Time
2 hours 33 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:00
Hello, ladies and gentlemen, welcome back to Sai Berries and User Physical Security. Course I'm your instructor. Corey holds her. And this is lesson one dot For access control policies.
00:13
I want to discuss three key areas in this lesson. First, we're going to discuss why companies have policies, will look at what an access control policy is, and then we'll finish up with the purpose that
00:29
access control policies will play it in terms of physical security.
00:36
So why do companies have policies? Well, they can have them from multiple reasons. And this is policies in general, not just physical security. They helped to clearly define standards within the company, expectations of the employees and how they will conduct themselves as agents and representatives of the business.
00:56
They also explain the importance of having these standards
01:00
not just knowing the what, but the why we do things that we do.
01:04
It helps to align policies and standards with corporate goals. This is an important thing. Remember, the bottom line for business is ultimately to be successful, to make its stockholders happy and to increase their profits so they create policies in general
01:22
that will align with those corporate goals
01:26
and then the last part of a policy is that it defines the recourse that the company has when someone violates the policy. This could simply be termination. It might be restricted access to the company network if you're caught
01:42
visiting sites that are considered not business appropriate,
01:48
but those are just two examples.
01:53
So how do different people in the company play an important role when it comes to the development of policies?
02:02
Well, first of all, leadership identifies the need for the policy
02:07
in the case of a security policy. This will will involve security. Analysts will be
02:13
tasked
02:14
to evaluate the environment, evaluate all the criteria that need to be met,
02:20
potentially also,
02:23
you know
02:24
the realities of the business as we're in employing
02:29
legal standards or industry standards, I should say
02:32
when it comes to drafting that policy,
02:35
lawyers will then being called upon to review the policy and make sure that that while they're trying to protect the company and set a standard that they're not violating any laws or
02:47
federal guidelines, for example, in the U. S. Or National guidelines in other countries
02:53
and then the CEO plays probably the most important role in the development of policy, and that is he puts his signature on it. He makes that policy that standard for the company, and also
03:07
when it comes when he does that, it ensures that there will be funding made available to make sure that policy happens, because a policy that cannot be enforced or not be executed
03:21
is pointless.
03:25
So what's an access control policy? Will?
03:29
The definition we have here comes from the American
03:32
National Institute of Standards and Technology, which basically sets the standards for old government organizations on what they're sent, what their standard should be. And there are also adopted by many industries because
03:49
it is a very high standard, and
03:53
companies, even the private sector, can use thes and employ these very simply within their own business. So on access control policy specifically is setting that those levels of requirement that specify how some how access will be managed and who may access, whether it's information
04:12
or facilities under a specific circumstance.
04:16
So what's the purpose of in a a C. P? Well, from the percent active of physical security? We're looking at things like the wearing of badges around as you go through a facility. Ask how visitors are escorted and what the policies are for, where they can go within the building.
04:33
We can use things like biometrics for access is another is another policy that might be employed. How you do, um,
04:44
what kind of measures have to be instituted for the more sensitive areas versus the less sensitive areas of a build of a building or a business?
04:53
And then also the purpose of in a CPS to describe the standards for increased security? What happens when things go wrong
05:00
and the security measures need to be heightened because of a threat?
05:06
So let's do a quick check on learning. I'll read you the question, the answers. I'll give you a few seconds to think about it, and then we'll discuss.
05:15
So who plays the most important role in developing the company's policies?
05:19
The person who drafts the policy? The security manager who enforces the policy, the end user who complies with the policy or the CEO who signs it?
05:41
And the correct answer is the CEO who signs it. Remember when I discussed this earlier in the lesson
05:47
the CEO signature on that document makes it official and more importantly, it ensures that there will be funding to make sure that that policy can be enforced
06:00
and is possible within the scope of the business.
06:06
So in this lesson, we discuss why companies have policies. We look specifically at what an access control policy is, which relates. And then we discussed how the A. C P relates to physical security. I want to thank you for taking the time for joining me for this lesson, and I look forward to seeing you in the next one.

Up Next

End User Physical Security

This course will introduce you to physical security and why it is important. We’ll do some time travel and go back in time to discuss ancient physical security methods.

Instructed By

Instructor Profile Image
Corey Holzer
Information Systems Engineer
Instructor