Section 5.1: The Basic Principles of Security
Security is a word that is too vast in today's world. Although it can be divided into two main categories: physical and software security, it contains a different meaning for everybody.
Section 5.1.1: Physical Security
Physical security as the name implies refer to protecting your assets and information from unauthorized physical access. It refers to protecting items that you can touch and that can be stolen. The physical security threats are often caused by service technicians, janitors, customers, and even the employees of the company. The important documents or hardware of your company can be sold out of greed for a fraction of the actual cost of the item.
The physical security however, is relatively easy to accomplish. You can secure your facilities by controlling access to your office, installing security systems, and limiting access to sensitive areas of business. The first component of physical security is to make the physical location a less tempting target. You can also depend on locking systems and surveillance alarms. You can add extra doors to your vault, where each door has electronic passwords, double your security staff, or hire security officers for your office.
The second component of physical security is the detection of a theft. This involves finding out what is missing and what loss have occurred. Surveillance cameras are a good way to find out the theft and who was involved in the theft. The recording through these cameras can also be used as an evidence in court of law.
The third principle of security is recovering from a theft and come back to normal business. For example if the server room of your office is destroyed or the bank account details or purchase orders of the company are stolen then how long you will take to get back to your normal business. The recovery involves great deal of planning, thinking, and testing. Ideally you should keep a copy of all important documents of your business away from the business facility at a secure location.
Section 5.1.2: Software Security
The software security, unlike physical security is vast and complex topic. Protection against new and unknown attacks has become a greater challenge. After every few years significant challenges keep coming up and it is difficult to keep up with them because there are so many of them. Although it is not possible to protect your information software against every possible type of attack, you can protect your software by using a good set of principles when designing and building software. Some of the software security features are: Authentication, Authorization, Data Wiping, Encryption technologies, and software firewall. We will discuss about each of these security principles in detail.