Why Security Training is Important
Security training is quickly becoming mandatory for an ever-growing range of companies, far surpassing the first wave of IT firms that rolled it out two years ago, like Dell, Intel and IBM. While it began as an added 'bonus' in the arsenal of the marketing spokesperson, now companies ranging from Unisys, PepsiCo, Adidas, HP and Sprint are making computer security and employee training a key element in their recruiting message, stressing the employee benefit of receiving social media literacy training.
One obvious motivation for formalizing a company's social media programs and policies is to avoid a social media disaster.
Physcial and Environmental Security
Physical and environmental security programs define the various measures or controls that protect organizations from loss of connectivity and availability of computer processing caused by theft, fire, flood, intentional destruction, unintentional damage, mechanical equipment failure and power failures. Physical security measures should be sufficient to deal with foreseeable threats and should be tested periodically for their effectiveness and functionality. Determine which managers are responsible for planning, funding, and operations of physical security of the Data Center. Review best practices and standards that can assist with evaluating physical security controls, such as ISO/IEC 27002:2013. Establish a baseline by conducting a physical security controls gap assessment.
- Environmental Controls
- Natural Disaster Controls
- Supporting Utilities Controls
- Physical Protection and Access Controls
- System Reliability
- Physical Security Awareness and Training
- Contingency Plans