Section 1.5 Security Plans
While confronting such a diverse array of actors can seem daunting at first, the key element to being successful is having a plan. A security plan analyzes the risks, details the resources that need to be protected, and presents a clear path to protecting them. Typically a security plan utilizes the three types of security controls available: physical, administrative, and technical.
-
Physical controls are things like door locks, cameras, or even the way rooms in a building are laid out. These things can have a dramatic impact on the overall security and should not be overlooked!
-
Administrative controls include human resources policies (HR), classifying and limiting access to data, and separating duties. It helps to have a whole-organization understanding of security to make it easier to put these controls in place.
-
Technical controls are often what new security professionals think of first. These are things like intrusion detection systems (IDS), firewalls, anti-malware software, etc. While these are an important segment of security and they are the segment that falls almost entirely within the purview of IT, it is critical to remember that these are only as strong as the physical and administrative controls that support them!
Note: Physical controls definitely lack the cool factor that technical controls have. Movies typically show security professionals hunched over laptops typing frantically or scrolling rapidly through pages and pages of logs on a giant screen. Rarely do they show them filling out a purchase order (PO) to have a locksmith come in and re-key the locks to the data closet. Just because it isn’t cool doesn’t mean it isn’t important! Remember, once an attacker has physical access, anything is possible.
You have attempted 1 of 1 activities on this page.
