Most organizations use critical hardware and software to conduct their business. These equipments need protection in order to prevent service disruption. Therefore, measures must be taken to protect the information an organization handles from disasters. These measures are covered by Information Security (IS). One can consider Information Security comprising of:
• physical security
• operational security
• management and policies
[...] Also, more intimidating is the use of cameras. They must be as conspicuous as possible to make people know every action they perform is recorded. The review of the recorded tapes must be done on a daily basis, and a report can be written. Most people fail in having cameras not working well or at all, and letting them there just to influence people. The drama is whenever some day, people may notice or be informed by some means that the cameras are functioning. [...]
[...] Moreover, the steps to perform every operation must be detailed. Every task in the organization must be documented. This helps new employees to quickly get into their business, rather than taking some time observing and trying things, making dangerous mistakes. The existence of a backup plan somehow implies the one of a recovery plan. A recovery plan should indicate what action must be performed in order to recover from data loss or damage. This kind of plan can be difficult to put in place. [...]
[...] Levels have to be defined to classify information. Some common used levels are the following : public : anybody can access the information ; internal : information restricted only to a group of persons ; private : information concerning only ONE person and nobody else. The following table gives an example of taxonomy : Public Announcement of the delivery of a new service ; organisation of a seminar ; recruitment of new employees. Internal Elaboration of a strategy plan ; Backup and recovery plans ; Access code to the department entrance. [...]
[...] For example, the access to a server room may be secured by a gate. The gate and the door of the room may have multiple locks. The keys of some locks may be held by one person, and the other keys by another. Another solution may be the use of electronic or password access to the location. The locks and electronic access mediums can also be combined, ensuring a stronger security for the location. In more sophisticated environments, lifts can be secured. [...]
[...] Management of data When managing information, one must take into consideration upgrading deprecated data or systems to include new functionality or even enhanced security. Also, some monitoring of the information may be necessary. This helps assess changes that may occur due to certain prior action. These procedures must be described in a clear manner, possibly using a detailed guide. For instance, as for monitoring and upgrades, there may be an agenda stating how often they are carried out, who performs them, and how they are done. Operation Upgrading the antivirus software . Frequency Every week . [...]
Source aux normes APA
Pour votre bibliographieLecture en ligne
avec notre liseuse dédiée !Contenu vérifié
par notre comité de lecture
