Physical Security can be described as “the measures taken to protect systems, buildings, and the related supporting infrastructure against threats that are associated with the physical environment” (Krutz & Vines, 2004). Over the past few decades, the significance, magnitude and consequence of security and risk management have been brought before the world over and again in a number of conditions related to health, terrorist activities, and natural disasters.
When one turns the pages of history, it is rather obvious that a lack of planning and absence of resources due to unpreparedness makes it difficult for the concerned authorities to manage an emergency or epidemic. This is the reason it becomes problematic and traumatic task to provide appropriate physical security to the fullest. The chaotic situations can turn out to be more nerve-racking and tense when preparations are not beforehand. Thus, the future of private security is exceedingly important as innovative measures/methods are being introduced to manage people and information in the contemporary corporate sector.
Today, masses can access the information together with security information as the Internet usage has increased extensively. It is a fact any other system as Internet is a network for the general public. It was not considered as a significant issue when the Internet was introduced. Sensitive information could not be accessed without difficulty. However, as increased access to information has been allowed by the companies now-a-days, attackers find it uncomplicated to access the sensitive information with little efforts (Andress, 2003).
Thus, it is important that information assets be protected. The first step should be the regular checking of the employees. In particular, employees that are responsible for handling record and information. Secondly, it is imperative to scrutinize that which record is sensitive. Also, it must be found out that who is after the information and what could be done to stop the data theft. Last but not the least, information security programs must be implemented for protecting the relevant information (Hill & Pemberton, 1995).
Every company needs information security as it has become a major component for the continued survival. Information of and regarding an organization is the most valuable asset and this point is to be inculcated in all the employees’ minds. It is the management which is responsible for educating the employees about proprietary information and its handling. Simple policies and procedures can be helpful in protecting valuable information, if followed. Thus, it must be kept in mind that the best time to consider information security as a serious problem is ‘right now’ (Krutz & Vines, 2004).
Without a doubt, unknown tragedy incidents and outbreaks are unseen. It is not an easy job to deal with them efficiently and by making timely and sensible decisions. For this reason, it is exceptionally important for the private (physical/personnel) security and risk management policies to be created in such ways that they are useful in times of need by making better plans for every anticipated circumstance or event. Risk management is an imperative part of physical security. Therefore, it cannot be taken lightly at any level. It is required of every organization to promote early arrangement, establishment of course of action, and a compliant group ready from diverse organizational divisions.
As far as the responsibility of a security manager is concerned, it depends on him/her how he/she deals with a problematic situation efficiently and how preparations are made to make physical security effective. The security manager is liable to carry out his/her duty with full responsibility and honesty because a lack of these qualities may hinder the organizational ability to comprehend and respond to a dangerous event/outbreak at the initial stages (Krutz & Vines, 2004).
Disasters that have the propensity of hampering information accessibility are floods, earthquakes, employee sabotage, fires, computer viruses, hurricanes, and theft. The effects of disasters can lengthen even if physical damage is restructured. It is not an untold secret that the thrashing of sales after the disaster occurrence may result in “the loss of customers, vendors, inventory and employee records extend recovery times from weeks and months to years” (Carlson & Parker, 1998). However, if a business has a premeditated disaster recovery plan (DRP), it can reduce the nuisance of a disaster, whereas inappropriate preparations can result in a business experiencing liquidation of its bank accounts.
In the Information Technology industry, Disaster Recovery (DR) security issues occur repeatedly. The significant security measures in the environment are frequently covered with the storage. However, these measures mostly do not prove to be enough. The need of the time is that the IT disaster recovery plans must address data security issues, as well. It is also necessary that the storage managers consider and observe data security from the point of view of a wicked mugger. If these two procedures are applied, there are higher chances for companies to recuperate and improve their security systems in case of an attack, failure or disaster. For all these factors, the private security of people and information is facing tremendous change due to evolution of advanced techniques like bio-metrics and other voice/facial features/fingerprints detection methods as well as mobile surveillance systems (Krutz & Vines, 2004).
In the DIKW model (Data, Information, Knowledge and Wisdom), knowledge is ranked above information. Most of the strategies and procedures in disaster recovery of data and information taken up by the companies may not be adequate for the disaster recovery of knowledge. However, in case of emergencies, if a company has already planned for information recovery, it may involve good data and information recovery plan. This is exceedingly important that companies take a diversity of approaches regarding emergency recovery in terms of data management (Krutz & Vines, 2004).
It is important to have the know-how of the different types of attacks against which the systems need to be protected. Such information can be helpful in building an appropriate and efficient security infrastructure. Three types of attacks may be worrisome and include Denial of Service (DoS), Intrusion and Information Theft (Andress, 2003). Information security can be assured by strategizing incident response. Incident response is, in fact, several steps taken in order to respond to data violations, malware eruptions and breaches, etc. in a proper way. In turn, incident response directly ties-in to business continuity (BC) and disaster recovery in due course. The advantage of having an incident response is that if information system is taken down due to flood, terrorist or hack attack or malware, the company would still have a business continuity and disaster recovery problem.
Security incident response is also important while building a company’s disaster recovery plans and technologies because no one knows about any future incidents. However, technologies for disaster recovery security differ from business to business. They are totally dependent on the company’s network, layout, applications and information system's complexity. Virtualization, essential data backups or continuous data protection (CDP), identity and access management technologies, cloud-based services are some of the kinds of technologies that can be used for recovering information and knowledge. The best technology can be adopted only after pondering over what is best for the business. Therefore, best people much be approached who can decide about what technology to adopt after looking at the company’s environment and identifying the real risks.
