Where do you stop when it comes to security…at the door or camera or some other system? There is a deeper level to think about when it comes to your physical security…the security of your physical security systems. I know, it’s a tongue twister but is also very important.
Here’s the question you should ask yourself, “How secure are your physical security systems from unauthorized access?” This includes the physical equipment and its data. For example, if you have a camera system, how secure are the passwords, network, equipment and other components it takes to monitor the cameras? Where is all this equipment and information, who has it, and who has access to it? There is a good article by GENETEC, “How Secure Is Your Physical Security System?” that really summarized this issue well.
“When thinking about your IP physical security system, you are probably pretty confident that you have everything you need. After all, you have security cameras and a VMS in place. And you have access controlled doors that require credentials you’ve issued for people to get through. But have you asked if the system itself is secure? Have you thought about:
- How your security data is protected?
- What kind of information is contained within your security system and what can be done with that information?
- How dangerous it would be if that information ended up in the wrong hands?
The answers to these questions can lead to varying degrees of introspection and self-assessment.”
In addition to these questions you should also ask:
- Are all rooms and cabinets locked?
- Is access to locked rooms and cabinets restricted to authorized users on a specific schedule?
- Are all access events logged for audit if needed?
- Can card access systems be bypassed with a mechanical key?
When we talk about “Risk Management” with our customers, these are paramount issues that most aren’t thinking about beyond the initial physical security requirements. Many feel it’s “someone else’s job” to think about these things. But whose job is it?
Someone in the organization manages Risk…they care about this and should be involved in knowing and understanding where the organization stands with regard to this level of risk. This would be a great question to ask them, “How secure is the information about our security system?” If it isn’t something that has been addressed, we would highly encourage you to address it and see where your organization is and how much risk you are assuming or controlling.
This is one of the areas that gives the leaders of the organization more “peace of mind” when thinking about the security of your assets and your people. We believe it should be high on the list of priorities to lower an organizations risk and threat.