Is your physical protection system secured?
Introduction:
Virtually all organisations are secured by some form of physical protection system (PPS). From a small business to an international enterprise, all assets are at risk if their PPS are vulnerable.
Why?
What are the reasons for organisations to care about their PPS' security? Examples:
Reduce legal liabilities in case of loss
Mitigate against cyber risks for many incidents begin with a physical breach
Boost staff morale and productivity by preserving their safety and peace of mind
Strengthen client and investor confidence in the business' long term viability
Ensure overall physical security effectiveness
What to do?
PPS usually consists of three subsystems: Access Control, Video Surveillance, and Intrusion Detection. Subsystems' main components are listed below supplemented with some baseline security measures.
Access Control System:
User credentials (e.g.: access card, PIN, or smartphone)
Educate users on safeguarding their assigned credentials.
Implement procedures on issuance, return, and loss.
Review credential technology annually.
Credential readers
Secure reader installation with anti-tampering screws.
Implement procedures on regular visual inspection and routine maintenance.
Install tampering switch to detect unauthorised dismantling.
Backend access panels
Secure panels within locked metal cabinet equipped with tampering switch.
Implement procedures on applying latest firmware and/or patches.
Implement procedures on updating login password regularly.
Video Surveillance System:
Security cameras
If possible, arrange camera layout where each camera's phyiscal location is covered by another camera.
Implement procedures on updating login password regularly.
Implement video footage tampering reporting measures (e.g.: physical blocking, signal loss, or view angle change)
Network switches
Secure switches within locked server rack that is located within secured room.
Implement procedures on updating login password regularly.
Implement network access control to prevent and report unauthorised access.
Video recorders
Secure recorders within locked server rack that is located within secured room.
Implement procedures on updating login password regularly.
Implement procedures on operating system and application patching regularly.
Intrusion Detection System:
Intrusion detection sensors (e.g.: motion sensors, door contacts, or seismic sensors)
If possible, install sensors on the secured side of the environment. For example, installing door contact on the secured side of the door.
If sensors are network based (a.k.a. IOT), implement procedures on updating login password regularly.
Backend alarm panels
Secure panels within locked metal cabinet equipped with tampering switch.
Implement procedures on applying latest firmware and/or patches.
Implement procedures on updating login password regularly.
General components:
System server & workstation
Secure component within access controlled room.
Implement procedures on operating system and application patching regularly.
Implement procedures on updating login password regularly.
Implement procedures on reviewing user access at least annually.
PPS documentations
Ensure drawings (e.g.: layouts, schematics, and elevations) are maintained
Ensure equipment inventory are maintained
Ensure network related information (e.g.: IP/MAC addresses) are maintained
Physical keys
Ensure all keys are tagged with useful information without identifying associated lock
Implement procedures to review keys issuance regularly
Bottom Line:
Optimal security requires dedication from the business. What is worst than lack of security would be a false sense of security. As a business leader, you are duty bound to safeguard your company's assets and people. Talk to a trusted security professional either internally or externally on how to start (tips: policy support).
Comments