CHAPTER

IV
PHYSICAL
SECURITY

GROUP 1
 At the end of this chapter, the student will
OBJECTIVES be able to:
- Define physical security
- Explain the purpose and advantages of
physical barriers
- Explain the three lines of defense and
enumerate examples;
- Illustrate protective alarm sensors
- Characterize protective lighting and
enumerate examples
 Physical Security
-Refers to a logical set of tangible elements and
measures adopted to prevent unauthorized access to
equipment, facilities, materials, documents and
personnel.
- The main objective is to protect these assets from
damage, compromise and loss.
- Example; fence, sensors, and protective lighting.
 Principles of
Physical Security
1. The type of access necessary depends on the number of variable factors, thus, may
be obtained in different ways.
2. There is no such thing as an impenetrable barrier.
3. The installation of a barrier varies from another.
4. There is defense in barrier depth.
Factors in Selecting Security Safeguards
1. Site Characteristics
election of safeguards can be influenced by the nature of the site such as the
size, layout, utilities, internal activities and assets in the site. Other factors
may include company philosophy and workforce culture.
2. Environment
- This refers to the area surrounding the facility.
3. Forces of Nature
-Also at play in the selection of safeguards are the environment's
climate, weather, and natural forces.
4. Crime
-Crime patterns must be considered in selecting the necessary
countermeasures. Decisions should be preceded by a risk asses of
that includes a study on the nature, intensity, and repetitiveness or
criminal acts that have occurred in or near the facility during the
recent past.
 Physical Barriers
A barrier is a natural or manufactured obstacle to the movement of
persons, animals, vehicles or materials. It defines physical limits to
and delays or prevents penetration of an area (POA Publishing LLC,
2003).
- It is impossible to build a barrier that cannot be compromised.
- The idea is to cause as much delay as possible by designing a series
of layers, or concentric circles, so that highly protected assets are
within a configuration of multiple barriers.
A concentric protection of a high-security facility allows for
several rings of barriers, as explained by John J. Fay in his book
Contemporary Security Management.
Advantages of Physical Barriers
1. Physical barriers become a psychological deterrence when a
potential intruder is discouraged from accessing a facility
because the barriers appear to present difficulties.
2. Actual difficulty in getting through physical barriers.
3. Reducing the cost of security staffing by substituting barriers for
people, and placing security posts in locations that complement
barriers.
Purpose of Physical Barriers
1. To control the movement of people and vehicles into, out of, and within the
facility.
2. To segregate or compartmentalize sensitive areas
3. To provide physical protection to objects, materials, and processes of critical
nature

General Types of Physical Barriers

1. Natural Barriers
-include bodies of water, mountains, marshes, ravines, deserts or other terrain that
are difficult to cross.
2. Structural Barriers
-are man-made barriers such as fences, walls, floors, roofs, grills, bars, roadblocks
or other physical means. A structural barrier physically and psychologically deters
or discourages the undetermined, delays the determined and channels the flow of
authorized traffic through entrances.
 Other Types of Physical Barriers
1. Human Barriers
The guard force as a human barrier is the key dement in any security system.
Without it, all other protective devices mechanical, electrical or electronic-
would be useless.
2. Animal Barriers
The most common of animal barriers are dogs known as the K-9 team. The
number of dogs to be used relies on the size and kind of installation being
secured.
First Line of Defense: The Perimeter Barrier
-The usual starting point in assessing risk at a facility is the perimeter. The
major purpose of the use of perimeter as barrier is to deny access or exit of
unauthorized persons.
 Purpose of the Perimeter Barrier
* To define the boundary of the property to be secured.
* To create a physical and psychological deterrent to unauthorized
entry
* To delay intrusion, thus facilitating the apprehension of intruders
* To assist in a more efficient and economical employment of guards
* To facilitate and improve the control of pedestrian and vehicular
traffic
 Types of Perimeter Barriers
1. Wire Fences
1.1 Chain Link Fence
* Must be constructed of 7-foot material excluding top guard
* Must be securely fastened to rigid metal or reinforced
concrete
* On soft ground, must reach below surface deep enough to
compensate for shifting soil or sand
1.2 Barbed Wire Fence
* The distance between strands must not exceed 6 inches
and at least one wire will be interlaced vertically and
midway between posts.
*Must be less than seven feet high, excluding top guard
1.3 Concertina Wire Fence
*Standard concertina barbed wire is a
commercially manufactured wire coil of
high strength steel barbed wire clipped
together at intervals to form a cylinder.
*Opened concertina wire is 50 feet long and
3 feet in diameter.

