Rising Physical Security - Term Paper Example

Systems Theory and physical security Name: Institution: Literature Review on Systems Theory and Physical Security Introduction In any organizations, the incentives for developing or maintaining individual systems - stovepipe systems that function separately from each other are great (Marren, 2006). Such consists of security of organizational territory, workers with concentrated technical knowledge, limited budgets, as well as the absolute complexity of espousing an integrated system. Based on the design of transit security system, the risks of stovepipe systems are obvious (Taylor et al., 2006). To independently protect the subway platform, maintenance facility, or computer system, Taylor et al. (2006) posits that it is not adequate for a vulnerability positioned in any of such locations can be accidentally conveyed all through the system by the agency standard operations, in so doing turning the public transit’s open, mobile, and rapid nature against itself. Lee and Choi (2013) affirm that a more efficient security level is likely when every organisational aspect can team up and timely data vital to preventing, stopping, or reacting to a security incident is widely accessible in the system. When employees at each organisational level comprehend the significance of connectivity amongst its legal¸ procedural, technical, physical, as well as institutional aspects, they can manage to deliver a service that is reachable and safe to the public. A systems approach as well results in transit security by drawing together the diverse parties that have to design a security plan, put into practice the security plan, as well as react to a threat or attack (Mahizharuvi & Alagarsamy, 2011). Rising physical security is a long-standing process, so the essay seeks to provide a critical insight on what systems approach is to physical security, and why the systems approach is necessary for the protection of assets. 2.0 Security Systems Approach According to Cohen (2010), critical infrastructures underline the local health, safety, security, as well as economic welfare of any country. The critical infrastructures are made of cyber and physical systems, which consist of water and food, information and telecommunication systems, transportation, production of energy, distribution and transmission (Moteff & Parfomak, 2004). These systems were intended for reducing sporadic failures such as degradation, natural catastrophes, unfavourable weather conditions, as well as operator’s accidental mistake. With time such systems have turned out to be more and more interdependent and complex, heightening the prospect for such sporadic failures that the systems had intended to reduce. Generally, such systems were not made to bear up terrorist assails or be safe from intentional employment of deadly weapons, such as U.S. 9/11 terrorist attacks (Taylor et al., 2006). Moteff and Parfomak (2004) are of the view that increasing an effectual domestic comeback to future attacks on infrastructure by terrorist is a hard and multifaceted undertaking. This is for the reason that critical infrastructures are big, extensively dispersed, mostly owned by private developers (Moteff & Parfomak, 2004). Whereas there is huge pressures to protect everything at the moment, and scores contending for requests for funding solutions from the federal government, Moteff and Parfomak (2004) noted that realities of budget have limited accessible alternatives. In spite of a gargantuan amount of resources and effort utilised to security recently, considerable advancement appears to be wanting. Correspondingly, engineering changes are making conventional security analysis methods more and more invaluable(Uygun, Huang, & Lou, 2006). Given that the majority of such methods were designed more than five decades ago when systems were above all composed of electromechanical elements, which were less multifaceted as compared to modern software-intensive systems (Tribble & Miller, 2004). Therefore, novel more authoritative techniques for safety analysis, rooted in systems theory, have been developed and fruitfully utilised on a diverse modern systems, such as nuclear power plants, medical devices, aircrafts et cetera. Systems theory can, equally, offer a controlling basis for security. A further advantage of Systems theory approach is the possibility for generating an incorporated approach to both safety as well as security. 2.1 Systems Approach to Physical Security Basically, physical security illustrates security measures meant for denying unlawful access to resources, equipment as well as facilities, and to shield property and personnel from harm and damage like terrorist attacks, spying, or theft (Jenkins, 2014). Nowadays is a digital age where the gathering, analysis, mainlining, and storing of information is exceedingly imperative. Marren (2006) asserts that for any activity to be initiated in an individual, organization, or enterprise, it is vital that diverse forms of information be created as well as managed. Therefore, significances of information systems that gather data, store it, as well as manage by means of an information intellectualization process have heightened progressively on a daily basis. Even though such an information system offers handiness for users in processing projects, Matsufuji and Imamura (2000) note that a more cautious management is needed for protecting information owing to diverse environments as well as reasons. Since a number of cautiously utilised information is overlooked, owners of data are immediately restrained. Hence, it is essential to identify