Theory of Defense and Achieving an Effective Security Function - Essay Example

Defense In Depth Contents Introduction 3 Theory of defense 3 Physical security 5 Performance measures of physical controls: 6 Elements of deterrence 7 Detection 8 Achieving An Effective Security Function. 9 Conclusion 10 Bibliography 10 Introduction After the great world wars and mini world war the concept of security started to emerge. The need of security has widened all over the globe [Emm95]. It is very important to be secured and protected in this era as more and more criminal activities are taking place. Activities are on small as well as large scale. The development department has taken initiatives and brought many facilities on the front page that can make one feel protected. Different technologies are created to serve similar purpose. There was time when one layer security system was enough but now a day such a system cannot serve the purpose [DAV00]. A deep down complicated system is required. Such system is referred as defense in depth. It has many layers. For a criminal to perform crime there is a need to inactivate the entire layer to get to the main target. Physical security system that is having characteristic of defense in depth is very vital for organization as well the individual’s personal security. All the main concept of defense in depth is explained in this paper with encounter of physical security system. Along with this the basic key elements of deterrence are also discussed with the mechanism of detection. Both these D’s, deterrence and detection, are of great value if any criminal activity takes place. Ignoring them can near reach to the criminal. Along with these it is also important that no delay occurs. If delay occurs then there is a possibility that the criminal get chance to escape. Theory of defense Defense in depth is one of the strategies that maintain the protection and security. It is combination of different ways so that high security is attained and the maximum security is assured. Use of effective technologies is incorporated in the mechanism of defense in depth. Any stuff or documents or information can be secured through this depth methodology. It is a very practical strategy used for the security purpose. Sometimes information in wrong hand can be of great danger [MCT15]. To secure the information single layer of security or defense is not enough. Theory of depth explains the method of defense in depth that makes security and takes it to the complex model. It is one of the successful strategies that are highly implemented. Many policies are included in defense in depth. Technologies are specially designed for this purpose. Cost and level of security are deeply linked [Iae13]. Now a days higher the cost the high is the layered defense in depth strategy. The basic idea behind this strategy is the point and risk of attackers. To protect the information it is important that the information is layered with defense measure. In this way the chances of attack can be judged. The more the depth of defense less are chances of attack [Pel99]. The basic defense in depth system now a days comprises of five different levels. After all the level achieved the system is fully secured and protected. All of them are need so that physical security is maintained. Measures should be insured in the system so that system works well. Depending upon the motive of the attackers the defense system is selected. And on that basis it is decided how to get rid of the fear or threat. The management team concerned with security of system needs to keep a off and on checkup on the security system and improve the levels where the security lacks. One may never know when organization or system is coming under attack. Along with this there is a need that the management of defense in depth should keep an eye on the latest technology or innovations that have occurred in security development sector. In this way the layers of defense in depth can be enhanced and a better defense in depth is assured [FJo] Physical security Physical security secures assets and information. Different methods and tools are used to create a full fledge physical security. Individuals, information and other important things can be secured through this. Special security planning is done using advanced planning policies and strategies so that full physical protection is attained [Dav16]. A proper system in important for physical security otherwise it becomes difficult to be manageable and full physical security is not attained. There are two main goals for this. Firstly the individual should be secured and fully protected and secondly the information and belongings of the individual. Both levels should be assured in the securing mechanism. Many organizations and industries should have a physical security system. And it should be for each and everything present in the organization. The lives of the workers also need to be secured along with the organization. This lessens the risk of attackers or hackers [Har13]. As more and more advancement in happening in technology the physical security is getting weaken as there are more attempts on hackers. So a strong systematic approach is required that should be layered for the attainment of physical security in the organization or system. A backup system is also important to be installed in the system so that in case of loss of data due to hackers attack or by any natural disaster the lost data can be attained. Many devices are now been created to serve this purpose. More and more complex systems are installed so that the attackers are unable to get their hands on data or assets [And12]. For the full proof physical security it is important to have defense in depth in the organization. Defense in depth creates a different layered security that becomes difficult for the attacker to attack. The criminal may be able to get into one layer but when defense in depth is present then it becomes relatively difficult for the criminal to go to the depth. Taking a lot of security control methods can help in reducing the attack. Guarding the person or asset and applying a security verification system and other such devices results to be much more helpful in the security process [JSW10]. Organizations have now created systems that can help avoid such criminal activities and secure themselves. Still if such event of theft or loss of data occurs there is special management to solve the issue. Even if the matter is small it should not be ignored. This can lead to a big event and can be of great loss to the person or organization. Baselines should be there that can control the system. When baseline exists that physical security can be attain in an effective manner. The attack of any loss of information or any other danger to person or assets can be within the system or outside it. The individuals having access within the system can be a possible attacker [Ori14]. As they are familiar to the system so they can attack or hack something valuable or precious to the organization or system. They can transfer information outside the system and result to be a cause of big criminal event. So a defense in depth system is required that is able to control inside and outside danger to the system. Performance measures of physical controls: Performance measures are important in any field as they can help in implementation of any strategy or planning. Similarly in the case of physical security performance measures are very important as they can help in allocating security controls and help in avoiding of criminal acts in a system. When performance measures in physical security controls are discussed they are expanded into different measures [int09]. Input measures, output measures and outcome measures. Input measures are the methods that are put into the system so that physical