Security and Risk Management for Cryptography - myassignmenthelp

Question: Discuss about theSecurity and Risk Management for Cryptography. Answer: Physical security is an overlooked element that is important to an organization. Physical security prevents intruders from physically accessing sensitive sites (Draper, 2013). Other information security elements like cryptography and firewall are essential but physical security should be coordinated with the plan. Therefore, high availability of physical security infrastructure system must function properly in an area for the safety of the equipment in that area. Physical security design is a critical process that offers protection to the facility of the company. The security plan should address all the programs and services that are within the framework of the company security sector. When designing a physical security plan, the first requirement is to obtain a physical security assessment report from the security experts (Infrastructure, n.d.). The PSAR will contain all the provisions that are necessary such as the secure location and the methods of control within the coverage area. The facilities that should be included are signage, security alarms, security guards, and physical barriers. Another aspect to consider is the project team members. The project design team it will oversee everything that will monitor the progress of the project at the same facilitating the implementation the plan. (Infrastructure. n.d.). Whereas the project team will consist of outsourced and the local security personnel. The entire composition of the security experts will demarcate the zones, identity key ingress and egress paths, and circulation routes within the premises. In the internal environment, the circulation routes are designed in a manner that enables the free flow of facilities within the operation lines (The Security Assessment: What, Why, and When, n.d.). The routes should conform to the security guidelines to ensure safety and security needs are upheld. The available security zones include but not limited to public zone, operation zones, reception zones, security zones, and high-security zones (Kolltveit Hvasshovd, 2008). Public zones offer access to areas that are not too sensitive but within the building perimeter and elevator lobby. In the reception area, scrutiny is done to everyone for identification after that authenticating an individual to access the premise. This is the point where a person can be either allowed or denied access based on the security threat he poses to the company facilities. It limits the public from getting contact with company representatives. The operations zone will enable the employees and authorized contractors to access the company premise by using access card and company identification cards. Nobody can access the operation zone without these document unless escorted by authorized staff. Also, the security zone will allow authorized visitors to the organization premise only when escorted by relevant company representatives. Besides, people within the organization are supposed to be within the restricted perimeter. Especially where the area has a limited information which is not supposed to be accessed by the public. The high-security zone is where only authorized people are allowed to access. In this case, the visitors screened and thoroughly checked to avoid access to confidential information of the company (Why Training and Awareness Are Important, 2010). For example, the data storage warehouse may contain company records and crucial information which is sensitive. Since the premises will consist of a two-storey office building and a warehouse building, as a fundamental security requirement the two facilities should be separated. In other words, each department should operate independently on its floor suites. Thus, the action will limit congestion and access to sensitive offices. Access control unit should be consistent in all aspects as to the operating procedure and the systems used within the operation area (Stallings,2014). In this case, the electronic security system will be deployed. This system should be integrated to meet the standards of security. To design this electronic security system the company should adhere to the following: Coordinating the databases from various departments to a central database for easy management and retrieval is crucial The company should avoid stand-alone system within the company since the company comprises of several departments. This is meant to streamline the Information technology infrastructure for easy management. The security systems should be operational on a full-time basis especially in those areas where high chances of risk as identified by the physical security assessment report. The hardware security components must be durable and standardized to meet the security standards. Besides, identify a specific area of duress alarms especially the locations where employees work alone. This area might be isolated or prone to high risk. The surveillance and alarm system cumulatively is USD 740, 800. On the other hand, the installation, and monitoring system and cabling will require USD 445000. In total, the two components amount to USD 1185800. The cost above the budget equals USD 385 800. Out this there which was necessary but in use, they include two servers at USD 30000 each, The POE switch one is not needed which costs USD 2000. Besides, the company will use Cat 5e cables which costs USD 50000 each instead of fiber optic cables which cost USD 150000. Therefore, the company will save USD 212000 after considering the cost cut. The extra cost that will be incurred will be USD (973800-800000) which equals to USD 173800. This is the amount to use from the buffer. The security zones will be divided into five distinct units. First, the at least two guards will work with the supervisor at the main entrance. The second zone that is the production zone should also contain at least guard. The guard should be based at the entry point and the exit point of the production unit (Pattinson,n.d.). The third zone will require a security guard at the entry and exit point in the finished goods zone. Most importantly, perimeter wall patrolling unit should be deployed. This zone should contain at least three soldiers. Lastly, the factory floor patrolling will require at least one guard per production building. In my opinion, the company should use outsourced guards. Although outsourcing is becoming prevalent, its benefits are many. It has been recognized as the appropriate approach for streamlining the operation of the company. There are numerous benefits that accrue from it among them being; acquisition of outsourced guards over proprietary are the wages that are to be paid. A lot of money will be saved if we outsourced guard. Equally the unions are vital such that members of the union have a coordinated agenda. In this case, Outsourcing guards from Thailand will enable the company to save overhead costs which could otherwise be incurred. Also, unions have a collective bargaining power hence the negotiation for their compensation is cheaper as compared to proprietary guards. Besides that, it is better to acquire the services of guards paid on hourly basis, unlike the proprietary guards who are paid cumulatively at the end of the month. In other words, proprietary guards being paid at the end of the month their salary is fixed whereas the outsourced guards have to attain the required working hours for them to be paid. Additionally, outsources guards are more motivated and exhibit a lot of professionalism. As such, they help the company to cut down administrative cost, training cost, recruitment cost, and other overhead costs. Therefore, this security conditions culminates a conducive environment to boost efficiency and productivity. On the proprietary guard, the compliance requirements are stringent unlike the requirements of outsourcing the guards from Thailand. However, in proprietary, the guards are reliable for any eventuality that may come as a result of their actions. References Draper,R. (2013). Standards, Regulations, and GuidelinesEffective Physical Security, 283-291. doi:10.1016/b978-0-12-415892-4.00016-x Infrastructure. (n.d.).High Availability and Disaster Recovery, 233-286. doi:10.1007/3-540-34582-5_9 Kolltveit,H., Hvasshovd,S. (2008). Efficient High Availability Commit Processing.2008 Third International Conference on Availability, Reliability and Security. doi:10.1109/ares.2008.78 Officers: In-house or Outsource? (n.d.). Retrieved from https://www.securitymagazine.com/articles/78403-officers-in-house-or-outsource-1 Pattinson,M.R. (n.d.). A Method of Assessing Information System Security Controls.Information Security and Ethics. doi:10.4018/9781599049373.ch137 The Security Assessment: What, Why, and When. (n.d.).Strategies for Protecting National Critical Infrastructure Assets, 47-54. doi:10.1002/9780470228371.ch3 Stallings,W. (2014). Physical Security Essentials.Cyber Security and IT Infrastructure Protection, 109-134. doi:10.1016/b978-0-12-416681-3.00004-5 What Is High Availability? (2014).High Availability IT Services, 53-102. doi:10.1201/b17958-6 Why Training and Awareness Are Important. (2010).Managing an Information Security and Privacy Awareness and Training Program, Second Edition, 7-18. doi:10.1201/9781439815465-3