SlideShare a Scribd company logo

Mandatory requirements for physical security 2

Download as PPSX, PDF
Robin Patras
Robin Patras

What are the Mandatory requirements for Physical Security by any organization?

Education
1 of 17
Mandatory requirements Physical Security in your organization BY ROBIN GH PATRAS
What are the Mandatory requirements for Physical Security by any organization?  PHYSEC1 - Understand what you need to protect  PHYSEC2 - Design your physical security  PHYSEC3 - Validate your security measures  PHYSEC4 - Keep your security up to date
What are the Mandatory requirements for Physical Security by any organization? PHYSEC1 - Understand what you need to protect Identify the people, information, and assets that your organisation needs to protect, and where they are. Assess the security risks (threats and vulnerabilities) and the business impact of loss or harm to people, information, or assets. Use your understanding to:  Protect your people from threats of violence, and support them if they experience a harmful event  Protect members of the public who interact with your organisation  Put physical security measures in place to minimize or remove risks to your information assets.
PHYSEC1 - Understand what you need to protect Before you can put the right physical security measures in place, you must understand what you need to protect.  How will your facilities be used?  Are your people working away from the office?  Have you taken health and safety needs into account?  Is your organisation co-locating?
PHYSEC1-Assessing your physical security risks When you assess your organization's unique risks, you can work out which physical security measures you need to reduce those risks to an acceptable level. You need to know where you are vulnerable and how your organisation would be affected by breached security. Here are some questions to answer.  During what hours will be people be arriving, departing, and working at each site?  How many people will be working at each site?  Which third parties have access to your facilities?  What are the risks associated with collections of information and physical assets you hold?  What are the risks associated with higher concentrations of people in certain areas?  Which activities does your organisation undertake at each site?  Are there threats that arise from your activities?  What threats arise from your location and neighbours?
PHYSEC1-Assessing your physical security risks Evaluate the likelihood and impact of each risk to help you understand where you need to take further action. For any risks you can’t accurately assess internally, call on external sources such as local police or other authorities.  If you’re co-locating with other organizations, consider the combined security risks and work together to assess them. Remember to:  Assess the risks of each site you use separately, as you need to develop site- specific security plans  Include physical security risks in your organization's risk register(s).
What are the Mandatory requirements for Physical Security by any organization? PHYSEC2 - Design your physical security Consider physical security early in the process of planning, selecting, designing, and modifying facilities. Design security measures that address the risks your organisation faces and are consistent with your risk appetite. Your security measures must be in line with relevant health and safety obligations.
PHYSEC2 - Design your physical security Since physical security measures can be more expensive and less effective if they’re introduced later, consider your physical security requirements at the earliest stages — preferably during the concept and design stages. Apply this strategy any time you’re:  Planning new sites or buildings  Selecting new sites  Planning alterations to existing buildings.
PHYSEC2 - Design your physical security Evaluate the following factors to work out if a site is suitable:  The neighborhood  The size of the stand-off perimeter  Site access and parking  Building access points  Security zones
PHYSEC2 - Design your physical security While preparing site security plans; Use your site-specific risk assessments to help you:  Prepare site-specific security plans  Include security requirements within other site development plans. Your organisation needs to have a site security plan for all new sites, facilities under construction, and facilities undergoing major refurbishments. This plan should align with any minimum security standards your organisation has agreed for specific types of facility.
PHYSEC2 - Design your physical security For each site security plan, ensure that your physical security measures:  Provide enough delay to allow planned responses to take effect  Meet business needs  Complement and support other operational procedures  Include any necessary measures to protect audio and visual privacy  Do not unreasonably interfere with the public.
PHYSEC2 - Design your physical security If your organisation faces increased threat levels, use your risk assessments to work out what extra measures you need in each affected zone. Increased threat levels can be due to foreign interference, politically motivated violence, criminal activity, or cyber-attacks.  Zone 1: Public Access Area --These are unsecured areas including out-of-office working arrangements. They provide limited access controls to information and physical assets where any loss would result in a low to medium business impact.  Zone 2: Work Area --These are low-security areas with some controls. They provide access controls to information and physical assets where any loss would result in a business impact up to very high. They also provide some protection for people.  Zone 3: Restricted Work Area --These are security areas with high security controls.  Zone 4: Security Area --These are security areas with higher levels of security.  Zone 5: High-Security Area --These are security areas with the highest level of security controls. They provide access controls to information where any loss would result in a business impact up to catastrophic.
PHYSEC2 - Design your physical security Physical security measures aim to protect people, information, and assets from compromise or harm by applying the ‘Deter, Detect, Delay, Respond, Recover’ model. A key concept in physical security is ‘security in depth’ — a multi-layered system in which security measures combine to support and complement each other. You can apply this concept by placing zones within zones. This layering increases total delay times and creates additional barriers. Any unauthorized person trying to access the higher zones will meet increasing levels of controls. The following diagram shows a possible combination of security zones.
What are the Mandatory requirements for Physical Security by any organization? PHYSEC3 - Validate your security measures Confirm that your physical security measures have been correctly implemented and are fit for purpose. Complete the certification and benchmarking process to ensure that security zones have approval to operate.
PHYSEC3 - Validate your security measures Validating your organization's physical security measures means finding out if they’ve been correctly implemented and are fit for purpose. Your CSO decides whether the measures are right for the risks your organisation faces. These risks may vary from site to site. The validation step gives senior executives confidence that physical security is well managed, risks are properly identified and mitigated, and governance responsibilities can be met.
What are the Mandatory requirements for Physical Security by any organization? PHYSEC4 - Keep your security up to date Ensure that you keep up to date with evolving threats and vulnerabilities, and respond appropriately. Ensure that your physical security measures are maintained effectively so they remain fit for purpose.
PHYSEC4 - Keep your security up to date An important part of maintaining security is providing security awareness training and support. Communicate your physical security policies to your people and to the people your organisation works with. Let them know when physical security arrangements change, and, when possible, say why. People should be encouraged to report emerging concerns or near misses, and be seen as good corporate citizens rather than troublemakers. Analyze evolving threats and vulnerabilities Keeping your people, information, and assets secure involves ongoing activity to detect and manage evolving threats and vulnerabilities.

