previous  next  Title  Contents  Index     Previous  Next  Top  Detailed TOC             Last Update: 08 Jun 2000

8 Physical Security

This document is not designed for a detailed study of physical security, however a brief summary of computer related issues are listed here.

8.1 Buildings

In Nov.99, SecurityPortal produced an article on securing remote server rooms: . There's additional material to that listed above.

8.2 Transport of Data

What is the company policy on the use of public, private, company transport as respects the transport of Information (paper, diskettes, disks, tapes, computers..)?

8.3 Backups

Backup media should be stored in locked safes or locked rooms.
Regular backups (at least once per month) should be stored off site.
Backups should only be transported by secure methods (like money transport).

8.4 Disks

Floppy and removable disks are often a source of virus and illegal software (as is Email). They may be also used to illegally copy confidential data. When data is erased from diskettes, it must be completely erased (a standard product should be recommended for PCs). Floppy drives are rarely needed when users have reliable networked printers, file servers and email available.

8.5 Laptops / mobile computers

8.6 Printers

Only Printers in directors offices or restricted access rooms should be used for printing confidential information.

8.7 Computers

EPROM passwords should be used on PCs and workstations.
Screens not used for 15 min should be blanked automatically with password protection.
Computer housings should be locked if possible

8.8 "Clean desk"

The principle of a "clean desk" each evening when an employee leaves his place of work is used by many corporations. It ensures that confidential data is not made available to (for example) cleaning personnel and encourages methodical management of one's workspace. Confidential information should be always under lock & key.

previous  next  Title  Contents  Index     Previous  Next  Top  Detailed TOC