University Report: Physical Security's Role in Information Security

Verified

Added on 2022/08/20

AI Summary

This report delves into the critical relationship between physical security and information security, emphasizing the protection of data within organizations. It begins by defining key terms, concepts, and professional roles in information security, highlighting the importance of access control, surveillance, and employee training. The report then examines the key physical and environmental considerations, including identifying vulnerabilities, tracking workflow processes, addressing human error, and educating employees on security policies. It also explores the process of transitioning an information security blueprint into a project plan, emphasizing the building of a healthy security culture. Furthermore, the report discusses the positioning of information security within organizations, addressing staffing concerns, credential enumeration, supporting policies, and special requirements. The report underscores the importance of risk assessment and business continuity planning in maintaining robust information security infrastructure. This report emphasizes the importance of a robust security system and the significance of educating staff members about their responsibilities and the risks associated with data vulnerability. The document is a valuable resource for students seeking to understand the critical role of physical security in information security.

Principles of Security: physical security and its role in the information security infrastructure
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Table of Contents
Introduction................................................................................................................................3
Discuss the definition, key terms, concepts, and professional roles of Information Security4
Discuss the relationship between information security and physical security with a focus on
key physical security considerations and environmental considerations...............................5
Discuss considerations associated with the transitioning of an information security
blueprint to a project plan......................................................................................................8
Describe the positioning of Information Security within organizations................................9
Concerns of staffing...........................................................................................................9
Enumerating credentials...................................................................................................10
Supporting policies and practices.....................................................................................10
Special requirements........................................................................................................10
Conclusion................................................................................................................................10
References................................................................................................................................12

Introduction
In the latest times the increasing problem that ICT business organization case very
commonly is physical security issues. At previous times huge and large mainframe computers
were mostly locked in a single room and they were accessed by very few people. The chances
of these machines to be vulnerable to any compromises were less as the authority you are
given to very few chosen people who had access to the computer (1). It was also bounded
physically. However, in the recent times the technology and computer environment has
become so advanced but also it has become increasingly difficult for different organizations
to stop the device is been compromised as the vulnerabilities of the devices has increased.
One of the primary problems that organizations usually face is the ample amount of USB
hard drive, laptops, smartphones tablets and other portable devices that easily allow
information to either be stolen or be lost due to the portability and access through different
devices. It is also possible nowadays to access a similar or same data through different
devices at the same time. This is why the people can easily have access to the company data
throughout the enterprise from different portable devices and desktop computers (2). Which
forms a physical security issues for protecting the data, fraud, excellence, vandalism, habitats
and other Complex and dynamic security issues. The devices have become more vulnerable
and the security system Restoration has become much more complex. This is why this
following report would discuss the concept of physical security and how the issues are easily
seen in information security infrastructure. Lilliput also put forward the relationship between
information security and physical security with special focus on the key physical security
consideration and other organizational environment consideration. The report would also
have a discussion about the positioning of information security within the organization with
the detailed discussion about conference of staffing, credential policies and practices
supporting the information security, and any other special requirement.

Discuss the definition, key terms, concepts, and professional roles of Information
Security
Definition: Theoretical definition of physical security is given by the protection of
employees, Software Hardware, data and network from other physical action or events that
might result in to the serious damage or loss to an organization or an institution (3). The loss
or damage can be of any kind, given it might be natural calamities like floods, fire and other
natural disasters followed by data attack, vandalism, burglary and other physical harm caused
to the above-mentioned enterprise resources.
Key Terms: The key terms that are primarily used in the concept while describing
physical security are physical personal, Software, Hardware, data, network that has the effect
of this security issue (4). They are mostly belonging to the Enterprises for organizations that
are prone to security issues or damage caused by several external referred by natural
calamities and human induced issues like burglary, vandalism, terrorism, theft and others.
Concepts: The concept of physical security is not understood clearly with an
organization as it is mostly found to be overlooked very often. Physical securities
underestimated and several technical as well as Natural threats are always around all the
physical devices and human personal that form the resources of an organization. The number
of people working in an organization is also regarded as an asset (5). Therefore, when the
concept of physical security occurs then several organizations are found to be not possessing
a clear concept about the idea of having physical security induced within the organization.
The concept is not to stop utilizing the physical devices and human resources within the
organization but to prepare such measures within the organization with carefully placed
policies and procedures that secure the physical resources used within the organization
without making it available to different vulnerabilities that might lead to data theft and other
issues or losses cost to the organization (6). The concept is to protect the physical security of

