combination of physical, and information technology, electronic programs with equipped systems, like building safety, fire and life security, and HVAC. When appropriately planned, this kind of organization makes the business better capable to safe from a disruption (Irvine et al, 2001). A number of services are moving in the direction of an integrated approach. This is being determined by a diversity of issues, comprising the mounting requirement for rapid communication and advanced technology. Containing security systems interrelate with other building structures would be able to offer managers expanded potentials (Byfield 2005). Additionally, latest electronic safety /security systems consist of information databases and computer systems and administer the similar organizational IT communications. Taking benefit of the development in physical, IT security and electronic measures to support a business demands the combination of these elements. Frequently the main convergence point is the individual, or people, accountable for functioning the safety and other building arrangements (Irvine et al, 2001). Why We Need It At the present time integrated physical security is effective. Aside from the official and liability subjects, it immediately makes intellect to preserve the services and public, to whom we rely, to remain our company protected and safe so in this way we are able to, hopefully, put off an harass or, if one does occur, live on it (Voss, 2001). For a number of businesses there are additional reimbursements from carrying out integrated physical security. Throughout the danger and hazards assessment steps of developing an integrated physical security, we often find out regions of vulnerability that are able to be remedied and carry out and are able to be enhanced. It can guide to enhanced efficiency and competence and has a continuing impact on our base line. So by putting into practice an integrated physical security, we might as well augment ability and productivity (Byfield 2005). The major advantage, though, is in augmented security for everybody by means of that facility. It is compulsory to successfully converse this requirement for integrated physical security to all those worried and to get hold of them aggressively concerned in the procedure. Finally, one of the cheapest shapes of physical security and in the middle of the majority effectual is the ears and eyes of the public by means of the facility (Irvine et al, 2001). If people distinguish the requirement for awareness and account everything suspicious, they will all experience safer and additional protected. And people have need of experience protected and safe (Terry et al, 2008). The terrorist danger does not simply come from out of the country. As stated by the FBI, there are more than 1,000 pipe bomb events each year. In the previous eight years more than 40 teachers, students and guardians have been shot dead at incidences in schools. The danger is authentic and going up (Scott C. 2002). Assessing the Potential Bringing an integrated security technique needs a security exploration and assessment arrangement that create a safe workplace for carrying out foundation operations. This procedure comprises shaping resources; recognizing and classifying intimidation and vulnerabilities; and applying integrated countermeasures and actions to deal with these threats across six safety zones. These regions/zones begin at the furthest layer of the capability and effort inward, taking into account the contiguous streets yard, perimeter, restrains and parking areas sidewalks and center. Every zone should be considered to force the normally security of the building in the course of prevention, wait, denial, discovery, and reaction by means of a extensive variety of measures like that symbols, blockades admission control, and patrol (Byfield 2005). To insure security, it is important to build-in security in both plan and design stages and adapts a security structure which governs and makes sure that different actions, especially security related ones, is deployed appropriately. One should keep in mind that there is no single way out for a security structure which will work across all organizations and that the infrastructure is continuously evolving. Therefore, the security structure must be capable of adapting new changes, technologies, strategies and policies (Irvine et al, 2001). In general, security architecture can be defined as a unifying structure and reusable services that apply policy, standards, and risk management decisions. It is a strategy which permits the development and operations staff to align efforts, and make platform improvements which are not possible to make at a project level. In general, risk management, security policy and standards, and security architecture preside over the security processes and defense in depth architecture through design guidance, runtime support, and assurance services. Then the security metrics help out the decision support for risk management, security policy and standards, and security architecture (Voss, 2001). Maximizing Return Completely capitalizing on structure and personnel money can merely be attained in the course of addition and combination, which will produce a superior level of efficiency. For safety and security these augmented operational efficiencies are able to add value. For instance: Digital video inspection systems proffer visual alertness of people and assets for asset security (Scott C. 2002). The systems can as well be utilized by sales teams to review reply to visual displays and to watch inventory. As biometric hand reader, this facility proffers a prominent level of admission control, which as well works as a time and attendance device. A business ID card, login ID, and password system may be utilized for admission control and system safety. It can be utilized to pay for foodstuff in the hotel or cafeteria (Byfield 2005). Efficiencies those scheduled on top produce a direct return on savings and help organizations