Physical security in IT organization is equally important as cyber security to protect the physical assets such as computers, printers, and non-physical assets such as confidential data including code, customer data, secret keys. Data breach results in reputational damage, monetory loss for companies; it can also result in legal complications such as law suits for companies for not taking adequate secutiry measures. If such an attack results in power loss or server downtime, there is indirect productivity loss as wel due to employees not being able to login to company servers; this can result in huge productivity loss. Having a robust cybersecurity is of no use if uninvited visitors can get illegal access to systems by entering premises due to tailgating or accessing unlocked doors. Vandals, hackers, spies, terrorist can result in irreparable loss to company in public eye and revenue. Physical security is needed against natural disasters as wells such as earthquakes, fire incidents and random unintended accidents; these attackes can result in permanent damage to servers, computers, network; hence we atleast disaster recovert and replication mechanism to fight againt these events (Erbschloe, 2005).
To establish effective physical security, we must assign security staff who are specifically trained to screen people coming into campus, monitor the facilities through central video monitoring security room. Data network management should advice illegal snooping of the networking equipments, cabling, WAN connections, audio/video terminals (Erbschloe, 2005). Employees need to be trained to not connect to open hotspots outside without any strong passwords, and not to tailgate or buzz in people without badges, we can periodically re-certify employees to increase IT security awareness. The need of physical security has increased outside the perimeters of office facility as more and more employees have been working from home connecting via VPN; employees need to be educated to be careful with laptops and secure fob keys while traveling or when working from outside their homes. Crime prevention through environmental design (CPTED) approach focuses on physical design, citizen participation and law enforcement participation to increase the physical security; it is implemented through territorial defense strategies, personal defense strategies and law enforcement strategies (Fennelly, 2004). In territorial defense we can setup perimeters, surveillance and layered entries to prevent attacks; in personal defense, we can protect employees by providing transportation and can be trained to defend themselves through fight or flight; in law enforcement strategy we involve policies and private security agents to do patrolling, demonstrations and training others.
Erbschloe, Michael. Physical Security for IT. Digital Press; 2005. Accessed June 28, 2022.
Fennelly, Lawrence. Effective Physical Security. Vol 3rd ed. Butterworth-Heinemann; 2004. Accessed June 28, 2022.
Physical security is one of the most important aspects of any software product or service. The potential losses to an organization include theft of intellectual property, damage to a website, loss of network and hardware security, and the like. Therefore, proper security is of utmost importance and includes many facets (Attkan & Ranga, 2022). These facets include securing the data the application or service processes; data that is inputted and manipulated by the software application or service; access to protected data by users of the application or service and use of system resources, such as memory, processing, storage space, bandwidth and the like. Security is essential for software developers, companies developing applications and services, and end-users. In many instances, software developers, companies developing applications and services, and end-users are unaware of how much security risk is inherent to their software application or service use (Attkan & Ranga, 2022).
Methods that can be used by organizations when designing physical security needs are physical security breach and information breach detection. The former is the process of comparing an access level that is allowed by a security policy with a given access level that the security policy prevents; the latter is the process of taking a collection of breach events and intrusion events and generating them into a computer incident response (CIA) database. Information is the raw material needed for security systems to be effective. It is necessary for security systems to monitor users through a wide range of media (Attkan & Ranga, 2022).
Organizations can use approaches when designing physical security needs, including barriers, intrusion detection, lighting, and CCTV. Each can contribute to a higher level of protection, but they are often grouped in a single category. Physical security can also be defined as protecting a facility by personnel. A well-cond physical security system will complement a comprehensive, well-maintained, and budgeted security program (Datta et al., 2022). However, physical security can only be adequate if coordinated with a comprehensive security program. Models that organizations can use when designing physical security needs are the typical models used by law enforcement and security organizations. These models usually include the basic concepts of perimeter protection, access control, and lighting. However, the actual security program implementation and operation can take on many variations depending on the organization’s specific needs. Security measures will safeguard the organization by ensuring that the data is safe and secure and protect all individuals’ privacy (Datta et al., 2022). Protecting the privacy of individuals means that the data is available and available only to the organizationâ€™s authorized employees in a secure manner. The protection of the privacy of individuals means that the data is available and available only to the authorized employees who have signed off on the use of that data. Protecting the confidentiality of data means that the data is not accessible by any employee who may know the information. This is even more important if the protected data is used to carry sensitive information that is to be used only by authorized employees (Datta et al., 2022).
Attkan, A., & Ranga, V. (2022). Cyber-physical security for IoT networks: a comprehensive review on traditional, blockchain and artificial intelligence-based key-security. Complex & Intelligent Systems, 1-33.
Datta, A., Nath, M., Chatterjee, B., Maity, S., & Sen, S. (2022). A Quantitative Analysis of Physical Security and Path Loss With Frequency for IBOB Channel. IEEE Microwave and Wireless Components Letters.