In a recent study, physical and environmental information security in a government organization is a crucial part in a government organization because it involved with a lot of private and confidential information. So instead of taking care on the system itself the physical security also important since all the data and information are handled by the human in a physical environment.
Keywords-information security;physical and environmental security; government organization.
Introduction
Most organizations around the world are now focusing on the security system to protect their properties and employees. Properties include buildings or the premises, the facilities such as electronic devices, telecommunication devices such as telephone and fax machine, documents and all the belongings in the premise. Employees are the constructors of an organization and they are the working force that enables the organization's daily transaction. Both facilities and employees are the assets that must be protected because they are the essence that moves the organization to meet its target. Most companies only focus on the security of the device and software based information security solutions because the cost for the devices is very high. Actually, the organization should also focus on their personnel, internal and external technical experts, and also the customers. Traditionally, the employees and the insiders are the main source of the most injurious crimes in an organization because they have the knowledge, access and frequently a job-related motive to commit such crime.
This research will cover the user's perception on the physical and environment information security management in their organization, the implementation and the effectiveness of the implementations of the security protection. This paper has organized as below: II. Literature Review, III. Mehodology, IV. Analysis/Finding, V. Conclusion and VI. References.
Literature Review
According to [3], information includes both technological and human issues, so the overall process of managing risks should include factors both from natural, theoretical and social science paradigms. Physical security contains administrative, technical and physical control. It will decide the facility location and will ensure that the construction process is done accordingly. The countermeasures must be planned to face any possible physical security risk and threats. The security system should also plan the process, deployment, monitoring and continuous improvement of physical countermeasures against infrastructure including the safeguarding of electric power and water supply, as well as fire prevention, detection and restrain. Physical security is divided into three parts which are security against natural disaster, physical access control and design of right parameters. Access control deals with controlled access to data, information, locations, and resources like the printouts, tapes, thumb drives, CDs, and the like. For any data that has a connection with human being, there should be a system that can identify and authenticate the users of the system. Discretionary, mandatory and nondiscretionary models are defined and their actions are monitored using auditing practices. Security against natural disaster is to protect the organization and take some precaution steps to minimize the effects from natural disasters such as flood, earthquake, tornado, landslide, hurricane and volcano when they strike. The last part in security control is designing the right parameter. Parameters are information that is defined either by the user or the system to operate the security system such as using the password or tags for identification and authentication purpose. As stated in [2] the report defined the overall scope of the problem:
"Computer systems are coming of age. As
computer systems become more prevalent,
sophisticated, embedded in physical
processes, and interconnected, society
becomes more vulnerable to poor system
design, accidents that disable systems and
attacks on computer systems . . . . without
adequate safeguards, we risk intrusions into
personal privacy (given the growing
electronic storage of personal information)
and potential disasters that can cause
economic and even human losses".
Methodology
According to the (Wikipedia); a questionnaire is a research instrument consisting of a series of questions and other prompts for the purpose of gathering information from respondents. In this research, questionnaire was used to collect data about the physical and environmental security management in Politeknik Tuanku Syed Sirajuddin, Perlis. There are 120 sets of questionnaire being distributed to 120 respondents in four departments and one unit; Department of Mathematics and Computer Science, Department of Hospitality, Department of Engineering, Department of Multimedia, Visual and Communication and ICT Unit. There are seven sections have to be answered by the respondents; respondents background, use security areas to protect facilities, use physical security perimeters/logical boundary to protect areas, secury organizations's offices, rooms and facilities, protect facilities from natural and human threats, secure power and telecommunications cables and maintain organization;s equipment. The respondents answered based on the scale Yes, No or Not Applicable. The responds is analyzed using SPSS software.
Analysis / Finding
V. Conclusion
VI. References
Questionnaire.Retrieved Jan 10,2011,from http://en.wikipedia.org/wiki/Questionnaire
Computer at Risk:Safe Computing in the information Age.National Research Council,Natioanl Academy Press,March 1991.
M. Gerber and R. von Solms, "Management of Risk in the Information Age," in Computers & Security, vol. 24, pp. 16-30, 2005.
Need an essay? You can buy essay help from us today!
Please rate the quality of this essay:
Thanks for your rating :)
Good
Neutral
Poor
Struggling with your essay?
You can get your essay custom written by an expert in your subject area. Fully researched and referenced, the perfect model answer...
Get a quote here
Request the removal of this essay.
Tiada ulasan:
Catat Ulasan