the impact as well as significance of business continuity management as well as harms of likely threats are to be reduced by means of planning a strategy that can approximate ripple effects for all risk factors as well as organization responses Despite enduring a number of adversities such as flooding that hang up systems for information, Matsufuji and Imamura (2000) put forward that a counterplot for the adversity is only inflating valid budgets. This is because business continuity has been suggested as a counterplot for the computer room flooding caused by operating backup data-established sites, or containers that are movable. To operate a storage designed for backing up data remotely as well as making use data-based sites, or movable containers, then periodic expenses as well as contracts are needed and that results in inflated budgets: this has created the need for defence in depth (Park et al., 2011). 3.0 Defence-In-Depth Defence in depth as per Cleghorn (2013) is the coordinated utilisation of diverse security countermeasures for protecting the data/information assets’ integrity in an organisation. This strategy is rooted in the principle used by the military that it is harder for an enemy to overpower a multi-layered and multifaceted defence system as compared to penetrating just one barrier. What’s more, defence in depth reduces the chance that the attempts of malicious attackers will accomplish something. Furthermore, a strategy of this sort that is well-designed can as well assist security personnel together with system administrators recognize individuals who try to compromise a PC, Internet service provider, or proprietary network server (Saleh & Cummings, 2011). In case the attacker accesses the system, defence in depth as per Saleh and Cummings (2011) minimises the undesirable effects and offers engineers and administrators time to deploy novel or modernised countermeasures to avert repetition. In this regard, defence in depth components consist of biometric verification, anti-spyware programs, firewalls, antivirus software, intrusion detection as well as hierarchical passwords. The principle of defence-in-depth according to Stytz (2004) is that security mechanisms that are layered heighten the system security all together. In case an attack results in failure of one security mechanism, then other mechanisms could still offer the needed security for protecting the system. For instance, it is unadvisable to completely depend on firewall to offer security, especially for applications that are only used internally, since firewalls can regularly be evaded by a resolute attacker. Besides that, other security mechanisms must be included to balance the security that firewalls afford (such as training for security awareness and installing surveillance cameras), which handle different vectors of assets attack (Alhomoud et al., 2013). Espousing a defence-in-depth plan can increase the intricacy of a system application that operates against the simplicity principle used mainly in security. Specifically, adding novel security functionality adds extra intricacy that can bring novel threats with it (Alhomoud et al., 2013; Saleh & Cummings, 2011). Therefore, the system’s total risk must be considered. For instance, a computer program using password-based authentication methods can not gain from increasing the needed length of the password from 6 characters to 10 characters given that the additional intricacy may compel users to write down their passwords, hence lessening the overall system’s security. 4.0 Protection of Assets through Systems Approach Modern progressively more multifarious, software-intensive systems are demonstrating novel basis of losses, like accidents rough about by insecure connections amongst components, design errors as well as system requirements, and systemic factors resulting in anonymous widespread-cause failures of protection devices as well as barriers such as firewalls (Tribble & Miller, 2004; Mahizharuvi & Alagarsamy, 2011). According to Palshikar (2002), linear causality paradigms together with the incorporated tools such as fault trees purely are short of the power needed to incorporate such novel causes of losses. Therefore, new as well as more reliable methods for safety design and analysis have been developed on this basis. For instance, System-Theoretic Process Analysis (STPA) is a novel technique for hazard analysis rooted in the Systems Theoretic Accident Model and. Process (STAMP) causality model. According to Vladan et al. (2011), the analysis is carried out on the structure of the system functional control. It is worth noting that the function control paradigm has social aspects, physical aspects, information and logical aspects, management and operations aspects. Therefore, carrying out the security (vulnerability) and safety (hazard) analysis on this paradigm permits a wide viewpoint on possible loss causes. The majority of techniques for vulnerability as well as hazard analysis make use of physical system paradigms instead of functional system paradigms, and so focus on failures of physical component instead of the behaviour of dysfunctional system as well as broader organizational and social factors (Pfleeger & Pfleeger, 2011). After the control structure has been developed, the initial phase in the STPA analysis is to recognize possible insecure control actions that generally consist of offering a control action, which results in a hazard and offering a control action that is needed to avert a hazard. Others include offering a control action out of sequence, prematurely or belatedly, or carrying on a control action