Foundation of Physical Security
The Process of Incident Identification
An incident can be identified according to the security measures that were implemented for the organization protection. Hence, if one takes into consideration that an organization has used the largest variety of tools for the incident identification, then its list may contain the following processes:
- Protective barriers. If a person crosses a protective barrier, it is a signal for a security to notice about the incident.
- Damage CCTV. If a person tries to damage CCTV cameras or other security system’s tools, such actions must be viewed as an incident.
- Visiting zones without permission. A person who tries to enter a zone without necessary permission is viewed as a potential threat, even if it is one of the organization’s employees.
- An absence of a security officer at his/her place. The absence of a security officer at his/her place indicates that there could be an incident or an officer left his/her post without permission. Anyway, such case should be considered as an incident because it endangers the organization’s protection.
Thus, if one of the processes takes place, it means that an organization experiences a potential incident. In this case, it is necessary to take measures in order to prevent the further actions of a criminal or employee and ensure that his/her actions will not bring more damage to the organization.
The Process for the Incident Classification
Before one takes some measures to stop the actions that endanger the organization’s safety, it is necessary to classify an incident according to the criteria. The criteria help classify the incident taking into consideration its type. As a result, one takes a certain plan of actions which will protect an organization from damage. The process of classifying an incident can be introduced in the following way:
- What type of incident is it? Example: damage, penetration or attack.
- Is the incident real or perceived?
- Is the incident still in progress?
- What locations are targeted, where are penetrators located physically?
- Is the incident inside or outside the territory of the organization?
- Is the response urgent?
- Can the incident be quickly contained?
According to such classification, one can divide all incidents into three categories: the incidents which cause the physical damage to the organization, the incidents which include the penetration to the organization’s zone and the attack of the organization’s workers or security officers. As a rule, each of such classifications contains a sub-classification; for instance, a penetration with an attack on a security officer or a penetration with damaging the organization’s equipment.
The Response for Each Classification
As it was mentioned above, there are three main types of incidents. Each of them introduced a certain level of danger for the organization. According to such fact, the respond on each classification is different. Penetration incident predetermines the following measures: security officers should identify the location of penetration, the number of intruders, their intentions and the possible weapons. Security officers should not make an attempt to stop the intruders if their number is bigger and they have weapon (Singh, 2014). In such case, the security officers should try to limit the intruders’ attempts to enter the other locations and not give them an opportunity to leave the territory of the organization before the police arrive. Hence, the main goal of the security officers during penetration is to avoid the further penetrations of the intruders and not let them leave the territory of the organization.
When the security officers face a situation when the intruders cause damage to the organization’s property, the waiting strategy is not appropriate in such case. The security officers should stop the intruders’ further attempt to cause damage to the organization’s property. They should make an attempt to arrest the intruders or at least prevent their further intentions.
If one of the security officers or an employee is attacked by the intruders, the security officers should provide the first medical aid to the victim and ensure that he/she is in the safe place. After that, the security officers should limit the further actions of the intruders and provide the protection of other employees who might become the victims of the intruders.
A General Plan to Recover from the Incident
After an incident, the organization requires a plan that will help it recover. Such plan includes the analyzing of the events or mistakes that make the implementation of incident by intruders possible. Such step is necessary to determine whether it was a failure of the security system, the security officers’ mistake or a gap in the entire security system. After that, one should assess damage and cost. Such procedure includes both the assessing of the received damage cost and the cost of efforts that will be taken in order to fix the physical damage or the damage that was caused to the employees and security officers. Finally, one should also identify how much time the full recovery will last and what influence it has on the performance of employees and the general environment in the organization. In other words, the organization is stated to be absolutely recovered after the incident when it demonstrates the same level of performance as it was before the incident.
The Process for Evaluating the Incident Response Plan after Each Incident Has Been Mitigated
After each incident has been mitigated, it is necessary to evaluate the incident response plan. The reason for such action is that such plan bares a responsibility for responding an incident and recovering from it. Therefore, it is necessary to make certain that in case the incident occurs again in the future, the plan will be enough for responding the incident. First, one should take into account whether the incident was really mitigated after putting the plan into action. Second, it is needed to take into account the fact if the existing plan was easy enough to implement. Furthermore, one must consider whether there were any losses due to the incident and how the incident response plan covered them. Such three easy steps will help identify if there is a need to create a new incident response plan or the existing plan can be used in the future.
Testing and Updating of the Incident Response Plan
The incident response plan will be tested in the following way. The organization might use the test alert in order to identify the advantages and disadvantages of the incident response plan. The test alert gives an opportunity to estimate the effectiveness of the incident response plan without risk for the organization and its employees. For instance, a group of employees may imitate the penetration or the attempt to damage the organization’s property. The organization receives a chance to test its incident response plan on practice. When the test alert is finished, the chief security officer should complete a report which will include the evaluation of the incident response plan. The analysis of such report will provide information about the effectiveness of the respond plan and what is necessary to do to improve it in order to increase the security of the organization. The similar test alerts should be implemented regularly because prevention is always better than solving an existing problem. Moreover, if some incidents have already taken place, they can be used as a source of useful information for the general plan updating too.