The companies should hire an employee who must be distinctively handed over the responsibility of “backing up critical data files at specified intervals and securing these data files at an off-site location” (Carlson & Parker, 1998). Data and knowledge characterize the central function of an information system. This is the reason the significance of this critical task cannot be understated. Furthermore, it is essential that documentation of all workings of the disaster recovery plan be kept and maintained in black and white at settings outside the business.
The companies could also adopt a Knowledge Continuity Program as such a program could create an influential advantage. The major benefits of knowledge continuity include protection of corporate mission-critical knowledge from being lost and provision of a planned outline and system. It is imperative so that data can be accumulated, updated, accessed, enhanced, and transferred to employees after the occurrence of a disastrous event. Research suggests that three areas relating to Disaster Recovery Plan need improvement. Initially, a DRP needs the support of upper management in order to be successfully implemented.
Secondly, it is highly required of the companies to find out the components important to their success. The successfulness of a DRP is entirely dependent on the proper documentation of these identified components together with a plan of changeover for these components. Thirdly, DRPs must be designed as recovering systems and must have the capability to incorporate retrieved information so that quick communication between departments could be facilitated .
In the present contemporary era, facial recognition technologies are being installed by the companies in an extensive sense that surely reflects a continuum of growing hi-tech superiority and complexity. At the most ordinary level, facial detection is done by this technology which means that the photo is just detected and located for a face. A digital image of a person's face can be matched against a record of other images by using face recognition software. In the case that some of the images in the database go with the digitized image; the owner is reported about it by the system. Automatic face recognition has been studied and investigated extensively since 1990s and its usage is turning out to be no-nonsense in the present times. There are a number of automatic face recognition applications are relatively agreeable and harmless (access regulation to armaments, currency, illegal proof, nuclear equipment/supplies, etc.).
The repute, branding and broad-spectrum corporate image of a company can be overwhelmingly affected due to security infringements. This is important as rebuilding intangible assets is far difficult than reconstructing physical assets. However, it must be well understood that securing information is not the only solution. It is an unending and all-encompassing process which needs constant reviews and revisions. It is the zenith in which all the three important components of a corporate environment i.e. people, process and technology interact. This must be remembered that security products are not to depend on entirely. They are just a single puzzle piece. It is essential that strategies and measures are introduced with proper analysis and preparation. All these things must be implemented along with security products to build an effective security infrastructure (Andress, 2003).
Physical security can also be made possible by Intelligent Building systems or building management systems that are also known as IBSs or BMS. These systems are control systems that are installed for connecting, controlling and monitoring the equipment in a given facility. Such systems are useful at various buildings and places like airports, workplaces and smart residential accommodations. IBSs facilitate the occupants in a number of ways. For instance, “when a person arrives at work and presents his or her credential to the card reader to enter, the IBS will call the elevator to the foyer, allow access to the employee’s designated floor, and activate the relevant office lights and HVAC zones” (Hall, 2008). Thus, IBS works by maintaining the lights and HVAC operations while detecting the mobility in the office. It then functions by deactivating the mentioned services after the exit of a person.
In a similar fashion, biometrics has turned out as a very helpful solution for effective physical security. It has improved the current security aspects that are found in corporate sectors and demands a particular characteristic distinctive to the approved person. The individual is identified or authenticated after using his/her behavioral and/or biological characteristics. In simple words, biometrics is a scientific technology that identifies people by combining computer technology and certain characteristics of a person. Although its installation is expensive; there are fewer chances of a security breach as it makes the environment more secure. It is also user-friendly as people don’t have to remember complex passwords and codes for personal identification (Hall, 2008).
Another important tool in this regard is PMIS i.e. Project Management Information System. This mechanism is efficient to use as it enables and facilitates communications. It can be described as a homogeneous set of computerized project management tools that exist within a workplace and are incorporated into the system. It offers document management in an efficient manner and is helpful in team collaboration. Moreover, PMIS has the ability of reporting exact and well-timed standing of the project (Hall, 2008).
Another new technology in physical security is mobile surveillance. It does not need any fixed locations to monitor an individual. It is an innovative technology for identifying people and monitoring their movements. It helps to investigate the crime in an efficient manner and detects the culprit’s involvement in the crime and association with other culprits.
Andress, A. (2003). Surviving Security: How to Integrate People, Process, and Technology (2nd ed.). Boca Raton, FL: Auerbach.
Carlson, S. J., & Parker, D. (1998). Disaster Recovery Planning and Accounting Information Systems. Review of Business, 19(2), 10+.
Hall, R. (2008). Biometrics 100 Success Secrets: Biometrics 100 Most Asked Questions on Physiological (Face, Fingerprint, Hand, Iris, DNA) and Behavioral (Keystroke, Signature, Voice) Biometrics Technologies, Verification Systems, Design, Implementation and Performance ev. S.l.: s.n..
Hill, L. B., & Pemberton, J. M. (1995, January). Information Security: An Overview and Resource Guide for Inf. ARMA Records Management Quarterly, 29, 14+.
Krutz, R. L., & Vines, R. D. (2004). The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams. Hoboken: John Wiley & Sons.