Weakness
Physical security should concern more on unauthorized access and misuse, besides the integrity and availability of the sites, system and network devices.
Terrorist Threat
11.2.1
Strength
To protect the company from terrorism, advice from the Federal agency is needed, thus 11.2.1 is essential for a company when making policies on terrorist threat.
11.2.2
Weakness
The internal procedures as well as external support and cooperation are both the support resource the Company should take advantage of when facing terrorist threat, since usually one company could not handle the terrorist threat by itself.
11.2.3
Weakness
11.2.3 is just one aspect that should be covered during the education of employees, which should not be kept in …show more content…
11.3
Add-on
Restrictions on computer labeling should be made to give the ranks of the computer based on the information they store and process, so that important computers can have a higher priority of protection. This is added as 11.3.6.
11.3
Add-on
Restrictions on cleaning should be made, since there are several equipment in the computer room and cleaners may disconnect some equipment by mistake when they are doing cleaning and they might access some information that they should not have. This is added as 11.3.7.
11.3
Add-on
The Fire prevention systems should be non-water, since the equipment in the computer room could not stand with water as well. This is added as 11.3.8.
11.3
Add-on
Policies on test the fire prevention and other protection equipment should be made in periodically to make sure these protections are effective. This is added as 11.3.9.
Cabling
11.4.1
Strength
11.4.1should be kept to protect the physical secure state of the cable
11.4.2
Strength
11.4.2 should be kept to ensure that it is easy to manage the cables
11.4 …show more content…
12.2
Add-on
Security incidents should be defined in this part to make sure that employees have an idea of what incident could be, as a security incident that they should respond and handle. This is added in the revised document as 12.2.1.
12.2
Add-on
A policy in this part should ensure that the operational procedure would be established to guide the employee when they encounter a security incident. This is added in the revised document as 12.2.2.
12.2
Add-on
Employee should study the operational procedure of security incidents respond during their training period and be familiar with it so that they could report the incidents as quickly as possible. This is added in the revised document as 12.2.3.
12.2
Add-on
Company should maintain a database or records of handled security incidents for reference to respond the incidents as quickly as possible. This is added in the revised document as