1) Industry standards for security systems and protocols have evolved from proprietary approaches to more open standards-based systems to allow for greater interoperability and access to data. 2) While open standards provide benefits, they also introduce new security risks as systems become more interconnected and accessible. Most industries are still working to balance functionality, access, and security. 3) Developing an effective long-term security philosophy requires understanding the tradeoffs between technology, standards, industry practices, and organizational needs over time. Security strategies must adapt to changing technical and business conditions.

1. Market com
physical a
autonomo
owards ac
most impo
At first ma
data and
other syst
for busine
complianc
outside th
versions o
Now most
o data and
rends inc
mproveme
However t
systems a
more of
process ca
Mpat
m
Adof
c
ov
Ntti
Hsi
s
p
With
Let’
mpetition
as well as
us and bu
ccess to p
ortant feat
any vendo
soon the
tems and
ess data n
ce’ to allo
e plant en
of protoco
industrie
d personn
cluding da
ents and
this increa
nd is putt
f a nuisan
an mean a
the fo
ewslett
ession
nd hop
A
Mak
Ne
’s profe
in indust
network
uilt upon p
personal,
ture was a
ors built t
automati
protocols
networks.
ow for c
nvironmen
ls that wo
s with con
nel and to
ata access
advanced
asing nee
ting many
nce than a
serious s
ter: Ja
nalize t
www.wix.com/
nuary
the pro
/sbtyagi/iciss
aditionally
ual! Over a
ry vendor
cessing s
data.
protocols
cape beca
to this w
2000, vend
cation bet
ver, in the
the purpos
ems are fa
hem. There
ble busine
exercises
ess is furt
control en
but for m
eat.
pe and
Happ
py and
ke Se
From
http://w
try has tra
and virtu
proprietar
data, pro
access to d
their own
on landsc
s. Parallel
In early 2
communic
nt. Howev
orked for t
ntrol syste
secure th
s to enab
d control
d for acce
process c
anything,
safety thre
2013
ofessio
s
y driven th
decade
technolog
speed, and
onals…
he evolutio
ago, mos
gy and the
d function
s or langu
ame very
was the de
dors saw
tween se
rush to m
se at hand
acing man
e are man
ess decisi
s like loop
ther diluti
nvironmen
most indus
firm re
…
on of con
st control
e solution
nality (or r
uages to a
proprieta
evelopmen
advantag
curity sy
market ma
d but did n
ny pressur
ny forces p
ions, vend
p tuning a
ng the se
nts at risk.
stries a lo
esolve
Prosp
curity
m Janu
perous
y a thi
uary t
ntrol syste
systems
ns were ge
reliability)
allow for
ary and in
nt of Ethe
ges to incl
ystems in
ny vendo
not includ
res to bot
pushing th
dor acces
and alarm
ecurity of
. In some
oss of con
that th
the transf
ndepende
ernet netw
lude ‘Ethe
cluding t
rs built ad
e security
h allow ac
hese oppo
ss for pro
m managem
many of t
industries
ntrol over
pt S B T
he com
New Y
ing to
ill Dec
Year!
o reme
cemb
Cap
ming ye
embe
ber!
For IC
r,
ems –
were
eared
). The
fer of
ent of
works
ernet-those
d-hoc
y.
ccess
osing
ocess
ment.
these
s this
your
Tyagi
CISS
ear

2. of data an
systems a
data netw
for comm
However,
the purpo
Now mos
data and
including
and adva
increasing
putting ma
than anyt
safety thre
As one n
industry is
dies”. Reg
control sy
overtime,
confidenc
The new
Security. A
that most
downtime
experts w
means m
staff to ma
nd soon th
and protoc
works. In ea
munication
in the rus
se at hand
st industrie
personnel
data acce
anced con
g need for
any proces
hing, but f
eat.
noted secu
s one such
gardless of
ystem will
environm
ce and pote
push for c
And the p
t industries
e. This mea
who may n
any indus
anage & o
The scope
concern t
he automat
cols. Parall
arly 2000,
between s
h to marke
d but did no
es with con
and to se
ess to enab
ntrol exerc
r access i
ss control e
for most in
urity profe
h that a los
f the poten
at least l
mental rele
entially the
control sys
ressure is
s are ‘pus
ans more o
ot be phys
tries are a
ptimize mo
e of the te
this may r
rm ‘securit
represent
Market
evolutio
virtual!
autono
the sol
process
importa
built th
t competit
on of contr
Over a
omous and
lutions we
sing spee
ant feature
eir own pr
cape beca
was the de
aw advant
ystems inc
endors bui
security.