A Plan to Implement the Security Devices, Controls, and Policies
The effective incident response plan should also contain the security devices, controls and policies in order to provide the best organization security. However, even such aspects should be implemented according to a certain plan of actions. According to such fact, the organization should develop another plan that will be oriented on the improvements and the implementation of the additional tools.
The protection of any organization is impossible without installation of the security devices (Leemann, 2014). One of the most widespread security devices is CCTV cameras. They provide the monitoring of large territory from one place. In other words, the organization requires few people who could monitor the territory of the organization and identify the incidents. However, the installation of CCTV cameras requires certain preparations and the general estimation of the organization’s territory. Thus, before one starts installing CCTV cameras, he/she should analyze the most tangible areas of the organization’s territory. Moreover, CCTV cameras should be installed in such way so that they will not leave the unvisible areas.
The control over the security performance in the organization should be implemented according to the following plan. The controls should be implemented according to its necessity and priorities. For instance, the control of the organization security network is the primary aspect; thus, it should be implemented first. After that, one should provide the control over the CCTV cameras in order to estimate their workability. When the two aspects are checked, it is necessary to estimate the effectiveness of the security officers’ performance. One should understand that despite the implementation of the security tools, it is also necessary to provide the regular control over them in order to ensure that they work as it is necessary for providing the required level of protection.
The policies which are introduced by the organization should be implemented depending on their role in the security system (Singh, Picot, Kranz, Gupta & Ojha, 2013). For instance, technical policy should be implemented according to the technical qualities of the security system. In other words, such policy requires certain conditions for its implementation. The security system should be updated to the latest test’s requirements and contain information about the disadvantages of the system. Thus, the plan concerning the implementation of the organization’s policies should predetermine which steps have already been done to prepare the background for the policies and what else is necessary to do in order to make the implementation of the policies successful.
The Addressing of the Key Security Areas of Confidentiality, Integrity, Authentication, Authorization, and Nonrepudiation Cryptographic Services
One of the most important aspects of any organization is its confidentiality. The incidents that may take place in the organization mean that somebody has an intention to receive an access to the organization’s information. Thus, the provided policies, controls and security devices are oriented first of all on the organization intellectual and physical safety. They guarantee that the third party cannot receive an access to the organization’s secrets and information which are available only for the employees of the organization.
Moreover, the integrity of the organization is possible only if the organization’s policies are targeted on its entirety and unity. For instance, the workplace policy for employees predetermine that all employees work as one team. Consequently, if they become the witnesses of the actions that may damage the organization’s well-being, they should inform about it.
Controls, such as ID, help obey authentication and prevent the access of third parties on the territory of the organization. Security devices which are introduced as CCTV cameras help identify the personality of a person who wants to enter the territory of the organization (Minnick, 2013). Hence, it can be said that security system is the essential aspect of the organization’s authentication and, as a result, the prevention of incidents.
Authorization is regulated mostly by the organization’s policies which predetermine who may receive an access to the certain areas in the organization. The security devices provide the additional control because they monitor the visitors and if an incident has place, one receives an opportunity to identify whether it was done by one of the people who had an access to the location or there were actions made by some intruders.
The Legal Issues Involved in the Security Plan
Implementing a security plan is a very important issue; however, it is not easy, since the process requires much attention and great responsibility. In fact, implementing a security plan is not only a technical process. First of all, one must realize that it is also an organizational process. Such process requires searching for opportunities, entry points, problems and challenges.
In order to implement a security plan, there should be established a set of particular policies in the organization that should be followed (Chen, Ramamurthy & Wen, 2012). Among the policies that the company will need to follow are:
- Workplace policy for employees;
- The policy of confidence;
- Technical policy;
- Developmental policy.
First, it is necessary for the employees to follow all the rules that are required in their workplaces (Siponen & Vance, 2010). For instances, if it is required to have a permission for the entrance to any department of the company, the staff cannot ignore such rule. Moreover, the permission can be handed over to a person that is really allowed to enter the department. Otherwise, giving permission to a person will be considered as a rule breaking. Besides, one will need to remember that any information that is under discussion at the workplace must be confidential and out of reach for any people who are not involved in the working process. In fact, such rule is very important, since people often share information with their friends or acquaintances, considering that it cannot lead to any serious or bad results. However, their acquaintances may share such information with their friends and so on. As a result, no one knows who may possess the significant information about the company. In addition, technical policy of securing the organization is also very important. In other words, there should be established proper security signaling, cameras, locks on the doors and bars on the windows. Besides, it is extremely important to secure all the data of the company. Therefore, it is needed to set the best security programs on the company’s computers. Finally, developmental policy plays a crucial role in the security process. The reason is that it is not enough to establish particular policies or rules to follow. One must remember that all the steps that are taken in order to secure the company must be developed and improved regularly.