Examining The Concept Of Physical Security Information Technology Essay

Examining The Concept Of Physical Security Information Technology Essay INTRODUCTION THE concept of physical security has evolved over time from history to the present day, and has impacted on the tactics used in modern day security. This is evidence in the well defined physical security strategies employed in the military defense structures of the ancient empires and colonies in which the soldiers served as a form of intrusion detection and the access into the city walls were made through the city gates, while the city walls served as perimeter protection and access control. This is also evidence in the nineteenth century fortress and royal castles. Throughout recorded history, man has needed to feel safe and secure. The philosophy of physical security remains the same but the technology varies in application over the years. The security of an organizations resources and sensitive information is very vital to its existence and business continuity. The physical and environmental security domain examines the vulnerabilities, threats, risks and countermeasures that can be taken to physically secure the organization and its assets. In other words, physical security mechanism involves the physical measures designed to protect people, data, infrastructures, equipments, system and information pertaining to an organization. Thesis statement In this term paper, one of the commonly used approaches in physical security program development will be examined. The approach to be examined is known as the crime prevention through environmental design (CPTED). It should be noted that the level of security required in an organization will vary from facility to facility depending on risk assessment and threat analysis of such organization. In essence, it is important for the organization to conduct a detailed risk analysis by understanding the common threat to the facility, identifying the threats and ultimately ensure proper countermeasures are implemented. Body of the term paper Most professionals in the field of information security do not think so much about physical security as they do about computer and network security and associated viruses, hackers, and technology-orientated countermeasures. Therefore the need arise for a security professional to view security from a broad perspective because danger can come from anywhere, taking any shapes and different formats which can result into different level of severity in terms of damage. Physical security has a different set of vulnerabilities, threats, and countermeasures as compared to computer, network or information security. Physical security focuses on protecting all the personnel and assets of the organization and also the enhancement of productivity, the AIC security triad will enhance the availability of company resources, the integrity of the assets and environment and finally the confidentiality of the data and business processes. The objectives of the physical security program largely depend on the desired level of protection required for different assets of the organization, which is also determined by the organizations acceptable risk level. The threat profile of the organization including the laws and regulations with which the organization must comply dictates the acceptable risk level of the organization. In other words, the objectives of physical security should address crime and disruption prevention through deterrence (e.g. the use of fences, security guards), reduction of damage through the use of delay mechanisms (e.g. physical locks, barriers, security personnel), crime or disruption detection gadget (e.g. smoke detectors, CCTV), incident assessment (e.g. response to detected incidents and determination of level of damage) and finally the response procedures (e.g. the emergency response process in place, the fire suppression mechanism in the advent of fire). These objectives form the basics of the layered defense model on which the physical security is implemented. The layers are implemented at the perimeter of the facility and moving towards the primary assets of the organization. In essence, as much as the organization tries to prevent crimes and disruption from occurring, there should also be necessary plans in place to deal with them when they do happen. The major threats that contend with physical security are theft, physical damage, compromised system and environment integrity, interruption to services and unauthorized access. Threats faced by organizations can be classified under different categories namely (i) Natural environmental threats examples include floods, earthquakes, fire and so on. (ii) Supply system threats such as power distribution outrages, communication interruptions and interruption of other natural energy resources, examples include water, steam, gas and so on. (iii) Manmade threat such as vandalism, theft, fraud, unauthorized access, employee errors and accidents, just to mention a few. (iv) Political motivated threats such as strikes, riots, civil disobedience, terrorist attacks and so on Crime prevention through environmental design (CPTED) remains one of the commonly used physical security approaches. It is described as a multi-disciplinary approach to deterring criminal behavior through environmental design [3]. It is also commonly known as proactive crime prevention environmental design strategy utilized by planners, police services, architects and security professionals. The concept used in CPTED is built upon the effect a proper design of a physical environment can have on human behavior in relation to crime rate in such environment. This approach provides guidance in crime prevention by putting in place proper facility construction and well designed environmental components. The CPTED strategies were developed midway into the twentieth century and have evolved and matured along with our environments and crime rates and types. Overtime, this approach was not only used in corporate organizational security programs but also implemented in large scale development projects such as cities, towns and neighborhoods. An effective design or problem solving environmental design begin by evaluating the purpose of the designated space, how the space is defined and considering how well the physical design support the intended function of the space. In effect, the crux of CPTED is that the physical environment can be manipulated to create behavioral changes that will reduce or eliminate crime and the fear of crime and improve quality of life. It places emphasis on physical environment, productive use of space, and behavior of people to create environments that are void of environmental cues that can result into opportunities for crime to occur [4]. It is can be considered as a social engineering tool that can be used for security, which encompasses the physical, social, psychological needs of the users in different types of environments which can be used to predict behaviors of these users and that of the likely offenders [2]. In other words, CPTED strategies rely upon the ability to influence offender decisions that precede carrying out criminal acts. It brings to mind that if a site is well laid out, the likelihood of it being targeted for a crime may be reduced. There are four major strategies used in CPTED to increase the overall protection include natural access control, natural surveillance, territorial reinforcement and maintenance. Natural Access Control The natural access control serve as a guide for the movement of people in and out of a facility such as placements of doors, fences, lighting and in some cases landscaping to deny admission to a crime target and to create awareness among offenders that there is a risk in selecting the intended target. The use of physical and mechanical means of access control locks, bars and alarms can supplement natural access control if need be. Natural Surveillance The natural surveillance is a concept purposely designed at keeping intruder under observation. It entails the use and placement of physical environment features, personnel walkways and design of activity areas in such a way as to maximize visibility. The physical design of the facility and proper placement of windows, lightings and landscaping increases the ability of those within the vicinity to observe intruders as well as regular users, and thus gives the opportunity to challenge any irregularities or inappropriate behavior [5]. The goal of natural surveillance is to eliminate criminal activities by providing an open and well designed environment and thereby making it uncomfortable for potential criminals to operate. It maximizes the potential to deter crime by providing a good visual connection across the facility. Territorial Reinforcement Territorial reinforcement can be accomplished through the use of walls, lighting, flags, clearly marked addresses and fences. The goal of territorial reinforcement is to create physical designs that emphasize the companys area of influence to give legitimate owners a sense of ownership and a dedicated community, which makes the employees have a sense of belonging and a willingness to defend if required to do so. Maintenance Proper care and maintenance is needed for continuous use of the space for its intended purpose. Deterioration indicates less concern and control by the intended owners (organization) of the site and further indicates tolerance of disorder thereby defeating the purpose of the CPTED. It should however be noted that CPTED is not the same as target hardening. The main focus of target hardening is to deny access through physical or artificial barrier, which in most cases lead to restriction in use, enjoyment and aesthetics of the environment. Most corporate organizations use a mix of both CPTED and target hardening approaches. Conclusion The broad nature of CPTED approach and its implementation in any facility setting enables it to adapt to different physical security design which shows it is an effective approach to prevent crime. Therefore including it from the construction stage will make the facility safer from the onset, rather than wait until crime problems occur before implementing the CPTED approach. For future work, I propose that more research be done on individual components and effects in various business settings. Acknowledgment This paper has written under the kind feedback of Mr. Francis Gichohi. I am thankful to him for his support and dedication to his students.