Physical Security
One of the most rudimentary ways to protect sensitive data is to provide physical security for the computers that hold the data. Physical security includes keeping computers in a locked, monitored area with limited, tracked access. Only people on the access list should be allowed access to the data center. Review access lists at least once a month to ensure that each person on the list still requires access. Monthly should be a good enough interval, because assignment changes typically do not occur more often than that. Anytime an employee leaves the company, all of the employee's computer accounts and building-access permissions should be revoked right away. In some cases, you may want to revoke access before the employee is ...
Get Privacy What Developers and IT Professionals Should Know now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
