Free Essay

Logical and Physical Security

In: Business and Management

Submitted By merital
Words 1624
Pages 7
CONVERGENCE OF LOGICAL AND PHYSICAL SECURITY SYSTEMS
INTRODUCTION
Up to now, majority of organizations have their physical and logical access systems operating as independent structures, with each being run by a totally separate department. The information technology security system, which controls access to information technology infrastructure including mail servers, the internet, database applications and web servers was managed by the department of information technology. The physical security system, which incorporates door access into buildings, systems of life support such as CCTV and Fire, and the badging process of employees, was run by the department of facilities (Mehdizadeh, Y, 2003).
Currently, security operations involve the guarding of buildings and equipment in addition to protection of networks, taking care of issues of privacy, and risk management. The interrelation between the aspects of the security initiatives necessitates consolidation of the two security systems. Such a convergence of the IT and physical security functions is important in achieving an efficient security system (Mehdizadeh, Y, 2003). However, such an operation is also lined up with disadvantages.
This paper looks at the pros and cons of combining the IT and physical security functions in a medium to large-size firm with complex IT system requirements and a global footprint. It also analyzes the fundamental components of an IT security system and explains how their integration supports and enhances the overall security profile of the organization.
PROS AND CONS OF COMBINING INFORMATION TECHNOLOGY AND PHYSICAL SECURITY FUNCTIONS.
Combining logical and physical security systems has several benefits. One of the benefits of the convergence is improved efficiency. Management of an employee’s entire credentials enables the enterprise to control the time he/she was badged, the facilities and systems they can access and the events that take place when the employee is transferred, terminated or leaves (Slater, D, 2005). The use of one data repository enables data that enters the system once to be reproduced throughout the entire organization. This enables common administration for users, credentials and privileges across both the physical and the IT fields; hence less effort and reduced possibilities of omissions or oversights when an employee leaves, is contracted or gets some change of access permission(Eugene, E.E, 2007, p.83). Another advantage of this convergence is the reduction of cost. A combined security system abolishes the necessity of local security guards; rather, guards can monitor the security system throughout using a central location. From the same central location, burglar alarms are monitored, thus obviating the need for outside contracts made with other third parties (Slater, D, 2009). Video recording is also done on server disks rather than on digital video recorders, which are far much more expensive. Elimination of the guards and moving the systems used to monitor security and burglary in-house saves a lot of money (Slater, D, 2009).
The system’s audit trail is yet another important benefit of the convergence. This audit trail can be greatly helpful in forensic investigations. For instance, in a security event, a detailed security log shows the computer that was used, the password and username, and the person who had access to the building. Moreover, a centralized data repository is helpful for real time systems monitoring (Mehdizadeh, Y, 2003).
Another benefit of this consolidation is the development of the corporate badge, which is a form of common identity used in corporate mergers. This badge provides “global roaming” in which one card enables access to all facilities worldwide in accordance to the granted authorization (Mehdizadeh, Y, 2003).
The convergence also gives the organization a much more versatile staff. This is because the system enables cross-training of the agents in an organization, thus making them aware of fields that were not in their job categories before. Employees who are assigned to certain projects become cross-trained while doing the job. This improves security and response time and enables the staff to cover each other, lowering staffing costs and giving the team members higher career opportunities (Slater, D, 2009). The convergence of IT and physical security systems also comes with disadvantages. One such disadvantage is that the security system requires knowledge which is beyond the domain of security. Most of the elements necessary for integration of logical security systems have complex setup and configuration steps which have to be carried out by a knowledgeable individual. Security departments must therefore rely on IT departments for assistance with several security project aspects. However, there exists a big communication gap since the personnel of each of the departments lacks knowledge of the other department’s domain. Solving this problem is difficult due to existence of the fear of possible loss of control or power to the other department (Eugene Schultz, E.E, 2007, p.84).
