The Computer Emergency Response Team (CERT) lists nine tasks for home computer security. The list includes; use of antivirus, maintain updates, use caution with email attachments, use firewall software, maintain regular backups, use strong passwords, use care installing downloaded programs, use a hardware firewall, and use encryption and access controls (CERT. 2002). These guidelines deal more with the computer than they person using it. This is in contrast to the guidelines in chapter seven of the book Computer Security Fundamentals, which deal predominately with reducing the risk of corporate espionage, but there is a degree of overlap between the two.
The first of the twelve guidelines ...view middle of the document...
If an employee changes departments or gains greater responsibilities, her badge can be granted greater access without needing the actual card. If a card is lost or stolen, it poses less of a security risk than a traditional key because the card can be deactivated as soon as it is reported missing. An additional benefit associated with an RF-ID system is accountability. There is a record of who accessed any door and what time it was accessed. Should there be a questionable event; the records can be checked to find out who had access. According to RFIdeas.com (n.d.), “Conventional means of access control have been rendered largely insufficient while combating emerging threats from new-age offenses, because of this, card-based physical access solutions, have become the preferred method of secure identification and authentication.”
The company that I currently work for takes a different approach to physical security. There is one point of entry of exit, and that door is equipped with a metal detector. The only place in the facility that stores sensitive data is surrounded by a locked cage. In the event of a security incident, there are cameras to account for who was where when the incident happened. Physical security for this facility works fine due to the small number of employees. In a much larger work environment with sensitive security needs, a system of RF-ID badges might be a better solution.
Information Systems Services & Applications Other Assets
Post consumer data Post consumer HDDs DoD data wipe software
Inventory system Inventory server HTML inventory interface
Two of the most sensitive information assets at my place of work are the post consumer data that exists on used hard drives HDD and the inventory management system commonly referred to as IMS. A person who might commit corporate espionage using one of these two vectors...