The goal is to provide a safe working environment for all the assets and interests of a company.
Adapt the layered defense model of physical security- First is the perimeter, then building grounds, building entrance, building floors/offices, then finally data centers and media supplies and equipment. Each layer will be secured individually.
Areas of Physical security
Surveillance- Principle tool of protection of space.
Can be landscaping, lighting, and CCTV. Cameras can be set up to give a complete view of the perimeter of the building as well as every interior room.
Equipment will be advanced enough to provide proper detection, recognition, and identification.
Adequately located entrances, exits, landscaping, and fencing can control the flow or limit access to foot and automobile traffic.
Key locks, keypads, mantraps, proximity readers, barricades, and guards can be implemented to control who can access what.
A proper check of buildings will be done to determine if the materials used are fire-rated, penetration resistant, earthquake resistant, as well as its potential dangers regarding its power, water, heating, A/C, and ventilation systems used.
Fire support systems can also be addressed, and the multiple types of different fire extinguishers should be available for all to use, including an advanced fire detection system.
Avoiding EMI and RFI disturbances interfering with devices and equipment by using EMI shielding, such as shielded twisted cables.
Faraday shields can also be used to shield against EMI.
Current layouts of electrical equipment and devices should be checked and rearranged to reduce the chance of EMI or RFI interference.
Areas which need additional security
Data centers, server rooms, communication centers, and any computer containing highly sensitive information will require added physical protection.
Building entry points should be protected with a card access control system. Inside the building, doors should be accessible with facial-recognition equipment, as well as a proximity badge.
New security practices
All employees should be added to an access list and only gain access to what they need to have access to.
All employees should be required to take a class on proper security policies regarding both the use of the network and building itself.
All employees should have to sign an information protection agreement as well be briefed on proper social media etiquette and personal device usage such as restricting cell phones in certain areas.
Network security measures
First, identifying, classifying, and assessing the risk of information assets.
All employees will use password and thumbprint protected authentication to network and computers. Passwords will be changed every 30 days.
Network servers will be locked and kept secure.
Antivirus, antispyware, firewall, and internet provider will all be changed and upgraded.
Network security continued
Network and computer backups will be done frequently with new Cloud computing and offsite storage.
Waste disposal and document shredding will be done safely and securely.
An incident management system will be introduced and implemented.
Costs and security level needed for different sized businesses
While some of these suggestions can be pricey, the cost of a hacker accessing sensitive information or infecting the system with a virus can be significantly higher.
For this reason, a thorough and advanced security system should always be created and maintained, regardless of business size.
While all of these suggestions will be beneficial, some security measures such as facial recognition hardware might be unnecessary for a small company which does not deal with a large amount of sensitive information.
Gibson, Darril. (2011). Sybex. Microsoft Windows Security Essentials Exam 98-367.