The first thing the security analyst should make sure the organization has in place are CAC checkpoints, similar to the kind that one finds in a hotel. This would be the first step in keeping unauthorized parties from accessing the on-site location that the organization is at. The organization would issue CACs at every level, so that members can traverse the on-site location as needed. The security analyst could also check the organization to make sure that the proper camera or recording equipment is in place – such as CCTV that stores the recordings in a separate off-site location. Another thing that the security analyst could check is to make sure the organization keeps a master record of the information on the CACs, which would allow the analyst to verify everybody is who they claim to be.
Another thing that the analyst could check the organization for is that the employees have badges, or identification cards that show they are part of the organization. For example; the same way ECPI issues identification badges to it’s employees, and students. The security analyst could check with whatever department issues those cards, and make sure that the database which logs all of those people against their cards are accurate. The analyst could also check the organization’s databases to make sure that all listed members are current members who are not being dismissed from the company, and that any members who are being dismissed are removed promptly from the organization’s records.
The removal of those members would ideally, cut down on any malicious attacks that might be staged from within the organization. According to HBR (www.hbr.org) says that the best way to counter insider threats are to know the people in the organization, and not to forget basic practices when it comes to security – such as enforcing strong passwords and identities within the organization.
Biometric authentication is another layer that the organization could invest in – biometric authentication can include facial recognition software, fingerprint scanning software/hardware, or hand-print scanning software/hardware. Biometric software/hardware makes it easier, in the digital age to manage security for an organization. Iris recognition could also implemented to further secure much more sensitive parts of the organization – thus restricting those areas to higher up members of the organization; such as management, or specially authorized members of the organization.