ms are fac
. There are
ss decisio
loop tuni
diluting the
ents at risk
loss of co
tion landsc
el to this w
vendors sa
security sy
et many ve
ot include s
ntrol system
cure them
ble busine
cises like
s further d
environme
ndustries a
ssional wh
ss of acces
ntial harm,
lose produ
ase, and
ability to s
stems is to
coming fro
shing the e
outside ‘tun
sically at th
automating
ore resourc
ion in ind
rol system
decade a
built upon
re geared
d, and fun
e was acc
rotocols or
me very p
evelopmen
ages to inc
cluding tho
lt ad-hoc v
dustry has
s – physic
ago, mos
n proprieta
towards a
nctionality
ess to dat
r language
roprietary
nt of Ethern
clude ‘Ethe
ose outsid
versions of
cing many
e many for
ns, vendo
ing and a
e security
. In some i
ontrol ove
ho works
ss or cont
any indus
uction for
other inta
stay in bus
o try to ba
om many
envelope’
ning’ and b
he site. Th
g more con
ces thereb
ty’ often se
can be ov
y pressures
rces pushi
r access fo
alarm man
of many
industries t
r your proc
for a maj
rol over ou
try with litt
some time
angibles su
siness.
alance the
angles. Inc
to run fas
better visib
he advanc
ntrol of the
y increasin
eems vagu
verwhelmin
jor refinery
ur systems
tle or no se
e. This ca
uch as co
e two oppo
creasing m
ster, more
ility into pr
ing age of
eir assets
ng their rel
sheer volu
ver, this n
ue and the
ng. Howev
s tradition
cal as well
st control
ary vendor
access to
(or reliab
ta. At first
es to allow
and indep
net networ
ernet-comp
de the plan
f protocols
ally driven
as networ
systems
technology
personal,
ility). The
t many ve
for the tra
pendent of
rks for bus
pliance’ to
nt environ
that worke
s to both a
ing these o
for process
nagement.
of these s
this is mor
cess can m
n the
k and
were
y and
data,
most
ndors
ansfer
other
siness
allow
ment.
ed for
allow acce
opposing t
s improvem
. However
systems a
re of a nuis
mean a se
y once po
s usually m
ecurity in a
an translat
ompetitive
ess to
rends
ments
r this
and is
sance
erious
ointed out,
means som
and around
te into re-edge,
osing trend
market com
e efficiently
roduction f
f the workf
and expe
iance on c
ume of effo
need not b
, “our
meone
d their
-work,
vestor
inv
ds: Access
mpetition m
y and with
from specia
force in ge
ecting the
computers.
s and
means
h less
alized
eneral
same
ort and are
be the cas
eas of
se. In

3. looking at
quickly be
efforts an
initiatives
but in the
Processes
essence w
Before be
philosoph
which it is
have.
Underpinn
always wo
be lost.
introspect
t a numbe
eing adopte
d initiative
offer diffe
e end, all
s and Tec
which will i
eginning an
y. A secur
s created
er of secu
ed as a ho
es that go f
rent sectio
efforts can
chnology.
n turn fost
ny security
rity philoso
but there
ning all ef
ork toward
What we
tions’! Suc
What are the
ow well are
What issues
What require
Where do w
ow will we
•W
•Ho
•W
•W
•W
•Ho
There is n
far as sec
and indus
industry, b
which sets
setting th
undertake
Knowing w
key first s
security s
gadgets,
done with
technolog
maintaina
years with
means th
problem!
rity framew
olistic and
far beyond
ons, headin
n usually
The prior
er a secur
y program
ophy will so
are some
fforts withi
ds creating
e call sec
h exercise
e policies a
e they imp
s / problem
ements ap
e need to
change / i
no "standa
curity syste
stry itself ha
broadcasti
s standard
he training
en by ASIS
which stan
step in man
standards
security pr
h it includin
gy – which
able / repa
h on-site
hat either
!
The first p
decision m
works or s
effective a
d the purch
ngs and n
be summe
rity of dev
ity culture.
or initiative
ound differ
basic req
in organiza
and main
curity surv
s are requ
and standa
lemented?
s do we ha
ply to our i
be from a s
mprove the
ard" standa
ems and ga
as failed to
ng and me
ds for secu
g and edu
S in USA.
ndard to ch
naging com
establishe
rofessiona
ng its limita
h is chang
airable in a
repair con
you do n
premise is
makers, th
standards
approach to
hase and d
ames for e
ed into thr
veloping a
a commo
o security.
deploymen
each of the
ree (3) fou
security
e your org
rent for ea
uirements
ations one
ntaining a s
veys and
uired to foc
ards we cu
?
ave?
industry?
security pe
e situation
ard. It is no
adgets are
o develop i
edia indust
rity guards
ucation sta
n theme e
. This appr
nt of techn
eir areas o
undational
philosophy
anization m
ch compa
that all se
e must firs
strong sec
security
us on follo
rrently hav
emerges th
roach com
nology. Diff
of concent
areas: Pe
y is need
must first a
ny, industr
ecurity phi
st have a
urity cultur
audits ar
wing areas
ve?
erspective?