Another disadvantage of consolidating the security systems is the complex issues brought about by the fact that they offer several benefits which are non-security. The systems of such newly introduced benefits throughout an organization necessitate the extension of the elements of information technology and physical security systems infrastructure for purposes which are non-security. This brings about complicated issues for procurement, budgeting, deployment as well as the systems’ ongoing use. This also greatly expands privacy issues (Eugene Schultz, E.E, 2007, p.84).
The high cost of combining the two security systems is also a significant setback of the operation. Many organizations may lack adequate capital to carry out the necessary steps in consolidating IT and physical access systems, and an effort to achieve the same may result in retarded performance on other sectors of the organization due to financial constraint.
FUNDAMENTAL COMPONENTS OF AN INFORMATION TECHNOLOGY SECURITY SYSTEM
A logical security system is made of the following key elements:
User IDs- these are also known as user names, logins or accounts. They are distinctive personal identifiers used by a computer program’s agents where the program can be accessed by two or more users. The identifiers are created on brief sequences of numeric and alphabetic characters, and they are either chosen or assigned by the computer’s users (Kovari, P, 2005).
Authentication- this is the procedure employed by the program or network of a computer to check a user’s identity. Blind credentials lack identity but can still access the system. Identity confirmation is important to access control, a concept that grants access to authorized users and denies it to unauthorized users (Kovari, P, 2005).
Biometrics authentication is measurement of behavioral or physiological features of users for confirmation of their identity. The physiological aspects used are hand measurements, facial patterns, fingerprints, voice patterns, irises and eye retina scans. As an agent registers, some characteristics are taken and developed by a numerical process. This digit enters a database and features of users who attempts matching the stored characteristics has to match them to some given minimum error rate. The aspects of behavior used are speaker recognition, typing pattern recognition, signature recognition and gait recognition (Mehdizadeh, Y, 2003). When one registers into a system, some of their physiological features are taken and developed by a statistical algorithm. This digit is then placed in a database, such that anyone who tries matching the stored characteristics has to match them up to some minimum accepted error rate (Korari, P, 2005).
Physical keys- this refers to objects that are used to verify the identity of the person holding them. These include metallic keys used for unlocking computers, hardware devices plugged into computers so that they carry out certain programs, and smart cards having fixed microprocessor or memory (Korari, P, 2005).
When these components are integrated into the security system, they work together with the services granting access to company IT resources for example database permission, connectivity to the internet, access to the web, and e-mail. Authentication is then used for granting access of the resources depending on directories and the policies of access control for determining who can access what resources (Mehdizadeh, Y, 2003). The IT and physical security systems interact using infrastructure services installed by the department of information technology. This for instance enables a door reader to become connected to a fire protection system which is in turn tied to a CCTV system that is controlled by the physical security system. While physical security operations focus on protection of people, assets and structure as well as monitoring movement of assets and individuals throughout the buildings, logical access system controls access methods, monitors tenancy and perimeter intrusions, and enables the security personnel to easily monitor the entire security system as a single entity (Mehdizadeh, Y, 2003). The integration of IT components into the security system of an organization thus greatly supports and enhances the overall security profile of an organization.
CONCLUSION
The convergence of physical and IT security systems is beneficial to organizations, with some of the benefits including increased efficiency, reduced cost and provision of a more versatile staff. The convergence also has disadvantages, which include high costs of consolidating the systems as well as the system’s requirement of knowledge which is beyond the domain of security. Apart from the comparison between the pros and cons of the convergence of physical and IT security systems, the components of an IT security system have also been analyzed in this paper, and an explanation given on how their integration supports security operations in an organization; leading to the conclusion that integration of IT components into the security system greatly enhances the overall security profile of an organization.

