Page 62 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 62
Information Security and Privacy
Notes 4. Alternative physical security strategies should be implemented. When appropriate,
consider the use of window bars, anti-theft cabling (with alarm when cable is disconnected
from system), magnetic key cards, and motion detectors.
5. Be prepared for fire emergencies with appropriate automatic non water fire fighting
equipment, and provide appropriate staff training in its use.
6. Maintain reasonable climate control in secured rooms, with temperature ranges between
50 and 80 degrees Fahrenheit, with a humidity range of 20 - 80%.
7. Minimize nonessential materials that could jeopardize a secure room.
Example: Non-essential items include: coffee, food, cigarettes, curtains, reams of paper,
and other flammables.
8. Dispose of confidential waste carefully and adequately to maintain confidentiality.
9. Label confidential information appropriately and ensure suitable security procedures
from common carriers when shipping or receiving confidential information.
10. Keep critical systems separate from general systems.
11. Store computer equipment in places that cannot be seen or reached from windows and
doors, and away from radiators, heating vents, air conditioners, or other work. Workstations
that do not routinely display sensitive information should stored in open, visible spaces
to prevent covert use.
12. Protect cabling, plugs, and other wires from foot traffic.
13. Keep a secure inventory of equipment and peripheral equipment, with up-to-date logs of
manufacturers, models, and serial numbers. Consider videotaping the equipment for
insurance purposes.
14. Hardware (servers, workstations, network devices) must be replaced or upgraded within
reasonable timeframes to keep the network functional. However, once a workstation gets
to be four to five years old, its processing power diminishes in relation to the requirements
of newer software.
15. Consider the use of maintenance contracts. Keep equipment information, contact and tech
support numbers readily available at the computers.
16. When computers containing sensitive information are being maintained or repaired, be
sure that sensitive data is properly passworded, encrypted, or removed from the computer
before maintenance or repair.
17. Proper annual maintenance and repairing of computer equipment is required.
18. Backup media should be more secured. Some hardware techniques provide a higher level
of security than non-secure media such as backup tapes, floppy diskettes, or smart cards,
since the latter can be easily removed or copied. Backup on internet may be used for that.
19. Proper procedure to be used to backup system information and applications.
20. Establish a procedure and schedule of system backup.
21. Establish overall system backup responsibilities and assign them.
22. Individuals who use the computers should also have backup responsibilities.
23. Use a rotation of media (using different disks at each backup and rotating every
X days or weeks).
56 LOVELY PROFESSIONAL UNIVERSITY