to diminish their risk and danger in the course of augmented security events. In general it supports businesses when evaluating costs and improving equipped production (Irvine et al, 2001). Additional long-standing paybacks of systematizing incorporated security arrangement comprise: Advanced levels of security for company procedures and dealings crossways the business, which diminishes risk, declines safety threats, and develops fulfillment with business and management regulations (Terry et al, 2008). Concentrated levels of risk as managerial plans and strategies also reduce the chance of an occasion or enlarge improvement actions to diminish consequences (Voss, 2001). Rapid association among the business and remote company partners, dealers and consumers, which assists to produce a superior level of business stability. A particular contact point for making sure the venture is safe, lessening the chance that a division or safety section will be overlooked. A fastidious financial plan for security, thus dropping the resistance amongst branches as to financial support sources for buying shared resources. Integrated, company-wide security offers to the managers’ enhanced visibility and command over processes. The long-term reimbursement of enterprise safety is capable to primarily promote a business to new phases in performance, enlargement, and productivity (Scott C. 2002). More than half the companies in the US do not have a disaster management plan, what to do in the instance of an emergency. Yet less businesses and associations have integrated physical security strategies to protect the facilities and the employs that are working in their organizations. While alarming, this marker is not astounding. Until 9/11 the majority companies and services had the attitude (Terry et al, 2008): “It will by no means happen to me.” On September 12, tens of thousands of directors throughout the nation were called in by their managers and told they were at the present accountable for facility security, a number of knew what was probable of them, others did not. That difficulty yet exists (Byfield 2005). The shattering results of Hurricane Katrina and the following flooding are a serious cue of just how serious and superior planning and attentiveness is. The main error done by crisis managers planning for a Hurricane Katrina-type instance in the Gulf States was that they equipped suppositions. They implicated the shoreline would not catch hit by something above a Category 3 hurricane and implicit the levees self-protective New Orleans would take hold of (Scott C. 2002). Together assumptions acknowledged being tedious mistakes. The procedure of emerging an integrated physical security arrangement weights that you suppose all potential threats, yet the doomsday ones, so that you would be able to approach up with effectual strategies to moderate them. That is the simple way to defend our nations and businesses facilities and the natives who work in them (Irvine et al, 2001). The Challenge The challenge regarding the integrated physical security is two fold. The preliminary confront is to accomplish a contract that something requires to be prepared. It engages varying mindsets; developing agreement and receiving senior administration buy in. The next challenge is in increasing and putting into the practice an effectual and perfect integrated physical security or IPS policy. This policy comprise three jointly supporting parts (Byfield 2005) Physical security measures Operational procedures Policies Physical security wraps all the strategies, technologies and experts materials for perimeter, outside and interior safety. This wraps all from security sensors and closed-circuit TV to barriers, lights and right of entry to the controls (Irvine et al, 2001). Operational measures are the income of any business; they wrap how the facility works on everyday commerce, like that shift changes, deliverances protection agendas and so on. You have to distinguish how the capacity works and carries out in order to expand an effectual integrated physical security arrangement that permits it to obtain on with its job with the slightest disturbance as probable (Voss, 2001). In the same way you have to know that some efficient integrated physical security is going to influence processes things will modify and you have to mutually direct and map for transforms and make sure that the motives for the transforms are understood and acknowledged by all personnel. Strategies spell out who does what and the measures to be in use to avert an assault or incidence, or, should one take place, to alleviate its collision and make sure persistence of company (Irvine et al, 2001). Eventually, approximately integrated physical security is a compromise for the reason that you can’t produce a capability 100 % safety if you have a frequent flow of public and vehicles coming in and out. The plan though, has to be to build up an integrated physical security agenda that organizes all the main objectives and offer the utmost defense against described fears with the property on hand. The other main consideration is perceptive when sufficient is sufficient. It is probable to remain adding up improvements and latest security altitudes however once more, there has to be cooperation. At what end does there come an experimental advantage in spending additional cash, particularly if the security plans turn out to be so strict then they influence our aptitude to demeanor company as normal (Irvine et al, 2001). The purpose of putting into practice an integrated physical security arrangement is to achieve reasonable and sustainable security. A protected capability is a safer facility, and by attaining this we can boost morale and well-being (Scott C. 2002). This five-step procedure allows us to distinguish the special fundamentals that require to be measured when developing our integrated physical security arrangement. Vital to these fundamentals are who and what we are going to protect (Byfield 2005): 1. People 