1.4 The Top Guard

*A top guard is an overhead of barbed wire
along the top of the fence, facing outward
and upward at approximately 45-degree
angle.
 1.5 Clear Zones
*A clear zone of 20 feet or more should exist between the
perimeter barrier and exterior structure, parking areas: and
natural or man-made features.

2. Building Walls

Walls, floors roofs or their combinations serve also as barriers and

must be of such construction to provide uniform protection just like
the wire fencing.
Masonry walls' height must be the same that of the chain link and
surmounted by the barbed wire top guard, if the height of the masonry
is less than the prescribed, additional chain link as "topping" is placed
to attain the minimum requirements. Walls can be made of stone slabs
with post at regular intervals to prevent the wall from collapsing.
3. Bodies of Water

Bodies of water like river, lakes, marsh,

ponds or other bodies of water forming
part of the wall, building or fencing should
never be considered adequate natural
perimeter barrier. Additional security
measure like wire fence, concrete walling,
security patrolling and floodlighting at
night maybe necessary for the portion of
the perimeter.
 Second Line of Defense: Building Exteriors
Building surfaces such as walls, ceilings, floors and
roofs constructed primarily as security barriers, that they
have the potential to deter penetration

Roofs
The roof usually has sheathing placed over the rafters,
often horizontal wooden boards placed flush on the
rafters. Sheathing may be covered with felt or other
insulating material, foundation and these layers covered
with shingles, metal sheet, tar paper, tile or other
weather-resistant material.
Exterior Walls

Exterior walls may be similarly

constructed, with sheathing placed
diagonally on vertical studs and covered
with sheathing paper. This is usually
topped with an such exterior material as
stucco, or siding composed of
overlapping horizontal boards or vinyl
siding. Exterior surfaces of buildings
constructed of such materials as brick,
concrete block, stone block, cinder block
or reinforced concrete offer greater
resistance to penetration than those made
of wood.
Concrete Structures
An ordinary concrete building wall. because of its
rugged and formidable appearance, may give the
impression that it offers good protection against
penetration, but may not. Standard poured concrete or
concrete block walls are utilized to support structural
loads, or are used as curtain walls to enclose spaces
between load-bearing walls, but are not normally
designed
Floors to prevent or delay penetration.
Wooden normally floors have flush sheathing covering
the joists diagonally. This surface may then be covered
with building paper and flooring such as tile, cork,
rubber, linoleum Floors or wood. The floor may be a
concrete slab poured directly onto the ground, or it may
be on a foundation, raising it above the ground and
leaving a space underneath for an intruder to penetrate
the floor surface.
Interior Walls

Interior walls and ceilings may be constructed of

lath and plaster. However, prefabricated sheets and
panels of material such as plasterboard have
become, in recent years, a popular method of
interior wall and ceiling construction.