?
ot a cliché.
e concerne
its own sel
try or the IT
s, supervis
andards fo
hoose and
mpliance. S
ed by laws
ls need to
ations. The
ing very fa
very sho
ndition. Th
not unders
quite sim
he owners
?
In fact the
ed. There a
f-regulator
T Educatio
ors, pub b
or security
d what you
Some indu
s or regula
o first unde
e shelf life
ast. Today
ort time. A
inking tha
stand the
ply that se
and opera
hat is
mbines
ferent
ration
eople,
ed in
adopt a se
ry and reg
ilosophies
security
re or your
re basica
s -
ere are no
are no gov
ry mechan
n Industry
ouncers, fr
y personne
ur obligatio
ustries and
ations. Wh
erstand the
of a syste
y what is c
system m
at techno
technolog
ecurity is i
ators of the
ecurity
ion in
must
philosophy
momentum
ally ‘outso
o set stand
verning / re
ism as dev
. In UK BI
ront man e
el. Similar
ns are as
d organizat
hile buying
e technolo
m or gadg
current an
must have
logy can
gy or you
mportant t
e systems
y and
m will
urced
ards in Ind
egulatory b
veloped by
SA is watc
etc. BISA is
r initiatives
a result o
tions are re
g the secu
ogy and als
get is direc
d ‘the thin
longevity o
solve all
u do not u
to the orga
s, the supp
dia so
bodies
y films
chdog
s also
s are
f that choi
equired to
urity system
so what ca
ctly related
ng’, may n
of at least
l the prob
understan
anization. T
port staff, t
ce, is
meet
ms or
an be
to its
not be
t 6-10
blems
d the
This mean
the consul
ns the
tants,

4. vendors,
everyone’
More ofte
awarenes
contractor
needs to
team mem
your site,
remains th
security b
effective
site staff,
’s best inte
en than no
ss and trie
r and visito
happen fo
mbers who
you will n
hat your in
breach inte
as your le
More ofte
have a de
on-going
due to the
changing!
but the ne
drives’ we
storage ca
using them
only as e
in short
erest. This
ot, an indu
ed to educ
or onsite n
r security,
o understa
not succee
nternal, trus
entionally o
east inform
en than no
efined star
security ef
e fact that
! What was
ext threat c
ere an eme
apacities a
m. This wa
effective as
This topic
mentioned
install sec
disaster re
of those e
need to e
implemen
lives are m
find ways
school co
because t
die based
everyone
is no differ
ustrial facil
cate every
needs to ha
and can b
and their ro
d in secur
sted emplo
or otherwis
med emplo
ot, many o
rt, finish an
fforts, but
security c
s a threat y
coming wi
erging fad.
and require
as not a co
s it is curr
c is the b
d earlier, y
curity progr
ecovery pl
efforts caus
explain to
nted withou
most affect
around th
mputer lab
they do no
d on how
The last a
balance.
return. In
decide as
to your c
money, or
that you w
, understa
rent from t
lity has a
yone as to
ave safety
be integrate
ole and th
ring your fa
oyees have
se. In othe
loyee.
rganization
nd cost. Th
true, lastin
oncerns ar
yesterday o
ll not be a
Today the
e little or no
oncern a fe
rent.
basic prem
your weake
rams, risk
lan you are
se a chang
them why
ut the prop
ted? In the
he new sys
b where stu
ot understa
well your
and perhap
In this sen
order for
s an organi
current env
r access to
will still hav
ands that
he importa
long histo
o why saf
orientatio
ed into saf
he importa
acility. It is
e the great
er words, y
ns see se
his may be
ng security
re brought
or last wee
as deterred
ey are sold
o knowled
ew years a
mise on w
est link and
managem
e well on y
ge in the da
y these ch
per awaren
ese cases i
stems you
udents are
and or care
employee
ps most im
nse the ba
your organ
ization wha
vironment
o your data
ve some so
keeping y
ance place
ory of alwa
fety is imp
n and upd
fety progra
nce of the
s a harsh r
test opport
your secu
curity prog
e the case
y is an on-t
about by
ek may be
d. Less tha
d more che
ge of spec
ago. Unfor
which your
d biggest t
ment proces
your way t
ay-to-day b
hanges are
ness traini
it is only a
u just put in
e some of t
e about se
es receive
mportant th
alance is b
nization to
at level of
towards s
a. And no m
ort of incide
your facilit
ed on safety
ays trying
portant. Ev
ated each
ams. Witho
eir actions
reality but
tunity to ca
urity progr
grams or i
e for a part
-going initia
technolog
fixed by yo
an 5 years
eaply than
cialized ap
tunately y
r security
threat is yo
sses and a
o securing
business fl
e necessa
ng and ed
short time
n place thu
the most c
ecurity. Yo
e and embr
ing a prop
between ris
o move tow
risk you a
security is
matter how
ent at som
ty secure
y.
