Employee Computer Security | Access Control

Expertise:

Why Security Training is Important

Security training is quickly becoming mandatory for an ever-growing range of companies, far surpassing the first wave of IT firms that rolled it out two years ago, like Dell, Intel and IBM. While it began as an added 'bonus' in the arsenal of the marketing spokesperson, now companies ranging from Unisys, PepsiCo, Adidas, HP and Sprint are making computer security and employee training a key element in their recruiting message, stressing the employee benefit of receiving social media literacy training.

One obvious motivation for formalizing a company's social media programs and policies is to avoid a social media disaster.

Physcial and Environmental Security

Physical and environmental security programs define the various measures or controls that protect organizations from loss of connectivity and availability of computer processing caused by theft, fire, flood, intentional destruction, unintentional damage, mechanical equipment failure and power failures. Physical security measures should be sufficient to deal with foreseeable threats and should be tested periodically for their effectiveness and functionality. Determine which managers are responsible for planning, funding, and operations of physical security of the Data Center. Review best practices and standards that can assist with evaluating physical security controls, such as ISO/IEC 27002:2013. Establish a baseline by conducting a physical security controls gap assessment.

  1. Environmental Controls
  2. Natural Disaster Controls
  3. Supporting Utilities Controls
  4. Physical Protection and Access Controls
  5. System Reliability
  6. Physical Security Awareness and Training
  7. Contingency Plans

Access Control Mechanism

Access is the flow of information between an entity requesting access to a resource or data and the resource. The entity can be a device, process, or a user. Access control is any mechanism by which a system grants or revokes the right to access some data, or perform some action. Normally, an entity must first login to the resource using some authentication system. Next, the Access Control mechanism controls what operations the entity may or may not make by comparing the credentials provided to an access control list.