Posted by: David Scott
1 year plan, 5 year plan, acceptable use, acceptable use policy, acceptable use training, acceptible use, access security, accounting, accrual of returns, AITP, AITP Columbus, allowable use, Association of Information Technology Professionals, Association of IT Professionals, backup and recovery, best business practice, best employee practice, best informaiton technology practice, best IT practice, best practice, best security practice, BIT, breach notification, breach notification rules, bring your own device, BTW, business adaptability, business agility, business alignment, business and IT policy, business and IT change, business and IT planning, business and IT solutions, business and social networking, business breach, business plans and policy, business progression, data breach, data management, enterprise resource planning, ERP, project planning, project plans, security awareness, security breach, Security Plan, security policy
IT security in any realm involves logical security and physical security. Logical security is the integrity of data (content), precision of associated processing, and the delivery of coherent, accurate, content. In other words, data that reflects reality; data that does not mislead or distort various actuals by virtue of distortion/errors of input, process, and output.
Physical security is such things as locked doors on computer rooms. It’s the safety and surety of infrastructure; protection against overheating, for example. Physical security is often mundane; don’t set your coffee on a server, for example.
Mobile is especially vulnerable within the realm of physical security. Devices are constantly transported, their owners on the go, and they can be lost or stolen. Ensure that users make immediate reportage of loss or theft. Consider strong encryption, as any content risks exposure.
As to logical security, determine whether users access organizational resources via a virtual-private-network (VPN), or the internet. Also, ensure strong malware protections are emplaced on devices.
In BYOD environments, that last is especially important: It’s hard to know where users will be surfing, and what manner of personal downloads will be transpiring. Regularized scanning for viruses, malware, and unauthorized intrusions is imperative.