Combine and standardise physical and IT security measures to minimise risk

July 2007 Integrated Solutions

Organisations incur significant overheads, as well as generate increased security risks, when employees misuse or abuse network resources.

Serious losses – of financial and competitive edge in particular – are incurred when intellectual property or sensitive information leaves the confines of the organisation or when computer fraud occurs.

“Users on the inside have access to business critical system resources, making the network susceptible to attacks and exploitation through the use of their privileged status,” says Karel Rode, solutions strategist at CA.

Karel Rode
Karel Rode

Up to and including the early nineties, an insider was defined as someone who had physical access to a computing facility – typically an employee or the system administrator. Physical security was deemed to be sufficient, as a security guard was able to identify individuals – a precaution that was enhanced by the ‘second factor’ authentication of a swipe card.

“This principle is no longer applicable and an insider is no longer referred to as an employee of the company, as this would give a contractor or temp similar privileges. Additionally, the user may connect via a remote access connection, removing physical access considerations,” Rode says.

“Someone who has achieved insider privileges, by gaining access to a computer, could pose a potential threat. This means that significant technical controls to protect against privilege abuse are needed. Without the proper security policies and governance, it is hard to accurately identify the level of threat and even harder to appropriately implement preventative controls,” he adds.

Reducing the risk

So what can companies do to reduce the risk of information loss, while providing staff with the required access to network facilities?

One possible solution would be to merge physical and IT security, says Rode.

Rode suggests that the most practical point of departure would be for companies to look closely at their user populations and determine where the most accurate store of active users exists within the company. This might be the current HR system for permanent staff and some other data store for contractors and temps.

He adds that companies must reconsider their current process for issuing corporate badges to employees. As companies expand in large campus environments, employees might need access to multiple buildings where each location has a different physical access control system. This is a situation that may not be under a company’s control if the company is a tenant and does not have input into the building access systems.

Rode suggests standardising staff security measures. This would make it possible for the company to limit staff access to areas and resources that pertain to their role. Companies could even limit access to certain times of the day. This approach would benefit companies that want to limit shift workers who only need to access selected zones at specified times. Taking things a step further, companies that run IP video surveillance, would be able to track, monitor and record any instances where a violation or failed repeated access has taken place.

“This leaves us with the logical access to systems, resources, applications, files and folders. The logical access scenario will succeed if companies have a data classification standard in place, which they can use within the rule definition process. This will ensure that only designated users with specific group membership or directory attributes can gain access to read, modify or delete files, or access application resources within their designated realm,” Rode concludes.

For details contact CA, +27 (0)11 236 9111, [email protected], www.ca.com





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Future trends for electronic safety and security in mining
Fang Fences & Guards Mining (Industry) Integrated Solutions AI & Data Analytics
The mining industry is ever evolving, driven by technological advancements and the growing need for enhanced safety and security measures, with significant innovation seen in turnkey electronic security for mining operations.

Read more...
Unlocking enhanced security for mining
Mining (Industry) Integrated Solutions
In the dynamic landscape of African mining, security remains of paramount concern as threats evolve and challenges persist, and mining companies seek innovative solutions to safeguard their operations, assets, and personnel.

Read more...
A constant armed struggle
Technews Publishing XtraVision Editor's Choice Integrated Solutions Mining (Industry) IoT & Automation
SMART Security Solutions asked a few people involved in servicing mines to join us for a virtual round table and give us their insights into mine security today. A podcast of the discussion will be released shortly-stay tuned.

Read more...
Access and identity in 2024
Technews Publishing Gallagher HID Global IDEMIA Ideco Biometrics Enkulu Technologies neaMetrics Editor's Choice Access Control & Identity Management Integrated Solutions
SMART Security Solutions hosted a round table discussion with various players in the access and identity market, to find out what they experienced in the last year, as well as their expectations for 2024.

Read more...
Advanced security solution for high-risk areas
Secutel Technologies Surveillance Integrated Solutions
The need for a sophisticated intrusion detection system is paramount when faced with persistent security challenges, particularly in isolated battery rooms or high-risk areas prone to vandalism, cable theft, and battery theft.

Read more...
Vumacam and NAVIC enhance SafeCity initiative
Integrated Solutions Security Services & Risk Management
Vumacam and NAVIC, two of South Africa's most respected surveillance technology and vehicle intelligence providers, are proud to announce an alliance that will greatly expand the coverage and impact of the SafeCity initiative across the country.

Read more...
Gallagher Security’s achieves SOC2 Type 2 recertification
Gallagher News & Events Integrated Solutions Infrastructure
Gallagher has achieved System and Organization Controls (SOC2 Type 2) recertification after a fresh audit of the cloud-hosted services of its integrated security solution, Command Centre. The recertification was achieved on 21 December 2023.

Read more...
Integrated transportation security
Guardian Eye AI & Data Analytics Integrated Solutions Logistics (Industry)
HG Travel installs an AI-powered camera system integrated across 115 vehicles throughout a fleet comprising 160 vehicles of different sizes, along with predictive and self-monitoring tools to track tyre condition, fuel consumption and theft, and overall vehicle maintenance.

Read more...
Embracing next-generation surveillance for safer cities
Surveillance Integrated Solutions AI & Data Analytics
With the South African government highlighting the importance of building smart cities by integrating advanced technologies to make them more resilient and liveable, the role of next-generation network video and surveillance technologies cannot be ignored.

Read more...
Gallagher Security releases Command Centre v9
Gallagher News & Events Access Control & Identity Management Integrated Solutions
Richer features, greater integrations, with the release of Gallagher Security’s Command Centre v9 security site management software designed to integrate seamlessly with various systems and hardware.

Read more...