References
Eugene Schultz, E. E. (2007). Risks due to convergence of physical security systems and information technology environments. Information Security Technical Report, 12(2), 80-84
Kovari, P. (2005). Red Paper: WebSphere Security Fundamentals.
Mehdizadeh, Y. (2003). SANS Institute: Convergence of Logical and Physical Security.
Slater, D. (2009). Physical and IT Security Convergence: The Basics. CSO, 1-4.

Similar Documents

Premium Essay

Logical vs Physical Topology

...Therefore, security is a necessity in an e-commerce transaction. The purpose of this paper is to present a token based Secure E-commerce Protocol. The purpose of this paper is to present a paradigm that is capable of satisfying security objectives by using token based secure Keywords: Trusted Third Party (TTP), Pretty Good Privacy (PGP), Secure Socket layer (SSL), Secure Electronic Transaction (SET). 1. INTRODUCTION E-commerce refers to a wide range of online business activities for products and services. Security is the basic need to secure information on internet. It also pertains to any form of business transaction in which the parties interact electronically rather than by physical exchanges or direct physical contact. A security objective is the contribution to security that a system or a product is intended to achieve. E-commerce has become a dynamic force, changing all kinds of business operations world-wide. E-commerce is conducted on global network i.e. Internet which is un-trusted. So confidentiality is required during transmission and it must be kept secure against all type of threats The related concepts and business practices not only influence communications, the routines of daily life and personal relationships, they represent opportunities for initiating new international and domestic business ventures. However, as the Cyber is used increasingly as a platform for e-commerce transactions, security becomes a primary issue for Internet applications.......

Words: 2757 - Pages: 12

Premium Essay

Individual Physical Security

...INDIVIDUAL PHYSICAL SECURITY Individual Physical Security SEC 410 LaShena Shields 7/21/2013 Physical Security addresses actions to protect buildings, property and assets against intruders. When designing a physical security program, there are three levels that are needed to protect the outer perimeter, inner perimeter and the interior. Implementing two or three forms of security at each level will have an effective physical security system. Companies can elect to use physical security as part of their contingency planning measures. Physical security measures will include perimeter boundaries, surveillance devices, secure entry points and identifications checks, and secure access for internal sensitive areas. The organization might decide to bring in a specialist response team to help with a variety of threats, whether industrial, medical or any security related incident. Regular security checks on locations and materials should be conducted to deter or identify breaches of security, and strong links with external agencies are useful to augment a company’s resources, as well as share risk. Some considerations related to physical security risk management measures follow (Deutsch). Physical perimeter boundaries is a clear delineation between public property and restricted locations is often required to isolated project areas. The use of fences, wire entanglements, concrete bollards, beams, signs and cleared land ( for observation purposes) ensures that......

Words: 1858 - Pages: 8

Premium Essay

Physical Security Policy

...Associate Level Material Appendix E Physical Security Policy Student Name: xxxxxxxxxxx University of Phoenix IT/244 Intro to IT Security Instructor’s Name: xxxxxxxxx Date: 4.14.13 Physical Security Policy 1 Security of the building facilities 1 Physical entry controls Like we have in our company, everyone must have an ID Swipe card (smart Card), they must swipe the card coming into and going out of the building. These Smart card readers are at every door externally and internally. This is a big help in also identifying who is in the building and at what times. If there is any issue. This is for employees, for non-employees you need to write your name down and only then will you get a visitor’s pass to enter the building. You return you pass when you leave the building. We also have an alarm system at every external door way this includes the windows too. We do not have a fence but do have a security car that travels around the building all thru the night, as well as sensor lights and camera inside and out. 2 Security offices, rooms and facilities We have a few places that are locked down with keypad entrée’s one is the accounting room and the other is the network room. In the......

Words: 728 - Pages: 3

Premium Essay

Physical Security Operations

...PHYSICAL SECRUTITY OPERTIONS RESEARCH PAPER Faye A. Smith Sec/320 October 29, 2012 Terence Hunt, MSS, CPP INTRODUCTION To understand the importance of physical security is the security of people and technology. The use of physical security consists if a series if actions that are used to protect someone against unwanted or illegal invasion. There are three levels of physical security which are the security practitioner should be concerned with. They are the outer perimeter, inner perimeter, and the interior. OUTER PERIMETER Your actual property line defines the outer perimeter. In controlling the outer you must control who can drive/walk onto your property. You can use barbed wire fence, a guard shack. You need to weigh the risk of an intruder entering your property and the cost of the available physical security measure. There are two concepts involved in perimeter security, which is Natural Access Control and Territorial Reinforcement. Natural Access Control is the use of building and landscaping features to guide the people as they and enter/exit a space. You all also want to discourage intruders to close any and all potential exits. potential (1) Clearly defined entrances the first thing to the access control is the approach to your area. That is can a car drive onto your property without it being notice? If this does happen that means you need to consider of using curbs, barriers, gates to direct the traffic to a single control area. A guard shack would be a......