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

an organization which is the probability of physical support used in an organization
depending their infrastructure on information technology.
Professional Roles: The three important components of physical security need to be
maintained so that every people within the organization going through the professional day-
to-day activities understand their respective roles in maintaining the integrity of all the
physical devices used within the organization as well as the human resources (7). The
concept of access control, surveillance and testing are the three major physical security
components that organizations should include in the day to day activities following their
regular professional rules. There are several obstacles that potential malicious attackers force
through physical sites to the Employees within the organization for having an impact on the
organization at such a level that their data security system is shut (8). This is why every
organization should introduce several policies that should make the employees in the
organization understand the maintenance of Cyber hygiene while using all the physical
devices as well as maintaining their own self while handling of confidential and Critical
organizational information.
Discuss the relationship between information security and physical security with
a focus on key physical security considerations and environmental considerations
It has been found that the most common types of data breaches are usually committed
within an organization as per that activity or behavior submitted by an employee within the
organization. It becomes difficult for any data center for an organization induced by
information technology to understand the importance of security and at the same time
safeguard the sensitive information within the organization from Data breaches, hacking,
physical theft and other human error (9). This forms a deeper relationship between physical
security and information security. The maintenance of physical security reflects into to the
security system managed for safeguarding the information within the organization that are

critical and confidential. Following would be the primary security considerations and
environmental considerations that physical security should focus on:
Identification of the week points in employees for determination of the
requirement: The first and foremost thing that every organization need is that every
employee within the organization figures out their own vulnerabilities that might cause threat
to the business data (10). If the people themselves cannot understand the difficulties issues in
their daily activities that they perform within the organization, it would become difficult for
the people to look for or the problems with employees have created during their day to day
activities. Every individual is a better critique of their own activities, the people would realize
what problems that they are creating while handling the business data with the help of device
facilities.
Keeping track of the workflow processes: This is critical for every organization to
keep track on all the operations and complied related activities that an employee is
performing. This way the regular demonstration of the staff and organizational stakeholders
with their access to the data storage Centre can be figured out. Every organization should
have a monitoring body that would regularly check the access logs and auditing check for
every person who has an authority to the data storage center and who is not allowed to access
the data storage (11). The peripherals must be kept track of so that the data management
software can identify any suspicious activity. All the problems and issues that are found in
this face would be regularly audited and the management of these data would be the base of
every activity within the organization.
Human error: Even if the organizations and its employees are housing for keeping a
track of their own activities, it is also required for organizations to monitor the activities
performed by different people throughout the organization to check for any human error as it

is the most common form of data breach. This might not be intentional by all means but a
small negligence scan cost a lot of vulnerability to the organization (12). One of the primary
ideas that has been found by several researchers is the realization of activities that would not
harm the reputation of the organization or would make the data within the organization
vulnerable. Security issues are extremely common in several ICT organization but in all cases
working in in an organization by maintaining proper data management procedures so that the
data is not prone to breaching must be monitored at every step. It is usually advised to
organizations for having a pair of access card with biometric security so that fingerprints can
be provided as best possible defense (13). This is because the biometric password is unique
and cannot be replicated or stolen, making them much safer and more effective than
passwords.
Educating employees on security policies: The primary problem that organizations
stays quite often is the inability of the staff members to continue their day-to-day activities
following all the safe and secured activities such that the confidential data and important
business information is kept safe from the malicious hackers or other damage or loss (14).
Having a strong security system is extremely necessary for every organization and the major
part of this establishment is educating the staff member and explaining them every activity
they perform within the organization and the associated information security risk along with
it. They also need to understand that the compliance purposes and their work processes are
aligned such that the security system within the organization remains maintained. On the
other hand, they must also be provided with the idea that as per their compliance purposes,
every activity that they provide to the organization are strictly monitored (15). However,
before every step to be taken it needs to be identified how the people within the organization
are one of the major concerns for creating data vulnerability within the organization. With
this they would find it more important to scrutinize their own activities and find if they are

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

prone to any activities that might lead to data vulnerability threats all laws of data or any
other diamonds to the organizational resources.
Feedback from the stakeholders: The stakeholders are also one of the most
important aspect within an organization and they should also be asked for their feedback
while discussing the security policies and security systems with the staff members once they
are fully in place. They can be asked to either agree or disagree to the safety and security of
the business assets or the ease of access off the business data (16). Some potential
vulnerabilities within the organization must also be clarified to find out their opinion mostly
the staff that is dedicated to the restoration of Information Technology within the
organization.
Discuss considerations associated with the transitioning of an information
security blueprint to a project plan
There are several considerations that are associated with an organization that requires
transitioning of the information security system within the basic day to day activities. The
modern dependency of organizations over Technology has made business data vulnerable to
malicious attackers (18). The crucial security system needs to be embedded so that the
organization data that are extremely confidential is not prone to reaching at the end of the day
for application security vulnerability. Following can be a blueprint to the project plan that
would enable every organization to fulfill a basic transitioning to information security:
Building up of healthy security culture: This is required in every organization so
that the security culture grows in a positive way within the organization organically. They
must be investments made to maintain the security culture in such a way that every possible
security transformation event must be paid attention to. This would help in the transforming
of the security systems to enable absolute information security (19). It would have defining

