The security of your IT system needs to be considered and applied to all components, both tangible and intangible, that make up the complete system. This includes the physical security of assets and information as well as logical security relating to access and protection of information.

This article will examine the array of IT system components that require some form of security and describe how that security should be applied. We will also look at the variety of potential threats that you may be exposed to in a standard SME environment. Bear in mind that threats can come from a number of sources and that they may range from being intentionally malicious to unintentional accidents.

Planning for security is primarily about risk management. By securing your system adequately you are managing the risk of loss or impairment to your information and resources. After carrying out a risk assessment of your IT infrastructure it may be that certain risks are best managed without any form of security. This could come about if the threat is classed to be of a low probability to occur or the cost to implement may be greater than the potential loss. This is an acceptable course of action, the important point is that you have taken the time to analyse the risk and have managed it appropriately.

For the complete article see …     Security