Referring to both theory and practice, this essay will investigate the strategies companies utilize for the design and implementation of their security policies.
Todorov (2007) highlights the imperatives of implementing physical security policies. Even while conceding to the importance of automated, computer-mediated security systems, Todorov (2007) contends that the importance of physically securing sensitive sites within a company cannot be overlooked. Concurring, Fernandez and Sinibaldi (2003) explain that the securitization of sensitive physical sites within a corporate structure is comprised of four principle components. First is the management of physical locations, whereby the access control system policy should be designed and implemented with the purpose of controlling access to locations/sites. Second is the control of who may access a restricted room. As different types of employees may have access to different areas/sites within the company, it is necessary to implement an authentication and authorization role-based access control system. ...
may not access particular sites but keeps logs with appropriate auditing facilities of the employees who entered each room at any particular time and date. Thirdly is the design and implementation of application interfaces which allow administrators to create new permissions, users and locations which, in turn, would allow supervisors to generate audit reports to survey access to rooms and to allow users to change passwords, among others (Fernandez and Sinibaldi, 2003).
The often technology mediated securitization of access to physical sites is dictated by the imperatives of ensuring that no unauthorized persons are able to gain access to sensitive data or, indeed, tamper with the said data.
2.2 Network Security
Physical security policies are partly informed by the imperatives of fortifying network security. Fernandez et al. (2006) explain that even though it may be assumed that any corporate network has the requisite software and hardware security systems installed, that does not eliminate the need for physical security. Firewalls, anti-malware and spyware technologies substantially contribute to the denial of access to unauthorized users and additional software-based network security systems largely ensures that even authorized users whose identities have been authenticated cannot tamper with the data in question (Fernandez et al., 2006). Nevertheless, network security systems have been known to be penetrated, not only by hackers, but by corporate employees (Grimes, 2006). It is hardly uncommon for employees to access data which they do not have the network security clearance to do, through the theft of passwords, and to subsequently steal copies of the data for sale to competitors or to tamper with the data for a variety of personal or financial reasons