for an extended duration or bringing it to an end ahead of time. Losses as per Brown et al. (2006) can as well be caused by a needed (safe) control action that is poorly executed; for instance, a poorly executed missile instruction can lead to gravely damages. Subsequent to identifying the insecure control actions, the second phase entails analysing the loops of system control through a guided and structured process to recognize situations that can result in the recognized insecure control actions. According to Tribble and Miller (2004), the analysis first involve identifying the measured losses, identifying security vulnerabilities or system hazards , drawing the structure of system functional control, as well as identifying insecure, or control actions. Presently, STPA is utilised on security setbacks in diverse industries. Cautious assessments as well as comparisons with conventional techniques for hazard analysis have established that STPA finds the scenarios of losses established by the conventional approaches (such as Failure Mode and Effects Analysis (FMEA) and Fault Tree Analysis) together with others that are not rooted in component failures (Weeks et al., 2004). Astonishingly, whereas STPA is more influential, it as well needs smaller amount of resources, which includes time (Vladan et al., 2011). Therefore evidence shows that system theoretical approach can be used to protect assets at individual, organisational, domestic, and international level. 5.0 Conclusion In conclusion, it has been argued that by making use of a causality paradigm rooted in systems theory, more powerful as well as an integrated approach to security together with safety is probable. As mentioned in the essay, hazards results in safety issues equally as vulnerabilities results in security issues, but through systems approach these issues can be overpowered. Given that contemporary safety as well as security both tries to avert losses in multifaceted software-controlled systems, scholars and academics hold the view that using the similar system-theoretic causality paradigm can be beneficial to security just like it benefits safety. Besides electronic countermeasures, business physical protection in company with wide-ranging and continuing workers training improves the security of very important information against destruction, theft or compromise. 6.0 References Alhomoud, A., Awan, I., Pagna Disso, J. F., & Younas, M. (2013). A Next-Generation Approach to Combating Botnets. Computer, 46(4), 62 - 66 . Brown, G., Carlyle, M., Salmeron, J., & Wood, K. (2006). Defending Critical Infrastructure. Interfaces, 36(6), 530 - 544. Cleghorn, L. (2013). Network Defense Methodology: A Comparison of Defense in Depth and Defense in Breadth. Journal of Information Security,, 4(3), 144 - 149 . Cohen, F. (2010). What makes critical infrastructures Critical? International Journal of Critical Infrastructure Protection, 3(2), 53-54. Jenkins, B. M. (2014, January 27). How Do We Know If Security Measures Work Against Terrorists? Retrieved from Inside Science : http://www.insidescience.org/content/how-do-we-know-if-security-measures-work-against-terrorists/1542 Lee, D., & Choi, K.-H. (2013). Continuity in Wireless Video Security System-Based Physical Security Services. Wireless Personal Communications, 73(2), 187 - 196. Mahizharuvi, P., & Alagarsamy, D. (2011). A Security Approach in System Development Life Cycle. International Journal of Computer Technology and Applications, 2(2), 253 - 257. Marren, P. (2006). Stick this in your stovepipe. ournal of Business Strategy, 27(4), 8 - 10. Matsufuji, S., & Imamura, K. (2000). A spread-spectrum communication system protecting information data from interception. IEEE Transactions on Information Theory, 46(4), 1691 - 1695. Moteff, J., & Parfomak, P. (2004). Critical Infrastructure and Key Assets: Definition and Identification. Congressional Research Service. New York: The Library of Congress. Palshikar, G. K. (2002). Temporal fault trees. Information and Software Technology, 44(3), 137 - 150 . Park, a. J., Lopez, J., Yeo, S.-S., Shon, T., & Taniar, D. (2011). Secure and Trust Computing, Data Management, and Applications. 8th FIRA International Conference (pp. 1-252). Loutraki, Greece: Springer Science & Business Media. Pfleeger, C. P., & Pfleeger, S. L. (2011). Analyzing Computer Security: A Threat/vulnerability/countermeasure Approach. Upper Saddle River, New Jersey: Prentice Hall Professional. Saleh, J. H., & Cummings, A. M. (2011). Safety in the mining industry and the unfinished legacy of mining accidents: Safety levers and defense-in-depth for addressing mining hazards. Safety Science, 49(6), 764 - 777 . Stytz, M. (2004). Considering defense in depth for software applications. IEEE Security & Privacy Magazine, 2(1), 72 - 75 . Taylor, B. D., Fink, C. N., & Liggett, R. (2006). Responding to Security Threats in the Post-9/11 Era: A Portrait of U.S. Urban Public Transit. Public Works Management & Policy, 11(1), 3 - 17. Tribble, A., & Miller, S. (2004). Software intensive systems safety analysis. IEEE Aerospace and Electronic Systems Magazine, 19(10), 21 - 26. Uygun, K., Huang, Y., & Lou, H. (2006). An Improved γ-Analysis Method for Process Security Analysis. Process Safety and Environmental Protection, 84(2), 92 - 100 . Vladan, B., Slobodan, G., & Radivoj, P. (2011). System theoretic approach to sustainable development problems. Yugoslav Journal of Operations Research, 21(1), 1-10. Weeks, S. K., Bijkersma, F., Hubbartt, E., Murphy, B., & Anderson, M. A. (2004). Failure Mode and Effects Analysis. The American Journal of Nursing, 104(4), 72A - 72D . Read More

