Physical and Hardware Access Policy
Week 7 – Assignment 1 – Design a Physical access policy
Assignment – Design a physical access policy. In order to receive credit upload an MS Word or .PDF document that addresses the following:
Title page – “PHYSICAL AND HARDWARE ACCESS POLICY FOR <Create a fictional company name>
Introduction – Explain what the purpose of this document is and why the topic is important
Office suite access policy – Explain what the policy is to actually enter an office suite. If there is a receptionist/security guard? If so what are their hours? What is the policy for accessing the office outside of business hours? What technology is in use to protect the office suite? Are there camera’s, card reader’s, turnstiles, etc….? Are there any limitations on access hours to the office? If so what is the after-hours access policy?
Data center access policy – Explain what the policy is for accessing the data center, i.e. who will be allowed access to the data center? Is access allowed all day long or only after business hours? If access is limited to only after business hours what if an emergency happens like a device failure? How will the data center be secured, i.e. card readers, keys, security guard, man trap? Are camera’s required? Will the equipment cabinets be secured? If so how? What is the policy for allowing access for non-employees such as vendors?
Use of USB drives or removable media – What is the company policy for using removable media such as USB/thumb drives? How will you enforce the policy?
Suggested document format (Please do not use a red font)
Introduction
<Introductory text>
Office suite access policy
<Policy text>
Data center access policy
<Policy text>
Removable media Policy
<Policy Text>
GROUND RULES FOR THIS ASSIGNMENT
- Spelling, grammar and “readability” counts
- Must upload an MS Word or .PDF document
- Please be sure to have content which addresses each of the sections listed above
- Please note that this assignment will be run through the Blackboard SafeAssign application. Assignments for which the originality report shows substantial amounts of copied content will be scored poorly or possibly not be accepted.
Globus Group Inc. is mainly dedicated to ensuring the protection of its employees, clients, and the firm’s confidential and sensitive information while attempting to uphold its integrity and reputation. Further, the company seeks to curate a safe and open work environment in which all the workers can work freely, collaborate with its clients to ensure productivity, and access the resources they need to execute and complete their responsibilities effectively. Besides, it is essential that the firm implement an elaborate and carefully crafted physical hardware access policy that would ensure that the information the clients offer to the company remains confidential and is not accessed by any unauthorized individual. Such strategies would ensure the facilitation of a conducive, healthy, and safe work setting. Therefore, the paper offers a guideline on the company’s policies surrounding the corporate office hours, access to the information center and server rooms, and the removable media.
Office suite access policy
The organization’s office hours are structured to begin at 7 am to 7 pm, Monday through to Saturday. A receptionist will be stationed at the front desk within these working hours, with at least one security guard stationed near the IT and network rooms and another walking the premises to ensure that any unauthorized people do not access the premise. Also, the company will reduce the number of entrances to the company premises from the current four to two to ensure that only authorized individuals can access the firm. The main entrance will be guarded by a security guard, whose responsibility is to ensure proper documentation of all the individuals who access the company, facilitating access to only authorized visitors. Also, all the visitors are expected to have scheduled an appointment with the office they intend to visit to be allowed to enter the building. This will prevent idlers from accessing the facility, which can be detrimental to the firm’s security if not discouraged. Further, all the workers must have a unique key card programmed with their employee information; hence, only the employees with such keys can access the facility by swiping the card on the card reader installed at the entrance. The second entrance will be used as an exit from the facility, mainly for the employees stationed at the back of the building to limit confusion with the visitors. Consequently, the employee will be required to swipe their key cards to the reader before leaving the company, which will then note the worker’s departure time. Besides, the building is equipped with numerous CCTV cameras to monitor both the entrance and exit and the parking lot. Also, there will be cameras installed in the main and back entrance to monitor and record all the activities and people entering the building within the building. The company management offices of any level will recure finger and eye-ball scanning and additional passcode to access the offices (Van Deursen & Van Dijk, 2019). Moreover, the approved contractors and vendors will be issued with their own dedicated key card that would allow them within the company. Overall, all the deliveries will be handed directly to the recipient and not left unattended.
Datacenter access policy
Access to the information center is strictly restricted to authorized individuals. Thus, the authorized individuals will be required to swipe their ID on the card reader and use fingerprint authentication devices as an additional measure in the case that the ID card is compromised (Cheng, Pitziolis & Lasebae, 2019). Thus, only individuals with job responsibility that necessitated instant access will be allowed such clearance and have full freedom to enter the information center during office hours. Other workers, vendors, and contractors will require supervision if access is granted. Also, the workforce can be granted access on an hour-by-hour basis with written permission from management. However, should access be required during non-business hours, the employees with special access are required to be present, and senior managers should be aware ahead of time. During the access, a 24/7 surveillance with both video and audio feeds would be set to monitor the entrance and existence of the data center, and an additional IP camera installed to keep the kept servers within the room under supervision. Also, a special key kept by the senior manager will be needed to access the server cage. Besides, the information center area will be monitored by closed-circuit tv cameras, all the cameras monitored by the security experts, and all the footage stored. All the visitors accessing the information center must the accompanied by an employee. Overall, both the visitors and employees must be aware of the firm’s principles linked to working in a computer room setting to ensure the safety of all the firm’s computers.
