TECHNICAL SECURITY
Technical security is the general term used for any security measure that employs technology in
some way. This is usually related to computers and the software techniques that
can be employed, but it can equally apply to technical locks, using
tokens or fingerprints, to hardware, through the ‘locking’ or disabling of
ports, or to some other technological
solution for a specific application.
One of the
main concerns about such measures is the ease with which they can be overcome.
Some are undoubtedly very difficult to circumvent and, in the case of
encryption for example and as discussed in, the best encryption techniques are
essentially untraceable in any real sense of the word. There have been
instances, however, where electronic locks, though present, were left in a ‘safe state’ of
unlocked after a power failure, hence providing no protection at all. It has
been acknowledged that some of the early attempts at technological security measures using tokens were less than
successful when it was found that any credit card with a security strip could be used to operate the
lock.
PROCEDURAL SECURITY
Procedural security covers the rules, regulations and
policies that an organization puts in place to help reduce the risk of issues
arising. They could, for example, include clauses in employment contracts that
legally bind employees to obeying the security policy, the appropriate use policy or
other necessary rules and regulations. Whilst in itself this doesn’t prevent
problems happening, it can make them less attractive to staff if they know they
could be disciplined, or even dismissed, for contravening the rules. As a
matter of interest, this has now begun to happen, with several members of staff
from different organizations in both the public and private sectors being
dismissed for breaking such polices.
This sort of measure would also
cover the correct vetting of staff beforethey are employed to ensure they don’t
have any convictions or other incidents in their background that might mean
they are unsuitable for employment in a specific area. The induction training
or probation period of employment might be another way of ensuring that all
staff are fully aware of their responsibilities as soon as they join an
organisation. Setting standard ways of doing particular tasks associated with
information might also be applicable. If, for example, there must always be two
people present when the safe is opened, or two people have to confirm the
destruction of highly classified material, this too would be a procedural
measure.
No comments:
Post a Comment