5 Steps of Site Security Evaluation
Study the building and the surrounding area.
By CSO Contributor
April 01, 2005 — CSO — Study the building and the surrounding area. Walk around with the building engineer, if possible, and take note of the physical attributes and layout of the building. For each floor, observe access controls and potential workarounds. Note immediate neighbors for later investigation.
Interview the property manager, the chief building engineer, security guards and their supervisor. Develop a site-specific security questionnaire and go over it with each of these parties.
Create a visitor profile. Visitors include anyone who is not an employee or tenant of the facility. Visitors can be categorized as invitees and noninvitees. The object of implementing policies will be to move the unexpected noninvitee guest to invitee status by identifying the visitor and having an authorized building occupant accept the guest into its space.
Assess the risks. First, identify the main threats to the building, such as local crime, workplace violence and terrorism. Then, rate these threats on a scale (such as 1 to 10) to get an overall picture of each threat category.
Evaluate possible solutions for problematic areas. If visitor management is a problem, how much effort and expense would it take to mitigate the risk associated with this area? Assess each area with an eye to potential solutions.
Read more about data protection in CSOonline's Data Protection section.
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
IT risk assessment frameworks
How to do end-to-end encryption
How to compare and use enterprise antivirus
Also find sample data protection policies in CSO's tools, templates and policies library
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
- Teenage hackers could be our last, best hope
I got an email yesterday asking if teenage hacking is on the rise. At first I balked. Teenage hackers have always been in abundance, so the question seemed stupid to me. Then I remembered something about teens that the SANS Institute's Alan Paller mentioned at a conference last week. Let's start with that press release, which framed the scenario this way: - Busted: When security tools fail
- Hey Linux, Mac and Windows users: It's ALL vulnerable
More Salted Hash with Bill Brenner
