2. +
Secure what?
Physical Assets
Ultimately, the goal is to protect information.
Network/Commun However, to accomplish that goal physical
ications assets must be secured and protected, and
users must be educated, trained and
Data/Information responsible.
Users
3. +
Evaluate
What is being protected?
hardware, software, confidential and proprietary information
Why?
your business image, business information, legal
Value?
Can you afford to lose “it”? Can you afford the legal costs?
4. +
Layers of Protection
Physical Location Devices Data
Building Flash Drive Image Files
Office Laptop Text
Home Workstation Spreadsheet
Car Smartphone Database
Briefcase Tablet
Data Center
5. +
Hardware Physical Security
Fire protection
Climate control
Physical security
6. +
UPS – Keeping Things Running
Uninterruptible Power Supply
Battery
Generator
Not just computers
Phones and TV
A/C (select areas)
Lighting (select areas)
8. +
Data Protection
Backups
Global
User
Anti-
Malware
Virus
Adware
Worms
Trojans
9. +
Data Protection
Email
Encrypted
Digital Signatures
Security Threats
Phishing Mails
Storage devices
User authentication
Do not share passwords or accounts
POS and PMS systems
Timekeeping
Money
PCI DSS(Payment Card Industry Data Security Standards)
Compliance
10. +
Making it Work
Education/Training/Accountability
Polices
Procedures
Documentation
Management
Accountability
Checks and balances
Hour presentation in the past. Data is the first thing that most will suggest to protect. System should be set up before data is saved. Not after. The topic of computer security is broad covering everything from secure data carried on a laptop to server farms of hundreds of computers.
Protect equipment, data, hardware, software, users from themselves. Don’t invest more in protection than you have value to protect.
A special foam can be used for fire protection – Halon – but very expensive. Part of hardware protection is teaching users how to handle devices from plugging and unplugging USB drives of all types, to portability – not dropping or abusing laptops or workstations.
Users must learn to protect their own data. One of the bigger problems I deal with.