Surveillance Systems Risk Management Review
Introduction
ISurveillance systems including Access Control systems, CCTV systems and burglar alarm systems are very much a vital element of every business’ security system. These systems not only provide information about who is coming in and out of corporate sites, but also who is where, when and whether they should be there. Further, they can often provide the necessary evidence for any legal action that may be taken in cases of a breach.
Over the last few years much of the technology within these systems has changed such that they are no longer dumb end points, instead each component of these systems is a computer in its own right, and includes all the necessary technology to take advantage of carrying data over the corporate network. Whilst this has many advantages in providing access to that data right across a site without having separate cabling system for each type of technology, they do also bring some areas for concern. One main area for concern is that although they offer the power of using the many technologies used in computing, they aren’t however designed with security in mind.
Consequently they can open up an otherwise secure network, and provide opportunities for criminals to use vulnerabilities in these surveillance systems to either undertake their own surveillance on the corporation, or to use the system as a jump point to attack other information systems.
Although these many of these systems can be abused by criminals for various purposes due to the lack of security built into the systems, it is important to remember that it is possible to put controls into place which will provide the necessary security to protect the system from attack.
How it works ?
The review will start by understanding the objectives behind the surveillance infrastructure, what it is protecting, the best way to protect it and then move into an analysis of the risks in the system and the effectiveness of the controls.
Typically the report will cover:
• Business requirements for a surveillance system
• The technical specification requirements for the various systems which form the overall surveillance system
• Assessment of the existing surveillance system(s) to the requirements
• Review of the implemented architecture of the current system(s)
• Risk assessment of each system comprising of the overall surveillance system(s)
• Controls required to mitigate the risks
Follow-on / Alternative services
We can undertake the above service from a Compliance perspective as an internal or external audit, or an Assessment perspective whereby we could undertake a Penetration Test, providing you with information for a very specific purpose.
The team at Incoming Thought would be delighted to work with you further across other areas of your risk portfolio. Typically this would consist of a range of practical and useful services ranging from consultancy engagement to address particular risk issues through to training and awareness for executives and staff.
All of these services can be customised to meet local objectives.
Copyright © 2012 Incoming Thought - The Virtual CISO support. All Rights Reserved. Designed by Incoming Thought.