Introduction
An organization security plan refers to a holistic system that is aimed at improving the current security of equipment, information and personnel in an organization. A perfect security plan must entail all the features of the industry and the organization whose security plan is being developed. It must also capture the futuristic elements that are both foreseeable and unforeseeable (Karen, 2009). In the past study, some of the wide areas of security had been identified. These areas include;
· General information
· Country
· Community
· Physical security
· Facility perimeter
· Building
· Access control
· Alarm and surveillance systems
· Personal security
· Information security
· Investigations intelligence and security
· Background investigations
· Incident investigations
· Intelligence
· Reporting procedures
· Operations
· Policies and procedures
· Security indoctrination
· Liaison activities
This paper uses the above features in development of the security plan though not in the order that they are enumerated (Giles, 2008). Having being stationed at Fort Campbell for over four years, I will incorporate the security features that I learnt in the military as well as the civilian security features. This paper uses a middle level manufacturing computer industry in the development of the security plan.
The integration of the above security factors in development of the overall security plan
Each of the security issue mentioned above is important to the organization. However, there is a need for further categorization in order to ensure that the development of the security plan does not end up complicating the whole organization or does not lead to impractical solutions (Karen, 2009). The five major segments that shall be addressed in this paper are;
· General information, country and community
· Physical and personnel security
· Information and intelligence
· Policies, indoctrination and liaison activities
· Anticipatory logistics (Karen, 2009)
General information, country and community
XYZ computer manufacturing company is located at Tennessee State which is at southeastern of the country. The usage of computers and computerized gadgets is a common scenario across the United States of America. Basically, 1 out of 3 children below the age of ten have access to personal electronic gadgets like toys, personal computers, personal phones among others. This high popularity of computers and computerized materials has led to low rate of theft of such gadgets in the American community (Giles, 2008). This is especially based on the low market for secondhand computerized items. This however does not mean that theft of computers and computerized gadgets are not reported. According to a report generated by American theft prevention organization, an approximate of 600,000 laptops is stolen yearly from manufacturers and stores. These are new items that easily pass for of the shelves sale to unsuspecting customers (Karen, 2009).
The other risk element that is prone to the computer manufacturing industry is the rivalry between organizations that are involved in the manufacturing of computers and computerized gadgets. There are risks that a manufacturer may send spies to the rival company as an impersonator so that they can sell the company secrets. Such missions are aimed at using the weak points of the targeted company to reduce its competitive advantage in the market.
Physical and personnel security
In the development of the security plan, this is one of the major areas that must be addressed with great concern (Giles, 2008). The physical security in a manufacturing environment entails the Facility perimeter, Building, Access control, Alarm and surveillance systems. The facility perimeter should be constructed such that any unsuspected person cannot climb the wall or try to enter the facility from unauthorized locations. The physical security thus shall be developed with an aim of making it easy for the security team to monitor the physical entry of persons into the facility. The ideal minimum height of the wall shall be three meters with another half a meter of electric fencing at the top. The electric fencing shall be taken as a precaution for any daring person who may climb the wall without being noted by the security team (Karen, 2009).
The personnel shall be issued with electronic cards that shall be displayed whenever the staff are within the facility and which shall also be recognizable by the access control that shall be developed. The premises shall be marked such that each staff shall know the areas that they are restricted from entering and that the visitors also identify the staff only locations. For example, the CCTV maintenance room, the data store, and the General Manager’s office shall be limited to only the authorized personnel. In order to ensure that the above restrictions are adhered to, the company’s IT analyst shall be tasked with development of the electronic recognizable cards. The cards shall be holding the data of the employees and are configured with the areas that they can access and areas that they cannot access (Karen, 2009). The system shall also identify places that can only be accessed by two or more cards. For example, the petty cash safe shall only be accessible by a minimum of two and a maximum of three people for accountability purposes. The electronic cards are aimed at assisting the human resource supervisors in tracking the movements of all the employees within the organization at any given time.
Data that shall be corrected by the movement tracking system shall be stored in the company databases for a period that is not less than six months. The six months are aimed to allow the human resource department to identify any mischievous movement and investigate it. The system shall also contain movement tracking for all the staff who visits the facility at any given time. In case any collusion is suspected between the staff and the visitors in fooling the system, the CCTV camera records shall be used to check the alleged actions (Giles, 2008).
The physical security of the facility is not limited to the actions by human beings. The management at XYZ Computer Manufacturing Company has identified some of the factors that may affect the physical security of the company. These factors include lightening, tornadoes and snow which are brought by natural climate around Tennessee. In order to ensure that the equipment at the facility is safe from these natural calamities, several measures have been put in place. First, the management of XYZ Computer Manufacturing Company has installed lightening arrestors which are aimed at protecting the safety of premises, personnel and equipment in case a lightning strikes. Secondly, the installation of highly fused electronic system is aimed at reducing any risk of tornadoes; the high velocity of the winds during tornadoes is noted to cause electric short circuit in places where there are loose connections. The fused system ensures that electric circuits are stopped from flowing in case any short circuits have been identified by the electric system (Karen, 2009). The highly fused system also helps incase the facility is covered by snow which is evidenced every winter.
Information and intelligence
The first tool that is used in securing the information that is held at XYZ Computer Manufacturing Company is the code of conduct that each of the employees is expected to sign alongside the contract document that they sign on recruitment. The code of conduct forbids any company officer who is responsible for any information not to communicate the information to any third parties unless the company has allowed such communication and that such person is authorized to speak on behalf of the company. Any employee who breaks this code is deemed to have contravened the employment contract and may lose the employment and/ or be sued in a court of law as well as being reprimanded internally (Giles, 2008). Any employee who loses employment position due to such circumstances forfeits any other benefits that they would claim from the company if they would have left in better conditions.