to raise s
very empl
year. This
out rank an
(or inactio
the simple
ause or cre
ram is on
nitiatives a
ticular com
ative. This
y - and tec
our curren
ago USB
ever, are c
pplications
your secur
philosoph
our least e
healthy b
g your envi
ow for you
ary. Too m
ducation fo
before the
us negatin
reative peo
our securi
race it.
per security
sk and rew
ward a pro
re willing t
going to
w you do p
e point in t
as projects
mponent of
s is quite s
chnology k
t security p
keys or ‘t
capable of
or program
rity progra
hy needs
educated e
business co
ironment.
ur employe
many times
or the peop
e day-to-da
ng your eff
ople at byp
ity program
y philosoph
ward as w
per securi
o live with
cost some
roceed, the
time.
to be buil
employee.
ontinuity pl
However,
ees then yo
s are prog
ple whose
ay users st
forts. Think
passing se
m will live
hy needs i
well as betw
ty program
. Every ch
ething whe
ere is a ve
s the attitu
ween effor
m you mus
ange you
ether it is
ery good ch
is in
safety
oyee,
s also
nd file
on) at
e fact
eate a
nly as
s that
f your
simply
keeps
plans,
humb
huge
ms for
am is
lt. As
If you
lan or
if any
ou will
grams
daily
tart to
k of a
ecurity
e and
ude of
rt and
st first
make
time,
hance

5. A security
inappropr
in how we
benefit fro
y incident
riate acces
ell containe
om it.
The day
prepared
Every bus
win out o
organizati
can be c
ss to data o
ed the inc
will come
to deal wit
siness has
over secu
ion to:
derstand t
ocument the
ake and do
riodically r
d whether
well-defin
that fall ou
 Un
 Do
 Ma
 Pe
and
Having a
situations
Hand you
them – to
Business
their syst
authentica
common p
such as c
approved
Remembe
of the org
procedura
same proc
come to
standard.
If your org
the proce
complianc
Auditors h
Washingto
well to ins
catastroph
or an IO ro
ident is, ho
e when a
th this situa
s different
rity best p
ic system
oom. The t
ow quickly
business
ation will sa
needs and
practices.
the risks be
ese risks a
ocument an
review acc
the risk is
ned proces
utside of th
ur business
prop up th
unit folks w
tems and
ation to pr
platform” is
criteria for d
security so
er, policies
ganization.
al docume
cedural an
the same
failure, a
true meas
y you recov
need con
ave time, m
d tolerance
You need
eing taken
and their m
n informed
cepted risk
still accept
ss to hand
hose antici
s manage
he short leg
want secu
premises
rotect critic
s not helpf
deciding w
olutions sp
s are not in
. Specific
nts. The k
nd policy d
conclusio
ganization
ess of deve
ce, and the
have the s
on or your
sure that yo
accident in
ure of you
ver, and if
nflicts with
money and
e for risk. A
d to have
mitigating fa
decision a
ks to dete
table
dle excepti
pated whe
rs a copy
g on the ta
rity folks to
s secure.
cal inform
ul. You ne
whether info
pecifically t
nstruction m
information
ey here is
ocuments
ons as to
has an In
eloping me
eir experie
structured
state capi
our measu
n process
ur security
f you choo
h a securi
d aggravati
At some po
e a proces
actors
as to wheth
rmine whe
area or s
program w
ose to learn
ity best p
ion.
oint, busin
ss in plac
her to acce
ether new
ons will a
en the polic
of typical
able in the
o provide t
Telling a
ation" or t
ed to prov
ormation /
tied to polic
manuals. P
n as to ho
s clarity an
in front of
the secu
ternal Aud
easurable
nce in othe
approach
tal dictate
urements w
subtle
will be
n and
practices. B
Being
ess needs
ce to allow
ept a risk
mitigation
s may
w the
ns are ava
organizati
written.
llow your
cies were w
standards
break room
hem with s
business
to tell them
ide your us
facility is c
cies.
