There are few things one can do to minimize the probability of such events happening, One will have to enforce few hard policies in order to make sure risk is at minimum and we have to make sure there is SOMEONE or SOME GROUP (better if you have more people at stake in my opinion) accountable for any such unforseeable events.
1. Meetings
Meetings are a norm in our office life, Reminds me of a joke "Society: a group of people collectively deciding that nothing can be done.", Anyways there should be general rules for meetings.
- The person who called the meeting should be the last person to leave the conference room or the area of the meeting.
- He/She shall be responsible to see that the area is clear of any notes, papers, company asset.
- He/She should be responsible to ensure that any unneccessary lights,fans,A/C are turned off. (Nothing to do with context of this scenario but never hurts to include this in your SOP).
Phone Camera's can be pain in behind for security personal, Almost everyone carry a cell phone now days and even the cheapest ones are coming with a measly excuse for a camera may it be VGA resolution. But even a low resolution 640x480 VGA picture taken of your data center layout or anything else critical can set you back a lot. People have already started giving policy not allowing people to bring phone camera's, If you ask me I would go one step ahead and take the following extra steps,
- Identify the mission critical area.
- Identiy the people with access to such areas.
- Issue all of these people a company issued cell phone without camera and make it mandotory for them to use it.
- Any personal cell phone other than the company issued / with camera should be deposited at a help desk / reception before entering a mission critical area.
- Everyone regardless of the designation carries the same phone so that creates harmony.
- They get a company issued free phone (Hey at the end of the day its FREE).
- It's upto company if they want to give them company SIM (as per job designation) or they can use their existing SIM card to continue their connection.
- Those Blackberry carrying snobs who claim to get email every second of their life can might as well be kept outside such mission critical places. (With all due respect to BB users but i have found more than 75% users to be snobs who pretends to be Mr Important than using the BB for being in touch with business/work.)
3. Segregation Of Work
Distribution of work is always an good idea, It's makes it hard for any ill intentioned employee to pull something off. Lets assume there is one person with access to everything that means that person can provide your competition mission critical information due to any reasons.
Even expanding the segregation of work to access level can provide extra level of security of your assets. For example there is a Data Center with a Server inside (What Else?) a locked rack.
- You have a person who have access to data center.
- You have another person who have access to the rack.
- You have a third person who knows the password to the server.
- You have fourth person who knows password to the applicaiton / is responsible to do the work on the machine.
0 comments:
Post a Comment