Ceilings

Ceilings covered with may be acoustic or

decorative tile. It is a common modern building
technique to construct ceiling plenums that do not
have security barriers between rooms and areas.
As a result, an intruder who can gain access to the
plenum space can work from there to achieve
access rooms or spaces below.
Doorways

Doorways, including the frame jambs and stops, are

constructed of either wood or metal. Doorways are of
two general applications: personnel and vehicular.
Personnel doorways, in both outer and inner building walls,
may be single or double. They are usually fastened of a by
hinges to the door jamb on one side and equipped with a latch
and perhaps a lock on the other side.
Vehicular doorways may also serve as entrances and exits for
personnel. Double doors are often used because of the size of the
openings. They may be hinged on the outside on jamb edges and
secured with a locking device where the inner edges of the doors
meet in the center.
Windows
-Windows are designed to provide ventilation, natural
illumination or visual access through a wall, or any
combination of the three.
- Most windows are equipped with clear glass and can
often be opened to provide access. The weakest area in a
window is usually the glass.

Other Openings
In addition to doors and windows, a wide variety of other
openings in the roof, walls and floor may require
consideration. These include openings for shafts, vents,
ducts or fans; utility tunnels or chases for heat, gas,
water, electric power and telephone, sewers and other
types of drains; and other small service openings.
 Third Line of Defense: Interior Controls
Establishing interior controls not only maximizes the
efforts of security guards. Such measures also allow or
deny access to facilities or areas within the facility, as well
as track the identity and times of entry and exit.

Locks
Installing locks on doors is the easiest line of defense
inside a facility. It is the simplest way to impose a physical
restraint as well as grant entry. However, locks can also be
vulnerable to physical force.
-A key operated lock can be picked, or its keys can be
duplicated illegitimately.
Below are factors to consider in using locks (Vellani, 2007).
1. Locks are only as good as the door, jambs, and walls around
them. A lock is therefore useless if an intruder can simply kick
a weak door to access a facility.
2. Key management is important when dealing with a complete
lock system. It is important to make sure that only authorized
personnel can obtain or make a key to the lock.
3. All locks can be compromised by an expert in a very short
period of time. It is therefore wise to use locks together with
other security measures and as part of an overall physical
protection system.
Telephone Entry Systems
Telephone entry systems are commonly used
in apartment buildings and condominiums.
They are typically located outside the
building, with a panel, handset and touchpad.
Each tenant has a special entry code that a
visitor dials. For added security, some
systems add a CCTV camera in the entry
lobby with small monitors provided to each
occupant.

Identification Systems
Controlled entry into a business facility
usually begins with the identification of the
person entering
The identity of employees or visitors can be determined through
the following types of identification verification and access
control."

1. Guards can personally recognize or inspect the identification of

employees or visitors, and then formulate a judgment of that
person's validity.

2. Card reader systems can compare the coded identification cards

with computer records for authorized verification. personnel

3. Biometric readers can use a person's physical property (such as

retinal pattern or fingerprint) to gain entry
Protective Alarm Sensors
-Different types of protective alarms installed indoors or
outdoors complement and supplement physical barriers.
--- -These systems are designed to alert security
personnel to completed or attempted intrusion into an
area, building or compound.

Protective Lighting

-Protective lighting is designed to illuminate the

perimeter barrier and the outside approaches of an area.
-A threat cannot be detected, either by camera or in
person, if there is no light.
 Purpose of Protective Lighting
* To provide sufficient illumination to an area during hours of darkness
* To improve visibility in order to easily spot, identify and even apprehend

intruders
* To present psychological fear
* To serve as deterrent to thieves, pilferer, trespasser and saboteurs

General Characteristics of Protective Lighting

* It is relatively inexpensive to maintain
* It may reduce the need for security forces.
* It may provide personal protection for security forces by reducing the
element of surprise by the intruder.
* It requires less intensity than working light.
Types of Protective Lighting

1. The stationary luminary is the most common type consisting of a series of

fixed luminaries.

- The glare projection type produces bright white light with its intensity
focused on the intruder who is made highly visible but unable to easily see
what lies ahead. Glare lighting also adds protection to security officers posted
behind the light source.
- Controlled lighting is focused on certain objects than the background.

