preview

Security Plan - Knowledge and Information Security

Better Essays

Contents

CONTENTS 4
EXECUTIVE SUMMARY 6
RESPONSIBLE PERSONNEL 7
CHIEF SECURITY OFFICER 7
ELECTRONIC SECURITY MANAGER 7
PHYSICAL SECURITY MANAGER 7
RISK MANAGEMENT OFFICER 7
ASSESSMENT OF RISK 8
PHYSICAL 8
ELECTRONIC 9
DATA ACCESS SECURITY 10
GENERAL SECURITY 10
USER AUTHORISATION 10
USER AUTHENTICATION 11
SECURE DATABASE 11
PHYSICAL FILES 11
ELECTRONIC INTRUDER DETERRENCE – VIRUSES AND MALWARE 12
SOCIAL ENGINEERING 12
FILE SHARING 12
WIRELESS NETWORKS 13
STAFF VETTING AND SEPARATION PROCEDURES 13
GENERAL STATEMENT 13
STAFF SCREENING 13
SEPARATION PROCEDURES 13
PERSONNEL SECURITY 14
GENERAL STATEMENT 14
PASSIVE MONITORING 14
POSITIVE MONITORING 14
PHYSICAL SECURITY 15
GENERAL STATEMENT 15
AUTHORITY FOR …show more content…

2) Electronic surveillance of premises by third party to gain confidential information, may include:
a) Wiretaps on telephones of key personnel
b) Electronic audio-recording equipment in key locations such as in boardrooms, or management offices
3) Access agents employed by outside entities to gain access to organisation and information repositories
a) Persons in the employ of an outside entity to infiltrate the organisation and gain access to confidential information.
4) Outside entity may recruit or subvert staff to gain information
a) Pressuring or enticing employees to provide information, or to facilitate electronic or physical access to that information for the benefit of the outside entity.
5) Material damage to physical documents and equipment resulting from fire or other unforseen occurrences e.g. earthquakes and other natural disasters.
6) Portable devices that are used by staff for convenience may be lost or stolen
a) Lax password security means that should these portable devices be lost or stolen the information stored on them is available to anyone who cares to view it.
Electronic
(Volonino & Robinson, 2005)
Electronic security is meant to guard databases and networks from unauthorised access and malicious or accidental damage. An instituted electronic security system prevents damage to information by intangible means such viruses, bugs, malware,

Get Access