Homework answers / question archive / Running Head: RECOVERY IN PHYSICAL SECURITY 1   RECOVERY IN PHYSICAL SECURITY 15           Recovery in Physical Security                           Table of Contents Threats Associated With Physical Security 3 Physical Security Policies 5 Physical Security Recovery Procedures 6 Physical Security Recovery Plan 6 Responsibility and Roles 7 Incident Response 7 Recovery Procedure 7 Physical Security Recovery Standards and Guidelines 8 Appropriate Recovery Controls in Physical Security 9 Data and System Backups 9 Disaster Recovery Site 10 Physical Security Issues and Concerns for Different Industries 10 Information Technology Industry 10 Manufacturing Industry 11 Business Continuity and Risk Mitigation 11 Disaster Recovery Budgetary Concerns 12 Conclusion 12 References 14                   Recovery in Physical Security Physical security is essential for any facility, office, or even home

Running Head: RECOVERY IN PHYSICAL SECURITY 1   RECOVERY IN PHYSICAL SECURITY 15           Recovery in Physical Security                           Table of Contents Threats Associated With Physical Security 3 Physical Security Policies 5 Physical Security Recovery Procedures 6 Physical Security Recovery Plan 6 Responsibility and Roles 7 Incident Response 7 Recovery Procedure 7 Physical Security Recovery Standards and Guidelines 8 Appropriate Recovery Controls in Physical Security 9 Data and System Backups 9 Disaster Recovery Site 10 Physical Security Issues and Concerns for Different Industries 10 Information Technology Industry 10 Manufacturing Industry 11 Business Continuity and Risk Mitigation 11 Disaster Recovery Budgetary Concerns 12 Conclusion 12 References 14                   Recovery in Physical Security Physical security is essential for any facility, office, or even home

Sociology

Share With

---

Running Head: RECOVERY IN PHYSICAL SECURITY 1

 

RECOVERY IN PHYSICAL SECURITY 15

 

 

 

 

 

Recovery in Physical Security

 

 

 

 

 

 

 

 

 

 

 

 

 

Table of Contents Threats Associated With Physical Security 3 Physical Security Policies 5 Physical Security Recovery Procedures 6 Physical Security Recovery Plan 6 Responsibility and Roles 7 Incident Response 7 Recovery Procedure 7 Physical Security Recovery Standards and Guidelines 8 Appropriate Recovery Controls in Physical Security 9 Data and System Backups 9 Disaster Recovery Site 10 Physical Security Issues and Concerns for Different Industries 10 Information Technology Industry 10 Manufacturing Industry 11 Business Continuity and Risk Mitigation 11 Disaster Recovery Budgetary Concerns 12 Conclusion 12 References 14

 

 

 

 

 

 

 

 

 

Recovery in Physical Security

Physical security is essential for any facility, office, or even home. The case is so because it involves securing confidential information, equipment, facilities, network software, workplace personnel, and organization’s assets. Security may be affected in two ways: natural attack, for instance, power fluctuations, fire, and flood, among others. Even though attacks as a result of natural attacks may not lead to misuse of the company's assets or information, once the attack occurs, it can hard to retrieve the assets or information. Intruders attack the second way with malicious intentions.

Since attacks are inevitable in any organization, it is best when organizations plan for contingency measures to minimize the impact of attacks and also recovery plans. Addressing physical security recovery is quite complicated. Therefore, it requires the integration of multiple control mechanisms, including physical, technical, and administrative measures, to be comprehensively covered (Chille, Mund & Möller, 2018). Some of those issues in addressing physical security include determining the associated threats, policies, designing plans, standards, and guidelines, setting up appropriate controls, risk mitigation, and business continuity, and budgetary concerns.

Threats Associated with Physical Security

A breach of the company's physical security can lead to subsequent attacks such as cyber-attacks leading to even higher losses. Planning for recovery after a physical security attack requires the organization to identify all potential threats that would lead to the physical security breach. One of the risks to physical security is burglary and theft. These are some commonly occurring physical threats. Burglary and theft in the organization may seem easy to handle, but it can be quite complicated because it involves protecting the company from both internal and external threats. The case is so because even the company’s employees can commit these crimes, which can significantly impede the company's safety.