Recommended

Risk based approach
Risk based approach Risk based approach
Risk based approach Robin Patras
 
Creating a security culture 4
Creating a security culture 4Creating a security culture 4
Creating a security culture 4Robin Patras
 
An introduction to physical security
An introduction to physical security An introduction to physical security
An introduction to physical security Robin Patras
 
Corporate security pdf
Corporate security pdfCorporate security pdf
Corporate security pdfG3 intelligence Ltd
 
Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Md Shaifullar Rabbi
 
Assets protection and The Need for Timely Information
Assets protection and The Need for Timely Information Assets protection and The Need for Timely Information
Assets protection and The Need for Timely Information David Santiago
 
2. Improving an Existing Sec Sys
2. Improving an Existing Sec Sys2. Improving an Existing Sec Sys
2. Improving an Existing Sec SysMicheal Isreal
 
Personnel security
Personnel securityPersonnel security
Personnel securityPLN9 Security Services Pvt. Ltd.
 

Recommended

Risk based approach
Risk based approach Risk based approach
Risk based approach Robin Patras
 
Creating a security culture 4
Creating a security culture 4Creating a security culture 4
Creating a security culture 4Robin Patras
 
An introduction to physical security
An introduction to physical security An introduction to physical security
An introduction to physical security Robin Patras
 
Corporate security pdf
Corporate security pdfCorporate security pdf
Corporate security pdfG3 intelligence Ltd
 
Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Md Shaifullar Rabbi
 
Assets protection and The Need for Timely Information
Assets protection and The Need for Timely Information Assets protection and The Need for Timely Information
Assets protection and The Need for Timely Information David Santiago
 
2. Improving an Existing Sec Sys
2. Improving an Existing Sec Sys2. Improving an Existing Sec Sys
2. Improving an Existing Sec SysMicheal Isreal
 
Personnel security
Personnel securityPersonnel security
Personnel securityPLN9 Security Services Pvt. Ltd.
 
