Академический Документы
Профессиональный Документы
Культура Документы
: Integrating IT
and Physical Security
Group 4 - Hackers
Chakka
Deepti
Santhosh
Shiyamraj
Preeti
Rahul
Vijayashree
Vineeth
Advo - Background
One of the largest providers of mail advertising in US
About 3900 employees working in 21 facilities
Over 25000 clients and distributes advertisements to
130M household addresses and 12.6M business
addresses in US and Canada
Largest commercial user of USPS
Contd..
The security around Advos applications and
database was strong.
Advo entered a 10 year agreement with IBM global
services to provide computer processing systems
development and systems legacy support
The security services included in the agreement were
Real time system monitoring
Intrusion, detection and prevention
incident management
Strengthening Security
Senior VP of Security management was appointed
Kroll Inc and E&Y were hired to do risk analysis of Physical and
IT security respectively
Each facility had a lead security officer assisted by three
security associates
Tour management system from Tiscor was implemented. Palm
Pilot was used by security associates to scan pre established
inspection points
Outdoor lighting was improved, fencing was installed and mail
room was created
Visitors was no longer allowed to walk freely, they were made to
wear a visitors badge and sign a log
All facilities were audited twice a year to ensure the security by
security manager
Security Audits
In 2004, security managers conducted a security audit in HQ and 21 mailing
facilities. The audit covered 21 key areas.
Access control
Bomb threats
Cleaning of equipment
Dark hours
Emergency action plans
Fencing
Identification badges
Key control
Laptop security
Lighting
Locking devices
Mail room
Parking control
Pre-employment screening
Record access and retention
Security camera
Security incident reporting
Utility security
Workplace violence
Tour management system
Security officers and
technicians
Final Comments
Audits are conducting every six months
Successful transformation was because of three factors
Top management attention remained focused on the
need of stronger security
Two security directors hired director of IT security and
enterprise architecture and the director of corporate
security who report directly to top management
IT and Physical security are not treated as separate
entities but interconnected components
Questions
Traditionally, managing IT security and physical security have
been treated as two separate domains. Why should they be
integrated?
Why is top managements awareness and support essential for
establishing and maintaining security?
Why should those responsible for leading the organizations
security efforts be placed high in the organizational chart?
The first decision made by Advos top management in the
aftermath of the 9/11 attacks was to improve physical security.
Why was attention focused on this particular aspect of security?
What are the advantages and disadvantages of using
consultants and third-party organizations to provide securityrelated services? What reasons would a company have for
hiring consultants to provide guidance for its security efforts?
Contd..
Why is it a good security practice to have few visitors in a reception
area?
Identify the security risks involved in allowing networked systems to
be used by large numbers of temporary employees who do not need to
log in. What password guidelines should be implemented for stronger
user authentication?
How far away should a backup site be located from company
headquarters? What factors should be considered in determining the
location of a backup site?
Advo believes that frequent audits help to ingrain a security mindset
among the companys employees. What other benefits are there to
performing frequent security audits?
The vendor of Advos security management system is Software House.
Research the role of Software House in the Open Security Exchange
(OSE). What is the purpose of the OSE?