2. The standby lighting provides continuous illumination of a protected area

during the hours of darkness, but it can be turned on manually or by special
device or other automatic means.
3. Movable lighting can be stationary or portable and consists of
manually operated searchlights. It may be lighted continuously during
hours of darkness or only as needed. It can supplement or temporarily
replace other types of security lighting.

4. Emergency lighting is a standby lighting that can be utilized in the

event of electric failure, either due to local equipment or commercial
power failure. The power source of emergency lighting is usually a
backup generator or an arrangement of batteries. Lamps mounted in a
stairwell that automatically light up during a fire fall into the
emergency lighting category
CHAPTER V

PERSONNEL
SECURITY
.Among the major threats confronting an organization are employee crime and
employee misconduct. In fact, internal theft surpasses the losses that can be attributed
to robberies, theft, frauds and other criminal acts committed by outsiders.
.It is the employer's duty to maintain a safe and secure working environment.
Employers conduct pre-employment background checks of job applicants in order to
protect existing workers, guests, and the public from the harmful acts of employees.
. An employee with legitimate access to corporate systems also has the potential to
wreck the organization's reputation by simply using a USB memory stick or a
webmail account to steal confidential information.
Purpose of Personnel Security:
-To identify security measures in proportion to the risk
-To reduce the risk of employing personnel likely to present a security concern
-To establish that applicants and contractors are who they claim to be
-To close down opportunities for abuse of the organization's assets

Pre-Employment Screening
Personnel security measures are usually undertaken during the recruitment process, This is
because companies believe that it is better to spot dangerous or dishonest, individuals before they
are hired. This means that the human resource department should not simply trust the correctness
of information written in a very impressive resume Hence, a proper background employment
screening on job applicants must be carried out.
- Apparently, companies in financial services have long been carrying out such background
checks, and only recently have other industries followed.
- The objective is to collect information and use that information to identify individuals who present
security concerns.
The pre-employment screening should include checks on the following
• Proof of identity and address
• Details of education and employment
• Criminal records check
• Financial check
• Checking of at least two character references
Pre-employment Screening Policy Checklist (CPNI, 2011)
1. Make pre-employment screening an integral part of the recruitment process.
2. Ensure that applicants are informed in writing that any offer of employment will be subject to the
satisfactory completion of pre-employment screening checks, whether or not the individual has
already been granted access to the site.
3. Ensure that the screening processes are legally compliant at all stages (including the wording of
application forms).
4. Involve all the relevant departments in the organization, and ensure they
communicate and share data effectively."
5. Identify the specific office responsible for the pre- employment screening process.
6. Incorporate specialist businesses into your strategy if appropriate.
7. Ensure that the application form requests all relevant information, including
consent for further checks, and outlines your screening policies.
8. Establish decision making guidelines for consistent and transparent judgments
about information.
9. Have a clear understanding of the thresholds for denying someone employment.
10. Be clear about how fake or forged documents will be dealt with.
11. Collect data on the results of the pre-employment screening process (e.g.
incidence of false qualifications or criminal record).
Application Form
Using a standardized application form to be completed by job applicants requires
them to provide all relevant information and confirm its correctness with a
signature.

Interviews
The job interview portion of the application also helps in the screening process
because it provides an opportunity to discuss the candidate's suitability for
employment. This interview is important because:
-A face to face discussion encourages applicants to be honest.
-It allows the employer to clarify information in the application form, ask for
other information not covered in the application form, and probe candidates about
their responses.
-It also provides a good opportunity to add to the overall assessment of the
applicant's reliability and integrity.
Identity Verification
Verifying the applicant's identity is a critical measure in the screening process. In
fact, other measures in the screening process should only come second after the
applicant's identity has been satisfactorily proven. The key is to verify that the
individual is not committing fraud by using false identities.