Viyya Ssms Overview 2009
Viyya Ssms Overview 2009Viyya Ssms Overview 2009
Viyya Ssms Overview 2009guestee358
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521Merlin Florrence
 
Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)
Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)
Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)U.S. News Healthcare of Tomorrow
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE360 BSI
 
Become CISSP Certified
Become CISSP CertifiedBecome CISSP Certified
Become CISSP CertifiedHamed Moghaddam
 
physical security abdullah hassan al alyani
physical security abdullah hassan al alyaniphysical security abdullah hassan al alyani
physical security abdullah hassan al alyaniAeliani92
 
Ch07 Managing Risk
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Riskphanleson
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningKeyaan Williams
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security PolicyRobot Mode
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk ManagementHamed Moghaddam
 
Security analysis
Security analysisSecurity analysis
Security analysisYulisa Rosliana S.Kom
 
Information Systems Policy
Information Systems PolicyInformation Systems Policy
Information Systems PolicyAli Sadhik Shaik
 
News letter May 11
News letter May 11News letter May 11
News letter May 11captsbtyagi
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security AssessmentFaheem Ul Hasan
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Asset, Threat, Vulnerability, Risk
Asset, Threat, Vulnerability, RiskAsset, Threat, Vulnerability, Risk
Asset, Threat, Vulnerability, RiskVinay Attry
 
Building and implementing a successful information security policy
Building and implementing a successful information security policyBuilding and implementing a successful information security policy
Building and implementing a successful information security policyRossMob1
 
Security Lifecycle Management
Security Lifecycle ManagementSecurity Lifecycle Management
Security Lifecycle ManagementBarry Caplin
 
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...Polsinelli PC
 
Physical Security - Why Your Business Needs It
Physical Security - Why Your Business Needs ItPhysical Security - Why Your Business Needs It
Physical Security - Why Your Business Needs ItTerra Verde
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoMark John Lado, MIT
 

More Related Content

What's hot

Viyya Ssms Overview 2009
Viyya Ssms Overview 2009Viyya Ssms Overview 2009
Viyya Ssms Overview 2009guestee358
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521Merlin Florrence
 
Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)
Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)
Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)U.S. News Healthcare of Tomorrow
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT IssueEvan Francen
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE360 BSI
 
physical security abdullah hassan al alyani
physical security abdullah hassan al alyaniphysical security abdullah hassan al alyani
physical security abdullah hassan al alyaniAeliani92
 
Ch07 Managing Risk
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Riskphanleson
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningKeyaan Williams
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security PolicyRobot Mode
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk ManagementHamed Moghaddam
 
Information Systems Policy
Information Systems PolicyInformation Systems Policy
Information Systems PolicyAli Sadhik Shaik
 
News letter May 11
News letter May 11News letter May 11
News letter May 11captsbtyagi
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security AssessmentFaheem Ul Hasan
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Asset, Threat, Vulnerability, Risk
Asset, Threat, Vulnerability, RiskAsset, Threat, Vulnerability, Risk
Asset, Threat, Vulnerability, RiskVinay Attry
 
Building and implementing a successful information security policy
Building and implementing a successful information security policyBuilding and implementing a successful information security policy
Building and implementing a successful information security policyRossMob1
 
Security Lifecycle Management
Security Lifecycle ManagementSecurity Lifecycle Management
Security Lifecycle ManagementBarry Caplin
 
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...Polsinelli PC
 

What's hot (20)

Viyya Ssms Overview 2009
Viyya Ssms Overview 2009Viyya Ssms Overview 2009
Viyya Ssms Overview 2009
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521
 
Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)
Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)
Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
 
Become CISSP Certified
Become CISSP CertifiedBecome CISSP Certified
Become CISSP Certified
 
physical security abdullah hassan al alyani
physical security abdullah hassan al alyaniphysical security abdullah hassan al alyani
physical security abdullah hassan al alyani
 
Ch07 Managing Risk
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Risk
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic Planning
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security Policy
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
 
Security analysis
Security analysisSecurity analysis
Security analysis
 
Information Systems Policy
Information Systems PolicyInformation Systems Policy
Information Systems Policy
 
News letter May 11
News letter May 11News letter May 11
News letter May 11
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security Assessment
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
 
Asset, Threat, Vulnerability, Risk
Asset, Threat, Vulnerability, RiskAsset, Threat, Vulnerability, Risk
Asset, Threat, Vulnerability, Risk
 
Building and implementing a successful information security policy
Building and implementing a successful information security policyBuilding and implementing a successful information security policy
Building and implementing a successful information security policy
 
