As a security professional at a company or agency, what steps should be taken to enhance the current level of security for the business or agency?
kipling2448 | Certified Educator
When discussing security procedures and arrangements for a business or government or nongovernmental agency, there are a number of areas that would need to be addressed, ranging from physical security of the premises from outside intruders, to security of the company or agency's computer network from hackers intending to disrupt the organization's operations, to the perennial problem of employees committing acts of sabotage or embezzling from the company or agency. When approaching a particular organization's security needs, the security officer first has to conduct a threat assessment: what are the likely threats to this particular organization, who is likely to carry them out, and what are the optimal measures to prevent the actions. In this age of ever-present threats from terrorists on infrastructure targets and from cyber attacks intended to cripple the organization's computer network or to surreptitiously infiltrate the network to spy or steal company secrets, the challenges confronting security personnel are greater than ever. One of the first measures a security officer should take is to assess the vulnerability of the premises to outside intrusions, ranging from simple vandalism to sophisticated acts of burglary, to potential threats from armed criminals or terrorists. Networks of surveillance cameras and sensors have become commonplace in American society, in all matter of organizations, and will likely grow in number and sophistication in the years ahead. When appropriate, adequate fencing and secured entry and exit points need to be addressed. In addition, all staff have to be briefed on requisite procedures for ensuring unwanted intrusions are minimized. Once the physical premises are secured -- consistent with the type of organization and nature of the work conducted there -- security of computer networks is paramount, and represents the greatest challenge confronting security officers. More so than with physical security of the premises, cyber security is and will remain a constantly evolving "cat and mouse" game wherein sophistication of intrusions is met with sophisticated defensive measures, which begat in turn more sophisticated attacks. While the action-reaction phenomenon of these cyber security challenges will remain in perpetuity, the importance of maintaining vigilant cannot be overstated. Similarly, the imperative of training employees in proper computer security procedures is of utmost importance. Finally, protecting a company or agency from insider attacks is a perennial challenge, as the National Security Agency and its contractor, Booz Allen and Hamilton, can attest following the revelation of leaks to news media by Eric Snowden. Intelligence agencies in particular, but also some law enforcement agencies and government contractors that work on highly sensitive matters subject personnel with high-level security clearances to polygraph tests to look for signs of duplicity that could indicate espionage, embezzlement, or some other type of crime. Such measures, however, are generally restricted to those working in very sensitive areas.