In the chapter we rent this week, the book referred to access controls. There are two sides of this: the electronic and the physical. Naturally, the electronic access controls are going to address what systems and information can be accessed by which users. While that is a topic that would sustain its own lengthy conversation, I want to focus on the physical side of access control, specifically some of the dumb reasons why people I work with think it should apply to them. I know that sounds like a negative statement, but seriously it’s one of my pet peeves. Physical access control has been a factor in most of my adult working life. First in the military, then my career within the financial industry. Maybe it’s due to my time in the service that doesn’t bother me now, but it really seems to be a hassle for some people to grasp the importance of it.
I work in a building which requires that we have badge access not only for the building itself, but to get into my specific department. The entry points and key areas within my office are monitored with security camera, and there are additional measures that I’m not going to discuss for security reasons. All of this security is because we work with a lot of high-value and very portable assets. If someone were to run off with one of them, it could literally cost the company millions of dollars. All of these controls make sense to me, and I understand the reasoning behind the need for them, but I’ve heard people complain about them daily. Here are some examples of the complaints from just this week, “Do I really need to wear my badge everywhere?” “I should be able to have people visit me in the office if I want to – other departments allow it.” “It’s a violation of my rights for them to record me coming in and out of the office.”
First, is it really that much of a hassle to put a badge on your belt loop, or to talk to the friend over chat instead of having to come to your desk. That one I understand can be a little bit frustrating when you can just walk into other departments, but the no visitor policy does reduce the risk of lost assets. And lastly, a violation of your rights? Seriously? How do you survive going into a mall? or a gas station?
Enough of the rant. I think a lot of the issues in access control compliance come down to training. A company can deploy risk management policies all day long, but if employees are trained in how the procedures related them into their daily work, we are going to understand why it’s so important. According to DiversifiedRiskManagement.com, “probably the simplest and most cost-effective precaution one can take is to see that every employee is involved in maintaining a safe and secure work force and work area, and through employee awareness training and empowerment of the workforce to get involved in daily security at work, even the most skilled intruder can be stopped in his tracks.” I think this statement meals the solution to the problem of getting employees to follow risk management procedures.
http://www.diversifiedriskmanagement.com/articles/access-control.html
No comments:
Post a Comment