Policies are
ow to impl
d consiste
everyone
rity measu
dit departm
actions. A
er types of
h needed t
your exter
will hold up
s and they
m.
specific ins
unit man
m to “use
sers with o
critical or n
ailable
on to dea
y'll probabl
y end up
structions o
nager to
ACS alon
organizatio
not, and lis
e high-leve
lement po
ency. You
in your org
ures that
ment, these
After all, th
f audits an
to put this
rnal standa
in court.
l with
using
on how to
"use two-f
ng with ID
on-specific
ts of tested
el stateme
licy should
should be
ganization
are neede
e are good
hey will be
nd standard
s practice
ards, get yo
make
factor
DS on
tools,
d and
nts of the
d be laid o
able to pu
and have
ed to mee
people to
e doing th
ds is a val
to work. I
our legal fo
intent
out in
ut the
them
et the
o get involv
e measuri
uable reso
f our frien
olks involv
ved in
ing of
ource.
nds in
ed as

6. Industry s
legislators
managem
procedure
standards f
s and indu
ment and se
es.
Education
profession
environme
journalism
officers to
This prob
meet the
that most
employers
institution
review the
that allow
down train
for security
ustry group
ecurity pro
n remains
nals with
ent and pre
m graduate
o plan and
blem arises
ever-chan
t security
s and gro
s of the ne
e effective
w business
ning standa
Security is
productive
are issues
budget is
misconce
atmosphe
conducted
there are
inside the
higher pr
y are not a
ps can tell
ofessionals
an area
army or
emises. O
e to write w
execute go
s from a n
nging techn
profession
oups like I
eed for can
security p
to be cond
ards for se
s treated in
e systems
s such as
allocated t
ption. It i
ere where
d smoothly
chances o
e premises
rofit!
At giant c
Protecting
with expe
and live b
center wit
There are
designing
that secur
ineffectua
cure all –
us a lot a
s in our org
of conce
police se
ne comme
with appro
ood securi
number of
nology lan
nals rank
CISS / IS
ndidates w
lans as pe
ducted with
ecurity pers
n most bus
and plans
insurance
to security
is good s
all produ
y without f
of attack by
s or at wor
companies
g them is a
ertise in ph
backups in
th a pocket
e plenty of
a secure
rity for the
al afterthou
and this
about best
ganizations
ern for sec
ervices ar
ent seemed
opriate gra
ty measure
challenge
dscape. S
low on th
SSM / IPS
who are we
er changing
h assuranc
sonnle but
siness and
. Security
, legal com
departmen
security th
uction, ope
fear or dan
y miscrean
rk-floor are
, data cen
job for se
hysical sec
n the world
t knife, a c
f complicat
data cente
new data
ught?
is a good
practices
s to come u
curity prof
re inadequ
d to resona
ammar, wh
es?”
es, particul
Security is
heir hierarc
SA / CAPS
ell trained i
g needs of
ce. PSAR A
fall short o
d organizat
is also see
mpliances,
nt. Mostly s
hat guara
eration an
nger. No o
nts, theft o
eas. Good
nters don't
ecurity offic
curity and
d are a wa
amera pho
ted docum
er-But wha
center is
thing on th
and goals
up with the
fessionals.
uately pre
ate with ma
y can’t we
he whole. W
s, it is up t
e processe
. The per
epared to
any: “If it’s
e expect e
arly the ne
also an “e
chy of inte
SI / SAFE
n how to p
f varied org
Act 2005 a
of desired
tions as ‘co
en as burd
pressure
security pro
ntees sec
nd mainte
one can w
of costly inv
d security
just hold
cers, of co
business
aste of mo
one and ba
ments that
at should b
built into t
While
to the
s and
rception is
create s
s fair to exp
ex-army / p
eed to adj
eat your ve
erests. Th
E Code to
plan, exec
ganizations
attampts ve
details.
ost center’
en which i
from stake
ofessionals
cured, has
nance or
ork; forget
ventory or
y means g
the crown
ourse. But j
continuity
oney if som
ad intention
can guide
be the CSO
the design
s that
ecure
pect a
police
just curricu
egetables”
e onus fa
inform tra
ute and re
s and indu
ery feebly
needing b
is evil yet e
eholders e
s are to be
ssle-free c
marketing
t the best
law-and –
good prod
jewels; th
just as imp
. That's be
meone can
ns.
companie
O's high-le
s, instead
ula to
topic
alls to
aining
evise /
stries
to lay
budgets for
essential. T
etc. that me
e blamed fo
congenial
g activities
performan
order prob
duction, m
hey are the
portant, it's
ecause all
n walk righ
r non-
There
eager
or this
work
s are
nce, if
blems
means
e crown je
s a job for
the encry
ht into the
es through
evel goals f
of being a
ewels.
those
yption
e data
the proce
for making
an expensi
ess of
g sure
ive or

7. Read below to find out how a data center is designed to withstand everything from corporate
espionage to terrorists to natural disasters. Sure, the extra precautions can be expensive. But
they're simply part of the cost of building a secure facility that also can keep humming through
disasters.
