Physical Protection of Information
Dave Carlson - February 7, 2008
There is something more valuable than money, gems, and gold—information. Loss of certain information may lead to business failure. Protecting valuable company information must be a priority. There is clear evidence that the contents of an electronic device may be of far greater value than the replacement price of the device. The most important aspects of information security are protection from unauthorized physical entry, protection from theft of equipment, protection from destruction of equipment, and protection from unauthorized access to information. There are several ways to protect information. The primary concern for information security is to prevent unauthorized persons from accessing company information. Physical security and access control appear to be the most effective ways to protect valuable information.
Physical Protection of Information
Banks protect money and other valuables using locks, vaults, and sophisticated alarm systems. Jewelry stores provide extensive protection for precious gems. The United States government owns a secure storage facility near Fort Knox, Kentucky where it safeguards a large portion of the nation’s gold reserves (Radcliff, 2008). All these security measures are in place to prevent unauthorized persons from taking something of great value—money, gems, and gold.
Rodgers (2008) suggested that there is something more valuable than money, gems, and gold—information. This begs the question: How can information, something one cannot see or touch, be more valuable than the finest diamonds or the purest gold? Lost or stolen information can cost a company its business (Sadgrove, 2005). Gaining confidential research information from a competitor can save an unscrupulous company millions in research and development costs and boost that unscrupulous company to the front of their industry, while leaving the original discoverer in the dust. “Industries such as computing, telecommunications, and aerospace are particularly vulnerable (Sadgrove, 2005, p. 133).
Protecting valuable company information must be a priority. Loss or unauthorized disclosure of certain information may lead to business failure. Janczewski and Colarik (2005) expressed their opinion that the four most important aspects of information security are protection from unauthorized physical entry, protection from theft of equipment, protection from destruction of equipment, and protection from unauthorized access to information.
Protection from Unauthorized Physical Entry
Janczewski and Colarik (2005) maintained that the primary concern for information security is to prevent unauthorized persons from wandering around the company premises. Physical security and access controls appear to be the most effective ways to help protect company information. It is beyond the scope of this paper to go into detailed explanations of physical security methods, however, Janczewski and Colarik (2005) cautioned against going overboard with protection measures. Security controls need to be proportional, nonintrusive, and in line with overall company business policy. Physical access to the Fort Knox gold bullion depository is extremely controlled, however, it would not be appropriate for most businesses to require presidential authority (Radcliff, 2008) to enter the workplace.
Protection from Theft of Equipment
“Among the most significant computer risks in today’s business environment is the ever-increasing use of laptop computers, notebooks, PDAs, and other portable devices” (Wilding, 2006, p. 131). The cost to purchase notebook computers and portable devices has fallen significantly over the past several years, but the overall value of these devices has increased. There is clear evidence that the contents of an electronic device may be of far greater business value than the replacement price of the device (Wilding, 2006).
Some methods to protect computer equipment from theft fall into the common sense category. Use the same precautions as for protecting anything of value, including such simple precautions as locking the office door when no one is present. A common anti-theft method for notebook computers is using an anchor cable; readily available at most stores selling computer accessories (Janczewski & Colarik, 2005).
Protection from Destruction of Equipment
Protection of equipment can range from taking actions to prevent destruction by natural disasters, such as fire and earthquakes, to more sinister deliberate acts, such as terrorists planting explosives within the company premises (Janczewski & Colarik, 2005). Fire suppression systems and off-site information storage are two considerations to protect equipment from destruction. Additionally, providing adequate backup power solutions for information technology equipment can make the difference between continued operation and loss of business information (Janczewski & Colarik, 2005).
Protection from Unauthorized Access to Information
In 1959 a business books editor from Prentice-Hall declared, “I have traveled the length and breadth of this country and talked with the best of people, and I can assure you that data processing is a fad that won’t last out the year” (Piercy, 2002, p. 372). Almost half a century later the data processing “fad” is still with us. Processing of data into information is the primary purpose of many organizations in today’s world. That information must be protected from unauthorized access. “Security measures must prevent unauthorized persons from reading sensitive data from a computer screen, from intercepting spoken messages, from tapping telephone lines, or similar acts” (Janczewski & Colarik, 2005, p. 62). See the appendix for ten guidelines for protecting sensitive information while traveling.
Information is valuable and must be protected. There are several ways to protect valuable business information. The primary concern for information security is to prevent unauthorized persons from accessing company information. Physical security and access control appear to be the most effective ways to protect valuable information.
Rogers, G. (2008). More valuable than gold. DBTAC southwest ADA center. Retrieved February 7, 2008 from http://www.dlrp.org/html/publications/blog/blog009.html
Janczewski, L. and Colarik, A. (2005). Managerial guide for handling cyber-terrorism and information warfare. Hershey, PA: Idea Group Publishing.
Piercy, N. F. (2002). Market-led strategic change: A guide to transforming the process of going to market. Woburn, MA: Butterworth-Heinemann.
Radcliff/Fort Knox Convention and Tourism Commission. (2008). Gold vault. Retrieved February 7, 2008 from http://www.radclifftourism.org/goldvault.shtml
Sadgrove, K. (2005). The complete guide to business risk management (2nd ed.). Hampshire, UK: Gower Publishing.
Wilding, E. (2006). Information risk and security: Preventing and investigating workplace computer crime. Hampshire, UK: Gower Publishing.