Do you have a plan?
This blog is the third of a 6-part series of blogs.
How you protect media will be critical to your organization’s ability to maintain system integrity. Depending on your infrastructure, operating systems, applications, and even your workforce’s age group, you may need to consider migrating from old forms of media to new evolving forms of media.
A Media Protection policy and procedures are vital in defining and communicating your plan to ensure any information system or network’s integrity. Vulnerabilities like hacking from an outside threat are valid, yet the insider is the most significant risk. Not all insiders are malicious or knowingly know they are exacerbating the vulnerability when they introduce their cell phone charger into the organization’s computer or laptop. Or the thumb drive they’ve found in an old laptop bag and wants to see what’s on it.
Every organization is different and has different risk management strategies. However, a plan to mitigate unauthorized media being introduced to your Information System or Network should be in place. Also, a method to visually determine if the media is authorized to be on or used on the information system would be ideal. Media is defined as digital and non-digital diskettes, magnetic tapes, external/removable hard drives, flash drives, CDs, DVDs, microfilms, unauthorized computers, switches, etc.
A Media Protection policy should detail your organization’s authorized methods of:
- Securing unused media
- The disposition of used media
- The visual method used to identify authorized media and information systems
- Where and how to secure unused media
- The authorized means of sanitization; and
- Who is authorized to utilize media and the specific guidelines on how media is used
Implementing media use guidelines may seem like a minor item in an organization’s grand scheme of things. However, this is a step in conjunction with other incremental measures that strengthen your posture and mitigate an organization’s risk.
Should your organization need support developing a Media Protection plan or want an external assessment of your Cybersecurity/IT security posture, contact us. We are here to help!