Hello, ladies and gentlemen, welcome back to Sai Berries and User Physical Security. Course I'm your instructor. Corey holds her. And this is lesson one dot For access control policies.
I want to discuss three key areas in this lesson. First, we're going to discuss why companies have policies, will look at what an access control policy is, and then we'll finish up with the purpose that
access control policies will play it in terms of physical security.
So why do companies have policies? Well, they can have them from multiple reasons. And this is policies in general, not just physical security. They helped to clearly define standards within the company, expectations of the employees and how they will conduct themselves as agents and representatives of the business.
They also explain the importance of having these standards
not just knowing the what, but the why we do things that we do.
It helps to align policies and standards with corporate goals. This is an important thing. Remember, the bottom line for business is ultimately to be successful, to make its stockholders happy and to increase their profits so they create policies in general
that will align with those corporate goals
and then the last part of a policy is that it defines the recourse that the company has when someone violates the policy. This could simply be termination. It might be restricted access to the company network if you're caught
visiting sites that are considered not business appropriate,
but those are just two examples.
So how do different people in the company play an important role when it comes to the development of policies?
Well, first of all, leadership identifies the need for the policy
in the case of a security policy. This will will involve security. Analysts will be
to evaluate the environment, evaluate all the criteria that need to be met,
the realities of the business as we're in employing
legal standards or industry standards, I should say
when it comes to drafting that policy,
lawyers will then being called upon to review the policy and make sure that that while they're trying to protect the company and set a standard that they're not violating any laws or
federal guidelines, for example, in the U. S. Or National guidelines in other countries
and then the CEO plays probably the most important role in the development of policy, and that is he puts his signature on it. He makes that policy that standard for the company, and also
when it comes when he does that, it ensures that there will be funding made available to make sure that policy happens, because a policy that cannot be enforced or not be executed
So what's an access control policy? Will?
The definition we have here comes from the American
National Institute of Standards and Technology, which basically sets the standards for old government organizations on what they're sent, what their standard should be. And there are also adopted by many industries because
it is a very high standard, and
companies, even the private sector, can use thes and employ these very simply within their own business. So on access control policy specifically is setting that those levels of requirement that specify how some how access will be managed and who may access, whether it's information
or facilities under a specific circumstance.
So what's the purpose of in a a C. P? Well, from the percent active of physical security? We're looking at things like the wearing of badges around as you go through a facility. Ask how visitors are escorted and what the policies are for, where they can go within the building.
We can use things like biometrics for access is another is another policy that might be employed. How you do, um,
what kind of measures have to be instituted for the more sensitive areas versus the less sensitive areas of a build of a building or a business?
And then also the purpose of in a CPS to describe the standards for increased security? What happens when things go wrong
and the security measures need to be heightened because of a threat?
So let's do a quick check on learning. I'll read you the question, the answers. I'll give you a few seconds to think about it, and then we'll discuss.
So who plays the most important role in developing the company's policies?
The person who drafts the policy? The security manager who enforces the policy, the end user who complies with the policy or the CEO who signs it?
And the correct answer is the CEO who signs it. Remember when I discussed this earlier in the lesson
the CEO signature on that document makes it official and more importantly, it ensures that there will be funding to make sure that that policy can be enforced
and is possible within the scope of the business.
So in this lesson, we discuss why companies have policies. We look specifically at what an access control policy is, which relates. And then we discussed how the A. C P relates to physical security. I want to thank you for taking the time for joining me for this lesson, and I look forward to seeing you in the next one.