1. Home
  2. Samples List
  3. View

Physical security in the federal reserve system

PHYSICAL SECURITY IN THE FEDERAL RESERVE SYSTEM
Introduction
Harris suggests that physical security is on most occasions an afterthought (97- 98), and often
overlooked because most entities concentrate on counter measures that are technological in
nature. Many organizations lose information through hacking by malware into their systems, and
then the same information is used against an organization.
Because of this scenario, proper implementation of physical security should be enacted so that
would be attackers do not gain physical access to facilities and take information they want.
What is physical security?
This is a statutory system that was created to have a central control over financial transactions so
as to avoid crisis in monetary systems. It is the central bank of the United States, created by the
Congress to provide safer, flexible, and a stable monetary and financial system. It was created
when President Woodrow Wilson signed the Federal Act into law in 1913.
The system has several responsibilities including stabilizing of prices through proper monetary
policies, regulation and supervision of banks and other financial institutions, addressing risk
factors in financial markets and provision of financial services and payment systems to the
government.
Physical security too deals with threats to the economy and smooth operations and stability of
enterprise. Security of organizations differ from that of the public but they are interlinked and
important to ensure that there is social order, for instance dealing with problems posed by
terrorist organizations. In interruption to business or government operations through hacking,
terrorism or sabotage can cause political instability or an effect to public confidence, where
people begin to panic or lose confidence in a system. Physical security is therefore supposed to
be proactive, and not reactive, in the sense that potential threats have to be discussed and
identified in a variety of settings. Necessary measures should then be taken to address them
before they become real problems.
Why the Federal Reserve System should be complex system for continuity of operations.
The main reason for there to be a system of physical security is to ensure that personnel,
equipment, Information Technology infrastructure, facilities and company assets are safeguarded
against foreign infiltration. There must be a layered approach to be able to achieve this because
an attacker will have difficulty reaching and or bypassing multiple layers to get to the source.
There are several approaches that can be used in order to achieve this;
Administration
The administration at the Federal Reserve should ensure that personal data is secured so that in
the event that an attack occurs, the effect on personal data is zero or at least minimized. Scott
posits that during the data breach at Coca-Cola for instance (December1, 2014) many people lost
data in stolen laptops with unencrypted personal data. The result was that an employee instituted
legal proceedings against coca cola for negligence.
Oriyano suggests in his works that there should be a greater concern (393-409) about physical
theft than ever before .Portable devices can easily be stolen and therefore administrative
measures should be in place to secure facilities and ensure adherence to procedures of work.
Technical approach
On the technical front, it will be useful to ensure that there is risk management supervision.
Activities of the Federal Reserve should be operated both by outside systems and a central point
of contact which should be knowledgeable, about the institutions management structure, and
overall operations. The technical aspect will ensure proper surveillance, supervisory activities
and monitoring together with enforcement issues where necessary.
! Ensure appropriate follow-up and tracking of supervisory concerns, corrective actions, or other
matters which come to light through ongoing communications or surveillance.
Framework for Risk-Focused Supervision of Large Complex Institutions August 8, 1997
The FBO supervision program identifies several products to be shared with other U.S. 9
supervisory authorities: a review
of the home country financial system, a review of significant home country accounting practices,
a strength of support assessment of the FBO, a summary of condition of U.S. operations, and
comprehensive and individual examination plans.
Refer to SR letter 95-22 (SUP. IB).
9
! Participate in the examination process, as needed, to ensure consistency with the institution’s
supervisory plan and effective allocation of resources, including coordination of on-site efforts
with specialty examination areas and other supervisors, as appropriate, and to facilitate requests
for information from the institution, wherever possible.
Sharing of Information
To further promote seamless, risk-focused supervision, information related to a specific
institution should be provided, as appropriate, to other interested supervisors. Information to be
shared should include the products that are described in this handbook.9 Sharing of these
products with the institution, however, should be carefully evaluated on a case-by-case basis.
The institutional overview, risk assessment, and supervisory plan may not be appropriate for
release if they contain a hypothesis about the risk profile of the institution rather than
assessments verified through the examination process. On the other hand, it may be appropriate
to share the examination program with the institution in the interest of better coordinating
examination activities.
Physical control
2. Planning For a Physical Security Program
Adequate controls are not present to control the physical environment without a plan in place.
The company must create a team that is responsible for designing a physical security
© 2016 The SANS Institute Author retains full rights.
The Importance of Physical Security 5
David Hutter, [email protected] program when planning for security. The physical
security team should continually improve the program using the defense in depth method.
Defense in depth is a concept used to secure assets and protect life through multiple layers of
security. If an attacker compromises one layer, he will still have to penetrate the additional layers
to obtain an asset. To give an example of this concept, let us say that you have a computer that an
attacker wants to access. The computer in located inside a locked room within a building. The
building has an access control system in place, and there is a fence with a guard outside. If the
adversary only needed to climb the fence to get to the data, only one level of security is in place
to stop an intruder. If we added security guards, access control systems, locked doors, this would
make the task more difficult for the person trying to acquire a resource.
In addition, logging into the computers and servers should require a smart card or token in
addition to a pin or password in order to access proprietary data. These security measures
working together provides multiple levels of security. To ensure that the security controls are
working effectively, metrics should be used.
The team needs to identify key performance indicators (KPIs) to enhance the security program
(Santander Peláez, 2010) KPIs should be monitored by period, quarter, current year, and over
years (Wailgum, 2005). Metrics depend on the industry and organization. KPIs vary between
corporations because of requirements and focus the organization has
Organizations need to use a “performance-based approach” (Harris, 2013) when measuring the
physical security program. These metrics gauge how well the program is operating towards
achieving the organization’s objectives. Data can be used to make informed decisions to lower
risk in the most cost-effective method. Without these metrics, the security program will not be
able to effectively manage security controls.
The following are key performance indicators to measure the effectiveness of the security
2. What are some other possible scenarios that could completely shut down the Federal
Reserve’s headquarters building located in Washington, DC?
3. How could the Federal Reserve System prepare itself for such a huge disaster as a massive
truck bombing? Should it act proactively to mitigate the hazard even though it has never
happened or there may be no intelligence indicating it might happen in the near future?
4. What would a good plan of operation be if the Federal Reserve System headquarters was
completely put out of commission? Where could all of the employees be relocated? What
location could act as a temporary headquarters while the main building was repaired or replaced?
Should parking accommodations already be planned for such a contingency? Should
transportation be provided? Might there be a problem of overcrowding at the new location if it is
much smaller than the existing headquarters? Could the employees simply be shifted to other
Federal Reserve Bank locations?
5. Should the computer data stored at the Federal Reserve System headquarters be constantly
backed up at an offsite location and how often should this information be backed up? Could this
slow down business operations if all data had to be saved in multiple locations all the time? Why
would it be important to have multiple safeguards and redundancies in regards to important
computer data?
Reference
Harris, S. (2013). Access Control. In CISSP Exam Guide (6th ed., pp. 97, 98, 157- 277). USA
McGraw-Hill;
Harris, S. (2013). Information Security Governance and Risk Management, In CISSP Exam
Guide (6th ed., pp. 21-141). USA McGraw-Hill
Oriyano, S. (2014). Physical Security. In Cehv8: Certified Ethical Hacker Version 8 Study
Guide (pp. 393-409). Indianapolis, IN USA: Wiley
Scott, M. (2014, December 1).Coca-Cola Data Breach highlights importance of Laptop Security.
Retrieved March14, 2017, From Http://Www.Acfe.Com/Fraudexaminer.Aspx?Id=4294986501

