Physical Security Policy Paper
Associate Level Material
Appendix E
Physical Security Policy
Student Name: Vivian Hillard
University of Phoenix
IT/244 Intro to IT Security
Instructor’s Name: Bryan Berg
Date: 5/6/12
Physical Security Policy
Due in Week Five: Outline the Physical Security Policy. Merkow and Breithaupt (2006) state, “an often overlooked connection between physical systems (computer hardware) and logical systems (the software that runs on it) is that, in order to protect logical systems, the hardware running them must be physically secure” (p.165).
Describe the policies for securing the facilities and the policies of securing the information systems. Outline the controls needed for each category as relates to your …show more content…
selected scenario.
These controls may include the following:
• Physical controls (such as perimeter security controls, badges, keys and combination locks, cameras, barricades, fencing, security dogs, lighting, and separating the workplace into functional areas)
• Technical controls (such as smart cards, audit trails or access logs, intrusion detection, alarm systems, and biometrics)
• Environmental or life-safety controls (such as power, fire detection and suppression, heating, ventilation, and air conditioning)
1 Security of the building facilities
1 Physical entry controls
A physical security policy will detail the physical security of the facilities by defining the physical entry controls to be used, outlining the requirements of the security force and their facilities requirements.
There will be further recommendations’ that will isolate the delivery and loading area and the reasoning for such recommendations. There is also a recommendation for securing other work place within the facility, such as protection of the workstation, unused ports and cabling, network and server equipment, network equipment maintenance and security portable computing equipment.
2 Security offices, rooms and facilities
We will need to secure the grounds and the building of each facility, along with other items, protections of the information system infrastructure and the data contained therein. There are three way to control the physical entry to the facility. Entries to the facilities need to be controlled at a granular level, physical access controls will help to accomplish this. Then there is the physical security of the facilities needs to be handled by a small private security force. The last way to secured the facility is keeping areas of common access or frequent unsecured access separate form secured areas is a requirement for the continued security of the …show more content…
facilities.
3 Isolated delivery and loading areas
We will isolate the delivery and loading area and have the security department monitor the activity that is going on there by physically being there and by video.
2 Security of the information systems
1 Workplace protection
Every employee must have the knowledge of information security and be ready to react to any condition.
Maintaining and implementing of the security policies is one way that this can be accomplished, it is important the everyone knows their role in overall information security within the company.
2 Unused ports and cabling
All unused ports must be secured at all times. If the ports are for future expansion than the must be disconnected until needed. If the ports are used for transient purposes, such as a sales or executive employee visits a facility, then they need to give notice to the information security department to ensure that they will have access.
3 Network/server equipment
All servers equipment and network must be kept secure at all times, limited access room or closet to ensure the physical security of the equipment. The servers will be in a locked room with climate control. The network equipment, such as hubs and routers, will be locked in a closet to prevent tempering ad access except by authorized personal.
4 Equipment
maintenance
Only authorized employees will be allowed to mainten the system. The employees that have access to the maintenance of the equipment will be accessing sensitive infrastructure equipment on a regular basis, which means that they will have to pass a strict background investigation screening.
5 Security of laptops/roaming equipment
All roaming computing equipment must be secured with a minimum of
two factor authentication, such as a user name and password
combination along with a smart card or biometrics authentications
method
References
Cite all your references by adding the pertinent information to this section by following this example.
American Psychological Association (2001). Publication manual of the American Psychologial Associatin (5th ed.). Washington DC: Author.
Appendix E
Physical Security Policy
Student Name: Vivian Hillard
University of Phoenix
IT/244 Intro to IT Security
Instructor’s Name: Bryan Berg
Date: 5/6/12
Physical Security Policy
Due in Week Five: Outline the Physical Security Policy. Merkow and Breithaupt (2006) state, “an often overlooked connection between physical systems (computer hardware) and logical systems (the software that runs on it) is that, in order to protect logical systems, the hardware running them must be physically secure” (p.165).
Describe the policies for securing the facilities and the policies of securing the information systems. Outline the controls needed for each category as relates to your …show more content…
selected scenario.
These controls may include the following:
• Physical controls (such as perimeter security controls, badges, keys and combination locks, cameras, barricades, fencing, security dogs, lighting, and separating the workplace into functional areas)
• Technical controls (such as smart cards, audit trails or access logs, intrusion detection, alarm systems, and biometrics)
• Environmental or life-safety controls (such as power, fire detection and suppression, heating, ventilation, and air conditioning)
1 Security of the building facilities
1 Physical entry controls
A physical security policy will detail the physical security of the facilities by defining the physical entry controls to be used, outlining the requirements of the security force and their facilities requirements.
There will be further recommendations’ that will isolate the delivery and loading area and the reasoning for such recommendations. There is also a recommendation for securing other work place within the facility, such as protection of the workstation, unused ports and cabling, network and server equipment, network equipment maintenance and security portable computing equipment.
2 Security offices, rooms and facilities
We will need to secure the grounds and the building of each facility, along with other items, protections of the information system infrastructure and the data contained therein. There are three way to control the physical entry to the facility. Entries to the facilities need to be controlled at a granular level, physical access controls will help to accomplish this. Then there is the physical security of the facilities needs to be handled by a small private security force. The last way to secured the facility is keeping areas of common access or frequent unsecured access separate form secured areas is a requirement for the continued security of the …show more content…
facilities.
3 Isolated delivery and loading areas
We will isolate the delivery and loading area and have the security department monitor the activity that is going on there by physically being there and by video.
2 Security of the information systems
1 Workplace protection
Every employee must have the knowledge of information security and be ready to react to any condition.
Maintaining and implementing of the security policies is one way that this can be accomplished, it is important the everyone knows their role in overall information security within the company.
2 Unused ports and cabling
All unused ports must be secured at all times. If the ports are for future expansion than the must be disconnected until needed. If the ports are used for transient purposes, such as a sales or executive employee visits a facility, then they need to give notice to the information security department to ensure that they will have access.
3 Network/server equipment
All servers equipment and network must be kept secure at all times, limited access room or closet to ensure the physical security of the equipment. The servers will be in a locked room with climate control. The network equipment, such as hubs and routers, will be locked in a closet to prevent tempering ad access except by authorized personal.
4 Equipment
maintenance
Only authorized employees will be allowed to mainten the system. The employees that have access to the maintenance of the equipment will be accessing sensitive infrastructure equipment on a regular basis, which means that they will have to pass a strict background investigation screening.
5 Security of laptops/roaming equipment
All roaming computing equipment must be secured with a minimum of
two factor authentication, such as a user name and password
combination along with a smart card or biometrics authentications
method
References
Cite all your references by adding the pertinent information to this section by following this example.
American Psychological Association (2001). Publication manual of the American Psychologial Associatin (5th ed.). Washington DC: Author.