There are four main reasons why individuals use false identities:
• To avoid detection - Individuals like crooks, terrorists or wanted criminals may
wish to remain anonymous or undetected.
• For dishonest financial gain- This involves individuals who have ill intentions
to commit credit fraud or unqualified applicants who falsify educational
qualifications to obtain employment.
• To avoid financial liability - This includes individuals who have failed to pay
debts and are avoiding financial liabilities.
• To leally obtain genuine documents such as passports by using false
breeder'documents (ie. those documents required to obtain passports, such as birth
certificates which can have few or no security features).
Purpose of verifying identity is to ascertain the correctness of the information they
have given about themselves by:
• Determining that the identity is genuine and relates to a real person.
• Establishing that the individual owns and is rightfully using that identity.
One method of verifying identity, which is called the paper-based approach,
involves requesting original documents such as those that corroborate the
applicant's full name, signature, date of birth and full permanent address.
A second method called the electronic approach involves checking the applicant's
personal details against external databases. This method requires checking and
cross-referencing information from databases such as criminal records or credit
reference agencies.
Qualification and Employment Checks
-involves the verification of information regarding educational employment check
involve the verification of the applicant's employment or professional qualifications,
while an history in terms of dates of employment and position. The purpose of such
confirmations on the applicant's qualifications and previous employment is to help the
employer in evaluating the candidate's reliability and integrity. It also helps to discover
whether applicants are hiding negative information such as a criminal record or dismissal
from previous employment for suspicious reasons.

Media searches
-involve the evaluation of an individual based on their online reputation. It includes
searching for what they say or what on others say about them on the internet.
-can also help verify identity, confirm or resolve concerns about suspicious behavior, or
establish how security aware the applicant is.
-An individual who posts photos of drunkenness in parties and allows public
viewing of such photos could indicate poor judgment, especially if the position
being applied for involves working in a religious foundation or a prominent
conservative politician.
-There are risks, however, in using media searches. Employers might obtain
information about someone with the same name as the applicant. It is also
possible that the positive information available online were staged by the
applicant in order to appear qualified.

Ongoing Personnel Security during Employment

-Personnel security is a system of policies and procedures that manages the risk of
staff or contractors exploiting legitimate access to an organization's assets or
premises for unauthorized purposes. It is important to distinguish between this
and personal security, which seeks to reduce the risks to the safety or well-being
of individual employees.
Purpose of Ongoing Personnel Security (CPNI, 2010):
-To minimize the likelihood of employees becoming a security concern.
-To implement security measures in a way that is proportionate to the risk.
-To reduce the risk of insider activity, protect the organization's assets and,
where necessary, carry out investigations to resolve suspicions or provide
evidence for disciplinary procedures.

Importance of Ongoing Personnel Security

-Insider activities are those that exploit an access to an organization's assets for
unauthorized purposes.
-Numerous companies already had serious losses because of insider acts such as
fraud, theft, corporate espionage and even terrorism. But the more common
insider activities include those that involve unauthorized disclosure of
information and process corruption.
Security Training and Awareness
-Security training and awareness programs provide an opportunity for old and
new employees to gain necessary skills to perform their responsibilities within the
organization's security network. These programs may include the orientation for
new employees or other activities for existing employees such as workshops,
articles, posters, meetings focus groups or quizzes.
-The goal is to encourage them to accept personal responsibility for security and
equip them to make judgment calls that procedures cannot always predict.
To achieve these objectives, trainers and security personnel should consider the
following points (CPNT, 2010).

-Encourage staff to see those in security as friendly and approachable. Provide a contact
number or email address for reporting security concerns. .
-Demonstrate unconditional support for the security policy (particularly from
management)
-Explain the organization's security policies openly. If there some areas that are more
sensitive than others and where access is restricted this should be clearly stated.
-Give employees a realistic picture of the threats to the organization.
-Encourage cultures which resolve and correct rather than focus on establishing blame.
-Avoid exaggerating the risks and threats faced by the organization to gain more
credibility.
-Avoid making false claims about security to frighten employees into compliance.
-Provide regular refresher trainings to incorporate new security procedures in order to
help maintain standards and ensure that employees understand why these are important
to follow.
Addressing Behaviors of Concern

Managers play a key role in addressing negative behavior and ensuring that
security measures are followed. Managers sometimes fail to act on poor
performance and this could worsen the problem because other employees
might become dissatisfied for compensating on their co-worker's poor
performance. Another negative result is when employees assume that poor
performance is acceptable and follow that example.

