Are there other commonly overlooked security issues that a security risk assessment process should address in the security compliance sections of a business continuity plan?
A common risk overlooked in security training and security audits but still allowed in many organizations both large and small, is permitting delivery staff to enter and then move around the facility with little or no monitoring of their activities. Everyone in a UPS brown coverall carrying a box is not necessarily a safe individual and may not even be a UPS employee. However, once inside a facility, the image of a uniform of some type will tend to discourage further attention or scrutiny. This sense of trust may allow certain individuals access to areas when normally they should be challenged. A risk management plan including specific security audit functions, policies and procedures should also be in place to track when and where employees and contractors are working at any specific time.
