- How-To Booklet
- 1. How to protect your computer from malware and hackers
- 2. How to protect your information from physical threats
- 3. How to create and maintain secure passwords
- 4. How to protect the sensitive files on your computer
- 5. How to recover from information loss
- 6. How to destroy sensitive information
- 7. How to keep your Internet communication private
- 8. How to remain anonymous and bypass censorship on the Internet
- Glossary
- Hands-On Guides
- Avast - anti-virus
- Spybot - anti-spyware
- Comodo Firewall
- KeePass - secure password storage
- TrueCrypt - secure file storage
- Cobian Backup
- Undelete Plus - file recovery
- Eraser - secure file removal
- CCleaner - temporary file removal
- Riseup - secure email service
- Pidgin - secure instant messaging
- VaultletSuite - secure email client
- Thunderbird - secure email client
- Firefox - secure Web browser
- Tor - anonymity and circumvention
- Portable Security
Assessing your risks
Submitted by admin on Fri, 11/21/2008 - 22:28
Many organisations underestimate the importance of keeping their offices and their equipment physically secure. As a result, they often lack a clear policy describing what measures they should take to protect computers and backup storage devices from theft, severe weather conditions, accidents, and other physical threats. The importance of such policies may seem obvious, but formulating them properly can be more complicated than it sounds. Many organisations, for example, have good quality locks on their office doors, and many even have secure windows; but if they do not pay attention to the number of keys that have been created, and who has copies of those keys, their sensitive information remains vulnerable.
Shingai: We want to put a brief summary of our security policy into this grant application, but we also need to make sure the policy itself is thorough. What should we include in it?
Otto: I'm afraid I can't recommend a one-size-fits-all solution to the challenge of physical security. The specifics of a good policy almost always depend on a particular organisation's individual circumstances. Here's a piece of general advice, though: when you're trying to come up with a plan, you need to observe your work environment very carefully and think creatively about where your weak points might be and what you can do to strengthen them.
When assessing the risks and vulnerabilities that you or your organisation face, you must evaluate several different levels at which your data may be threatened.
Consider the communication channels you use and how you use them. Examples might include paper letters, faxes, landline phones, mobile phones, emails and Skype messages.
Consider how you store important information. Computer hard drives, email and web servers, USB memory sticks, external USB hard drives, CDs and DVDs, mobile phones, printed paper and hand-written notes are all likely possibilities.
Consider where these items are located, physically. They could be in the office, at home, in a trash bin out back or, increasingly, 'somewhere on the Internet.' In this last case, it might be quite challenging to to determine the particular piece of information's actual, physical location.
Keep in mind that the same piece of information might be vulnerable on many different levels. Just as you might rely on anti-virus software to protect the contents of a USB memory stick from malware, you must rely on a detailed physical security plan to protect the same information from theft, loss or destruction. While some security practices, such as having a good off-site backup policy, are helpful against both digital and physical threats, others are clearly more specific.
When you decide whether to carry your USB memory stick in your pocket or sealed in a plastic bag at the bottom of your luggage, you are making a decision about physical security, even though the information you are trying to protect is digital. As usual, the correct policy depends greatly on the situation. Are you walking across town or travelling across a border? Will somebody else be carrying your bag? Is it raining? These are the sorts of questions that you should consider when making decisions like this.
Printer-friendly version
PDF version