2. Operations 3. Information 4. Inter-dependence People: the people that are employed in the organization and visit the facility, those functioning and existing close by and those who depend on our goods and services. • Operations: the daily administration of the facility comprising all the activities from changing the shifts and deliveries to upholding and utilities. • Information: information/data foundations and safety, and inner and outer communications. • Inter-dependence: how and what takes place at your capacity might occupy the wider society and how incidents at adjacent services might influence us. We have to be conscious of what is occurring upstream and downstream of our facility (Voss, 2001). When developing an arrangement or plan, everything of these classes has to be confined and the association among each has to be taken into account. As a consequence, a model security facility is one where all fundamental systems are in position, tried and tested, to shielded people, processes, inter-dependence and information exclusive of disturbing daily processes. It is one where everybody knows why the systems are organized and what they have to get done. It is a capability where self-assurance levels are prominent and people feel secure and safe (Irvine et al, 2001). Striking the Right Balance The main challenge in developing integrated physical security is to make sure of the security and safety of the capability and the serious assets inside, lacking interfering with the everyday operational activities. There are no advantages in carrying out draconian security actions if they are thus preventive that the capability cannot purposes usually or if the people they are made-up to guard sense endangered by them (Voss, 2001). Regularly, there is small point in bringing in enormously exclusive security procedures if: a) the cost can’t be defensible (Fallam, 1997), b) the actions are not suitable, or both. Integrated physical security strategy are by their extremely nature a collaboration, a cautious complementary act among what requires to be made and what would able to be prepared weighed beside what is in the most excellent awareness of the capability and its frequently everyday actions (Byfield 2005). Communications Integrated physical security planning should not be carried out in isolation. While we are raising the mainly effectual arrangement for our facility, observe what comparable services have done or are doing and talk with security experts and to begin with responders to obtain their involvement (Allenby, 1998). Talk about your strategies with your insurance business nevertheless, they have a vested attention in plummeting their duty, so they might be keen to diminish your premiums if you put into practice security activities, and in a number of cases they might yet be eager to add toward the price (Scott, 2002). It is the communication among facilities and outside stakeholders that will facilitate everybody to give out information and expand most excellent practices nationally. With these communication trails open we will be better capable to shield our facility and therefore assist and defend our organization, one structure at a time. Though, it elevates an inconsistency we have to open communications to make sure stakeholders are familiar with what is going on, thus far we as well have to make sure security so that particulars regarding what we are carrying out do not drop into the false hands (Irvine et al, 2001). Terrorism is not a latest confront and it is not leaving to go away any time quickly, so we have a responsibility to make sure that the spaces where we work, study and play are safe and that the public which are making use of them are protected (Voss, 2001). Integrated physical security planning is as well momentous for the basis that risks come from mutually normal disasters like that floods, earthquakes hurricanes, in addition to man produced intimidation diverge from stealing to terrorism. Vulnerable amenities are buildings that have a space among their mission and their acknowledged dangers. These comprise lots of serious infrastructures like that water treatment, power plants works and foodstuff dealing out plants (Scott, 2002). These as well comprise local, state and national administration structures and personal offices where we work, the schools where our kids are educated, the hospitals where we get a treatment and the shopping malls where we shop (Allenby, 1998). A number of services, the majority at danger are in city settings for the reason that they do not have the genuine assets essential to set up robust perimeters (Byfield 2005). Information security Now I will discuss the integrated security main factor that is organizational information security. In the new age of the information and technology, there are lots of threats which have been created for the organizational information. We need a security model that has the ability to handle and secure our information reserves. Technical administrative safety /security measures like that security plans, actions and techniques are put carry out the organizational information security measures (Voss, 2001). Awareness building actions are concerned by the organizations to a significantly smaller level, however at the similar time these are evaluated as being additional effective organizational procedures than technical administrative ones. Information security comprises organizational features, legal aspects, institutionalization and applications of best practices in addition to security technologies. Integrated physical security of Information The physical information security layer is an extremely significant component of information security which is frequently overlooked by information security practitioners. This feature of information security is normally left exclusively to the facilities security personnel. Though, it is vital in preventing prohibited physical access, harm, and interference to information assets and resources to deem the physical security