Vandalism is another threat associated with physical security. It is defined as activities that involve intentional damage, defacement, or destruction of private or public property (Essa, Al-Shoura, Al Nabulsi, Al-Ali & Aloul, 2018). Vandalism does not only lead to the damage of physical security measures but also impairs many several resources that require a hefty investment in terms of money and time to reconstruct, making it even more costly. Even though they may seem like harmless actions committed by troubled individuals or teenagers, they are a significant threat to the physical security of a premise and well-being. The case is so because vandalism is strictly related to damage to the property.

A natural disaster is another threat to physical security. It is one of the hardest risks to plan for because no one can predict the exact natural disaster that may occur on the organization’s premises. However, with the advance in technology and other aspects of the modern era, homeowners and companies are notified about a major disaster that may be coming, but there is a certain unpredictability. There exist a broad range of accidents resulting from nature, including wildfires, floods, and earthquakes, among others. The loss due to natural disasters can be huge because it impairs both normal operations and also leads to property damage making it one of the costliest and harshest threats to physical security.

Another threat to physical security is terrorism. Terrorism is a threat to physical security that transcends both homes, organizations, and even nations. It is a threat that pervades multiple physical security facets and compromises each one of them almost equally. Unlike other threats, terrorism can be hard to combat, mainly when it occurs on a limited scale. As a result, it requires organizations and homeowners to set up preventive measures and also mitigation measures to enhance their chances of survival, should it occur.

Physical Security Policies

Enhance the enterprise's prevention against physical threats; there is a need to establish security policies that help to govern its operations. Some of the main objectives of the physical security policies include defining and restricting access to a premise, identifying sensitive areas in the organization, and establishing rules for controlling, granting, removal, and monitoring of access to physical premises (Peltier, 2016). One of the policies that an organization should consider to boost the physical security includes complete control of physical access to sensitive areas such as server rooms or areas and keeping the servers inside server racks that are lockable.

Another policy is that access to the server room is restricted designated to only operations and systems personnel. Besides, if another person is to work on tasks about the servers, for instance, they can only establish a remote connection to the servers and with a regulated user account for development purposes. The case is so because any physical server access can be a potential threat because they will have direct access to the organization's sensitive resources, such as confidential information.

Sensitive backup media should retain inside a fireproof off-site area and a vault. There is to ensure protection against fire that may occur within the organization’s premises. All physical entry points to sensitive areas in the organization, including exit points and designated entry, shall be under control. Access should grant after the individuals have verified to access. Another policy is that security perimeters should establish to ensure the protection of areas that may contain crucial information systems to enhance prevention against unauthorized access, interference, and damage. The organization should list the personnel authorized to access facilities holding sensitive resources. Also, there should be a monitoring mechanism designed to monitor and detect access to the organization’s information systems. Those policies help the organizations to be proactive in protecting themselves against physical threats.

Physical Security Recovery Procedures

Enhance recovery in physical security; several procedures are crucial in the exercise. Recovery procedures are dependent on the physical threat that occurred. These procedures are designed to help the organization get back to its full operations and establishing mechanisms to ensure that no other faults that may lead to a similar attack in the future. One of the procedures involved in the recovery is fixing the damaged property on the premises (Ali & Awad, 2018). During a physical attack, property damage is inevitable, and therefore, one process to reinstating the premise to full operation is repairing the damaged areas.

Another procedure involved in the recovery process is data recovery. Organizations depend significantly on data, and therefore, recovery procedures include recovering crucial company information such as financial statements for it to restore its full operations (Ayala, 2016). Other recovery procedures are installing the surveillance system and hardened locking systems, damage evaluation, and acquisition of the necessary materials that may have gone missing during the attack.

Physical Security Recovery Plan

 

A physical security recovery plan involves several components, with each serving a purpose in the recovery process. The introduction of the recovery plan outlines the essential role of the program. It describes several sections involved in the project and stipulates what each part entails. The recovery plan contains several articles, including responsibility and roles, incidence response, and a recovery procedure.

