1. Introduction
- Risk Management
- Who Are You, and Why Are You Here?
- Finding a Solution
2. Problem Definition
- What Needs Protecting?
- Who is Allowed Where?
3. Methods of Identification
- Reliability vs. Cost
- Combining Methods to Increase Reliability
- Security System Management
4. Access Control
- What You Have
- What You Know
- Who You Are
5. Other Security Systems Elements
- Building Design
- Piggybacking and Tailgating: Mantraps
- Camera Surveillance
- Security Guards
- Sensors and Alarms
- Visitors
6. The Human Element
- People: The Weakest Link
- People: The Strongest Backup
7. Site Design
- Layers
- Components
- Tactics
8. Controlling Site Access
- Entry Control Facility
- Zones of an Entry Control Facility
- Utilities and Automatition
9. Chosing the Right Solution
- Risk Tolerance vs. Cost
- Security System Design Considerations
- Building Security Design Considerations
|
|
Who is Allowed Where?
A person’s authority for access to a secure area can be based on different things. Besides the usual ones — identity and purpose, the first two listed below — there may be additional categories requiring special treatment, such as “need to know.”
Personal identity Certain individuals who are known to the facility need access to the areas relevant to their position. For example, the security director will have access to most of the facility but not to client data stored at the installation. The head of computer operations might have access to computer rooms and operating systems, but not the mechanical rooms that house power and HVAC facilities. The CEO of the company might
have access to the offices of the security director and IT staff and the
public areas, but not the computer rooms or mechanical rooms
Reason to be there A utility repair person, regardless of whether it’s
Joe Smith or Mary Jones, might have access only to mechanical rooms and public areas. The cleaning crew, whose roster could change from day to day, might have access to common areas but nowhere else. A network switch expert might have access only to racks with switching equipment, and not racks with servers or storage devices. At a web server facility, a client’s system maintenance personnel might have access only to a “client
access room” where there are connections to their personal server for administrative purposes.
Need to know Access to extremely sensitive areas can be granted to specific people for a specific purpose — that is, if they “need to know,” and only for as long as they have that need.
To receive your Physical Vulnerability Assessment, please submit your payment of $999.00
B E T T E R: Please submit your payment of $1999.00 for a complete Physical Vulnerability Assessment or Design covering a single location.
|