Security of an organization very important and today organization take various actions to protect their information, assets and other important things. When looking at the security of an organization from a IT aspect, majority of people only consider about securing the organization using IT related solutions. They maybe add firewalls, make security policies, make better authentication systems...etc. When intruders find that organization is not vulnerable through networks or from other IT aspects they focus on physical vulnerabilities to accomplish their target.So if they only address the problem from such angle omitting the physical security fact of the organization, all other security precautions can be useless or will not give the outcome that they expected.
Main objective of ensuring security in an organization is ensure that Confidentiality, Integrity and Availability (CIA) of information within the organization is achieved. As an example due to a natural disaster the information can be destroyed. Hence at that point clearly the availability of information is lost. Hence it is very important to assure the physical security of an organization.
Physical security has risks and vulnerabilities that are different than other security concerns we can find related to IT security of an organization. These include physical destruction of hardware, intruders, environmental issues, theft and vandalism.
Physical threats can be divided into four categories broadly,
- Politically motivated threats: Strikes, riots, civil disobedience, terrorist attacks, bombings...etc
- Supply system threats: Power distribution outages, communications interruptions, and interruption of other natural energy resources such as water, steam, gas, and so forth.
- Natural environmental threats: Floods, earth quacks, storms, tsunami and tornadoes, fires, extreme temperature conditions...etc
- Manmade threats: Unauthorized access internally and externally, explosions, damages by offensive employees, misuse, employee mistakes and accidents, vandalism, fraud, theft and so on.
In these situations the primary consideration should be protecting human lives. Once life safety is achieved other concerns of information security can be addressed.
No comments:
Post a Comment