Impact and issues of Physical Security

Introduction

The world of computer is experiencing continued growth and development. However, the faster the world grows, the faster it becomes competitive and vulnerable to malicious attacks. Therefore, every business is now considering information security as one of the priority business components. IT security has become increasingly critical to business strategies and plans over the last decade because of the implementation of Local Area Networks (LANs) and Wide Area Networks (WANs) and the Internet. The above business implementations are at risk of exploitation by unauthorized users. It has become increasingly apparent that physical security is a critical issue since the terror attacks of 9/11. Therefore, it cannot be taken lightly. It holds true for all the organizations however regardless of the size of the organization. Organizations are investing new demands and more money than before to ensure that effective measures get taken in all dimensions of physical security. Physical security should be the first line of defense in protecting computer systems against exploitation. However, the measures can cost a company large amount of money, time, and resources (Fennelly, 2012)

Physical security

Information security should be a critical area of concern and focus regardless of the size of the business. It is important to the business organization such that it can make or destroy a business organization from a competitive perspective. There are various rings of security that a business should consider when determining information security. One of the key rings of security is the physical security. Physical security ring is the least technical method that business should use to inform security exploitation. Studies have shown that intruders require minimal technical knowledge to exploit physical security in any given company. However, physical security is frequently compromised by somebody whose intentions are not malicious. For example, a company’s custodial employee is cleaning the server room of the company. The cleaner unintentionally snags the power cable of the server and unplug it from the wall. A company that has no effective physical security safeguards in place could suffer drastically from the incidence if the server shuts down. The server could malfunction when rebooted. The incidence could impact the production negatively due to downtime.

Physical security has four rings just as the information technology security has rings. The four rings are (Baker & Benny, 2012).

• Areas around the organization building
• The immediate area around the organization environment
• Internal environment of the organization building
• Human Factor

Organizations should research thoroughly, address and implement when they are incorporating information security model in the organization.

Organizations should first secure the computer hardware when strategizing on IT business security. All other security measures should build on the physical security. A company may use millions of dollars when implementing the most sophisticated IT security technologies on their servers. However, if the servers have a weak physical security, it may be an expensive undertaking. Intruders will have easy access to the servers and can damage them either maliciously or unintentionally. An organization may use thousand dollars by the installation of firewalls, virus software, and data encryption to secure the servers. However, if the organization had a shallow thought about the implementation of the physical security, anyone could access the server room easily. It gives them the luxury of exploiting the installed security controls on the servers thereby obtaining the confidential information. Additionally, the situation could lead to physical theft of the servers.

Physical security and environmental factors

Implementation of physical security model should consider environmental factors and environmental security controls. Environmental factors come into the third ring of physical security. Studies have shown that environmental hazards pose a significant security threat to an organization’s revenues. Common environmental factors include floods, fire, moisture, temperature, and electricity. All the factors could affect the IT computer components negatively. Availability and continuity of computer systems should be a key issue that organizations should consider in environmental protection. Redundancy in the availability of power is a requirement in computer systems. In case electrical power to the systems fails, there should be a ready power backup device to take up and keep the systems running. An organization can either have a UPS or generator (Baker & Benny, 2012).

Fire hazards should also get planned in protection against breach of physical security. An organization could invest in smoke alarms, heat sensors, fire extinguishers, and sprinkler systems to address the issue. The devices could go a long way in protecting the organization against substantial damage to their systems. Temperature regulation is also critical to preventing losses from the environment. All computers should get stored in a dedicated computer room due to the fluctuation of temperatures. The room temperatures should get set to the suitable temperatures and humidity. Additionally, water could also damage to computer systems. Water could come from leakages or internal sprinkler systems. The rooms need water detector equipment and readily available water-proof covers in case of a water hazard incident (Baker & Benny, 2012).

Physical security and human factors

Human-related issues are one of the factors for computer system exploitation. Statistics has shown that most of computer system exploitations originate from within an organization regardless of whether it is intentional or unintentional. An organization should incorporate a perimeter wall to deter unauthorized access to their premises through surveillance cameras, fences, and utilizing security personnel. The mechanisms could get used to securing the immediate areas around the organization. Additionally, employees should receive training on the areas security awareness. Such training will enable the employees to report suspicious acts happening on the premises or the premises. Other methods that will secure the internal environment include using the door locks, implementation of access codes in critical areas, motion detectors, magnetic card swipes, and biological recognition (Roper, 1997).

Installation of complex authorization methods may not be enough. The organization should consider other ways that unauthorized users may access the premises such as social engineering, windows, and air ducts. Access through such methods does not require detection, authorization, or prevention. The methods should get researched depending on the need of an organization and the availability of funds. Access from authorized internal users can get prevented by incorporation of the above discussed environmental precautions (Roper, 1997).

Conclusion

IT departments add tremendous value to the organization when they support the physical security of the systems. An organization could find itself spending thousands of dollars on anti-virus, firewalls, and other intrusion prevention systems if its physical security is shambolic. An ineffective physical security will only see the organization’s confidential data stolen even if it may use all the resources in implementing other measures that are secondary to data and information protection

Works Cited

Baker, P. R., & Benny, D. J. (2012). The Complete Guide to Physical Security. Boca Raton: CRC Press.

Fennelly, L. J. (2012). Effective Physical Security. Waltham, MA: Butterworth-Heinemann.

Roper, C. A. (1997). Physical Security and the Inspection Process. Waltham, MA: Butterworth Heinemann.

Sherry Roberts is the author of this paper. A senior editor at MeldaResearch.Com in graduate paper writing service if you need a similar paper you can place your order from custom research paper writing service.

"Janet Peter is the Managing Director of a globally competitive essay writing company.