Task: Please create a 5 bullet-point policy on Access Control and Investigations for a building which is only three floors, and has one entrance on the main road; each floor has 5 offices;Simply do your best to design a policy discussing items shown from our notes, but using some creativity.* Do not use outside resources! use just the information given!
Elements Security management provides a framework for better practice in asset protection. Any organization, regardless of size, complexity, or industry, can implement SRM practices to secure key assets and to manage security-related risks. Typical activities and responsibilities that are part of security management include: Policy, procedures, and standards Threat identification and the use of intelligence Threat assessments Investigations Root cause analysis Design basis threat Asset and business impact identification Identification and protection of significant organizational infrastructure Security training Supply chain protection Business resilience Incident reporting Law enforcement presence and effectiveness Criminal trends Client base, including means and level of access as well as type and frequency of interaction Management support 5.2.3 Applying Security Management Practices Any of the practice areas can operate independently; however, they can only realize their full benefits when integrated appropriately. ICT security technologies, such as firewalls, encryption devices, and controlled information access points, for example, although important, need to be integrated with a range of other information control technologies. Security measures such as secure containers, classified document registers, building or room specific access passes, and identification cards also contribute to the security of information. Personnel security processes, which include the vetting of those who access secure information, are similarly integral to an overall SRM plan. 5.3 Physical Security Scope Although the traditional 3Gs (guns, guards, and gates) remain useful in physical security, they represent only a small proportion of physical security protective measures. Physical security involves the physical protection of personnel, hardware, property, networks, and data from deliberate acts and events. These acts and events can include burglary, theft, vandalism, and terrorism and could cause loss or damage to an organization or individual. Purpose The purpose of a physical security system is to prevent altogether or reduce the likelihood of sabotage, theft, trespass, espionage, vandalism, or terrorism. A security system must provide the capability to detect, assess, communicate, delay, and respond to a suspected physical breach of security. Security safeguards should include: Access control systemsg Executive protection and background investigations Security staff Integration with other physical safety issues that could potentially pose a threat to staff or others Building safety standards as well as construction and maintenance frameworks relevant to CPTED principles The installation of emergency response systems, including fire prevention and other incident response mechanisms and procedures 5.3.2 Asset Identification in Physical Security Risk Management The establishment of a physical security context is a useful first step in identifying assets that require protection. This context should include an analysis of the internal and external environment and the way in which this environment affects the security and operation of an organization. This analysis should include consideration of: Terrain (including natural barriers and natural security impediments) Physical attributes of assets, including lighting and proximity to other structures, parking, access, and thoroughfares Existing physical security measures Accessibility Population and demographics 5.3.3 Controls and Protective Barriers The Oxford English Dictionary defines the term barrier as “an obstacle that prevents movement or access.” Physical barriers are one of the more visual and versatile elements of physical security. Fences, bollards, doors, and screens protect assets from a range of threats. They can be used to: Define the perimeter of an asset Control and deny access Detect and deter unauthorized entry Delay intrusion Barriers can be both natural and structural. Natural barriers should be identified in an initial asset appraisal and used if appropriate. Structural barriers should be placed not only to enhance physical security but also to act as a psychological deterrent to people that may contemplate an attack on the asset. Barriers should enhance security and at the same time reduce the need for more costly human or technological security measures. Barriers should also increase the effectiveness of other measures, such as lighting, CCTV, and security guards. The nature and appearance of a barrier should also complement the needs of an organization. Barbed-wire fencing may be an effective barrier in some situations, but it would be inappropriate for use in a shopping center. Barriers should be made from materials that can act as a deterrent against likely threats. Ballistic glass, fences covered by hedges, and security bollards to limit vehicular access are all commonly used by organizations concerned about the aesthetics of the asset being protected.