Security Lifecycle Management
Security Lifecycle ManagementSecurity Lifecycle Management
Security Lifecycle Management
 
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
 

Similar to Mandatory requirements for physical security 2

Physical Security - Why Your Business Needs It
Physical Security - Why Your Business Needs ItPhysical Security - Why Your Business Needs It
Physical Security - Why Your Business Needs ItTerra Verde
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoMark John Lado, MIT
 
The Importance of Physical Security Safeguarding Your Assets.pdf
The Importance of Physical Security Safeguarding Your Assets.pdfThe Importance of Physical Security Safeguarding Your Assets.pdf
The Importance of Physical Security Safeguarding Your Assets.pdfMax Secure Ltd
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
BLE 1213 MUST.pptx- basics principles of Physical Security
BLE 1213 MUST.pptx- basics principles of Physical SecurityBLE 1213 MUST.pptx- basics principles of Physical Security
BLE 1213 MUST.pptx- basics principles of Physical SecurityMajor K. Subramaniam Kmaravehlu
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
Homework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docxHomework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docxadampcarr67227
 
WHO NEEDS SIRA APPROVAL IN DUBAI
WHO NEEDS SIRA APPROVAL IN DUBAIWHO NEEDS SIRA APPROVAL IN DUBAI
WHO NEEDS SIRA APPROVAL IN DUBAIsuccessdsp
 
WHO NEEDS SECURITY RISK ASSESSMENT IN UAE
WHO NEEDS SECURITY RISK ASSESSMENT IN UAEWHO NEEDS SECURITY RISK ASSESSMENT IN UAE
WHO NEEDS SECURITY RISK ASSESSMENT IN UAEsuccessdsp
 
The Fundamentals of HIPAA Privacy & Security Risk Management
The Fundamentals of HIPAA Privacy & Security Risk ManagementThe Fundamentals of HIPAA Privacy & Security Risk Management
The Fundamentals of HIPAA Privacy & Security Risk ManagementKeySys Health
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 

Similar to Mandatory requirements for physical security 2 (20)

Physical Security - Why Your Business Needs It
Physical Security - Why Your Business Needs ItPhysical Security - Why Your Business Needs It
Physical Security - Why Your Business Needs It
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
 
The Importance of Physical Security Safeguarding Your Assets.pdf
The Importance of Physical Security Safeguarding Your Assets.pdfThe Importance of Physical Security Safeguarding Your Assets.pdf
The Importance of Physical Security Safeguarding Your Assets.pdf
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
 
BLE 1213 MUST.pptx- basics principles of Physical Security
BLE 1213 MUST.pptx- basics principles of Physical SecurityBLE 1213 MUST.pptx- basics principles of Physical Security
BLE 1213 MUST.pptx- basics principles of Physical Security
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
 
Homework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docxHomework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docx
 
WHO NEEDS SIRA APPROVAL IN DUBAI
WHO NEEDS SIRA APPROVAL IN DUBAIWHO NEEDS SIRA APPROVAL IN DUBAI
WHO NEEDS SIRA APPROVAL IN DUBAI
 
WHO NEEDS SECURITY RISK ASSESSMENT IN UAE
WHO NEEDS SECURITY RISK ASSESSMENT IN UAEWHO NEEDS SECURITY RISK ASSESSMENT IN UAE
WHO NEEDS SECURITY RISK ASSESSMENT IN UAE
 
The Fundamentals of HIPAA Privacy & Security Risk Management
The Fundamentals of HIPAA Privacy & Security Risk ManagementThe Fundamentals of HIPAA Privacy & Security Risk Management
The Fundamentals of HIPAA Privacy & Security Risk Management
 
security jobs
security jobssecurity jobs
security jobs
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 
Security policy.pdf
Security policy.pdfSecurity policy.pdf
Security policy.pdf
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity
 
Grupo 4 - TEMA II.pptx
Grupo 4 - TEMA II.pptxGrupo 4 - TEMA II.pptx
Grupo 4 - TEMA II.pptx
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
HIPAA omnibus rule update
HIPAA omnibus rule updateHIPAA omnibus rule update
HIPAA omnibus rule update
 

More from Robin Patras

OutdoorElectricalSafety.pdf
OutdoorElectricalSafety.pdfOutdoorElectricalSafety.pdf
OutdoorElectricalSafety.pdfRobin Patras
 
