Secure Environment for Aim Higher College: Physical, Administrative and Technical Controls - Essay Sample

Introduction

One point that should be clear at Aim Higher College is that security is a responsibility for everyone. Based on the description above, there is a need for the sets of controls: physical security controls, administrative security controls and technical security controls. The type of security control to be selected will depend on a risk assessment at the premises. The assessment process will identify threat and vulnerabilities. The controls will be used to mitigate risks and reduce the probability of attacks. Simple issues such as unlocked doors, unrestricted access, and attempted logins can result in catastrophic consequences; there is a need to address them in the early stages.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

For successive intervention, enhancing integrity, availability and confidentiality in the information system, all the three types of security controls should be implemented at the facility. In addition to dividing the security control into administrative, technical and physical measures, the controls will also focus on addressing the time of control, relative to a security issue they are directing, preventing or correcting.

Physical Security Controls

Physical security controls will aim at controlling physical access to the data center facility and protecting the availability of data. They will aim at ensuring unauthorized persons at the campus are excluded from the physical assets where they pose a threat. In this case, business systems considered sensitive assets need to be protected accordingly. Strategies to achieve this objective include, introducing physical intrusion and detection systems, automatic door controls, closed-circuit television (CCTV) surveillance, including guards and receptionists.

Technical Security Controls

Also known as logical controls, these elements will include hardware and software features which will help to boost security and integrity of data, programs and operating systems. Hardware features will aim at preventing accidental and intentional access to the operating system programs. Software features will boost the means to identify, authenticate, authorize as well as limit the authenticated user access to previously permitted actions.

Administrative Security Controls

Also known as procedural and policy measures, these controls will be put in place to guide students and facility members in dealing or handling the institution's datacenters, both the research and business systems. The guidelines will inform users on the day to day operations and conduct at the facility. These policies will have to be enforced with physical and technical controls.

Strategic Set of Controls to Secure the Facility

Based on the above control systems requirements, the following are suggestions for directing, preventing and controlling potential threats to the system. First, Identification cards (ID) should be used for every entry to the facility so that students or facility members in and out of the datacenters can be monitored.

Second, to have limited access to secured areas, alarms and keycard access should be implemented. In addition to automatic door controls, there should be alerts for doors left open. Students and facility members without keycards should not access the premises. Besides, closed-circuit television (CCTV) security cameras should be placed at strategic points, including entrances and exits to capture all activities around and in all areas.

Third, to solve the issue of lights being left on, an automatic energy saving timers should be installed on the lamps. The lights should go off automatically when there is no activity in the rooms, say after 10 minutes. When there is any activity, say motion is detected, or a person advances to the facility, the lights should turn back on. Users should also be educated on the need to conserve energy. Such measures in place will save on energy consumption.

The presence of logs on business systems, usernames and saved passwords are technical security controls issues. The systems need to be reconfigured to prevent the user from being prompted to save the usernames and passwords. Saved passwords retained on the computer systems are vulnerable to attacks. Access to unauthorized websites should be prohibited by using firewalls. Also, administrative security controls should be put in place requiring users to delete login details and avoid repeating passwords. These measures will secure the domains the passwords are susceptible. Besides, a login encryption program or Secure Shell (SSH) support will be required to protect the software components of the computer system, and as such, possible hacking and damage threats to the computer systems will be eliminated.

After-hours access borders on procedural measures. After-hours access to the facility should also be restricted. The institution should set hours for operation, say from 07:00-22:00.

Figure SEQ Figure \* ARABIC 1: Proposed layout with Keycard access at every entry

Conclusion

The recommendations above are meant to protect the datacenters, both research and business systems in all aspects. Doors are going to be closed and locked automatically. An alarm will be sounded when they are not closed alerting nearby guards. Lights are going to go off when there is inactivity for 10 minutes, and turn back on when motion is detected, or a person approaches the premises. Keycards will limit access to the facility. ID cards will help in monitoring those in the facility. The hardware and software components of the information systems will be protected by antimalware, firewalls, login encryption and SSH.