Do I know you?May 15, 2011 at 12:10 am | Posted in Human Factors in Security | 2 Comments
Tags: Dunbar's number, photo ID, physical security, tailgating
“What the middle-aged Tory minister said to the young blonde Labour MP in a lift”
The Times 13 May 2011
It’s been a pretty hectic time for me work-wise recently – you may have noticed from the tumbleweed blowing through this blog in recent weeks! But, after a concerted push to get some deliverables out, I finally found myself working from home today, with a little less pressure than normal. So, I decided to set myself up for the day with an early morning trip to my favourite coffee shop, for a cappuccino (skinny, of course!) and a chance to read the newspaper in peace.
So it was that I found myself reading in the Times about a minor spat between two Members of Parliament. In a nutshell, a senior (male) MP challenged a young woman he encountered in a restricted area, on the basis that “”Well, I thought you looked too young to be an MP”. He challenged her to produce her pass, which she did. Awkward. Now, I don’t intend to defend the MP’s possibly boorish manner (after all, it seems he has form when it comes to acerbic remarks). Equally, it seems at least possible that the younger (newly elected) MP might have been less than cooperative, when challenged. So all in all, a storm in a tea-cup, but it reminded me of a serious point.
Must we wear photo passes?
Regular readers will know that I work for IBM where, in common with all technology based organisations and many large organisations of all types, it’s mandatory for all staff to have a pass to gain access to and move around the company sites. These access passes form a key component of physical access control systems and even, in more advanced deployments, provide strong authentication for access to computer systems. They also generally display a photo of the owner and their name. The idea is that the most basic element of physical security is for those in a restricted area to be aware of who should be present and who shouldn’t.
In modern organisations, staff often visit their “home” office only infrequently. Equally, the number of staff in any one location is often very large. As I wrote in a previous post, Dunbar’s Number suggests that we have difficulty keeping track of a circle of acquaintances numbering more than (say) 150. This is, in large part, the reason behind photographic ID. I’m sure IBM is not alone in insisting that these badges are worn in plain sight by all staff at all times.
They also help in avoiding embarrassing situations like the newspaper story, with which I opened. “Tailgating” is frowned upon at card operated doors and clearly visible photo ID makes it easier for security staff to detect. It’s everyone’s responsibility – and should be drummed into new staff through security awareness training – to be aware of who is in the area and to confirm their right to be there. We also have to be prepared to challenge anyone not displaying the correct pass, though hopefully showing a little more tact than the Tory MP.Follow @Vintage1951