Security is defined as the state of being free from danger or threat. Security is paramount to every nation, every organization or even to every individual person not only for the sake of survival but also for the sake of being able to accomplish a particular mission or purpose in life as well.
On the other hand, threat (which could either be natural or man-made) is an observable fact, the consequence of which, we should be able to anticipate (save for the unpredictable nature’s threat of earthquake) so that security measures necessary for the safety and preservation of “matters being protected” could be made and implemented. This article would delve not about security measures to address the physical threat posed by natural calamities but on security measures necessary to deal with man-made threat to security as a whole.
The security chain
There are actually three (3) links that constitute the so-called “security chain” namely:
1) physical security; 2) document/communication/information security and; 3) personnel security.
PHYSICAL SECURITY is a system of barrier placed between potential intruders and matters being protected. Matters being protected may include: 1) VIPs and other persons; 2) buildings, equipments and facilities and; 3) highly classified documents/files, other material evidences, etc. The level of physical security depends on the quality of security measures in terms of: a) protective operations or VIP security; b) protective structures, perimeter fence or barrier; c) guard and guarding system, including both human and/or animal barrier and; c) energy barrier and/or electronic devices such as CCTV, etc.
DOCUMENT/COMMUNICATION/INFORMATION SECURITY is security measure being implemented to protect against the unwarranted/unauthorized disclosure of highly sensitive information which are classified as follows: 1) RESTRICTED- when the compromise of such information could cause embarrassment to the Government and the people; 2) CONFIDENTIAL- when the compromise of such information could cause damage to national security; 3) SECRET- when the compromise of such information could cause serious damage to national security, economic interests, or threaten life and; 4) TOP SECRET- this security classification requires the highest degree of protection as compromise or unauthorized disclosure of such information could cause exceptionally grave damage to national security. (Note: The security classification of documents herein mentioned is based on the rules and guide of AFPRG 200 – 013 in line with the government’s document security procedures. It is the security standard from which document/information security measures being implemented by all security conscious organizations are patterned).
The protection of classified documents necessitates safe storage (in accordance with prevailing security standard) to guard against possible theft or destruction. In the case of internet use as storage of information, there must be appropriate internet or cyber security measures (cyber-defense technologies to protect against malware attacks and cyber-espionage tactics). It must be emphasized that whoever are the caretakers of sensitive documents and information, these personnel must possess the corresponding “security clearance” and the clear understanding of the “need to know” security principle. (Need-to-Know is a security principle that pertains to the determination by an authorized holder of classified information that a prospective recipient requires access to specific classified information in the performance of his official functions. Knowledge or possession of, or access to, classified information shall not be afforded to any person solely by virtue of the individual’s office, position or security clearance).
PERSONNEL SECURITY, the third (3rd) link in the security chain is a security measure being implemented to ascertain the character, loyalty and discretion of personnel if he or she is qualified to be given sensitive position or position of trust. This measure requires the conduct of personnel security investigation that involves partial background investigation or complete background investigation as the case maybe depending on the sensitivity of position and the level of access (confidential, secret or top secret) into which particular personnel is being groomed.
Background investigation must proceed with an overall determination of the personnel qualification based upon consideration and assessment of all available information, both favorable and unfavorable, with particular emphasis being placed on the seriousness, frequency, updates and motivation for the individual’s conduct and behavior. For personnel to be considered as security eligible, it must be established through personnel security investigation that his character, loyalty and discretion are beyond reproach.
Personnel Security is the weakest link in the security chain considering that it takes only indiscretion and/or disloyalty on the part of personnel to betray, compromise and in the process, cause damage to the organization/institution where he belong.