risks, intimidation, and vulnerabilities (Henning, 1999). Then employment in corporation with physical security departments, ending users, industry partners, and other recognized areas to make sure adequate physical security is implemented to defend mission-critical and susceptible information processing amenities (Voss, 2001). These information processing facilities and systems should be located within protected areas and protected by described security perimeters; in adding up, apposite security barriers and entry controls should be well-designed. Data and processing centers require to be physically confined from not permitted access, damage, and intrusion. Mobile information systems have to be appropriately physically protected using a multiplicity of methods (Ringdal, 2001). Technique for exchanging information within an organization and business associates or third parties has to be consistent and safe to meet officially permitted and regulatory requirements. When network information is swapped, it has to be confined according to the point of classification. By producing security zones, an organization can be able to manage the information easily and professionally inside every zone as well as make sure every piece of information is properly classified. This setup then allows the information to be collective with third parties and business associates in the most appropriate way. For instance, a zone is able to be recognized to exchange information with a high-risk third party so that the supplementary dangers to rest of the network will be condensed as a great deal as possible (Siponen, 2007). Fraud Outsider Fraud Comprising frauds challenge to defraud businesses is certainly not innovative; fraud has been approximately as long as past has been recorded. Though, the methods by which fraud at the present happens is a great deal extra diverse than ever and takes benefit of latest technology and human faults. The Choice point fraud occurrence from February of 2005 is an ideal example (Siponen, 2007). The fraudsters took benefit of technology to create uniqueness supported upon those of other legal persons, and then took benefit of the vulnerabilities within the Choicepoint individuality verification procedure to carry out a fraud alongside the corporation while negotiating the safety of lots of persons inside the Choicepoint databases. Phishing is one more instance of use of modern technology (websites and emails) to place fraud next to community to whom fake messages are sent (Voss, 2001). Insider Fraud The occurrences of staff with official access to network resources placing fraud are probable to carry on growing even though it’s tricky to find out the current information for such offenses for the reason that they are under-reported to regulation enforcement and prosecutors Organizations are frequently disinclined to build such reports for the reason that of inadequate level of harm to deserve trial, and be short of proof or inadequate information to put on trial, and anxieties regarding unenthusiastic publicity (Voss, 2001). Physically Protect Information Assets Here I have gathered few parameters by which we have better implementation of the physical information security. To help to prevent network interruptions and unsuitable right of entry to information assets you require to: (Cooper, 1994) Make sure about sufficient climate control, like that monitoring temperatures and humidity of information systems equipment Stock up all backup media at a protected offsite location Guard network data and equipment and information media from fire, water and other environmental dangers Employ power interruption controls to make sure constant, steady electricity Control physical right of entry to computing equipment Make sure just authorized persons would be able to enter regions in which receptive information and network components are located Environmental breakdowns and physical activities are able to cause extensive harm to information systems and business dispensation. Such intimidation would able to be natural or man-made. Mitigating the dangers from these intimidations can be advanced by means of zoning techniques in the similar way that zones be able to be settled up inside the network. To carry out a strategy for physical defense is an important step to comprise inside any effectual enterprise information safety plan. Zoning would able to be utilized to establish well-organized and effectual physical information protection (Ehn, 1992). The Five-Step Process Here I will discuss the five step integrated physical security plan which is developed by Denver based CH2M Hill that is world’s foremost integrated security planning organization. There are five steps given below1: 1. Model Facility 2. Gap Analysis 3. Gap Closure 4. Strategic Plan 5. Implementation Here I will discuss each point briefly and try to evaluate according to the situation as we have in daily life. 1- Model Facility The facility which is an ideal in world is capable to make best use of security exclusive of compromising business as normal. A number of methodologies leave out this and go directly on to the diverse evaluation actions taken as we build up a tactical plan to apply an integrated physical security system. Though, we believe that it is significant than we inspect what would constitute a model safe facility for us. This is one which has acknowledged its interior functions, recognized its significant assets, recognizing the intimidation and vulnerabilities and uses the apposite actions to alleviate them. On top of all, it is a capability that is protecting thus far one that is capable to take on its foundation function as proficiently and efficiently as previous to the IPS was put into practice. When we arise with our model facility, we have a standard for comparison2. 2- Gap Analysis The objective of physical security is to take care of facilities, structures, and the property they hold. The most significant of these resources are, certainly, the people who work in the organizations and visit the facility. The initial things we required to discover out are: • The resources to be protected • The hazards to those assets • The weakness of those assets • Our priorities 3. 