Words: 717 - Pages: 3

Free Essay

Physical Security

...Physical Security Paper Security, the word carries different meanings depending on the context in which it is used but ultimately it always falls back to a sense of protection. Security can come in a variety forms but the one most notable would be physical security. Physical security refers to those tangible objects that can prevent or deter an adversary. Security is considered the backbone of any business or organization when the question of concern regarding protection is being looked upon. While physical security may appear to be simple, it actually follows a set of core concepts that helps to develop, build, and make it an effective approach to security. Physical security would not be complete without the use of a security assessment. If there is no known threat or risk then the need for security is not there which means it is the best decision to perform a security assessment to check for areas of vulnerability. Physical security also encompasses some basic physical controls that should be noted and taken into account. Core Concepts of Physical Security Before breaking into the core concepts of physical security, it only seems appropriate to determine exactly what physical security is. An effective physical protection system integrates people, equipment, and procedures for the protection of assets or facilities against theft, sabotage, or other malevolent human attacks (Rico & Beasley, 2006). Physical security is aimed at preventing any type of physical......

Words: 1183 - Pages: 5

Premium Essay

Physical Security Paper

...address bar. Physical Security Paper [This title could be more inspiring. Labeling it a "paper" or an "essay" is redundant (what else could it be?), and only a few words as a title are not very explanatory (or intriguing to the reader). An ideal title has between six and a dozen words ] Russell Smith SEC/410 November 17, 2013 Morris Cotton Physical Security Paper The author [If this means yourself, avoid referring to yourself in the third person; if this is a personal account, use the first person (I, me, my)] will describe the core concepts of physical security, security assessments, and the basic physical controls of security. Security concepts “National Advisory Committee on Criminal Justice Standards and Goals (1976: 3–11), the concept of security begins with providing for one’s personal protection and expands to the family and then to the larger societies of community, political entity, and nation” (Curtis & McBride, 2011, “p” 1). Security is important to people in today’s society, with [Remove comma before "with" (unless beginning or ending a parenthetical phrase)] all [Writing suggestion: "All" or "all of" used as an intensifier very often can be removed with no loss of meaning] the crimes that are [Writing suggestion: rewrite the sentence to remove "that are"] happening the staff or the clients want to feel safe and protected when entering a facility. Security companies or security personnel hired to provide the safety...

Words: 2103 - Pages: 9

Premium Essay

Physical Security

...Physical Security Table of Contents INTRODUCTION III ELEMENTS AND DESIGN III EXAMPLES OF PHYSICAL SECURITY III PHYSICAL SECURITY ELECTRONIC ACCESS III CASINOS AND GAMING III EDUCATION III TRANSPORTATION III Goggle Search iii Dictionary Search iii Introduction This paper examines Physical Security from the perspective of perimeter such as gates/guards, building access controls, room access controls, enforcement options, auditing approaches, risk determination for physical attack vectors, etc. Physical Security describes measures that prevent and/or deter attackers from accessing a facility, resource, or information stored on physical media. It can be as simple as a locked door or as elaborate as multiple layers of armed guardposts. In the Global world, Physical Security is the most common mechanisms for access control on doors and security containers. They are found in the vast majority of residences, commercial businesses, educational institutions, and government facilities, and often serve as the primary protection against intrusion and theft. Elements and design The field of security engineering has identified three elements to physical security: 1. obstacles, to frustrate trivial attackers and delay serious ones; 2. alarms, security lighting, security guard patrols and closed-circuit television cameras, to make it likely that attacks will be noticed; and 3. security response, to repel, catch or frustrate attackers when an attack is...

