Physical security is often a second priority in an information security program. Since physical security has technical and administrative elements, it often takes a backseat to the security of data and other information technology assets. 

Protecting important data, confidential information, networks, software, equipment, facilities, company's assets, and personnel is what physical security is about. There are two major types of physical security issues: natural and man-made. Natural physical security issues include floods, fire, power fluctuations, severe weather, war, etc., which can cause a permanent loss of data. Man-made physical security issues are typically some form of an attack by a malicious party, which includes terrorism, vandalism, and theft. These events affect the entire organization.

Identify two physical security threats (one of each type), their potential damage and its impact on the organization, and the countermeasures you'd install or implement to mitigate their disruptions. 

 

1.      Man-made: Examples of Man-made threats include vandalism and theft:

·        Theft: It is one of the most common human-made threat and including theft of company-provided laptops, mobile phones and other hardware devices like USB drive, CD/DVD, etc. as well other organization valuables like confidential or proprietary documents. It includes occurrences outside the office premises as well as within. Theft can be caused by some person not related to organization as well by an existing or ex-employee of organization. Theft can not only cause loss of organization owned hardware/system, but it can also lead to loss of critical data and digital property of the organization and unauthorized access to confidential information, which can lead to a much higher financial, competitive or reputational loss. Theft can be controlled by protecting the office premises as well as vital organizational areas with physical security personnel/guards who restrict the physical access to the area only authorized people (automated systems can also be used alongside). The previous solution requires the establishment of a working authorization and authentication system/standard in an organization (Identification card, RFID card, etc.). CCTV camera should be installed at all key locations, and employees should be made aware of do's and don't, especially if they are going to carry some organizational hardware property outside the premises. Critical data/digital property must be replicated or backed up at regular interval while access to confidential data must always be handled with stricter physical security protocol.

Step-by-step explanation

Answer

Physical Security Threats comes in two types:

1.      Man-made: Examples of Man-made threats include vandalism and theft:

·        Theft: It is one of the most common human-made threat and including theft of company-provided laptops, mobile phones and other hardware devices like USB drive, CD/DVD, etc. as well other organization valuables like confidential or proprietary documents. It includes occurrences outside the office premises as well as within. Theft can be caused by some person not related to organization as well by an existing or ex-employee of organization. Theft can not only cause loss of organization owned hardware/system, but it can also lead to loss of critical data and digital property of the organization and unauthorized access to confidential information, which can lead to a much higher financial, competitive or reputational loss. Theft can be controlled by protecting the office premises as well as vital organizational areas with physical security personnel/guards who restrict the physical access to the area only authorized people (automated systems can also be used alongside). The previous solution requires the establishment of a working authorization and authentication system/standard in an organization (Identification card, RFID card, etc.). CCTV camera should be installed at all key locations, and employees should be made aware of do's and don't, especially if they are going to carry some organizational hardware property outside the premises. Critical data/digital property must be replicated or backed up at regular interval while access to confidential data must always be handled with stricter physical security protocol.

·        Terrorism: This threat highly concerns certain geopolitical areas which have a history of terrorist activities or are susceptible to terrorist attacks. A terrorism attack on organizational premises can disrupt work and communication network, potential damage/destruction of corporate property (including a computer system, data centre, IT equipment, etc.) and loss of human life. Impact of such attacks can be controlled by having proper security and safety protocols and standards in place, employee awareness of do's and don'ts, protection of office premises and key locations with physical security personnel (guards), regular drills, and proper liaisoning with the government authorities of the location. Critical data/digital property must be replicated or backed up.

2.     Natural: Examples of natural threats include Fire and Earthquake.

·        Fire: Fire can occur in a building or office premises due to many reasons like human carelessness (throwing unextinguished cigarette carelessly, etc.), electrical circuit fault, etc. Fire can cause a lot of damage to the organization - it can damage/destroy computer systems, data centres, IT equipment, other organizational property. It can even engulf the whole premise, disrupt the communication network and cause loss of valuable data/digital property as well as the loss of precious human life. Fire can be avoided by adopting and maintaining proper fire-safety standards and protocols in the organization, ensuring the availability of fire extinguishers at critical locations, regular fire safety drills. Also, employee awareness of do's and don't, regular maintenance of electrical circuits, etc. Critical data and digital property must be replicated or backed up at the regular interval.

·        ·Earthquake: Earthquake is a severe issue at various earthquake-prone locations across the globe where earthquakes are an ever-looming threat. Earthquakes with large Richter scale could potentially damage the office buildings or even make them collapse. These could, in turn, lead to the destruction of computer systems, data centres and other IT hardware equipment and property as well as the loss of human life. It could also potentially cause loss of critical data/digital property. The impact of Earthquakes can be reduced by construction earthquake resistant offices/buildings, having appropriate earthquake safety protocols and standards in place, regular drills, employee awareness of do's and don'ts, etc. Critical data and digital property must be replicated or backed up at the regular interval. Another possible solution can be a choice of such sites for offices which are less earthquake-prone.