Professional Documents
Culture Documents
1
Physical and Environmental
security policy.
▪The term physical and environmental security refers to
measures taken to protect systems, buildings, and
related supporting infrastructure against threats
associated with their physical environment.
▪Physical and environmental safeguards are often
overlooked but are very important in protecting
information.
2
Physical and Environmental
security policy.
3
Human Resource security policy.
▪All employees must be screened prior to employment,
including identity verification using a passport or similar
photo ID and at least two satisfactory professional
references. Additional checks are required for
employees taking up trusted positions.
▪All employees must formally accept a binding
confidentiality or non-disclosure agreement concerning
personal information provided to or generated by them
in the course of employment.
4
Human Resource security policy.
5
Human Resource security policy.
6
Access control policy.
▪ Access control policies are high-level requirements that
specify how access is managed and who may access
information under what circumstances.
▪ User access to corporate IT systems, networks,
applications and information must be controlled in
accordance with access requirements specified by the
relevant Information Asset Owners, normally according to
the user's role.
▪ Generic or test IDs must not be created or enabled on
production systems unless specifically authorized by the
relevant Information Asset Owners.
7
Access control policy.
8
Access control policy.
9
Physical Access Control policy
10
What Access Policies Address?
11
Lesson Summary
12