security is attained. They can be different tools or devices that will serve as protection to the system. These tools will help in attaining the basic idea due to which they were used. For an effective physical security system it is important that appropriate and in depth inputs are utilized so that they can reduce the criminal acts. Along with this input measures should be one that can help if crime takes place. They should be capable in detecting the crime. The output measures should be able to evaluate that the inputs are used to the best and positive results are seen. It should measure that the inputs that were allocated are properly installed in the system or not. This is very important to be noted otherwise one won’t be able to get the desired results. After this all outcome measures represent the result that shows how much effect is been brought in the system due to the performance measures takes. If no such crime activity is seen that is a symbol that inputs of physical security are fully facilitated in the system. The main aims and goals can be evaluated in the last measure. The entire performance measures can be judged accordingly. Elements of deterrence Deterrence is a method used to control the crime. It is not exactly punishment rather it is way through which fear is maintained so that criminal activities are controlled. The theory of deterrence reflects that individuals tend to violate law if the punishment of crime is not much [Ell03]. It varies from person to person whether the punishment is severing for that person or not. Deterrence is of two kinds. It is either general or specific. The general is created to control criminal activities in general in the community. While specific is for proscribed sanctions. Such a punishment is given that no one dares to commit it. Coming to the elements of deterrence there are 3 main key elements. These are Severity, Certainty and Celerity [DBe79]. The famous socialist Beccaria and Bentham took support of these three elements while creating theory of deterrence. Severity explains that how severe the punishment is. If the punishment is too hard and the crime is small then it would be unfair. People have argued that while deciding a punishment the weightage of crime should be consider otherwise punishment will not deter crime. Certainty indicates that if the criminal will be caught and punished or not. It is to be made sure that the criminal is punished otherwise it will give birth to more crimes. So punishment is pretty important. Lastly celerity is that how early the criminal is punished it should be given instantly otherwise there are chances of escape of punishment [And75]. Detection Whenever any criminal activity takes place it is important to go the root of crime. Detection is named such action. It is done with the help of use of technology and methods. Special devices are now in the market that can easily help in the detection of any activity. If the defense in depth fails and crime takes place the detection management or team is brought into consideration. It is suggested that when physical security system is planned for any organization or system it is important to have detection at first. As this will help in securing the individuals, information as well as assets. An outsider team cannot evaluate the criminal activity at best as the systems self-team can do [Bal05]. To do detection of any event it is important that at first that all the basic points are noted and then interpreted properly. No point should be ignored as one never knows what evidence can result to be pretty useful. Many tools are now been created for this purpose. Advancement in technology can help in detecting where and what was done. Special trained dogs and other detecting devices are there that can help in telling the crime [Rob10]. Approximate time can also be known through technology. Proper systems are initially installed in the organization or system that can help at the time of need about the criminal event. Whenever physical security is to be created it is important to install some detecting system within the system [Cup05]. It will not only help at time of criminal event but also if some natural disaster comes into account. Achieving An Effective Security Function. Advancement in technology has led to a variety of tools and methodologies can be used in attaining fully effective security system. Technology and devices alone can do nothing for the security. An appropriate management team is required that can manage the security of the system efficiently. The magnitude of organization or system does not matter in the effectiveness of security system [Roc12]. If the security system is pretty effective then the response gained is positive. No or less criminal events are noticed. For a system to be physical secure it is necessary that all the information of the organization is kept protected in right hand. If the information is not secure and open to public it loses its value. It should only stay in the hands of the head of system. Until and unless the person is trustworthy the information should not be transferred. Another way to achieve effective security is by utilizing the technology of closed circuit television cameras should be installed [Fre06]. This can help in keeping record and get to the person if he is performing any criminal activity in the system. Defense in depth system creates multiple layers in the security system. It becomes difficult for the attacker to get in the system. Soft wares and policies should be installed in the system that protects the organization. All the systems that may hack should be blocked so that hackers have no such access to the system [Nil06]. All such strategies that can create a well security system should be adopted. Similarly the policies and strategies should be revised so that weak and strong points of the security system can be discussed and planning can be done if improvement is required in the security system [Mar04]. Conclusion So the type of world we are living in, where it is now too easy to get access to personal information and assets, it is important to make a secure environment. It is pretty difficult and complicated now a days but the defense in depth strategy can be helpful in providing deep down security of complex layers. The challenges of today’s world have led to the development of different models for the physical security [Wil11]. Latest tools and devices should be installed in the system to avoid criminal activities. The organizations should set up a proper management that can help in maintaining the physical security of the system. Multiple layer security system should be present in the organization that ensures that no attack can take place. Every possible way through which the attacker may attack and perform criminal activity should be noted to remove that risk from the system [Sec14]. The policies and strategies that are developed for security purpose should be used in the system. Any criminal activity if occurs in the system should never be ignored. Ignoring it or show delay can be encouraging for the criminals. So an instant step is necessary to maintain the physical security set up in the system. Bibliography Emm95: , (Rothschild, 1995), DAV00: , (BALDWIN, 2000), MCT15: , (Todd, 2015), Iae13: , (Iaea, 2013), Pel99: , (Peltier, 1999), FJo: , (F.John, 2005), Dav16: , (Hutter, 2016), Har13: , (Harris, 2013), And12: , (Parker, 2012), JSW10: , (Warner, 2010), Ori14: , (Oriyano, 2014), int09: , (Committee, 2009), Ell03: , (Elliott, 2003), DBe79: , (D.Beyleveld, 1979), And75: , (Andrenae, 1975), Bal05: , (Baltsavias, 2005), Rob10: , (Gruber, 2010), Cup05: , (Cuppen, 2005), Roc12: , (Well, 2012), Fre06: , (Nilsson, 2006), Nil06: , (Nilsson, 2006), Mar04: , (Mark.E, 2004), Wil11: , (Fitzgerald, 2011), Sec14: , (Council, 2014), Read More