Securing networks or systems within institutions and corporations is not enough. At present, security is not only concerned with the ethereal aspect of it but also with the tangible dynamics of physical security. Although physical security seems too basic, establishing even the most sophisticated network security is useless if its physical environment does not keep it sheltered and protected. Security threats that have something to do with the physical aspect of institutions include burglary and theft.
In this case, even the most established digital security system that functions within the computer networks will not be able to prevent these crimes. A breach in physical security makes the network or digital system of the institution susceptible to power interruptions that disrupts the security system, addition of hardware devices that may used to hack or spy into the system, removal of hardware devices that paralyzes the system, copying confidential data from the system through USBs, CDs, and such, logging in the system directly without authorization, etc. Stewart, 2004)
The importance of high standard physical security systems and policies ensure that aforementioned situations that seek to jeopardize the position of institutions that might affect all its aspects, especially its finances, are avoided. Having a secure digital system is impressive, but having a secure digital system and physical environment is highly recommended. To uphold high quality standards of security, both the digital and physical aspects of security should be merged. Sturgeon (2004) defines this as marrying digital and physical security.
Physical security involves the use of high-tech gadgets such as cameras that will be used for close monitoring, 24-hour video coverage and storage, video recording triggered by movements, wireless and mobile installments within the physical environment, etc. (Physical Security, 2008) The physical security approach is based on four principles or strategies. First, physical security follows the necessity of protecting the network or institution, detecting security threats and possible risks, responding to these threats and risks, and allowing recovery for the network or institution from damages or indemnities brought about by security breaches.
This process requires setting up of security systems that will accomplish these four phases of protecting (with the use of controlled access systems that restricts involvement of the public to authorized personnel only), detecting (using surveillance systems and frequent check-up of the physical areas of institutions), responding (well-trained security officials and network protocols that carry out these responses to security threats and risks), and recovering. (Operational Security Standard on Physical Security, 2004) Second, physical security builds up on hierarchical zones that protect or safeguard access to the security system.
These hierarchical zones include the public zone (areas accessible to the public), reception zone (area wherein the boundary between the public and restricted zones is determined), operations zone (areas private to personnel), security zone (areas private to only authorized personnel or visitors), and the high security zone (areas private to authorized and escorted personnel or visitors). Within these zones, technological facilities and security officials are installed and designated respectively to carry out four phases in the previous approach discussed. (Operational Security Standard on Physical Security, 2004)
The third approach in physical security is controlling access to determined hierarchical zones. This approach has something to do with controlling access most especially to restricted areas. It does not only control individual access, but is also concerned with the entry of materials considered to be potentially threatening or risky to security, such as mobile phones and other technological gadgets, harmful objects such as knives, guns, and such, etc.
Although institutions should consider this approach in physical security, controlling access should not limit or restrict authorized individuals too much, allowing them ease in visiting each zone within the institution. Aside from security officials designated at every zone, there should also be systems that carry out state-of-the-art security protocols, such as technologies installed within the institution that asks for PIN or access numbers, access cards, biometrics, etc.
Fourth, physical security systems should be designed to increase security levels in times of emergency or security threats. (Operational Security Standard on Physical Security, 2004) These four approaches, as recommended by the Treasury Board of Canada Secretariat follow the requirements of a strong and efficient physical security system. The concepts supported by these four approaches suggest how physical security systems and policies should be established in order to ensure that it will serve its purpose.
However, accomplishing all the requirements in establishing a physical security system and a set of policies is not enough. Institutions should make sure that these elements of security are assessed and evaluated to ensure that it is properly sustained and it is up-to-date with trends in security technologies and processes. Part of the evaluation process includes frequent training and drills for security officials, checking-in with technological innovations that improve quality of security measures and systems, and observing existing systems to determine much-needed replacements or tweaks.
With all these information in mind, physical security is a vital part in institutions that should not be neglected nor taken lightly. It complements digital network security systems, such that it prevents it from being jeopardized or subjected to external control, manipulation, and possible damages that affects the operations within the institution. Establishing a solid physical security system require that all aspects of the physical environment within an institution is identified.
Mapping out requires that the institution determines where security is most needed and where access is most likely to be controlled. Aside from going over the basics and technical details of physical security systems, institutions should provide time and effort to evaluate the system in order to ensure that it functions efficiently according to its purpose, and that it meets the highest requirements of quality standard physical security.