Controlling Employee Access

Organizations usually use access controls as physical security measures
against outsiders: Similar considerations should be used to prevent or
minimize the risk of individuals with legitimate access engaging in insider
activities.
Screening for the Insider Threat
Insider attacks can cause significant damage to an organization. Big organizations might
rarely encounter threats of insider activity, but they should nevertheless be prepared by
establishing an effective screening regime. There is no clear pattern that can help detect
insider threat because the personality, motivation and behavior of insiders can be extremely
varied.

Exit Procedures
An employee who leaves an organization could possibly have considerable knowledge
about its assets, operations and security vulnerabilities. If the reason for the employee's
departure is not amicable, he might maliciously give sensitive information to the
organization's competitor. A thorough procedure on personnel departures is therefore critical
to ensure that appropriate actions are taken to protect the organization without unnecessarily
disrupting the relationship with the departing employee. Standard procedures could include
changes in the combinations for secure cabinets, termination of IT accounts, or changes in
generic passwords and remote access codes so that an employee will no longer have access
when he leaves the organization.
The Exit Interview

By and large, the exit interview is done with employees about

to leave the company in order to help identify problems
contributing to employee turnover. The employee's experiences
and reasons for leaving may suggest needed changes and open
the eyes of the management to adopt a course of action that
will improve the morale, improve the working conditions and
increase efficiency. Expanding the questions by including
security questions can be an effective source of information
about loss.
As a security measure, the exit interview is an opportunity to:

-Remind the employee of his obligations and organizational codes of

conduct concerning access to assets like intellectual property.
-Obtain all passwords or encryption keys for files the employee has been
working on so that they can be changed accordingly.
-Recover as many of the organizational assets, access tools and identifiers
as is reasonable at the time.
-Ask the employee if they have any comments/observations about the
strength (or weakness) of the security culture, measures and procedures in
place within the organization.
 DOCUMENT
AND
INFORMATION
SECURITY

CHAPTER VI
-Protecting crucial documents has become progressively more critical in
this age of fast growing technology. The loss of document and information
can cost a company huge amounts of money.

-Owing to this, a comprehensive document and information security

program is important to operating and competing in our modern society.

-Implementing an efficient and effective document and information

security program requires knowledge and skills in the field of document
and information technologies as well as management. Its management
relies on a clear understanding of the types and uses of document and
information within an organization.
Types of documents
Class-1 - Vital Document - an irreplaceable record, reproduction of which does
not have same value as the original
Class 2- Important Document- a record the production of which will involve
considerable expense and labor are considerable delay
Class 3- Useful Document - a record the loss of which may cause inconvenience
but could be readily replaced and may not present insurmountable obstacle to the
prompt restoration of the business
Class 4- non-essential document a record that may include daily files routine in
nature the loss of which will not affect the organization's operation. This class
represents the bulk of the record which can be kept in ordinary files ready for
reference if needed and usually discarded after some period of time
Stages of Information Cycle

Information occurs through various stages Familiarization of the different stages

can provide significant analysis on how it can be protected.
1. Creation - During this stage, information is discovered and developed

2. Use- Undoubtedly, information is created for use.

3. Storage and Retrieval - Used information should be put away for future use.
Storage and retrieval methods must ensure the integrity of the information, its
timely accessibility to authorized users, and its protection from criminal
intervention and disastrous circumstances.
The security measures that must be taken depend on the type of storage center,
the storage means and the storage technologies used. More importantly, the
experience and dependability of the personnel who will handle the storage and
retrieval of information must be considered.

