Security, here we are, the SDS' spearhead.
Security is perceived differently in various countries, regions or activities. In South-East Asia and especially in Thailand. In the Kingdom of the smile, the security (for the particular) is seen as an existing part of the society (there are the guards everywhere) but not like a real necessity. This acceptance, without any real attraction or need for efficiency, relegates security services to the minimal means rather than the optimal results.
We wish on this post to give a simple idea of what would be a minimum standard, knowing that each case is different and is part of a process of reflection called Economic Intelligence.
We have discovered in the previous post, that a lot of information circulate within a company or an institution. This information needs to be kept in order to be analyzed to help decision-making.
This information arrives in various ways, dematerialized (internet), informative media (hard disks, keys) or even research material (material found for dissection).
Certain employees held trade secrets, know-how and goods with a high value which must be protected. More we sectorize all these assets, the more we create airtight spaces. These hermetic areas make slow down the misdeeds and access control are going to regulate the rights.
Security is therefore always based on rights and authorizations in named and perfectly-identified areas. In order not to reveal any secrets, we are going to define and name zones and give them functions. In order not to reveal any secrets, the zone names are random but are the basis of our demonstration.
1 - The "Extended" Zone can be a region, a country, a district or a neighbourhood. It provides information about the environment, worship, culture, conflicts, natural aspects and therefore the first risk estimates after an analysis specific to each "Security Manager" worthy of the name.
2 - The "Neighborhood" Zone is the immediate contour of the site to be protected. It includes of course the risks of the ZE, but must integrate a specific form of operation which will be linked with the perceived image of the company. The listening watch is requested. This area is not under the responsibility of the company but perhaps, after agreement under its overseeing.
3 - The "Open" Zone is under the responsibility of the company. It is not required at this level to show clean hand to access it. It could be a store, an open reception area, or the lobby of a high-rise apartment building or hotel.
4 - The "Identify" Zone is waterproof. The aim of access control is beginning to show its logic. It is essential to be formally identified to get permitted access. The law on RGPD is also made accordingly. This area is, therefore, free, subject to duly registration, often in conjunction with more or less strict security checks. Access to the floors of hotel rooms, for example, or even the floors of a high-rise apartment building.
5 - The "Restricted" Zone is also waterproof and is accessible to employees or people outside the company subject to special authorization (external service providers for example). Traceability will be essential and strict security control will always be established as well as an up-to-date verification of entry rights. Often reserved for employees, this access is often out of the public view.
6 - The "Confidential" Zone is usually located within the ZR. The rights are more and more limited in quantity and functions and no one without rights can access them. Additional measures such as banning phones or metal objects can be added.
The "Secret" Zone is always within a ZC and may be subject to strict regulations such as double-checking and the presence of an authorized witness or/and secure recording in a local area network (LAN) or even sterilize area such "Faraday area". Embassies knew these spaces which disappeared with the arrival of the Internet.
A bakery will have various risks and needs than a business which creating anti-terrorist equipment. Now that the zones are defined, it is easy to delimit them and open automatically or manually secure accesses according to strict protocols. Of course, you will have the possibility to install surveillance cameras or intrusion alarms at suitable locations which requiring continuous observation.
The structures of buildings and rooms will be adapted to slow down the flows while keeping them fluid. These openings will always be made to slow down break-ins. Thus the doors and windows to the exterior will always be resistant, even bulletproof made, and alarms will be placed to survey the entrances.
Finally, basic security is flow management by sharing areas, controlling access, establishing rules for schedules, operating modes and finally coercive measures in the event of disturbances. Guards and other security actors will be glad to use all its possibilities, but will always keep in mind that the worst enemy is simply the routine and that loss of vigilance kills.
Once this basic security is achieved, we also need to protect ourselves from possible loss of confidentiality, knowingly or none.
These breaches could directly impact the information and its degree of protection.
Our sixth post will deal with this cyber and behavioral topic of privacy.