Access Management

Managing Modern Risks in Access Control and Identification

As evidenced in this year’s Security 500 report, today’s leading organizations have understood that they cannot operate without Security’s participation. They see the security program as a value advantage. And security leaders, in turn, are creating value across the entire organization and “taming their risk tiger.”

Facility access control and identification plays a key role in risk mitigation. In both the physical and virtual world, controlling who and what gains access into buildings and systems is strategic to risk reduction and the value-added model. However, risk reduction and valued-added programming is not easy to accomplish. 

As we have seen, all industries have had to deal with violence in the workplace. Recent events demonstrate the continued need to evaluate access control and identification in order to reduce the potential for violence. For example, recently a student was shot and critically wounded on the first day of classes at a Baltimore County high school. The school had to be evacuated, moving students to a nearby shopping center and middle school. Another example: a disgruntled employee who worked at an import company within the Empire State Building in New York City, fired a year prior, entered his past employer’s business and killed his ex-boss. The assailant was killed by police in the streets of New York City while fleeing from the Empire State Building. Just over a month later, five people were killed and four others were injured after a shooter opened fire inside a sign company in Minneapolis.  

Security leaders not only have to deal with workplace violence, but social unrest as well.  Many companies were caught off guard by the “Occupy Wall Street” movement that occurred in many cities as well as venues across the globe since early 2011. The movement, however small, still exists today – creating an access control and identification nightmare for organizations targeted by this group.

Violence also occurs in the corporate virtual world. A study by the Verizon RISK Team, titled 2012 Data Breach Investigations Report, stated that in 2011 the online world was filled with data breaches where the theft of corporate and personal information was a priority. The report documented 855 incidents of corporate data theft and 174 million compromised records.

Property crime and fraud continued to be a problem for organizations, again looking at access control and identification to key areas of an organization and its systems. According to the 2012 National Crime Victimization Survey(NCVS) by the Bureau of Justice Statistics, more than 1 in 10 property crimes, including motor vehicle theft and property theft, occur in parking lots or garages. The 2012 Report to the Nation on Occupational Fraudand Abusesurvey indicates that a typical organization lost five percent of its revenues to fraud in 2011. Applied to the 2011 Gross World Product, this figure translates to a potential projected annual fraud loss of more than $3.5 trillion. The median loss caused by the occupational fraud was $140,000. More than one-fifth of these cases created losses of at least $1 million. Financial statement fraud schemes made up just eight percent of the cases in our study, but caused the greatest median loss of $1 million. Corruption schemes fell in the middle, occurring in more than one-third of reported cases and causing a median loss of $250,000.

From workplace violence to civil unrest, to property crime and fraud, corporations need to continuously assess risk and implement processes that reduce incidents and provide real value to the corporation. Formulating a program in access control and identification helps to reduce the risks and, when implemented properly, can add real value to the organization and its employees and stakeholders.

Corporate security continues to succeed when it evaluates and improves access control and identification programs in order to ensure it is providing the best possible security and value to the organization. Practices in access control and identification should be ingrained within the organization from the C-suite on down so that that employees and visitors are well protected and feel secure within their workplace.   

This article was previously published in the print edition as "Grabbing the Access Control and Identification Tiger by the Tail."




Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Bernard Scaglione

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security December 2014 issue cover

2014 December

This issue of Security Magazine covers our 12th annual Top Guarding Firms list. Check out the best of the best as of December 2014. The 21st century has brought with it new types of security threats. Read how to combat and protect against these threats.

Table Of Contents Subscribe

Security Emergency Preparedness Training

Which security personnel emergency preparedness training is the top priority to you and your enterprise?
View Results Poll Archive


CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.