Homework Responses Week 6

Technological advancements flooding the security industry are beneficial to the protection of critical infrastructure and assets. However, execution of applying such devices require an educated security manager that can extract the most benefit from, often various integrated systems. Smith and Brooks (2012) support this by stating an emphasis on the context of the security in necessary for technology to be applied within a security management strategy (p. 154). Technology is frequently used to fill gaps of security programs or enhance security in high security or critically defined areas. One of the most used Defense-in-Depth strategies used is access control. This strategy protects assets by reducing access by unauthorized personnel. Smith and Brooks (2012), ultimately confer the role of access control systems (ACS) is to deter, detect, and delay intrusions while facilitating a response (p. 158). While there are many aspects that can be incorporated into an ACS, I have found a few that I find essential to maintain integrity of the system. First and foremost, a physical security assessment of the facility is primary to any access control system. Identifying high security areas and providing a desired “traffic pattern” of both visitors and employees. Within the employee roles, I would also identify levels of security clearances. This includes but it not limited to control panels, access points, card readers, cameras among other devices. This will ultimately identify what access control measures are employed and where.

Once the base system is designed, establishing a badging station with dedicated personnel to manage the issuance and termination of badge activity. This will help manage that only active personnel have access to the facility. For identification purposes, all employees will have an updated picture placed on their badge and will show up for all “swipes” performed on the system. Additionally, I will establish a mandatory display policy of all employees. Clients or visitors will also be issued a visitor badge and must be escorted by an employee at all times while in the building. The employees will be responsible for all visitor badges.A base station that handles access control and security monitoring will dispatch security personnel for any alarms that may occur. This would include intrusion alarms, door forced open alarms, door held open alarms, etc. This would give the security staff monitoring the facility a bird’s eye view of activity within the facility. Overall, this framework will give a decent starting point for an ACS. While access control measures can be a powerful DiD tool, enhanced methods may be used for higher security areas. Biometrics is uses biological traits to identify individuals (Smith and Brooks, 2012, p. 163). Additionally, biometrics can increase the level of security to an area. Traditional biometric characteristics have been fingerprints and retinal scans, however there have been improvements to include other identifiable elements such as voice identification and hand vein patterns. 

Biometric use can be expensive to install and maintain, so utilization of this protocol should be used sparingly if budget constraints are an issue. With this in mind, I would personally use biometric to secure highly sensitive information or where high levels of security are needed. An added benefit to using biometric measures in limited capacities, is that the access pool may be considerably smaller and thus will be managed easier. Overall there are several ways to implement access control elements. And while many are very good, establishing how and what to implement based on the specific environment is the key to a well-rounded system.

V/R

Corey Overcash

 

References:

Gams, M., & Tušar, T. (2007). Intelligent High-Security Access Control. Informatica, 31(4).

Smith, C., & Brooks, D. J. (2012). Security Science: The Theory and Practice of Security. Burlington: Butterworth-Heinemann.

Zuva, T., Esan, O. A., & Ngwira, S. M. (2014). Hybridization of bimodal biometrics for access control authentication. International Journal of Future Computer and Communication, 3(6), 444-451. doi:http://dx.doi.org/10.7763/IJFCC.2014.V3.344