Introduction. There Are Many Factors To Consider In The

1176 WordsMay 20, 20175 Pages
Introduction There are many factors to consider in the development of an environmental and physical security policy. Many may believe that these two components are mutually exclusive; however, there should be careful consideration as to whether or not include the two components as one singular policy, with sections that represent each. As one would expect, the physical aspects of the policy govern physical access to facilities, as well as to information technology resources. The environmental aspects of the policy govern the information technology resources, and there may be overlapping areas that the policy must address. Environmental and Physical Security Policy Organizations must establish an information security environmental policy,…show more content…
Physical security must also consider how to address visitor access, and issues where badge access cards may have become lost or stolen. Physical security should include the use of security guards, monitoring equipment, and screening procedures for those who need access to secured areas (Allsopp, 2009). Each component of the policy has key members that must be included in the development of the policy. Roles and Responsibilities There are key individuals that have a specific role, and responsibility in the development of an information environmental, and physical security policy. As with all policies, there must be a top-down approach, which begins at the highest levels of management. The CIO of an organization is responsible for ensuring the policies are administered correctly, and that the policies align with business objects. A security policy of any type should not prevent the business from operating correctly. The IT department managers play a key role in ensuring that their respective departments have sub-policies that are aligned with the overarching policy. This includes procedural documentation on how to perform access reviews, or configuration management, which are components of an environmental policy. The system administrators also have a role in ensuring all the procedural policies are followed while conducting their day-to-day operations (SANS, n.d.). The IT function, and facilities
Open Document