don\'t get caught sleeping: why physical security still matters.

by:KKR Stone     2020-06-12
We are filled with technical security issues.
Open an IT or business journal and it\'s hard for you to find an article that talks about virus worms, Trojans, software bugs, etc ---
Has become the risk of a security disaster.
Technology systems are increasingly vulnerable to attacks by unscrupulous individuals.
But businesses are so stuck with technology security that they forget more basic but prominent concepts of physical security.
Through physical security, we mean to protect your office building and other physical assets from unauthorized access, use, movement and destruction. [
Slightly] Illustrations
Physical Security has recently lost its charm and has stepped back on technical security issues.
However, if the correct perpetrator is able to violate personal safety and enter the sensitive area of the office building, an organization can be taken to the ground within seconds.
One of us has just finished a Consulting Program for a large financial institution (
We call it gamma ray.
Headquartered in the United States.
This project is simple and clear.
Gamma has just completed a review of its security procedures, protocols, and practices.
Gamma is confident in the strength of his security team and he lets us see if we can get into one of its office suites.
There is only one condition: we must access it using an unauthorized mechanism.
They did not provide us with any information (
Such as the blueprint for office layout)
Or access mechanism (
Such as ID card).
We were able to violate Gamma\'s security agreement in less than 10 minutes, although the company has a budget of up to millions of dollars on security issues.
This is how it happened: our men are wearing jeans and T-shirts
He took an envelope from the office by FedEx.
Then he went to the bank by subway and then to the reception.
The tenants of the office building used the reception desk.
He claimed to be \"Kevin\" by his real name \".
\"Hello, Kevin,\" said the receptionist. How are you?
Who are you giving your mail?
\"Kevin never said he had mail to deliver.
Actually, he just wanted to know about the building.
But the opportunity for security holes has been opened, which cannot be wasted.
Kevin replied, \"Yes, I am. it must be a good day today.
Could you please tell me how to get to the reception at Gamma bank?
\"The Receptionist gave the floor number of the reception and told Kevin that the mail room was on a different floor.
She then pointed him to the elevator without checking her identity or even calling the receptionist at Gamma.
Kevin walked to the floor of the reception room and was welcomed by another employee.
She told him about the package (
A blank FedEx envelope)
He can leave with her.
Kevin insists the package must be handmade.
Delivered to chief operating officer
The attendant in the reception room was eventually persuaded and decided to escort Kevin to the main office.
She again helped Kevin through the main reception without checking his identity and then pointed him to the location of the COO suite.
Kevin now has access to the main office and finally arrives at the designated office suite by asking about two other employees.
This security breach has led Gamma executives to rethink a major component of their security plan ---
Protect physical organizations from intruders.
Gamma-Ray\'s measures to ensure that its offices are protected are simply not enough.
But gamma is not alone in this defect.
Most organizations are vulnerable to physical security breaches.
In order to ensure technical security, a large amount of funds and resources have been transferred, often at the expense of physical security.
Ensuring physical security is much easier than protecting technology from the elusive targets of vulnerability attacks.
In this regard, however, the organization has become careless and many have misunderstood that it is much more serious to ensure technical security than physical security.
No rest yet-
As mentioned above, there is absolutely no technology involved.
A large number of people who fail to protect the role of being thrown into \"security\" do not have the necessary knowledge, experience or skills.
We spoke to more than 60 private security personnel in charge of protecting the downtown Chicago office building.
More than 85% of them have never been to college or trained in crisis management, security or law enforcement.
Most of the 15% students attending the university are those who drop out of the university, and there is very little training in safety management.
In addition, most of the job description of security personnel is ambiguous in the description of the minimum requirements for recruitment.
As one of our respondents said: \"During the interview. . .
The most important question is if I know how to use the intercomtalkie.
\"If we don\'t hire high
Quality personnel, we do not expect too much in terms of security.
To be effective, security personnel must have the necessary knowledge in the areas of safety, crisis management and law enforcement.
Without these skills, we might as well open our doors to intruders.
Second, most organizations consider their physical security measures to be a cost, not an asset.
So my first thought is: how to reduce this cost?
In the case of budget cuts and organizational growth difficulties, any method of reducing expenses may be welcomed by management.
Most organizations outsource their security management functions to the lowest bidder, but do not have due diligence in assessing the capabilities of the security vendor.
In downtown Chicago, most security guards are paid only $8 to $12 an hour, and there are very few perks attached.
With this kind of salary, we can\'t expect to attract the best and brightest people to the security position.
With such a low salary, security personnel are more likely to be manipulated by criminals.