Build on the right spot. Be sure the building is some distance from headquarters (20 miles is
typical) and at least 100 feet from the main road. Bad neighbors: airports, chemical facilities,
power plants. Bad news: earthquake fault lines and areas prone to hurricanes and floods. And
scrap the "data center" sign.
Have redundant utilities. Data centers need two sources for utilities, such as electricity, water,
voice and data. Trace electricity sources back to two separate substations and water back to
two different main lines. Lines should be underground and should come into different areas of
the building, with water separate from other utilities. Use the data center's anticipated power
usage as leverage for getting the electric company to accommodate the building's special
needs.
Pay attention to walls. Foot-thick concrete is a cheap and effective barrier against the
elements and explosive devices.
Avoid windows. Think warehouse, not office building! If you must have windows, limit them to
the break room or administrative area, and use bomb-resistant laminated glass.
Use landscaping for protection. Trees, boulders and gulley can hide the building from passing
cars, obscure security devices (like fences), and also help keep vehicles from getting too close.
Use retractable crash barriers at vehicle entry points. Control access to the parking lot and
loading dock with a staffed guard station. Use a raised gate and a green light as visual cues that
the bollards are down and the driver can go forward. In situations when extra security is needed,
have the barriers lift-up by default, and lowered only when someone has permission to pass
through.
Plan for bomb detection. For data centers that are especially sensitive or likely targets, have
guards use mirrors to check underneath vehicles for explosives, or provide portable bomb-sniffing
devices. You can respond to a raised threat by increasing the number of vehicles you
check—perhaps by checking employee vehicles as well as visitors and delivery trucks.
Limit entry points. Control access to the building by establishing one main entrance, plus a
back one for the loading dock. This keeps costs down too. Make fire doors exit only. For exits
required by fire codes, install doors that don't have handles on the outside. When any of these
doors is opened, a loud alarm should sound and trigger a response from the security command
center. Use plenty of cameras. Surveillance cameras should be installed around the perimeter
of the building, at all entrances and exits, and at every access point throughout the building. A
combination of motion-detection devices, low-light cameras, pan-tilt-zoom cameras and
standard fixed cameras is ideal. Footage should be digitally recorded and stored offsite.
Protect the building's machinery. Keep the mechanical area of the building, which houses
environmental systems and uninterruptible power supplies, strictly off limits. If generators are
outside, use concrete walls to secure the area. For both areas, make sure all contractors and
repair crews are accompanied by an employee at all times.

8. Plan for s
can be se
people an
spreading
chemical,
Ensure n
sure inter
housed. A
Use two-sensitive
less invas
expensive
Harden th
will have b
secure air
et to re circ
nd equipme
g from a n
biological
nothing ca
rnal walls r
Also make
-factor au
areas of d
sive than
e access ca
he core w
been authe
the outer
visitors to
the inner
neral empl
the entra
nter. Typic
ictest "p
ggybacking
ve two opt
the door t
om. This is
ainframes
cated. Prov
possible in
he exits to
areas of t
h building
area where
rest room
t have acce
 At
for
 At
gen
 At
cen
stri
pig
hav
 At
roo
ma
loc
as
Watch th
sensitive
helps with
common a
Visitor’s
who don't
r-handling
culate air r
ent if there
nearby fire
or radiolog
an hide in
run from th
sure drop-uthenticati
g. Make su
rather than
e were som
. For adde
gical conta
the walls
he slab ce
-down ceili
on. Biome
rs, with ha
anning. In
data center
retinal sca
ards.
ith securit
enticated a
door. Don
buzz the f
r door. Se
loyee area
ance to th
cally, this
positive
g allowed.
ions:
to an indiv
s for the r
or other
vide access
n order to c
oo. Monito
he facility
evacuation
e people c
ms. Make s
ess to the s
ure the hea
n drawing i
me kind of
ed security
aminant.
and ceilin
iling all the
ings don't p
etric ident
and geome
other are
ty layers.
at least thre
n't forget y
front desk.
eparates v
.