features of all deliberate and disruptive day to day activities. The starter culture would not
only be for interacting with the employees on a day to day basis but also it will define the
security influences of every organizational employee so that they would not just realize their
own terms and conditions for performing their activities maintaining information security but
they will also need to increase awareness to the others as well.
Employee engagement for installing security ideas: Bringing up the people for
making them understand the security issues within the organization and having a face to face
meeting with all the employees one after another batch is extremely necessary. This will
enable the employees to input their personal information and feedback for understanding their
thinking about information security (20). They can also provide feedback on what they think
about the company policies for installing information security services.
Setting a mission and vision for awareness: The people within the organization
must be satisfied certain level according to the ability of every person so that the death of the
threats are understood to them and they become self-aware of their own activities before
performing any daily work that might lead to vulnerability of information.
Monitoring the activities: After the employees are made to understand the policies
of the organizations about information security and are made to perform them at the same
time, it is required that the organizations also monitor the activities of each of these
employees to understand which of these activities are ultimately forming threat to the
organization and which are increasing the security of the business data.

Describe the positioning of Information Security within organizations
Concerns of staffing
Information security is extremely important as a matter of staffing problems.
Employees are found to be more prone to involve into the data vulnerabilities within an
organization leading to further threats (15).
Enumerating credentials
The first and foremost important factor for maintaining information security with
physical security is making the employees understand the use of the different physical
devices that they are performing within the organization every day and how they can ensure
that using all these physical devices can lead to further threats. This should be mentioned to
every employee within the organization followed by a proper Security Analysis done for all
the physical devices used within the organization.
Supporting policies and practices
Policies and practices should be included within the everyday activity for the contract
of an employee so that they follow all the policies and practices mentioned within the
contract is a part of the job.
Special requirements
Other than all these activities it is required that the organization also considered the
human personal within the organization to be considered as an equally effective and
important part of information security plan within the organization. This would make them
understand their worth in the business so that they can perform even better activities to
maintain information security throughout the organization.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Conclusion
Therefore, in conclusion it can be said that there are several organizations that do not
understand the utilization of physical devices and how it can lead to possible physical threats
within the organization. The possibility of having several physical devices like computers and
other devices like laptops mobile USB flash drives and others are also found to be vulnerable
to data threat. The misuse, loss or theft of information from these devices are usually found to
be not this occurring because of malicious cyber attackers but also due to the natural
calamities and the lack of proper understanding of information security by the employees
within an organization. This is why the above report clearly define the concept and conditions
of information security that every organization should perform along with the employees
within the organization as every person within the organization is responsible for having a
proper understanding of information security vulnerability brought in by damage to the
physical devices within an organization. The concept of building up information security
system for preventing data vulnerability has also been described in this report as above.

References
(1) Fennelly LJ. Effective physical security. Butterworth-Heinemann; 2016 Nov 25.
(2) Zhang Y, Yau D, Zonouz S, Jin D, Qiu M, Erol-Kantarci M. Guest editorial smart grid
cyber-physical security. IEEE Transactions on Smart Grid. 2017 Aug 21;8(5):2409-10.
(3) Sanjab A, Saad W, Başar T. Prospect theory for enhanced cyber-physical security of
drone delivery systems: A network interdiction game. In2017 IEEE International
Conference on Communications (ICC) 2017 May 21 (pp. 1-6). IEEE.
(4) Liu Y, Liu A, Liu X, Ma M. A trust-based active detection for cyber-physical security in
industrial environments. IEEE Transactions on Industrial Informatics. 2019 Aug
5;15(12):6593-603.
(5) Kobara K. Cyber physical security for industrial control systems and IoT. IEICE
TRANSACTIONS on Information and Systems. 2016 Apr 1;99(4):787-95.
(6) Chen YC, Gieseking T, Campbell D, Mooney V, Grijalva S. A hybrid attack model for
cyber-physical security assessment in electricity grid. In2019 IEEE Texas Power and
Energy Conference (TPEC) 2019 Feb 7 (pp. 1-6). IEEE.
(7) Desnitsky V, Levshun D, Chechulin A, Kotenko IV. Design Technique for Secure
Embedded Devices: Application for Creation of Integrated Cyber-Physical Security
System. JoWUA. 2016 Jun;7(2):60-80.
(8) Kobara K. Cyber physical security for industrial control systems and IoT. IEICE
TRANSACTIONS on Information and Systems. 2016 Apr 1;99(4):787-95.
(9) Mavroeidis V, Vishi K, Jøsang A. A framework for data-driven physical security and
insider threat detection. In2018 IEEE/ACM International Conference on Advances in
Social Networks Analysis and Mining (ASONAM) 2018 Aug 28 (pp. 1108-1115). IEEE.
(10) Peltier TR. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press; 2016 Apr 19.