Information Security Policy
Institution of Affiliation
From: Arctic Company
Re: Physical Security
Date: 12th February 2018
Arctic is a new company that provides expertise in building solutions for business and individuals worldwide including design development, project inception and providing construction documents to improve on building and construction. The corporation is legally registered under government laws to provide their services to a general public due to gaps identified in achieving safe building structures for human living and business operations. Recently, the company located their regional offices to Bentley Mall in Alaska. Which is facing serious physical threats in their information technology department and failure to control the practices may cause loss of important information database of business. Personnel information suffers high risk due to interferences to computer hardware, network and software.
Reasons for creating the memo is to prevent further damages that the institution may incur if not well protected from forms of vandalism of systems, internet interruption which makes business vulnerable to calamities such as fire tragedies, burglary among other forms of theft. An occurrence of these tragedies would lead the company losing important business information driving to possible closure of business due to lack of competitive edge. To avert this from taking place, the company management needs to formulate and oversee implementation of physical security strategies in the company. Some of the reasons for enacting policies are to enable management to ensure supervised surveillance of operations, maintaining safety of the company, defend position of a company and prevent potential crimes from occurring. The article will focus on deep details on security policies of institutions, desired strategies of implementation, expected standards and practices by the company to eradicate problems to the identified company.
Many organizations over years are evolving to mitigate on an occurrence of risks in their operations thus Artic Company is not exceptional. Management must plan and take an active role to protect assets from diverse threats ranging from incorporating of artificial safety measures, mitigate activities of criminality that encompass entity of the organizations. Formulation of good policies and procedures will help the company in providing quick safety responses by creating infrastructures that are secure from any form physical security threats. Creating safe working environment will serve as an integral point to ensure safety in our premise while mitigating physical safety threats. Policies include protecting the portable devices, keeping intruders from accessing working station, locking up of vulnerable devices in safe rooms, setting up of surveillance gadgets, locking up the server room and backing up of business data.
Backing up important data is essential measure especially if any form of disaster arises to the business. However, the department should be cautious not to forget information on back up gadgets such tapes, discs and disks as they can be easily be stolen to be used by an intruder to the business especially if they are not properly handled. Devices should be locked up in a safe room where unwanted guests cannot reach or access them. Further, the organization may consider setting up surveillance cameras that will enable an IT administrator to know any form of access made by unauthorized persons to systems as well as the premises with malicious intentions to cause destruction. On this ground, technology can be designed to provide continuous detection of movements and motions thus raise alarm eventually when any form of danger is detected for response provision. Surveillance cameras provide a better platform of an authentically modifying system that incorporates into locking up devices in the company premises.
Employees who are using laptops and personal computers should not leave them on their desk as they pose special security risks. They can be stolen easily inclusive of stored data therefore, they should be protected or be stored in a safe room after working hours. Finally, visitors and intruders should never be allowed to access business working stations as it is very easy for them to steal information gadgets making them accessible to outsiders and individuals who may use information to paralysis business operations.
Standards of Security Policies
Standards of security policies to any company should meet requirements of National Security Authorities (NSA). Policies ought to protect servers and similar equipment from predetermined criminal activities. Notably, loss of equipment may cause the continuity of business and deter the firm from achieving goals and objectives as determined. Further, policies will prevent accessibility of files among other important tools from intruders who may use information wrongly to hinder business operations. Moreover, policies should aim at providing permanent solutions to burglary activities thus making database secure improvising high level of confidentiality of information containing secrets of the company. For business continuity, security measures should include regular backing up of files and storage facilities to make them difficult from hacking activities being experienced worldwide.
Practices to Physical Security
Business continuity is an ultimate goal for many entrepreneurs across the globe as their major goal is to remain competitive in changing market trends. Therefore, better practices ought to be formulated to safeguard operations and business activities. The sensitivity of information should remain crucial for any given organization business products and design. Some of practices ought to be embraced include installation of surveillance cameras, inclusion of human intelligence to upgrade security, enforcing of security barriers to all sensitive sections of business should be considered to be the best practices, these are to enhance physical security policies. Because important physical security plans are laid out after identifying and assessing of possible threats facing operation of the business.
Bennett, M. T., Keefer, E. C., & United States. (2011). National security policy, 1969-1972. Washington: U.S. G.P.O.
Calder, A., & Watkins, S. G. (2010). Information security risk management for ISO27001/ISO27002. Cambridgeshire: IT Governance Pub.
Fennelly, L. J. (2017). Effective physical security.
Fennelly, L., & Perry, M. (2016). Physical Security. Saint Louis: Elsevier Science.