Operational and Organizational Security
Operational and organizational security covers a variety of topics such as setting security policies for the entire organization, user training and awareness, risk assessment, physical security of the equipment, privilege management, and implementing a backup and recovery plan. The sole purpose of implementing organizational and operational security is to ensure a safe and secure working environment where users know what is expected from them, and management has the guidelines to respond to unexpected situations in order to maintain business continuity. The sections that follow cover the concepts of some of the main areas of organizational and operational security.
Physical Security
Physical security involves keeping the network equipment, computer hardware, and software secure from unauthorized access. This includes having appropriate access control systems in place, training the users to protect them from social engineering, and maintaining a perfect operating environment for the equipment. Each component of the business network is vulnerable to different types of external and internal threats. It is important that physical security be given priority while designing and implementing security policies.
The following sections explain how physical security can be ensured by taking care of access control, implementing physical barriers, and controlling environmental factors.
Access control
Access control is used to grant only authorized personnel ...
Get A+, Network+, Security+ Exams in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
