Physical security is essential to the protection of information systems and services. Physical security is utilized for the protection of a firm's premises, sites, facilities, human resources, information, and other assets (Wells et al., 2014). It is an essential component in the protection of confidentiality, integrity, and availability of resources. It is essential to establish physical security in a way that can effectively protect critical resources, infrastructure, and systems (Ali, 2018). Security controls are designed for the protection of these aspects of informational systems. Access controls that are effectively designed and maintained are a primary focus in the protection and acquisition of organizational assets (Barabanov et al., 2018). They direct how resources are accessed and decrease the risks associated with unauthorized modifications or disclosures.
However, many of the physical security controls set-up today is not sufficient. The increased reliance on mechanical locks or proximity cards as a primary way to control access is not sufficient (Alharbi, 2020). Physical security systems are now more than ever exposed to cyber threats with increased vulnerabilities making it easier to exploit them. Recently, there has been a rise in the cases of advanced cyber-attacks on physical systems. It is essential to be aware that the physical security breaches have caused significant data losses and outages with very little technical knowledge required from the hackers (McLeod et al., 2018). A variety of information systems are structured with a built-in-capability to circumvent technical security controls through the use of physical methods. Physical security breaches provide attackers with a range of ways to damage a firm, which includes but is not limited to property damage, availability, and data loss (Desnitsky et al., 2016). These damages can adversely affect the reputation of a firm. The application of effective physical security control is necessary to minimize the increasing threat of cybersecurity threats.
Delegate your assignment to our experts and they will do the rest.
Physical security is an essential aspect of a proper cybersecurity plan. If correctly utilized, it implements proper policy, education, and technical controls structured to provide proper risk mitigation for an organization’s resources and assets (Al-Fedaghi et al., 2019). While establishing protection against attacks like theft, security planning should also provide protection against unplanned issues like natural disasters. While there is a range of attacks, this paper will focus on man-caused attacks. Almeida et al. (2018) establish that security controls can either be for detection, protection, correction, compensation, or recovery. Preventative controls are focused on preventing unauthorized actions, while detective controls are focused on sending alerts during or following an attack. Corrective controls are focused on the restoration of systems to normal following unwanted or unauthorized activities, while recovery controls are directed at restoring the functionality of the system and organization after an unwanted activity (Lartey et al., 2020). Deterrent controls are aimed at discouraging actions, while compensating controls present a supplementary or alternative solution to a control that is costly or difficult to implement.
Physical security systems and programs often have controls that are weak or absent. Even highly stringent local control are affected by poorly designed or implemented physical controls. Access controls refer to security features that control the ways in which users and systems interact with other systems and resources (Abdi et al., 2018). This establishes that these privileges are kept to the authorized personnel only. The main principles of access control include identification, authorization, auditing, and accountability. An effective physical security system should involve all of these systems (Appiah, 2020). Access controls are a primary focus for physical security. The existence of weak measures establishes opportunities for attackers to breach companies and can result in extensive losses for a firm. This often results in physical security systems being the weak point in a firm's security that has to be strengthened. Physical security measures have to evolve and adapt to changes in threat.
Purpose Statement
Technology often gets developed quickly, and security is slow to follow. It is essential for security to evolve and change to keep up with advances. Existing physical security controls are not sufficient to handle existing cybersecurity threats. There exists a need to establish solutions focused on improving the security of physical security systems against cyber threats. The main of this paper is to establish the weakness of access controls of physical security systems while highlighting security solutions that would minimize cyber threats.
Research Question
As already established, the definition and application of proper physical security controls are critical to ensuring that physical assets are protected from cyber threats. Hence, the research question that will be utilized is; how can physical security systems and programs be further enhanced to minimize the effects of cyber threats?
Existing security controls for physical security measures need to grow and adapt in accordance with the changing threats (Alharbi, 2020). In security planning, the controls established for physical security systems should be a point of focus to ensure that security is effectively maintained (Fennelly, 2016). Firms should ensure the security of their human resources and data from cyber threats. Through the proper design of security infrastructure, security professionals can be more effective in managing risks and protecting the assets within an organization.
Thesis Statement
Through the proper design of security infrastructure and application of protective measures, incoming cyber threats to our physical security systems and programs can be greatly reduced.
While there has been an increased focus on the protection of virtual spaces from cyber threats, physical security systems and programs have been overlooked. The increased vulnerability of physical security systems to cyber threats has increased the risk posed to the assets and information within organizations. Greater focus should be focused on enhancing controls within physical security systems and programs to minimize cyber threats.
References
Abdi, F., Chen, C. Y., Hasan, M., Liu, S., Mohan, S., & Caccamo, M. (2018, April). Guaranteed physical security with restart-based design for cyber-physical systems. In 2018 ACM/IEEE 9th International Conference on Cyber-Physical Systems (ICCPS) (pp. 10-21). IEEE.
Al-Fedaghi, S., & Alsumait, O. (2019). Towards a conceptual foundation for physical security: Case study of an IT department. International Journal of Safety and Security Engineering , 9 (2), 137-156.
Alharbi, F. S. (2020). Dealing with Data Breaches Amidst Changes In Technology. International Journal of Computer Science and Security (IJCSS) , 14 (3), 108.
Ali, B., & Awad, A. I. (2018). Cyber and physical security vulnerability assessment for IoT-based smart homes. sensors , 18 (3), 817.
Almeida, L., & Respício, A. (2018). Decision support for selecting information security controls. Journal of Decision Systems , 27 (sup1), 173-180.
Appiah, F. (2020). Security Controls or Countermeasures: Vulnerabilities Prevention. Easychair Preprint , 4410 .
Barabanov, A. V., Markov, A. S., & Tsirlov, V. L. (2018). Information security controls against cross-site request forgery attacks on software application of automated systems. In Journal of Physics: Conference Series (Vol. 1015, No. 4).
Desnitsky, V., Levshun, D., Chechulin, A., & Kotenko, I. V. (2016). Design Technique for Secure Embedded Devices: Application for Creation of Integrated Cyber-Physical Security System. J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl. , 7 (2), 60-80.
Fennelly, L. J. (Ed.). (2016). Effective physical security . Butterworth-Heinemann.
Lartey, P. Y., Kong, Y., Bah, F. B. M., Santosh, R. J., & Gumah, I. A. (2020). Determinants of Internal Control Compliance in Public Organizations; Using Preventive, Detective, Corrective and Directive Controls. International Journal of Public Administration , 43 (8), 711-723.
McLeod, A., & Dolezel, D. (2018). Cyber-analytics: Modeling factors associated with healthcare data breaches. Decision Support Systems , 108 , 57-68.
Wells, L. J., Camelio, J. A., Williams, C. B., & White, J. (2014). Cyber-physical security challenges in manufacturing systems. Manufacturing Letters , 2 (2), 74-77.