e "data"
is the lay
control,"
For impl
vidual com
oom wher
critical I
s only on a
control and
or entrance
as well. It
n if there's
an eat with
sure to incl
secure par
As
att
yo
Str
ating, vent
n air from
biological
y, put dev
tilating and
the outsid
or chemic
ices in pla
ngs. In sec
e way to s
provide hid
ification is
etry or finge
as, you m
Anyone en
ee times, i
you'll need
visitor are
part of th
yer that h
d air-condi
de. This co
cal attack o
ace to mo
cure areas
sub flooring
dden acces
becoming
erprint sca
may be abl
ntering the
ncluding:
a way
a from
he data
has the
g no
on, you
cessing
servers,
ment is
ded basis,
cess.
t—not only
u keep tra
rohibit food
g food on c
ooms for u
building.
meaning
lementatio
mputer proc
re actual s
T equipm
an as-need
d track acc
e and exit
'll help you
s a fire. Pr
hout gettin
lude bathro
rts of the b
s soon
tack an
our in
rategist
n as t
nd des
nterests
the fe
stroy it
s! -
tioning sys
uld help p
or heavy s
nitor the a
s of the da
g where w
ss points.
g standard
anners usu
le to get a
most secu
stems
rotect
moke
air for
ta center,
wiring is typ
make
pically
d for acce
ually consid
away with
ure part of
and segm
ess to
dered
less-center
f the data c
ment these
y for the m
ck of who
d in the co
computer e
use by visit
rooms as
main facilit
was wher
omputer ro
equipment
tors and de
ear ap
. Secu
Chana
much
more
t also
vide a
ty but for
re when. It
ooms. Prov
t.
elivery peo
proach
re you
kya, t
ople
hes ne
u must,
the G
ear,
, all
reat

9. easy way
requireme
consumer
services f
(ITU), mo
on their h
subscribe
Messages
offensive,
Problem
It is rare f
of a text
standard
mobiles th
users are
communic
revenue f
operators
providers
the spam
[Source: B
Another c
400 in ex
messages
70,000 pe
Mobile Ne
businesse
viruses sp
the phone
Corporate
fail to che
suspicious
security s
y of stayi
ent for kee
rs put the
fall short
ore than 80
handset at
er into cal
s are com
but all hav
ms
for a mobile
message
to have sp
hat feature
e complete
cations. Th
from the sp
around t
with their
m is to swi
Bloomberg
concern for
xistence to
s to 6% ov
er day onl
etwork Vir
es as they
pread in a
es of peopl
e phones a
eck their p
s increase
software in
Those int
can India
problems
Rapidly e
billion mo
Mobile Su
as India,
communic
access to
uch. Whils
networks
reliability
ations. Acc
bile phone
nt. The hid
emium rat
ot commer
ng in comm
ing in tou
eping their
eir trust in
of expecta
0% of mob
some poin
ling a pre
mmonly no
ve one thin
e user not
(SMS), p
pam filters
e Internet a
ly depend
he conflict
pam, whic
he world
users' mob
tch to ope
g.net, Augu
r mobile op
oday. One
ver the las
ly 1 year
rus Attack
y move ea
similar wa
le who acc
are particul
phone bill,
es in call ch
nstalled [So
trusive and
an mobile
d unwelco
operators
expanding
obile subs
ubscriber].
, where m
cation, as
o landline
st this is
clear of s
and acce
cording to
users wor
dden motiv
te number
rcially foc
mon: they a
to have re
picture me
on emails
and email a
ent on the
t here is t
ch impacts
actively e
bile phone
erator. In
ust 1st, 200
perators is
e mobile o
st 12 mont
ago [Sour
s (online).
asily betwe
ay to PC vi
cept the SM
larly vulne
, sending
harges. To
ource: 200
me mobile
do? Chec
mobile pho
scribers w
This is la
mobile ph
s many pe
telephony,
very pos
pam and v
essibility, a
o the Inter
ldwide hav
ve behind
r to buy a
used, and
are intrusiv
eceived an
essage (M
s when usi
access are
eir mobile
that in mo
on their d
ncourage
e numbers
India som
08 (online)
s the sharp
operator h
ths, averag
rce: Adapt
. Mobile v
een hands
ruses, goin
MS or MMS
rable to th
the charg
o add to th
08 online w
viruses a
ck out the
one indust
worldwide
rgely cont
hones are
eople are
and mob
itive for o
viruses is
and are o
rnational T
ve received
such mes
unsolicite
MS), or v
ng a home
e extremely
network o
ost cases,
desire to p
spam by
and the on
e operato
], even afte
p rise in mo
as noted
ging 100,0
tiveMobile]
viruses are
ets and in
ng straight
S.
e threat po
es straigh
is worry, 8
well-being
and spam-e
solutions
try has alre
[Source:
tributed by
e the prev
unable t
biles provid
operators'
absolutely
often left f
Telecommu
d an unso
ssages is o
or enter
e cases ca
welcome.
