Computer Network Physical Security
Threats can come from many sources and can affect different parts of a system and network. There are physical threats that can compromise a system and deny the use of network resources. Damage can occur on any piece of hardware connected to the system such as servers, routers, switches, and workstations/ PC’s. Access should be controlled to the location where vital hardware is stored. Ensure all doors remain locked and only authorized individuals enter restricted areas. There can also be damage caused by electrical threats. A voltage spike or total power loss can shut down critical systems and cause negative impacts throughout the company.
This is evidence in the well defined physical security strategies employed in the military defense structures of the ancient empires and colonies in which the soldiers served as a form of intrusion detection and the access into the city walls were made through the city gates, while the city walls served as perimeter protection and access control. This is also evidence in the nineteenth century fortress and royal castles. Throughout recorded history, man has needed to feel safe and secure. The philosophy of physical security remains the same but the technology varies in application over the years. The security of an organization’s resources and sensitive information is very vital to its existence and business continuity. The physical and environmental security domain examines the vulnerabilities, threats, risks and countermeasures that can be taken to physically secure the organization and its assets. In other words, physical security mechanism involves the physical measures designed to protect people, data, infrastructures, equipments, system and information pertaining to an organization. Most professionals in the field of information security do not think so much about physical security as they do about computer and network security and associated viruses, hackers, and technology-orientated countermeasures. Therefore the need arise for a security professional to view security from a broad perspective because danger can come from anywhere, taking any shapes and different formats which can result into different level of severity in terms of damage. Physical security has a different set of vulnerabilities, threats, and countermeasures as compared to computer, network or information security. Physical security focuses on protecting all the personnel and assets of the organization and also the enhancement of productivity, the AIC security triad will enhance the availability of company resources, the integrity of the assets and environment and finally the confidentiality of the data and business processes. The objectives of the physical security program largely depend on the desired level of protection required for different assets of the organization, which is also determined by the organization’s acceptable risk level. The threat profile of the organization including the laws and regulations with which the organization must comply dictates the acceptable risk level of the organization. In other words, the objectives of physical security should address crime and disruption prevention through deterrence (e.g. the use of fences, security guards), reduction of damage through the use of delay mechanisms (e.g. physical locks, barriers, security personnel), crime or disruption detection gadget (e.g. smoke detectors, CCTV), incident assessment (e.g. response to detected incidents and determination of level of damage) and finally the response procedures (e.g. the emergency response process in place, the fire suppression mechanism in the advent of fire).
This therefore implies that doors leading to the computer rooms must not only be secure, but must be kept under lock and key and windows adequately grilled to curtail any occurrence of unauthorized access to the computer rooms (Walters, 2007). Indeed, many organizations have a policy that restricts entry to the computer and server rooms to authorized personnel, in most occasions a systems analyst or administrator. It should be noted that this aspect of physical security is fundamentally important since all the other factors are dependent on how safe the computer or server room is from possible attacks and illegal access. Engaging trained security personnel and dogs to physically protect the information systems is yet another physical aspect of information security that is intrinsically important yet seldom considered by many organizations (Loch et al, 2002). Patient data is sensitive in nature, thus the need to engage all efforts that may be deemed necessary to protect the computers from theft or illegal access. Consequently, trained security personnel forms a critical aspect of the physical security of information security needed to secure the computer rooms and the immediate environment from possible attacks, which may result in the theft of computers and by extension the loss of critical data (Perrig, Stankovic & Wagner, 2004). Dogs are always useful in repelling thieves from accessing the urgent care center.
In conclusion, after human life is secure, business continuity planning and disaster recovery planning can recover the business and IT functionality. Physical security is not always the first thought when it comes to security. Most organizations tend to focus on more technical aspects of security countermeasures. All the network intrusion detection systems and firewalls are completely useless if someone can get to the equipment and steal data or the device.
Loch, K.D., Carr, H.H., & Warkentin, M.E. (2002). Threats to information systems: Today’s reality, yesterday’s understanding. MIS Quarterly, 16(2), 173-186. Retrieved from Business Source Premier Database.
Perrig, A., Stankovic, J., & Wagner, D. (2004). Security in wireless sensor networks. Communication of the ACM, 47(6), 53-57. Retrieved from Business Source Premier Database.
Renaud, K., & De Angeli, A. (2009). Visual passwords: Cure-all or snake-oil? Communications of the ACM, 52(12), 135-140. Retrieved from Business Source Premier Database.
Stajano, F., & Wilson, P. (2011). Understanding scam victims: Seven principles for systems security. Communications of the ACM, 54(3), 70-75. Retrieved from Business Source Premier Database.
Walters, L.M. (2007). A draft of an information systems security and control course. Journal of Information Systems, 21(1), 123-148. Retrieved from MasterFILE Premier Database.