Physical Security

Abstract

An expensive selection from the variety of technical security measures can be ineffective if the elementary principles of physical security are ignored. This statement appears to be self-evident, and yet many organisations fail to heed it. The reasons for this lapse are many and varied, but stem mainly from the well-known ITSEJ (‘It’s Somebody Else’s Job’) syndrome. Office and building safety and security responsibilities were allocated, in many cases, to the officials responsible for building management many years before the introduction of electronic methods of data processing. The gradual introduction of IT, and the need for appropriate levels of security over the storage and processing of electronic data, have been seen as unconnected to the day-today problems of building safety, physical access control and surveillance. In many cases a division of responsibilities developed, where control over the central computer room and areas housing its ancillary equipment was delegated to an IT Security Officer while control over the rest of the building and the environment remained the responsibility of others. In itself this was not a problem, but, combined with a lack of formal liaison between the two functions and—in many cases—a lack of understanding of each other’s priorities, it provided the basis for many of the security breaches which have occurred. Misunderstandings over the limits of each official’s responsibilities created the potential for mischief, and in many cases the opportunity was eagerly grasped—to the disadvantage of the organisation.