Operational and organizational security covers a variety of topics such as setting security policies for the entire organization, user training and awareness, risk assessment, physical security of the equipment, privilege management, and implementing a backup and recovery plan. The sole purpose of implementing organizational and operational security is to ensure a safe and secure working environment where users know what is expected from them, and management has the guidelines to respond to unexpected situations in order to maintain business continuity. The sections that follow cover the concepts of some of the main areas of organizational and operational security.
Physical security involves keeping the network equipment, computer hardware, and software secure from unauthorized access. This includes having appropriate access control systems in place, training the users to protect them from social engineering, and maintaining a perfect operating environment for the equipment. Each component of the business network is vulnerable to different types of external and internal threats. It is important that physical security be given priority while designing and implementing security policies.
The following sections explain how physical security can be ensured by taking care of access control, implementing physical barriers, and controlling environmental factors.
Access control is used to grant only authorized personnel ...