Professional Documents
Culture Documents
Physical Security
Legal Compliance
Security Awareness and Training
Integrate Systems and Data with Third Parties
Environmental Controls
HVAC systems
Hot and cold aisles
EMI shielding
Alarm control panel
Fire prevention
Fire detection
Fire suppression
Safety
Affects both personnel and property.
Deter intruders with fencing and CCTV.
Protect employees with locks and proper lighting.
Formulate an escape plan/route and perform drills.
Test your controls to verify they are up to standard.
Forensics - refers to the process of identifying what has occurred on a system by examining the data
Computer forensics - the process of investigating a computer system to determine the cause of an incident.
Part of this process would be gathering evidence
Chain of custody - ensures that each step taken with evidence is documented and accounted for from the
point of collection. Chain of custody is the Who, What, When, Where, and Why of evidence storage.
Security Policy Awareness
Ensures all users comply with guidelines.
Should be accessible.
Training sessions and documentation.
Role-Based Training
Job roles and organizational responsibilities: Users, managers, and executives
What information can be shared.
Incident reporting and response.
Personally identifiable information (PII) - a catchall for any data that can be used to uniquely identify
an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card
number, or patient record.
Business Partners
• Suppliers, customers, agents, resellers, vendors, etc.
• Formal or informal partnerships are possible.
• Information needs to be shared.
• On-boarding and off-boarding processes.
Social Media Networks and Applications
• Public nature of social media brings new risks.
• Sensitive information that is posted spreads quickly.
• Social engineering is a big concern.
• Are administrators trained on social media apps?
• Do they have the proper tools?
• What privacy concerns do you have?
Interoperability Agreements
• SLA (Service-Level Agreement) - defines the level of service to be provided
• BPA (Blanket Purchase Order) - an agreement between a government agency and a private company
for ongoing purchases of goods or services
• MOU (Memorandum of Understanding) - a brief summary of which party is responsible for what
portion of the work
• ISA (Interconnection Security Agreement) - an agreement between two organizations that have
connected systems
Risk Awareness
• Keep informed about day-to-day partner operations.
• Keep employees on the lookout for risks in their own departments.
• Establish preparation for risk management.