For example, if we want to get into an office space and find a security guard that is hard to make a living on wages, after a bit convincing, we have a chance to get into space ---
Or when you pay bribes.
Organizations put themselves in danger by creating an environment to test loyalty.
Will you pay the lowest salary for your best software programmer or salesperson?
If you do, they may go to another organization.
If they stay, their performance may be lower than their real potential.
In terms of security personnel, we need to start thinking in a similar way.
Security guards are like puppets in uniform.
They lack important authority or accountability in most organizations.
In other words, there is always a way around them.
Consider the following.
In an organization, a security guard was fired after not allowing people without an ID card to enter the office building.
The security guard finished his work;
He was hired to prevent unauthorized access to the building.
But the man he stopped was a senior member of the organization\'s management team.
The senior officials of the organization were postponed due to inquiries ---
The Vigilant Guard was relieved.
After the incident, do you think the security guards of this organization will block someone who looks like a senior manager?
It is difficult for security guards to enforce safety rules.
For example, in most organizations, there is a rule that states that you must always display your ID.
But try to spend the day in your office without an ID to see if you \'ve been asked by security guards.
Unless we give security personnel the necessary powers, they will not succeed in protecting our assets.
Just as the police have the right to ensure that all citizens comply with the law, security personnel must also have the right to implement security policies.
Five steps to security most defense and intelligence departments (DIS)
Organizations do not consider security as a cost item.
Instead, these organizations have taken significant steps to ensure that their assets are protected from unauthorized access, destruction and destruction.
DIS organizations usually have their own internal security personnel and refuse to outsource this responsibility to third partiesparty.
To be responsible for security matters in the DIS organization, there must be proven records, necessary knowledge and skills-
Must be tested for organizational loyalty.
A wide range of training modules were provided to security personnel to ensure that they had the knowledge they needed to perform their duties.
Security personnel organized by DIS have the right to act on security violations.
In the most general sense, they can remand or isolate a staff member for suspected security violations.
The investigation of failure to comply with the security agreement may seriously affect a person\'s promotion opportunity, or in some cases, even lead to a suspension of security clearance and loss of work.
Extensive training is necessary.
Security policies and practices are not static.
With the advent of new information about threats, they need to be updated on a regular basis.
It is essential to have a proper asset management system.
An organization must have a way to mark its assets-e. g.
, There is a serial number on the computer system--
There is also a way to collect information from real sensitive assetstime.
For example, the door used by an employee to enter the office must be able to issue a real
Information about who just entered the time.
This can be achieved by monitoring the ID card swipe record and watching the camera feed. RFID (
Radio frequency identification)
Tags are helpful here.
If attached to an asset of interest, they can be used to track the movement of the asset, tampering with the asset, and other activities.
RFID tags can send out information in real time.
Time that security personnel can monitor.
Finally, it is important to focus on security functions.
Centralized security units must be linked to the financial, information systems and human resources functions of the organization.
These linkages are essential to take the measures needed to protect the organization.
For example, if an employee is found to have committed theft by the security department, they must have the ability to immediately freeze employee access to the information system, stop paying wages and start taking legal action.
These will require collaboration with members of the company\'s information technology, human resources and finance departments.
Security management is a strategic issue for all organizations.
Attention, resources and care must be given to other strategic management activities. Kevin C.
Desouza is the president and founder of the participating enterprise and the director of its research institute. -
College of Business Research [IEBR].
Desouza has written more than 80 articles for well-known commercial and academic journals.
In addition, he also wrote management knowledge with artificial intelligence (
Book of quorum, 2002), and has co-
Managing information in a complex world (M. E. Sharpe Inc. , 2004).
Yukika Awazu is vice president and partner
The founder of the participating enterprise is a senior researcher at IEBR.
Awazu has written more than a dozen articles for well-known commercial and academic journals.
As we have known for quite some time, the success of KKR Stone in the future will depend greatly on our ability to strike a balance between valuable human insight and interaction with technology.
Providing highly qualified solid surface manufacturers products and services, Huizhou KKR Stone Industry Co., Ltd. is committed to helping clients make lasting improvements to their performance and realize their most important goals. Over the past decades, we’ve built a firm uniquely equipped to this task. Go to KKR Stone for more info.
Huizhou KKR Stone Industry Co., Ltd. will do this by managing our business with integrity and the highest ethical standards, while acting in a socially responsible manner with particular emphasis on the well-being of our teammates and the communities we serve.
Custom message
Chat Online 编辑模式下无法使用
Chat Online inputting...