Place new order. It's free, fast and safe

-+
550 words
Total price: $ 15.00

Our customers say

Customer Avatar
Jeff Curtis
USA, Student

"I'm fully satisfied with the essay I've just received. When I read it, I felt like it was exactly what I wanted to say, but couldn’t find the necessary words. Thank you!"

Customer Avatar
Ian McGregor
UK, Student

"I don’t know what I would do without your assistance! With your help, I met my deadline just in time and the work was very professional. I will be back in several days with another assignment!"

Customer Avatar
Shannon Williams
Canada, Student

"It was the perfect experience! I enjoyed working with my writer, he delivered my work on time and followed all the guidelines about the referencing and contents."

  • 5-paragraph Essay
  • Admission Essay
  • Annotated Bibliography
  • Argumentative Essay
  • Article Review
  • Assignment
  • Biography
  • Book/Movie Review
  • Business Plan
  • Case Study
  • Cause and Effect Essay
  • Classification Essay
  • Comparison Essay
  • Coursework
  • Creative Writing
  • Critical Thinking/Review
  • Deductive Essay
  • Definition Essay
  • Essay (Any Type)
  • Exploratory Essay
  • Expository Essay
  • Informal Essay
  • Literature Essay
  • Multiple Choice Question
  • Narrative Essay
  • Personal Essay
  • Persuasive Essay
  • Powerpoint Presentation
  • Reflective Writing
  • Research Essay
  • Response Essay
  • Scholarship Essay
  • Term Paper
We use cookies to provide you with the best possible experience. By using this website you are accepting the use of cookies mentioned in our Privacy Policy.