4. Transfer-This involves the transfer of information from active to inactive

storage. Inactive records are usually located in remote areas less accessible to
users. Special security precautions should be taken at the time of the transfer and
when records are on the way from one place to another.

5. Disposition-This is the last stage of the cycle of information. During this

stage, a decision can be made to retain the information indefinitely at either an
active or inactive storage center or to dispose of it. The method of disposal
should depend on the amount of information and the type of media used
Characteristics of Information (Fay, 2006)
- Information is expansive.
- Information requires barriers
- Information is costly and important
- Information is coveted.
- Information has a limited life.

Sensitive Information
Sensitive information refers to information that has value and should be
protected, including the following:
- Proprietary business and technical information.
- Personal data concerning applicants, employees, and former employees.
- Proprietary information owned by partners and obtained through an
agreement.
Classification of Sensitive Information

Sensitive information is generally classified into three (Fay, 2006):

. Secret -This is information the unauthorized disclosure of which
could cause serious damage to the organization's business. Its use and
access to it are strictly limited.
Restricted- this is information of such value or sensitivity that its
unauthorized disclosure could have a substantially effect on
organizations business
Private - this is information relating to employees.
Proprietary Information

Information is considered proprietary when it is not readily accessible to others; it

was created by the owner through the expenditure of considerable resources; or the
owner actively protects r the information from disclosure (Fay, 2006). This can
include secret include formulas, processes, and methods used in production; or it
could of IT be the company's business and marketing plans, salary structure,
customer lists, contracts, and details of its computer systems.

1. Patents- grants issued by a national government conferring the right to exclude

others from making, using, or selling the invention within that country. Patents
may be given for new products or processes. Violations of patent rights are
known as infringement or piracy.
2. Trademarks - words names symbols devices or combinations thereof used by
manufacturers of merchants products that are manufactured or sold by others.
counterfeiting and infringement constitute violation of trademark rights
3. Copyrights- protections given by a national government to creators of
original literary, dramatic, musical, and certain other intellectual works. The
owner of a copyright has the exclusive right to reproduce the copyrighted
work, prepare derivative works based on it, distribute copies, and perform or
display it publicly. Copyright violations are also known as infringement and
piracy.

4. Trade Secrets- formulas, patterns, compilations, program devices,

methods, techniques, and processes that derive economic value from not
being generally known and not ascertainable except by illegal means. A
trade secret violation in the vocabulary of the law is a misappropriation
resulting from improper acquisition or disclosure. The key elements in a
trade secret are the owner's maintenance of confidentiality, limited
distribution, and the absence of a patent.
Information Security Measures

It was already demonstrated in the previous chapter on personnel security that

organizations face a wide spectrum of risks to protect information assets. Sensitive
information such as those illustrated above can be vulnerable to threats not only
from individuals external to the organization, but from so-called insiders as well.
Below are examples of risk mitigations that an organization can implement as part
of their information security measures (Blyth, 2008):

Security Screening
Job applicants, current employees, contractors and other individuals who could be
sharing sensitive information with the organization may have their backgrounds
checked for affiliation with known activist or dissident groups or for any potential
for insider activity.
Restricted Areas and Identification
physical barriers that control access to restricted areas can serve as a deterrent
and increase the likelihood of identifying unauthorized individuals. The
organization can employ a series of identification methods from photographic
identification card, bar codes, voice analysis, and retinal scans the enhance
entry restrictions within high security areas inside the facility.

Technology Security Measures

The organization may use to prevent individuals from accessing

communication or data technological security measures storage media from
external sources. In addition, security personnel can enforce restrictions
against electronic devices such as mobile phones, cameras and voice recorders
that could record or access sensitive information within certain areas inside the
facility.
 THANK
YOU
EVERYONE
GROUP 1
Bismonte, Clares R.
Mandani, Rachile Ann B.
Juntereal, Liam