- May 8, 2020
Accordingto Fischer R, (2012), security involves protection againstcontingencies that might put a stop to normal company operation,ongoing and making of profits. The aftermath of 9/11, the attacks onTrade Centre and the Pentagon shocked the nation. It is now a dailyreality for the government to get involved in the business ofsecurity. Also, the security industry has, in turn, responded to thethreat of terrorism. It is an absolute need for the safety firms tokeep up with the rapidly changing technology that is now in use inthe industry. Criminals have learned ways to use the same technologyagainst innocent people and organizations. Protecting information hasbecome a complicated thing to do as it is migrated to and fro incomputer files and networks. Containing information that ranges frompersonal identification, criminal records, government information,and company and inventory records is make life easy yet complicated.The dependency on information technology can be of help, butconsequences of security breaching can mean a lot of losses for thecompany. This can be monetary losses, damage of internal processesand communication not to mention the negative it would cause to acompany`s reputation, trust and goodwill and loss of competitiveadvantage. Information systems need to be safe and secure for asmooth run of business.
Thefollowing is a list of the ABC, facility`s requirement. Meaning, thisis the challenges to be tackled by the security firm under the ABCCorporation.
Controlled access to the building for everyone.
Lobby, conference area, and sales area that needs controlling access
A highly secure area for system designers
An extremely safe area to house the data center.
Secure transfer of archival data between Atlanta and New York
Secure access to the Internet for employees
Thepurpose of an information security program is to protect the valuableinformation resources of an enterprise (Peltier 2016). The policiesand objectives of the firm need to be able to meet the requirementsof the facility are to ensure that providing security for allinformation and employees as well as those who access the building.
To protect the confidentiality of the company and that of the information assets appropriately
Preventing and controlling unauthorized data access by properly protecting information assets
Preventing unintentional actions that may lead to information getting to a third party during transmission
Appropriate reporting mechanisms of security flaws to ensure they are investigated and handled.
Confidentiality-controlling and preventing external access to information assets.
Availability- security personnel and equipment is kept strategically and inaccessible locations.
Integrity-ensuring that the information assets are not in any way mishandled leading to information falling into the wrong hands.
Non-repudiation-a security program that can give undisputable evidence that a particular action has happened.
Professionalism-having a staff membership that is qualified and has professional skills, very well conversant with information technology and information security management.
Establishment of quantified information, able to ensure the safety goals through security review meeting and administration over a given time.
To control access to the building for everyone, by installing cost effective building access control systems that will help achieve maximum security. The system should allow the user to access the platform from a certain location or through internet connected devices.
Through security auditing, the facility can look into threats that could disrupt its operations, and also systems that could affect the occupants. It should be able to check the ability of occupants to be able to be evacuated from the facility in cases of emergency.
Controlling access to rooms to where computers and data are held using security systems and personnel to secure the area that is to house the data center.
To secure system designs by installing firewall systems and locking the computer systems with a password. Adding whole disk encryptions, Vacca R, to laptop computers is also a new way of ensuring data security,
Being up to date with security related upgrades. It will help to avoid viruses those nasty codes.
So as to contain confidential data, the facility`s security should impose non-disclosure measures for the users and also the managers.
Develop a system that should be able to detect and thwart, Johnson R, (2015) attempts to perform an in-authorized activity.
Ensuring safe transfer of archived data. Index the data and store in a way it can be easily accessed.
Toachieve high-quality security measures the facility needs to havequalified information personnel and information technologists. Theyshould be able to
Pay attention to detail in this they should be able to ensure everything works efficiently. The slightest mistake can lead to a change in how programs run and may result in information falling into the wrong hands. Competence is essential,
They should be open and committed to learning. Technology is changing on a daily basis. They should be able to keep up with new technologies and security systems. This will also prevent their systems from being hacked or acquiring viruses
Having a good memory is a plus for an information technologist. They should have the ability to memorize programming languages and also know how to use a lot of computer programs.
It is also important for computer technologists to have other skills such as finance and business. It will also be suitable for the facility when they can be able to know the inexpensive but quality systems.
Information technologists should have outstanding analytical skills, able to solve security problems efficient and fast in developing new ideas. Be able to understand how complex is the safety of the information is, how to control it and the feedback. (Jacobs 2014).
Thefull security for the facility must cover three crucial aspects ofthe area. These aspects include industrial security, network securityand system security (Johnson 2015). The industrial security dealswith the actual physical protection of the facility. Entry should bebarred from unauthorized people using secure doors, alarm systems,and a protection detail. The network security involves managing theinterfaces between various sections of the organization. This controlof access to information and data is meant to protect sensitivedetails from being accessed by the wrong people. Network security isthe best way of avoiding industrial espionage (Johnson 2015). The useof firewalls is one of the best approaches towards this type ofsecurity. Another strategy will be to split up the network of theorganization into separate levels that can only be reached by variousstages of clearance. System security ensures that every sector of thesystem is not compromised in any manner. The best measures thatguarantee the integrity of the system include the use of antivirusprograms, use of authentication of authorized personnel, regularmaintenance and updates of software, and a combined method ofaccessing information, especially for the automated processes(Johnson 2015).
Thebest approach to avoiding hazards and security risks at the facilityis by improving the security management of the firm. Every memberinvolved with securing the facility should know their roles and theyshould always be aware of the potential threats that their departmentmight face (Johnson 2015). Making the personnel more cautious aboutthe risks that can occur greatly improves their ability to protectthe organization.
Belowis a Performance Outcome Measurement Process Chart.
The facility is protected to an acceptable risk level, compliant to ISC
The facility is equipped with adequate countermeasures
Working security measures
Security countermeasure is working to meet the goal.
Effective security measures
Reducing thefts, vandalism and data mishandling
Strategic goal execution geared to reduce violations
Efficiency in programming
Physical security program operating efficiently
Mission accomplished within resources
Preparedness in cases of emergency
Everyone in the facility is trained and prepared to respond in the event of an emergency
Employees based on successful training
Fischer,R., Halibozek, E., & Walters, D. (2012). Introduction toSecurity. Burlington: Elsevier Science.
Jacobs,J. (2014). Data-Driven Security: Analysis, Visualization andDashboards. Wiley.
Johnson,R. (2015). Security policies and implementation issues, secondedition. Burlington, MA: Jones & Bartlett Learning.
Peltier,T. R. (2016). Information security policies, procedures, andstandards: Guidelines for effective information security management.Boca Raton: Auerbach Publications.
Vacca,J. R. (2013). Computer and information security handbook.Amsterdam: Morgan Kaufmann Publishers is an imprint of Elsevier.