Electrical_Safety_Tips.pdf
Electrical_Safety_Tips.pdfElectrical_Safety_Tips.pdf
Electrical_Safety_Tips.pdfRobin Patras
 
Fire prevention & use of fire extinguishers
Fire prevention & use of fire extinguishersFire prevention & use of fire extinguishers
Fire prevention & use of fire extinguishersRobin Patras
 
Five common reasons for the road accident
Five common reasons for the road accidentFive common reasons for the road accident
Five common reasons for the road accidentRobin Patras
 
Security awareness by robin
Security awareness by robinSecurity awareness by robin
Security awareness by robinRobin Patras
 
Untold story of karachi
Untold story of karachiUntold story of karachi
Untold story of karachiRobin Patras
 
Security presentation
Security presentationSecurity presentation
Security presentationRobin Patras
 
Defensive drivers training
Defensive drivers trainingDefensive drivers training
Defensive drivers trainingRobin Patras
 

More from Robin Patras (9)

OutdoorElectricalSafety.pdf
OutdoorElectricalSafety.pdfOutdoorElectricalSafety.pdf
OutdoorElectricalSafety.pdf
 
Electrical_Safety_Tips.pdf
Electrical_Safety_Tips.pdfElectrical_Safety_Tips.pdf
Electrical_Safety_Tips.pdf
 
Fire prevention & use of fire extinguishers
Fire prevention & use of fire extinguishersFire prevention & use of fire extinguishers
Fire prevention & use of fire extinguishers
 
Congo virus alert
Congo virus alertCongo virus alert
Congo virus alert
 
Five common reasons for the road accident
Five common reasons for the road accidentFive common reasons for the road accident
Five common reasons for the road accident
 
Security awareness by robin
Security awareness by robinSecurity awareness by robin
Security awareness by robin
 
Untold story of karachi
Untold story of karachiUntold story of karachi
Untold story of karachi
 
Security presentation
Security presentationSecurity presentation
Security presentation
 
Defensive drivers training
Defensive drivers trainingDefensive drivers training
Defensive drivers training
 

Recently uploaded

80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...Nguyen Thanh Tu Collection
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
AIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.pptAIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.pptNishitharanjan Rout
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structuredhanjurrannsibayan2
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxPooja Bhuva
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxPooja Bhuva
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Pooja Bhuva
 
Philosophy of china and it's charactistics
Philosophy of china and it's charactisticsPhilosophy of china and it's charactistics
Philosophy of china and it's charactisticshameyhk98
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfFICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfPondicherry University
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsTatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsNbelano25
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSAnaAcapella
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxannathomasp01
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 

Recently uploaded (20)

80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
AIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.pptAIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.ppt
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
Philosophy of china and it's charactistics
Philosophy of china and it's charactisticsPhilosophy of china and it's charactistics
Philosophy of china and it's charactistics
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfFICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsTatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf arts
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 

