Register now or log in to join your professional community.
Access control is NOT the ONLY KEY to security management of any office or premises.
You have to see security management as a holistic, multi-dimensional, and multi-layer responsibility.
It is wholistic because security management must be part of an overall strategy of the organization especially if security includes the security of customer information. There should be a policy defining how security is implemented and a post-security breach is going to be handled.
As part of my responsibility, I have a critical part of determining policy for security management and how to handle people who breach security. Security responsibility starts when Recruitment enters the name of an applicant interviewee's name on the appointment list. I assess threats at the point of entry during application for employment. There were instances that security breach was committed by people who encode data on Access Key Cards. IT personnel had free access to Operations which led to the theft of RAM chips from PCs in Operations Shop Floor. It happened because IT applicants were not vetted simply because they were endorsements from key people.
Multi-dimensional because it covers physical infrastructure, IT infrastructure, personnel vetting, document-information protection, and key personnel protection. If your network cabling is not designed with security factored in, you will have someone plugging in a tablet from a hallway UTP port without the "hacker" needing an access key card. Security should already be factored in during the design of a facility.
It is multi-layer because different levels in the organizational structure require different security requirements and respond to different protection needs.
I suggest learning about data security first which covers the different aspect of protecting data and IT infrastructure. You can visit this website
https://www.pcicomplianceguide.org/
After you have conducted your internal security audit, you can start reading up on ISO Security Standards:
http://www.iso27001security.com/
I used to comply with the Payment Card Industry - Data Security Standard (PCI-DSS) and at the same time responsible for the security of personnel on site and Executive Protection. You also need to consider business continuity in the event of a security breach.
Thanks
I think they are:
I am agreed with Virgilio Paralisan coments. Access automation systems is advance technology for authorize and unauthorize person security permission. Any reputed organization company safe his property and persone protection.
Proper documented Access Control Policy
Procedures to facilitate implementation of those policies
Managing Information Security Accounts
Employing automated mechanisms to support the management of security accounts
I agree...............................................
Access Control is the key to security management.
Access control needs to be achieved for
Physical and logical in any organisation to avoid Loss/Threat.
For better access control, every organisation shall have the Risk assessment in place and update the same in every year / frequently based on the business nature and demand. Based on the risk assessment and vulnerability assessment organisations should take the mitigation and countermeasures in place with standard operating procedures for both Physical and logical ACS.
This should include the priority for the business interests.
Organisations shall decide what are the possible and affordable solutions can be used to mitigate the physical and logical threats to the premise.
Create account in system for example ZKTeco and get access card to this user account , and also premission of level account - user,manager,admin
Visitor Control
Material Control
Vehicle Control
Visual Surveillance
if you need more info, kindly pm me
I too agree with Mr.Virgilio Paralisan views
...................I agree with all ...................
I will got the answer given by the Mr. Virgilio, who has explained well and covered many areas.