This is for the reason that critical infrastructures are big, extensively dispersed, mostly owned by private developers (Moteff & Parfomak, 2004). Whereas there is huge pressures to protect everything at the moment, and scores contending for requests for funding solutions from the federal government, Moteff and Parfomak (2004) noted that realities of budget have limited accessible alternatives. In spite of a gargantuan amount of resources and effort utilised to security recently, considerable advancement appears to be wanting.

Correspondingly, engineering changes are making conventional security analysis methods more and more invaluable(Uygun, Huang, & Lou, 2006). Given that the majority of such methods were designed more than five decades ago when systems were above all composed of electromechanical elements, which were less multifaceted as compared to modern software-intensive systems (Tribble & Miller, 2004). Therefore, novel more authoritative techniques for safety analysis, rooted in systems theory, have been developed and fruitfully utilised on a diverse modern systems, such as nuclear power plants, medical devices, aircrafts et cetera.

Systems theory can, equally, offer a controlling basis for security. A further advantage of Systems theory approach is the possibility for generating an incorporated approach to both safety as well as security. 2.1 Systems Approach to Physical Security Basically, physical security illustrates security measures meant for denying unlawful access to resources, equipment as well as facilities, and to shield property and personnel from harm and damage like terrorist attacks, spying, or theft (Jenkins, 2014).

Nowadays is a digital age where the gathering, analysis, mainlining, and storing of information is exceedingly imperative. Marren (2006) asserts that for any activity to be initiated in an individual, organization, or enterprise, it is vital that diverse forms of information be created as well as managed. Therefore, significances of information systems that gather data, store it, as well as manage by means of an information intellectualization process have heightened progressively on a daily basis.

Even though such an information system offers handiness for users in processing projects, Matsufuji and Imamura (2000) note that a more cautious management is needed for protecting information owing to diverse environments as well as reasons. Since a number of cautiously utilised information is overlooked, owners of data are immediately restrained. Hence, it is essential to identify the impact as well as significance of business continuity management as well as harms of likely threats are to be reduced by means of planning a strategy that can approximate ripple effects for all risk factors as well as organization responses Despite enduring a number of adversities such as flooding that hang up systems for information, Matsufuji and Imamura (2000) put forward that a counterplot for the adversity is only inflating valid budgets.

This is because business continuity has been suggested as a counterplot for the computer room flooding caused by operating backup data-established sites, or containers that are movable. To operate a storage designed for backing up data remotely as well as making use data-based sites, or movable containers, then periodic expenses as well as contracts are needed and that results in inflated budgets: this has created the need for defence in depth (Park et al., 2011). 3.0 Defence-In-Depth Defence in depth as per Cleghorn (2013) is the coordinated utilisation of diverse security countermeasures for protecting the data/information assets’ integrity in an organisation.

This strategy is rooted in the principle used by the military that it is harder for an enemy to overpower a multi-layered and multifaceted defence system as compared to penetrating just one barrier. What’s more, defence in depth reduces the chance that the attempts of malicious attackers will accomplish something.

Read More