Mandatory requirements for physical security 2

  • 1. Mandatory requirements Physical Security in your organization BY ROBIN GH PATRAS
  • 2. What are the Mandatory requirements for Physical Security by any organization?  PHYSEC1 - Understand what you need to protect  PHYSEC2 - Design your physical security  PHYSEC3 - Validate your security measures  PHYSEC4 - Keep your security up to date
  • 3. What are the Mandatory requirements for Physical Security by any organization? PHYSEC1 - Understand what you need to protect Identify the people, information, and assets that your organisation needs to protect, and where they are. Assess the security risks (threats and vulnerabilities) and the business impact of loss or harm to people, information, or assets. Use your understanding to:  Protect your people from threats of violence, and support them if they experience a harmful event  Protect members of the public who interact with your organisation  Put physical security measures in place to minimize or remove risks to your information assets.
  • 4. PHYSEC1 - Understand what you need to protect Before you can put the right physical security measures in place, you must understand what you need to protect.  How will your facilities be used?  Are your people working away from the office?  Have you taken health and safety needs into account?  Is your organisation co-locating?
  • 5. PHYSEC1-Assessing your physical security risks When you assess your organization's unique risks, you can work out which physical security measures you need to reduce those risks to an acceptable level. You need to know where you are vulnerable and how your organisation would be affected by breached security. Here are some questions to answer.  During what hours will be people be arriving, departing, and working at each site?  How many people will be working at each site?  Which third parties have access to your facilities?  What are the risks associated with collections of information and physical assets you hold?  What are the risks associated with higher concentrations of people in certain areas?  Which activities does your organisation undertake at each site?  Are there threats that arise from your activities?  What threats arise from your location and neighbours?
  • 6. PHYSEC1-Assessing your physical security risks Evaluate the likelihood and impact of each risk to help you understand where you need to take further action. For any risks you can’t accurately assess internally, call on external sources such as local police or other authorities.  If you’re co-locating with other organizations, consider the combined security risks and work together to assess them. Remember to:  Assess the risks of each site you use separately, as you need to develop site- specific security plans  Include physical security risks in your organization's risk register(s).
  • 7. What are the Mandatory requirements for Physical Security by any organization? PHYSEC2 - Design your physical security Consider physical security early in the process of planning, selecting, designing, and modifying facilities. Design security measures that address the risks your organisation faces and are consistent with your risk appetite. Your security measures must be in line with relevant health and safety obligations.
  • 8. PHYSEC2 - Design your physical security Since physical security measures can be more expensive and less effective if they’re introduced later, consider your physical security requirements at the earliest stages — preferably during the concept and design stages. Apply this strategy any time you’re:  Planning new sites or buildings  Selecting new sites  Planning alterations to existing buildings.
  • 9. PHYSEC2 - Design your physical security Evaluate the following factors to work out if a site is suitable:  The neighborhood  The size of the stand-off perimeter  Site access and parking  Building access points  Security zones
  • 10. PHYSEC2 - Design your physical security While preparing site security plans; Use your site-specific risk assessments to help you:  Prepare site-specific security plans  Include security requirements within other site development plans. Your organisation needs to have a site security plan for all new sites, facilities under construction, and facilities undergoing major refurbishments. This plan should align with any minimum security standards your organisation has agreed for specific types of facility.
  • 11. PHYSEC2 - Design your physical security For each site security plan, ensure that your physical security measures:  Provide enough delay to allow planned responses to take effect  Meet business needs  Complement and support other operational procedures  Include any necessary measures to protect audio and visual privacy  Do not unreasonably interfere with the public.
  • 12. PHYSEC2 - Design your physical security If your organisation faces increased threat levels, use your risk assessments to work out what extra measures you need in each affected zone. Increased threat levels can be due to foreign interference, politically motivated violence, criminal activity, or cyber-attacks.  Zone 1: Public Access Area --These are unsecured areas including out-of-office working arrangements. They provide limited access controls to information and physical assets where any loss would result in a low to medium business impact.  Zone 2: Work Area --These are low-security areas with some controls. They provide access controls to information and physical assets where any loss would result in a business impact up to very high. They also provide some protection for people.  Zone 3: Restricted Work Area --These are security areas with high security controls.  Zone 4: Security Area --These are security areas with higher levels of security.  Zone 5: High-Security Area --These are security areas with the highest level of security controls. They provide access controls to information where any loss would result in a business impact up to catastrophic.
  • 13. PHYSEC2 - Design your physical security Physical security measures aim to protect people, information, and assets from compromise or harm by applying the ‘Deter, Detect, Delay, Respond, Recover’ model. A key concept in physical security is ‘security in depth’ — a multi-layered system in which security measures combine to support and complement each other. You can apply this concept by placing zones within zones. This layering increases total delay times and creates additional barriers. Any unauthorized person trying to access the higher zones will meet increasing levels of controls. The following diagram shows a possible combination of security zones.
  • 14. What are the Mandatory requirements for Physical Security by any organization? PHYSEC3 - Validate your security measures Confirm that your physical security measures have been correctly implemented and are fit for purpose. Complete the certification and benchmarking process to ensure that security zones have approval to operate.
  • 15. PHYSEC3 - Validate your security measures Validating your organization's physical security measures means finding out if they’ve been correctly implemented and are fit for purpose. Your CSO decides whether the measures are right for the risks your organisation faces. These risks may vary from site to site. The validation step gives senior executives confidence that physical security is well managed, risks are properly identified and mitigated, and governance responsibilities can be met.
  • 16. What are the Mandatory requirements for Physical Security by any organization? PHYSEC4 - Keep your security up to date Ensure that you keep up to date with evolving threats and vulnerabilities, and respond appropriately. Ensure that your physical security measures are maintained effectively so they remain fit for purpose.
  • 17. PHYSEC4 - Keep your security up to date An important part of maintaining security is providing security awareness training and support. Communicate your physical security policies to your people and to the people your organisation works with. Let them know when physical security arrangements change, and, when possible, say why. People should be encouraged to report emerging concerns or near misses, and be seen as good corporate citizens rather than troublemakers. Analyze evolving threats and vulnerabilities Keeping your people, information, and assets secure involves ongoing activity to detect and manage evolving threats and vulnerabilities.