3- Gap Closure In this stage we will take the action on the shortfalls that we have identified previously, we must then deem and assess all obtainable alternatives to improve the intimidations. There is a huge array of outside and interior systems and devices available. We have to decide which the most outstanding choice is and best blend for our fastidious situation. If we have queries, then discuss with a sovereign security consultant rather than a seller with a vested attention in selling us its goods3. 4- Strategic Plan In this stage identified assets, challengers, intimidations, vulnerabilities and indomitable priorities and substitutes we have in a place to map and plan the security transform process. This means building a road map, we would be acquainted with where we are and have to plan how we are going to get hold of where we need to be. The strategic arrangement sets out in Steps 2 and 3 file our gap examination, identifying serious threats, assets and flaws and all regions requiring to be addressed. The gap termination documents how we map to secure those gaps, the explanation for the events to be taken, expenses concerned and timeframe for execution4. 5- Implementation Once our strategic plan has been approved, it has to be implemented. This comprises plan management, bid astringent and vendor assortment value assurance and excellence/quality control, and modifying policy measures. Integrated physical security planning is as well an enduring requirement. Once our arrangement is in place we have to continually observe it for flaws and vulnerabilities. We have to make sure our workers recognize the actions in position and what they have to do in the affairs of an emergency. Reanalyze our present state of affairs. Inquire what has altered and what latest intimidation has emerged. By continually following and observing our integrated physical security system we would be able to secure any gaps and bring in enhancements5. Conclusion In this paper I have discussed the Integrated Physical Security and factors related to it. Here I have discussed its basic need, challenges it is facing and present state. I have also discussed the advantages of the integrated physical security. I have also discussed the information security concept and its basic needs. There is also discussion on present hazards of information theft, fraud and fishing. I have also suggested solutions for these problems in this discussion. The five step model for the integrated physical security implementation have proved us a standard way for the enhancing and implementing fool proof security plan for our business setup. I have analyzed that the integrated physical security in this present age is very significant. It offers us a secure and safe environment for working and doing business. It is not only secures us but also enhances our credibility in the marketplace. References 1. Adams A, Sasse MA. 1999. “Users are not the enemy: why users compromise security mechanisms and how to take remedial measures”; Commun ACM 42(12): P.P. 40–46. 2. Allenby, B.R. 1998. "Towards a functional definition of 'organizational' security." In Environmental Threats and National Security (B. R. Allenby, TJ. Gilmartin, and R. F. Lehman II, eds). Livermore, CA: Lawrence Livermore National Laboratory. 3. Byfield, Bruce. 2005. “Nine principles of security architecture”. http://www.linux.com/articles/49803 4. Cooper, R.B. 1994. "The inertial impact of culture on IT implementation", Information & Management, Vol. 27 No.1, pp.17-31. 5. Ehn, P. 1992. "Scandinavian design: on participation and skill", in Adler, P.S., Winograd, T.A. (Eds),Usability – Turning Technologies into Tools, Oxford University Press, New York, NY. 6. Falla, M. 1997. “Safety critical systems. Results and achievements from the TI/EPSRCR&D programmed in safety critically stems (compiledandedited by FallaM)”; Available online at: http://www.comp.lancs.ac.uk/computing/resources/ scs/S. 7. Henning R. 1999. “Security service level agreements: quantifiable security for the enterprise?”; In: Proceedings of the ACM new security paradigm workshop (NSPW’99), Ontario, Canada, September 1999. ACM Press, New York, pp 54–60 8. Irvine C, Levin T. 2001. “Quality of security service”; In Proceedings of the ACM new security paradigms workshop (NSPW 2001), Cloudcroft, New Mexico, September 2001. ACM Press, New York, pp 91–99 9. Ringdal, K. 2001. “Information security (Unity and Diversity: Social Science and Quantitative Methods)”; Bergen, (in Norwegian), . 10. Scott C. Zimmerman, 2002. "Secure Infrastructure Design," 11. Siponen, M.T., Oinas-Kukkonen, H. 2007. "A review of information security issues and respective research contributions", The Database for Advances in Information Systems, Vol. 38 No.1, pp.60-81. 12. Terry Martin and Alexandra Bakhto, “Integrated Physical security”; file:///resources/whitepaper/physical/302.pdf, accessed at 16-12-2008 13. Retrieved on December 22, 2008. Retrieved from: http://blogs.techrepublic.com.com/10things/?p=106 14. Retrieved on December 22, 2008. Retrieved from: https://physicalsecurityhandbook.org/downloads/IPS%20Extracts.pdf. 15. Retrieved on December 22, 2008. Retrieved from: http://www.esisac.com/publicdocs/Guides/11c-Physical-Security.pdf. 16. Retrieved on December 22, 2008. Retrieved from: http://www.opensecurityexchange.org/OSEwhitePPR-052807.pdf. 17. Retrieved on December 22, 2008. Retrieved from: http://www.findwhitepapers.com/index.php?option=com_registration&task=register&pathway=no&vid=176&tid=680&id=&cat 18. Voss, B.D. 2001. “The Ultimate Defense of Depth: Security Awareness in Your Company”; SANS Institute, white paper, . 19. Zurko ME, Simon R. 1996. “User-centered security”; In: Proceedings of the ACM new security paradigms workshop (NSPW’96), Lake Arrowhead, California. ACM Press, New York Read More