product
d in some
ve and unw
d mobile s
video mes
e compute
y vulnerabl
perator to
the opera
rotect the
supplying
nly way for
rs face sp
er protocol
obile phon
a rise in
000 virus i
. It sees S
e also fast
nfect share
t to the add
-What
s and
eady over
ABI Rese
y countries
valent for
o gain re
de a cheap
revenues
y paramoun
frustrated
unication U
licited mes
often to lur
a compe
an be dee
spam mess
ssage (VM
er, persona
le to mobil
manage t
rator is ga
subscribe
g content
r a subscri
pam levels
l-level filte
ne viruses,
attacks fro
ncidents p
Sharp Ris
t becoming
ed address
dress book
osed by vir
t to accou
86% of mo
survey, F-e
three
earch:
such
rm of
eliable
p and
s, the
nt, as
when
Union
ssage
re the
etition.
emed
sage in the
MS). Whilst
al and corp
e spam. In
these unwa
aining exte
r. Some m
and applic
iber to get
s of about
ring.
with a rep
om 0.6%
per day-up
e in Volum
g a mena
s books. T
k and infilt
ruses as m
untants, an
obile phone
-Secure C
e form
t it is
porate
n fact,
anted
ensive
mobile
cation
rid of
30%
ported
of all
p from
me of
ace to
These
rating
most emplo
nd won't n
e users hav
orporation
oyees
notice
ve no
]. We

10. know from our own data that subscribers whose phone do get infected can lose up to 100 Euros
a day from MMS being sent from their phone by the virus.
Solutions
To prevent mobile spam and viruses becoming a problem for their subscribers, Indian network
operators must ensure they don't solicit spam. Operators also need to take a leading role in the
development of built-in network security to protect mobile phones, and prioritize customer
satisfaction above potential ready-money revenue generated as a result of spam and viruses.
To ensure protection from mobile spam and viruses, operators must also secure their network.
This way, not only known viruses, but also anomalies within the network can be detected,
isolated, and disinfected, enabling network immunization. Having security on the network also
means that employee-specific policies can be set. For example, an employee may not be
allowed to download content which can be considered out of line from their business pursuits,
while others may be prohibited from accessing the mobile Internet altogether-a similar approach
to the one some organizations are already using for their PC infrastructure.
The constant evolution of spammers' techniques, combined with the continually growing mobile
telephony industry, means that the battle for consumer trust is only just beginning-and mobile
operators have to make sure they are competing effectively.
A new walk-through airport lie-detector made in Israel may prove to be the toughest challenge
yet for potential hijackers or drugs smugglers. Tested in Russia, the two-stage GK-1 voice
analyzer requires that passengers don headphones at a console and answer: ”Yes" or "No" into
a microphone to questions about whether they are planning something illicit.
The software will almost always pick up uncontrollable tremors in the voice that give away liars
or those with something to hide, say its designers at Israeli firm Nemesysco. "In our trial, 500
passengers went through the test, and then each was subjected to full traditional searches,"
said chief executive officer Amir Liberman. "The one person found to be planning something
illegal was the one who failed our test." The GK-1 is expected to cost between $10,000 to -
$30,000 when marketed. A spokesman for Moscow's Domodyedevo Airport, which is using a
prototype, said "the tester (lie detector) has proved to be effective and we are in principle ready
to use it". The September 11, 2001 hijacking attacks have led to a slew of innovations designed
to boost airline security. Lieberman said several countries had expressed interest in the GK-l.
"Unlike conventional lie detectors .such as the polygraph, this is minimally invasive, requiring
hardly any physical contact," Lieberman said, adding that the first stage of the test takes
between 30-75 seconds. Those that fail are taken aside for more intensive questioning and, if
necessary, are searched. Lieberman said around 12 percent of passengers tend to show stress
even when they have nothing to hide. "Some may feel nervous because they have used drugs,
while having no intention to smuggle drugs," he said. "The whole thing is performed in a low-key
manner to avoid causing anxiety." Reuters

11. For more
e detail ple
Managing
Lipata, Mi
T: 0063-2
E-mail: po
Web: www
g Director,
inglanilla, C
260-05-57
olly.secreta
w.pcstcons
Ever had
haven't h
days like
had a com
ggestions
Sug
ease conta
act –
PCS Train
Cebu, Phil
ning Consu
ippines, 60
0063-9064
consultant.
m
M:
aria@pcstc
sultant.com
these???
puter long
& feedbac
ultant
046
4116749
.com,
? If not, yo
g enough.
ck may be
ou
.
e sent to us on e-mail: sbtyagi1958@gmail.com