Responsibility and Roles

 

After a physical attack occurs, employees are often tensed and can lead to even additional damage or panic, which may also worsen the impact of the threat. Planning for responsibilities and roles during the recovery process before its occurrence is crucial, especially when dealing with a big organization. The case is so because, in doing so, it provides employees with the power to make decisions that would help in dealing with the attack. Also, it outlines what each employee should do when a physical security incident occurs. As a result, it helps in minimizing employee conflict during the recovery process and enhances coordination during such times, which, in turn, improves the recovery process's outcome.

Incident Response

 

In the incidence response sections of the physical security recovery plan, it entails the immediate response to a threat. Therefore, the incident response section of the recovery plan includes what needs to do in response to what risks (Zare, Wang, Zare, Azadi & Olsen, 2020). Therefore, the content of this section is dependent on the threat. For instance, if the risk is fire, then the incident response is to ensure that everyone in the premise adheres to the pre-established evacuation plan to ensure that they get out of the premise safe. It may involve contacting the emergency service and securing the perimeter.

Recovery Procedure

 

The recovery procedure section of the physical security recovery plan entails what is required to restore the organization to its full operation. Also, it is dependent on the type of threat that occurred. However, one of the significant and common steps involved in the recovery procedure is data recovery. The case is so because organizations are mostly data-driven, and loss of such data can have a significant impact on the restoration of the organization back to its full operation. If the threat that occurred did not have a substantial effect on the organization's data centers, it could quickly resume. However, if it has affected the data centers significantly, the organization may be required to hire recovery experts to facilitate data recovery. Other procedures include fixing the premises if they got damaged during the physical attacks.

Physical Security Recovery Standards and Guidelines

 

Several basic standards need to adhere to during the recovery phase. One of the criteria is that organizations should perform network and system testing and validation to certify them as operational. It is a crucial standard designed to ensure that organizations do not get back their full operation ‘too soon’ such that some of their aspects are not operational. The case is so because resuming normal activities with some elements not functioning may invite another physical attack.

Another standard recertifying all components compromised as a result of the physical threat as both secure and operational. This standard requires the involvement of appropriate regulatory bodies to inspect all the premises and systems that were affected (Fennelly, 2016). The rule is essential to ensure that that all the affected areas are okay before resuming to operation, as failure to recertify them may also trigger another similar physical attack.

Another guideline to safe recovery in physical security is strengthening the physical security mechanisms. It may involve analyzing the cause of the threat or the weaknesses that led to the danger. For instance, if the leading cause of the danger failed lock systems, then the company should establish other locks to strengthen the current ones. Generally, this standard requires organizations to undertake post-incident analysis, which involves analyzing the lessons learned from the physical incident to prevent it from reoccurring in the future.

Appropriate Recovery Controls in Physical Security

 

Recovery countermeasures or controls are designed to imitate the duty of corrective measures. These are designed to enhance system recovery and resumption of all its functionality back to normalcy. Under a high availability control measure, the organization comes up control measure intended to improve availability in case of a physical attack. For instance, it may decentralize its servers so that if one of the servers suffers a physical attack, they can access all the services from another server.

Data and System Backups

 

Organizational data and systems play a crucial role in an organization. During physical attacks, the methods and data centers can be affected, thus rendering them less useful or entirely useless. If that happens, it affects the recovery process significantly because the organizations need the data and the previous systems for it to resume back to normal. Data and system backups offer recovery features, enabling the company to recover all its lost data and systems. Having those intact eases the recovery process as all the systems and company data can be quickly restored.

Disaster Recovery Site

 

Disaster recovery sites are also called backup sites. It is a data center where a company relocates its operations temporarily in case the primary system suffers from a natural disaster or a security breach. The backup site ensures business operations continuity until it is safe to restart work in the standard location or until they find another permanent place. There exist two options for disaster recovery sites, which are external and internal. Therefore, depending on the needs of the organization, they can choose which one is appropriate for them. These sites serve as countermeasures to physical threats and any other form of attack on the premise.

