|
Personal Controls -
Indicate how employees are expected to interact with security mechanisms and noncompliance issues pertaining to these expectations.
- Separation of duties: Not one individual can carry out a critical task alone that could prove to be detrimental to the company.
- Collision: More than one person would need to commit fraud and this effort would need to happen in a concerted effort.
- Rotation of duties: People need to know how to fulfil the obligations of more than one position.
Supervisory Structure -
Each employee has a superior to report to and that superior in return is responsible for that employee's actions.
Security Awareness Training -
People are usually the weakest link and cause the most security breaches and compromises.
Testing -
All security controls and mechanisms need to be tested on a periodic basis to ensure they properly support the security policy, goals and objectives set for them.
Physical Controls:
Network Segregation -
Can be carried out through physical and logical means.
Perimeter Security -
Mechanisms that provide physical access control by providing protection for individuals, facilities and the components within facilities.
Computer Control -
Physical controls installed and configured.
Work Area Separation -
Controls that are used to support access control and the overall security policy of the company.
Data Backups -
Ensure access to information in case of an emergency or a disruption of the network or a system.
Cabling -
All cables need to be routed throughout the facility in a manner that is not in people's way or that could be exposed to any danger of being cut, burnt, crimped or eavesdropped upon.
Logical Controls:
System Access -
A technical control that can enforce access control objectives.
Network Architecture -
Can be constructed and enforced through several logical controls to provide segregation and protection of an environment. Can be segregated physically and logically.
Network Access -
Access to different network segments should be granular in nature. Routers and switches can be used to ensure that only certain types of traffic get through to each segment.
Encryption and protocols -
Works as technical controls to protect information as it passes throughout a network and resides on computers.
Control Zone -
Is a specific area that surrounds and protects network devices that emit electrical signals.
Auditing -
Technical controls that track activity within a network, on a network device or on a specific computer.
|
|
