The purpose of this security plan is to elicit the potential threats to an organisation physical and electronic information holdings. Organisations in general are starting to take information security more sincerely due to the proliferation of mobile services, VPN connections, terrorism and natural disasters. We must however acknowledge that this very technology advancement is regarded as efficient but is also leading to a higher level of security risks. These risks must be mitigated to ensure the confidentiality, integrity, and availability of information assets. (The SANS Institute. 2007)
The security team would like to report the following threats to the organisations physical and electronic information holdings discovered during an in-depth analysis of the current security structure within the organisation.
Physical security is generally overlooked on an information security plan. The presence of a guard at the entrance of a building, magnetic access cards and identity badges provides an illusion that their information assets are physically secure. (The SANS Institute. 2007) A report from Justin Kallhoff explains that the highest priority of physical security is human safety and in the event of an incident, the priority should be to ensure all human beings are safe prior to initiating other incident responses. (Justin Kallhoff.2007)
The below tabular representation briefly describes some of the threats to an organisations information asset.
Security Threat Security Threat Description
Humans Behaviour If someone accidentally unplugs or turns off the wrong device, a hacker/cracker executes an exploit and unexpectedly crashes a server, an employee steals a device. The most common threat is users in an organisation especially contractors including cleaning staff.
Obvious Threats Fires, floods, and natural disasters are obvious threats to physical security; however, every company is vulnerable to these kinds