Words: 2139 - Pages: 9

Premium Essay

Physical Security Survey

...Physical Security Survey Report for: Magnolia Utility Citizens’ Cooperative Prepared for: Janet Garret, Director of Security By: Top Notch Security Specialist Jake Johnson Date of Survey: 6 January 2012 Introduction My company conducts physical security surveys and we were hired to perform an evaluation on Magnolia Utilities Citizens’ Cooperative. I was given access to many personnel throughout the organization and was able to receive tangible data to conduct a thorough survey. Mr. Gorsky was in charge of the security check point at the vehicle yard. Mr. Videtti is the warehouse supervisor. Mr. Williams is the tool and equipment distribution center supervisor. Interviewing these personnel gives me an inside look to the physical security layout. The Magnolia organization currently employees 32 personnel and business is conducted within two separate locations. Cash management area, Electric Way hours are conducted between 10AM to 12PM and 2PM to 5PM. Cash Management Area South Street functions are conducted between 8AM and 6PM. Warehouse tool and equipment distribution center is opened from 5Am to Midnight. The provided information and information gathered throughout the survey has led me to an evaluation which concentrates on areas that need improvement. After interviewing all employees it is evident that not all of them receive security training on a regular basis. In order to maintain a highly secure working environment all employees regardless of...

Words: 1217 - Pages: 5

Premium Essay

Physical Security

...Physical Security Simulation After completing the interviews at Magnolia Utility Citizens’ Cooperative I found several holes in their physical security processes and also that many employees were not very happy about an outside security consultant asking questions. My experience from the security interviews was that there were multiple issues in most departments and many employees tried to mislead me into believing there was not a problem. In some interviews a couple of employees told me the way business was conducted and then blatantly contradicted themselves right in front of me. There were major consistency problems in the way business was conducted as well. I was surprised to learn that the cash management offices at both branch location were not ran the same way. I also saw got to see the value in bringing in an outside security consultant. With an outside consultant performing interviews I was able to find holes or short falls that were probably unknown to the security manager. The security report that we provided to Magnolia Utility Citizens’ Cooperative illustrated every aspect of security and accountability from each of their departments. With a list of everything Magnolia Utility Citizens’ Cooperative is doing wrong and right it will allow management to come up with plans, training, and/or changes to staff to make their company more efficient and secure. This physical security simulation was a great assignment for me. It put a lot of things in perspective......

Words: 270 - Pages: 2

Premium Essay

Physical Security Plan

...Perimeter Protection As the Security Manager of Palm Beach Marina Cove (PBMC), I was informed that there will be an expansion to the existing condominium. PBMC II will be built next to PBMC on the east side of the property near the seawall. ABC construction will be the lead company to erect the PBMC II. A construction site has a high probability of internal and external threats. With the ongoing construction, we must put in place a perimeter protection plan. The perimeter protection plan must include best practices in perimeter protection for a construction site that integrates with the contiguous existing building, properly safeguard the perimeter of both sites during construction, my recommendations, and a budget for all recommendations. The protection plan will come with a price but we need to ensure the safety of all the residents of PBMC, but also take into considerations of ABC constructions equipment and materials. With undertaking of this huge project, we must look at the best practices for the construction site that integrates with the contiguous existing building. The first step in this process will ensure that the individuals that are working on the construction site will have a complete background check. The background check will be conducted by ABC Construction. If the employee is suitable to work on the site, he will be issued a badge with his or her picture on the card. If the individual is not suitable for the work site, then he...

Words: 1710 - Pages: 7

Premium Essay

Impact and Issues of Physical Security

...Impact and Issues of Physical Security Security 6030 Wilmington University Table of Contents Introduction 3 Physical Security Countermeasures 4 Physical Security Program 5 Regulatory Compliance 7 Conclusion 9 References 10 Introduction Most people consider about locks, bars, alarms, and uniformed guards once they consider about protection. At the same time these countermeasures are certainly not the only precautions that have got to be viewed when trying to secure information system, they're a perfectly logical situation to start. Physical security is a vital part of any security plan and is fundamental to all safety efforts without it, information security, application security, user access security, and community safety are considerably more......

Words: 1812 - Pages: 8

Premium Essay

Case 3: Physical Security

...CASE 3: PHYSICAL SECURITY p.64 Required: 1. Why are the auditors of Avatar stressing the need to have a better physical environment for the server? If Avatar has proper software controls in place, would that not be enough to secure the information? Ans. Auditors of Avatar are stressing the need to have a better physical environment for the server to secure and protect the infrastructure itself (hardware, sorftware and networking devices) as well as the information they hold from possible threats. The company may not only lose the investment they put for the servers and data but it can also impair their ability to function as a business. Evidently, software controls that are currently in place are not enough to secure the information. Additional control features must be considered to guarantee the security of the server and help them mitigate risks. 2. Name the six essential control features that contribute directly to the security of the computer server Ans. a. The physical location of the computer center directly affects the risk of destruction to a natural or man-made disaster. b. Computer center should be located in a single-story building of solid construction with controlled access c. Access to the computer center should be limited to the operators and other employees who work there. d. Computers function best in an air-conditioned environment, and providing adequate air conditioning is often a requirement of the vendor’s warranty e. The......

