Friday, January 9, 2009

Business Lessons – a few thoughts on Security

Was at a client today that has changed their policy regarding campus access. The problem is that no strategic thought was given with regards to many aspects of the new policy as such there exists many deficiencies. Let me state this clearly and concisely – no effective comprehensive security system can be designed without a threat assessment.

 

While I will not identify the client I will address some points of importance. When you design a security system understand its purpose is to effectively protect your assets from theft and hold people accountable for their actions. 

Many people think a system of protection is an effective deterrent – not true and that is truly not what it is intended to do. Rather a comprehensive system (which included policies and procedures) is intended to create a level of protection to ensure the assets of the company (people, tools, data, etc) remain in possession of the company and that access to facility is controlled. 

This can be done as follows:

  • Performance of a comprehensive threat assesment
  • Creation of a comprehensive written security policy
  • Strategic placement of security cameras with DVR
  • Controlled access to sensitive areas
  • Controlled access to sensitive data
  • Picture IDs for employees
  • Picture IDs for vendors
  • Annual revision of policy 

Sure many people may believe they can solve a problem on their own and in some cases it is true however at a commercial level a professionally designed comprehensive solution reduces the possibility of problems due to oversight and balances the factors of cost, protection and ease of use with intended need for protection while limiting potential for abuse or penetration be internal and external threats.

No comments:

Add to Technorati Favorites