Editor's Notes

  1. Zone 1: Public Access Area These are unsecured areas including out-of-office working arrangements. They provide limited access controls to information and physical assets where any loss would result in a low to medium business impact. They also provide limited protection for people. Examples of public access areas are: building perimeters and public foyers interview and front-desk areas temporary out-of-office work areas where the agency has no control over access field work, including most vehicle-based work public access parts within multi-building facilities. Zone 2: Work Area These are low-security areas with some controls. They provide access controls to information and physical assets where any loss would result in a business impact up to very high. They also provide some protection for people. These areas allow unrestricted access for your people and contractors. Public or visitor access is restricted. Examples of work areas are: normal office environments normal out-of-office or home-based worksites where you can control access to areas used for your business interview and front-desk areas where your people are separated from clients and the public military bases and airside work areas with a security fence around the perimeter and controlled entry points vehicle-based work where the vehicle is fitted with a security container, alarm, and immobiliser exhibition areas with security controls and controlled public access. Zone 3: Restricted Work Area These are security areas with high security controls. They provide access controls to information and physical assets where any loss would result in a business impact up to extreme. They also provide protection for people. Access for your people and contractors is limited to those with a need to access the area. People with ongoing access must hold an appropriate security clearance. Visitors must be escorted, or closely controlled, and have a business need to access the area. Examples of restricted areas are: secure areas within your building that have extra access controls for your people (such as IT server rooms) exhibition areas with very valuable assets areas with high-value items or items of cultural significance when not on display. Zone 4: Security Area These are security areas with higher levels of security. They provide access controls to information where any loss would result in a business impact up to extreme, and physical assets where any loss would result in a business impact up to catastrophic. They also provide protection for people. Access for your people is strictly controlled with ID verification and card access. People with ongoing access must hold an appropriate security clearance. Visitors and contractors must be closely controlled and have a business need to access the area. Examples of security areas are: secure areas within your building that have extra access controls for your people exhibition areas with very valuable assets, with specific item asset protection controls and closely controlled public access areas used to store high-value items or items of cultural significance when not on display. Zone 5: High-Security Area These are security areas with the highest level of security controls. They provide access controls to information where any loss would result in a business impact up to catastrophic. Access for your people is strictly controlled with ID verification and card access. People with ongoing access must hold an appropriate security clearance. Visitors and contractors must be closely controlled and have a business need to access the area. Examples of high-security areas are: areas storing top secret, sensitive, compartmented information
  2. Review your physical security measures regularly Undertake regular reviews to ensure your security measures remain fit for purpose. Identify changes in your use of facilities, in your organisation, or your threat environment. Use this information to inform improvements. Conduct periodic reviews and assure compliance Regularly monitor, review, and audit your physical security measures. You need to know if: your physical security policies are being followed your physical security controls are working as planned any changes or improvements are necessary. Identify changes in your security environment Be prepared to restart your physical security lifecycle whenever your security environment changes. Consider these questions to inform changes and improvements. Are you using your information and assets in a different way? Are you using your facilities in a different way? Are your people working in a different way? Are you planning improvements to internal or external security services? Have you identified new security threats and vulnerabilities? Retire securely When your building, facilities, information, or assets are no longer needed, make sure you consider the security implications during the decommissioning phase. Have a plan for destroying, redeploying, or disposing of your facilities, information, or assets securely. For example: safes or filing cabinets containing classified information printers / multi-function devices. Destroy protectively-marked information and equipment properly You must use NZSIS-approved destruction equipment or an NZSIS-approved destruction service to destroy protectively-marked information and equipment, so that the waste can’t be reconstructed or used.