Words: 354 - Pages: 2

Free Essay

Physical Security

...Current Event Article Krishna Koutilya Reddy Wilmington University A teenage hacker who is a student from an American high school hacked into personalized online e-mail account of Central Intelligence Agency (CIA) director John Brennan and hacked sensitive secret files and information. The hacker entered into the Brennan's individual e mail account and hacked sensitive documents that include: * A copy of application form regarding top-secret security clearance of total 47 pages. * Social Security Numbers and some personal information of more than 10 top most leading US officials. * A federal government authorities notice discussing on "harsh interrogation techniques" which are used to interrogate the terrorist suspects. * Phone figures * E-mail handles The hacker performed the procedure by using the Twitter name "Crackas with Attitude." The hacker also tweeted screenshots regarding the list of sensitive files in an e-mail account and showed the fax from the CIA office. Hacker stated that he apparently acquired an entry to an e-mail account of CIA director using a social engineering scam where he acted as a Verizon employee to get access as another employee to reveal Brennan's personalized details. By using that information hacker could reset the password of Brennan's personalized email account continuously and that's the reason chief struggled to regain its control. And finally after all trials Brennan’s account has got disabled. Government......

Words: 299 - Pages: 2

Premium Essay

Converting a Physical Data Model to a Logical Model

...Table of Contents Setting up the subject area (if required) 2 Bringing in the tables 4 Assigning appropriate Domains 5 The logical Model 6 Identifying a many to many relationship 7 Replacing a mapping table 7 Renaming Logical Model 15 Entity Names 15 Relationship Names 16 Attribute Names 16 Revisiting Physical Model 19 Relationship Naming 20 FINAL PRODUCT 21 Logical VS Physical 21 Setting up the subject area (if required) 1. Open the target and source Erwin models in the same instance of Erwin. 2. If required create a new subject area in the target model where the tables are going to be copied. Figure 1 – Creating a new subject area 3. Change the default theme to ‘Classic Theme’ (right click on the diagram page and click properties ER Diagram Editor will open up. Change the Theme on the ‘General’ tab) Figure 2 – Selecting a Theme Bringing in the tables 1. Select the tables and relationships (if applicable) from the source model file and paste them in the target model while both models are in Physical mode. Figure 3 – Importing/copying the tables 2. Verify that all the tables you need are copied in the Erwin target model. 3. You can close the source model at this stage (recommended) Assigning appropriate Domains 1. Right click on the table and select ‘column properties’. 2. Assign the correct domain parent to all the columns. Figure 4 Assigning Domains to the columns 3. Once you have assigned......

Words: 1187 - Pages: 5

Free Essay

Logical Design and Physical Design

...Logical Design and Physical Design CMGT 555/ Systems Analysis and Development   Throughout the whole process of system development, there are designs that take place before any coding or setup takes place. During this time, phrases like logical design and physical design get tossed around a lot, but what are they and what do they mean? In short, the logical design defines what must take place, not how it is accomplished. The logical design is like a set of blue prints, it describes the actual processes of entering, verifying, and storing data. In this paper we will explain when logical designs and physical designs are used, what design information a logical design and physical design contain and any similarities or differences. Figure 1. Example of Logical Model and Physical Model for an ERD Relationship Diagram (Compare Logical and Physical ERD, 2009) The direct definition of a logical design “is the Conceptual Blueprint of a software application, illustrating entities, relationships, rules, and processes (Thibeault, 2011)”. So what is the logical design is used for? The logical design contains all the business entries, what each entries attributes are, and relationships among entries. Now the logical design to some is misleading because they often confuse it with detailed technical design, even though the goals for these two are not similar at all. Now when do we use the logical design? That question is simpler to answer; it usually starts during the......

Words: 845 - Pages: 4