One such publication is the Ten Guidelines, a list of the 10 things that organizations should be doing to stay secure.
- Carry out a risk assessment to decide on the threats you might be facing and their likelihood. Identify your vulnerabilities and the potential impact of exploitation.
- If acquiring or extending premises, consider security at the planning stage. It will be cheaper and more effective than adding measures later.
- Make security awareness part of your organization's culture and ensure security is represented at a senior level.
- Ensure good basic housekeeping throughout your premises. Keep public areas tidy and well-lit, remove unnecessary furniture and keep garden areas clear.
- Keep access points to a minimum and issue staff and visitors with passes. Where possible, do not allow unauthorized vehicles close to your building.
- Install appropriate physical measures such as locks, alarms, CCTV surveillance, complementary lighting and glazing protection.
- Examine your mail-handling procedures.
- When recruiting staff or hiring contractors, check identities and follow up references.
- Consider how best to protect your information and take proper IT security precautions. Examine your methods for disposing of confidential waste.
- Plan and test your business continuity plans, ensuring that you can continue to function without access to your main premises and IT systems.
CPNI also publishes technical security notes “designed to offer practical advice on dealing with topical issues and are aimed at information security professionals.” Recent topics include Database Security, and Spyware.
►
Posts