The other tool that is used in safeguarding the information is profiling of the company website, management system, and databases. The company’s website is accessible by company staff, customers, and stakeholders among other virtual users. The website is configured such that only the persons who are authorized to certain web pages can view and/ or access them. However, there are some web pages that are accessible by all users like the home page, the published financial records, and advertisements web pages.
The different users are allowed of disallowed to make changes on the website depending on their profiles. For example, a customer profile is allowed to make changes on the personal particulars in their account only. This information has however has to be verified by the staff managing their virtual profiles (Giles, 2008). On the other hand, any staff that does not work in the finance department cannot make any changes to the logistics page in the database. The profiling of workers helps in identification of persons who are allowed to access any database just as it applies in the access of physical locations.
One of the common risks in information in the twenty first century is hacking. The company has ensured that it develops a progressive information security plan where any an authorized entry is identified at first instance. This includes adaptation of new technology as it is being developed. The company’s IT analyst puts it that technology becomes vulnerable once it has begun being used thus users must always look forward to the next technological development (Karen, 2009).
The natural calamities noted above, and destruction of the hardware through any means is another risk to the company’s information. If the hardware item holding information is destroyed, then there is high probability that the information will be destroyed and lost as well. In order to safeguard information from such eventualities, XYZ computer Manufacturing Company has procured cloud databases from Amazon. The activities on the company systems are mirrored directly to the data bases on real time bases (Giles, 2008). This is done to ensure that should any of the hardware become destroyed, then data recovery will be fast, efficient and effective.
Policies, indoctrination and liaison activities
The security policies at XYZ Computer Manufacturing Company are developed from time to time depending on the general security situation in the company and in the industry. For example, the rate of suicide bombing has been on the rise internationally as the preferred method by terrorist. In order to ensure that there is no stakes at chance, the company has adopted a screening method where all the vehicles and personnel accessing the facility shall be screened severally to ensure the risks are minimized. One of such policies includes screening of cars as demonstrated below.
(Giles, 2008)
Once security policies have been developed, the company’s logistics department uses different methods in indoctrination of entire staff on their level of participation in case of a security case being raised. The first tool used in indoctrination is use of forums where professionals in different areas are called in to brainstorm the staff members on the risks involved in various areas (Giles, 2008). Secondly, the logistics department sends copies of the training to the emails of the staff members so that they can refer to the tutorial every now and then.
The issues that are taught at the training are revisited severally and consistently to ensure that they are fresh at the minds of the staff members and that readiness for security issues can always be high. This includes having mock exercises of measuring how prepared each of the staff members is. Quizzes on the security policies set out by the company are included at the evaluation form for staff performance that is done periodically and randomly.
The differences in work stations expose the workers to different types of security risks. While the company has based its performance on specialization, the management at times rotates the workers with an aim of each being well versed with the security concerns in each field. This is done with two security based objectives. First, in case any of the security issues has arisen, all members can take proactive measures in dealing with it collectively without leaving any loophole (Karen, 2009). Secondly, if a security risk affects staff members directly, other members can fill in the affected members position as they recuperate. This also helps in security the production continuity in the organization.
The management at XYZ Computer Manufacturing Company has a traditional policy in liaising with the community and the department of homeland security in ensuring that there is security in the company, in the community and in the neighborhood (Giles, 2008). For example, the CCTV system in the company is linked directly to the private security firm that offers security and also to the department of homeland security. Thus, any alarm raised in the company reaches the department of homeland security in good time and in unedited version. This is especially important if a criminal offense has been committed since the department of homeland security is able to conduct its investigation partly based on the raw data of activities within and around the institution at their hand.
Liaison with the community is mainly based on the development of goodwill with the community leaving near the facilities. This good faith includes members of the public being encouraged to notify the company on areas that are deemed vulnerable with the security plan that is exposed to general public (Giles, 2008). The participation of the community in other procedures that are done (like in corporate social responsibility activities) has been essential in building the good faith. This shows how intertwined the company operations are with the security plan.
Anticipatory logistics
Anticipatory logistics refer to the preparations that are done using the measured future forecasts of the security situation. XYZ Computer Manufacturing Company has different areas on concern in the anticipatory logistics
· Future physical security challenges
· Changes in political environment that may lead to security concerns
· The developments in technology that may make current security plan vulnerable
· Loss of employees who hold vital data about the company (Karen, 2009)
Based on my past experience in the Army, I have some understanding in the development of policies based on the political landscape. This includes continuous evaluation of the current system and development of recommendations for improvements (Giles, 2008). Evaluation of current security risks in other parts of the world is used in making preparations for the security plan for local political situation.
Conclusion
In conclusion, every commander on a military base has to make sure that certain reasonable defenses are utilized. They have to protect operations, property, and personnel under their guidance against any and all threats. This is more important than ever with the possibility of terrorist attacks.
Planning security involves a hand in glove out-and-out approach. This will include agents from tenant movements on the base. This approach will also include the use of an MP doctrine and Army regulations. All of these are important for an effective organization security plan. Understanding and knowing the basic requirements for any security plan will add a lot to an organization building a strong program.
References
Giles, T. (2008). How to Develop and Implement a Security Master Plan. New York: Willey
Karen, S. (2009). Guide to General Server Security. Mason: Sage