Physical Security Issues and Concerns for Different Industries

 

Information Technology Industry

 

Each industry has its unique issues of concern that might undermine the security of their operations. However, some issues cut across multiple sectors. In the IT sector, which is one of the fastest-growing areas, significant challenges are impairing physical securing, which is hacking. Hackers are people who use malicious approaches to gain access to unauthorized information or systems. Also, they may inflict the system with viruses making them which transfer data to the third-party who can then use it for malicious purposes. The primary issue of concern in the IT industry is the fast-growing rate of technology. Information systems are unsafe because as technology grows, hackers keep on working on smarter ways of bypassing the installed security mechanisms.

Training is another issue of concern in the IT industry. Hackers are continuously developing new ways to gain get into the systems. As a result, IT security teams need to stay up to date with the current potential threats to the organization’s information systems (Lee, Azamfar & Singh, 2019). Require frequent training of IT security personnel, which also comes at a cost. Also, IT companies are required to frequently patch their systems to enhance both system and network safety.

Manufacturing Industry

 

One of the significant issues of concern in the manufacturing industry is old facilities and risk assessments. Organizations with mature plants may be facing physical vulnerabilities, yet they are unaware of it. For instance, a building may be having internal cracks that are not visible by a naked eye. Even when they are visible, updating them would require the organization to make a substantial investment. Therefore, they are required to frequently conduct risks assessment to monitor the status of such premises.

Business Continuity and Risk Mitigation

 

The ultimate goal of the organization is to see itself resume back to its full operation after a physical security incident. To enhance business continuity during and after an attack, companies design a business continuity plan. The plan centered on four critical aspects, including preparedness, prevention, recovery, and response framework (Setiawan, Wibowo, & Susilo, 2017). On the other hand, risk mitigation involves designing measures to reduce the impact of the incident in the organization. However, risk mitigation covered within the business continuity plan.

In prevention, business continuity plans focus on risk management planning. In the current phase, the likely impact the risks related to a specific incident are pointed out and managed. All the processes of risk management followed in this stage with all potential threats identified and addressed or somewhat minimized to the acceptance level. During the preparedness phase, a business impact analysis conducted to determine the extent to which the firm’s activities can be affected by the identified risks (Torabi, Giahi & Sahebjamnia, 2016). In doing so, it helps in prioritizing the disruptions based on their impact on the business.

The incident response element of the business continuity plan focuses on establishing the immediate activities that should take in response to the incident. Those actions aim at controlling, minimizing, and containing the impact of the security incident. In the recovery section, a business continuity plan focuses on developing recovery measures. During this phase, response actions to an event outlined to minimize the recovery and disruption times.Disaster Recovery Budgetary Concerns

 

Planning for disaster recovery budget is crucial in disaster recovery as it determines the success or failure of the recovery process. It is essential to consider several issues of concern during the budget planning process. One of them is that it requires rallying the entire workforce. The case is so because of the budget designed to cover the whole organization. That being the case requires the involvement of all leaders, ranging from the CEO, top managers, and other employees. As a result, it makes it a time consuming and costly exercise. Another thing that is necessary when budgeting for recovery in physical security is defining characteristics is essential. Other elements include weighing on the risks, prioritizing the asset based on their significance, testing, and tweaking the budget.

Conclusion

 

Recovery in physical security is a complex process that requires the collaboration of multiple countermeasures, including technical, administrative, and physical approaches. There are several threats to physical security, including vandalism, theft, and burglary, among others. For physical security recovery to addressed well, it requires the implementation of policies, plans, procedures, standards, and guidelines, and appropriate controls to minimize the impact of the threats and time taken to recover. Enhance business continuity during and after a physical attack, and businesses design a business continuity plan with four elements: preparedness, response, prevention, and recovery. Certain factors facilitate smooth-running business operations during also following attack from threats planned ahead happening. Budgeting for improvement requires several issues to address, including the involvement of many participants making it a time-consuming exercise.