Managing Vulnerability In Security System Essays Example
Type of paper: Essay
Topic: Security, Risk, Backup, Management, Information, Company, Effective, Law
Pages: 4
Words: 1100
Published: 2020/11/24
Security officials have a mandate in ensuring that threats that are technological, human-made or natural are managed by identifying their vulnerabilities. The first element in making this a reality is ensuring an on-site security, personal measure up to their role and are effective in their delivery of services. A variety of functions are carried out by on-site security guards for instance, private foot patrols, access control, enforcement of rules and regulations set aside for customers and prevent losses in the areas they patrol (Norman 2014). Their mission is to put off, identify, observe and report any events that they deem suspicious.
Daily activity reports are completed and presented to the facility for further analyses. Their mandate is made effective by monitoring access to facilities and community at large. They ensure that access of facilities is only done by authorized people to mitigate theft and safety incidents. They also conduct the procedures of opening and closing according to specifications given about the customers. This also includes deactivation or activation of alarms and securing certain areas within a community. Enforcement of set rules is also a way by which the role of safeguarding is made effective. Such rules include parking enforcement and work with proposed tow companies to curb parking issues. Electronic patrol and reporting of incidents is achieved through documentation of all activities whereby the activity logs are sent to customers for evaluation (Pearson 2009).
Appropriate countermeasures must be employed based on risk and vulnerabilities using basic attacking methodology. Surveying and assessing of potential risk or vulnerability is done in the most discrete way not to raise unintended alarm. Surveying and assessing the characteristics of a potential target is done. Characteristics to be assessed include supported services.in addition to protocols and the threat that is suspected. An initial attack is planed with the use of information garnered from the assessment. In addition to that, exploitation and penetration of the surveyed target follows suit. The front gate or the access point is the next channel where attack is deployed after the network is fully secure. In case of a technological threat, the most appropriate way of attack is through the applications logon page (Norman 2010).
Escalation of privileges then follows whereby security systems are tightened to ensure a more sophisticated model of access is rendered to ensure threat is thrashed effectively. In case of a technological matters, privileges such as authentication of a session or code injection guarantees security to the account involved with security issues. Maintaining of the newly acquired system ensures risk is mitigated and discouraged in general. Data such as log files should be protected and scrutinized on regularly. Denial of services to risky sources is crucial in ensuring safety is upheld within a facility or firm.
Priorities are case essential to be communicated effectively to all the stakeholders involved in the security system program. This normally occurs when there is an onset of a crisis or strategies are being formulated to counter one. In order to get rid of threats and vulnerabilities, the management should endorse advisers who give advice on situations that affect a firm urgently. These helps to convey a priority order series of decisions and proposed actions to counter the raising contentious issues. The next most strategic aim is to manage victim dimension in case of a crisis and those who are affected directly (Broder 2010). The trust of the community, public and staff is boosted by effective communication to all parties that constitute a community or a company. Assigning responsibility to various individuals to explore security is an integral part of a successful partnership. Formulation of a priority process is important to keep all groups and individuals informed.
A cost estimate should be carried out and description of the benefit noted in regard to the selection of countermeasures. The task that involves balancing of cost and benefits posed by countermeasures is basically the work of risk analysis. The analysis essentially identify assets, threats that the assets are faced by, the probability of the loss an organization can suffer from the threats and how to respond effectively to the loss estimated. The first line of attack is to dispense values to statistics of the assets. This is followed by estimating the potential risk and later on the likelihood of each kind of risk. Costs are usually set as an annualized price and can be evaluated against the probability of occurrence scheduling, the risk analysis permits management to assess the requirements and weigh them with business aims and the costs. For an information safety program to be effective, the integration of security procedures and processes with the business necessities is vital (Benny 2013). A key part of that is the safety of the resources, and the risk valuation helps in that analysis.
Risk management options are evaluated and enacted in the security system to ensure countermeasures are achieved. Risk management options follow a performance criteria that involve organization of functions and tasks. Relevant standards set aside for risk and legislative requirements in an organization are identified and followed effectively. Relevant persons are given the responsibilities and roles that are attributed to the instigation of the plan of security management after they are clearly defined. Linking of activities to the achievement of outcomes is done in order to project the action plans proposed. Within the required time, resources and materials needed to aid in the instigation of the plan are made available. The established channels for communication are used to distribute the plan that has been implemented to all the stakeholders.
Confidentiality on clients’ information is confirmed and exercised to safeguard the information according to set requirements in an organization. Monitoring of risk is another risk management option whereby monitoring of any risks to resources is done so as to maintain suitability of the instigated treatment options in security threats. Any changes noted within the operational system are scrutinized and counter measures addressed swiftly. Risks are documented according to their occurrence so as to provide assessment to determine their type and cause. Reviewing the effectiveness of the treatment options is done with costing of all types of options available to ensure enough resources are allocated in the security plan. Monitoring of inconsistencies between treatment of options as well as incidences of threat are done through effective planning. Measures that have been discussed extensively by stakeholders are incorporated in the plan aimed to alleviate risk through management (Broder 2010).
Recovery and backup plans are as well crucial in security management. Issues that must be put in consideration to attain recovery and backup. Determining who is notified on the onset of a backup plan is important and if the backup fails due to hardware problems, recovery is done through purchase of another hardware. Availability of technical support team is essential since recovery plans need a specialized attention. The security of backup processes, as well as the security of the stowage location, is of paramount significance (Benny 2013). Furthermore, creating a backup-and-restore procedure and determining what to back up call for setting or complying with company strategy. Performance of the backup operations should also be monitored. Complete confirmation of the whole backup-and-restore procedure is critical.
Develop backup-and-restore policies with suitable resources and workforces, and then test them. Analyzing backup strategies also validates how much time is vital to reinstate data. A good plan safeguards fast retrieval of lost data. Trying to perform a probationary restoration occasionally to verify that records are properly backed up. A trial refurbishment can expose hardware difficulties that do not display with software certifications. After a backup plan has been calculated, testing it thoroughly with as many replicated failures as possible. For example, if one uses disk mirroring, mimicking a disk failure by taking away or running down one of the mirrors and confirming that remaining mirror progresses to operate without intermission (Pipkin 2012).
Finally, security event logs are similarly a very probable way to decide general security program effectiveness. In a year’s time, security logs will display trends and categorize unsettled vulnerabilities. In the same way that security occurrence reports can expose unresolved vulnerabilities, patrol logs can as well do the same thing. Commendable security program managers train their patrol constables to comprehend vulnerabilities and to spot them with ease. The risk analysis ought to be updated per annum. This offers a chance once every year to match inclusive risk development year by year. (Benny 2013). The channel in the middle of this year and previous years portray a beneficial metric to define risk progression.
References
Baker, P. R., & Benny, D. J. (2013). The complete guide to physical security.
Broder, J. F. (2010). Risk analysis and the security survey. Boston, MA: Butterworth Heinemann.
Norman, T. (2014). Integrated security systems design: A complete reference for building enterprise-wide digital security systems.
Norman, T. L. (2010). Integrated security systems design: Concepts, specifications, and implementation. Amsterdam: Elsevier Butterworth-Heinemann
Pearson, R. L. (2009). Electronic security systems: A manager's guide to evaluating and selecting system solutions. Amsterdam: Butterworth-Heinemann.
Pipkin, D. L. (2012). Information security: Protecting the global enterprise. Upper Saddle River, N.J: Prentice Hall PTR
- APA
- MLA
- Harvard
- Vancouver
- Chicago
- ASA
- IEEE
- AMA