Post on 08-Aug-2015
transcript
Ensuring Physical and Data Security
Physical Security Issues
Infiltration/exfiltration of physical property: activities such as bringing removable media in and out of a facility
Improper termination of an employee’s physical access or access badge
Unauthorized access to facility: employees entering facilities during unusual hours or unauthorized employees walking through an open door behind an authorized employee (known as "piggybacking")
Generally poor physical security: general issues such as insufficient guard oversight or insufficient separation of duties for physical access controls
Employee used an unauthorized workstation: employees who are able to physically enter another employee’s office/workspace and access their workstation
Breaking and entering/physical destruction: employees breaking into secure spaces or stealing physical equipment
Janitorial staff issues: janitorial staff who steal sensitive information or are socially engineered into violating physical security
Improper disposal or destruction of organization information
Policy Requirements
Entry Authorization for Permanent or Temporary Employees Access to your premises by all permanent
or temporary (including agency or fixed term contract) employees to designated areas is approved by HR.
No permanent or temporary employees may be taken on without the prior approval of HR.
Access Procedures Controlling physical access to areas in the
workplace is a way to keep the business safe.
Visitor Access Controls Visitors attending meetings should be
registered with Reception by the meeting organizer in advance of the meeting taking place preferably by an email but if necessary by calling Reception…
Carrying Identification Badges/Swipe cards All users are required to carry
their identification badges/swipe cards at all times such that their identity may be easily verified if challenged.
Challenging Strangers Reception and the overnight and weekend security
guards are required to challenge strangers when entering the building without an identification badge…
Reporting Lost or Stolen Identification Badges /Swipe Cards
Forgotten Identification Badges /Swipe Cards Employees who have forgotten
their swipe cards must obtain a temporary access pass from Reception when they arrive at work…
Storage of Sensitive Assets Employees must ensure that sensitive
assets held at offices are kept secure. Employees must ensure they adhere
to the Tidy and Secure Desk Policy & Guidance in all office areas at the offices.