Appendix E
Physical Security Policy
Student Name: Vivian Hillard
University of Phoenix
IT/244 Intro to IT Security
Instructor’s Name: Bryan Berg
Date: 5/6/12
Physical Security Policy
Due in Week Five: Outline the Physical Security Policy. Merkow and Breithaupt (2006) state, “an often overlooked connection between physical systems (computer hardware) and logical systems (the software that runs on it) is that, in order to protect logical systems, the hardware running them must be physically secure” (p.165).
Describe the policies for securing the facilities and the policies of securing the information systems. Outline the controls needed for each category as relates to your …show more content…
There will be further recommendations’ that will isolate the delivery and loading area and the reasoning for such recommendations. There is also a recommendation for securing other work place within the facility, such as protection of the workstation, unused ports and cabling, network and server equipment, network equipment maintenance and security portable computing equipment.
2 Security offices, rooms and facilities
We will need to secure the grounds and the building of each facility, along with other items, protections of the information system infrastructure and the data contained therein. There are three way to control the physical entry to the facility. Entries to the facilities need to be controlled at a granular level, physical access controls will help to accomplish this. Then there is the physical security of the facilities needs to be handled by a small private security force. The last way to secured the facility is keeping areas of common access or frequent unsecured access separate form secured areas is a requirement for the continued security of the …show more content…
Maintaining and implementing of the security policies is one way that this can be accomplished, it is important the everyone knows their role in overall information security within the company.
2 Unused ports and cabling
All unused ports must be secured at all times. If the ports are for future expansion than the must be disconnected until needed. If the ports are used for transient purposes, such as a sales or executive employee visits a facility, then they need to give notice to the information security department to ensure that they will have access.
3 Network/server equipment
All servers equipment and network must be kept secure at all times, limited access room or closet to ensure the physical security of the equipment. The servers will be in a locked room with climate control. The network equipment, such as hubs and routers, will be locked in a closet to prevent tempering ad access except by authorized personal.
4 Equipment