Description could include the following:
- Physical security
- Lock doors
- Mantrap
- Cable locks
- Securing physical documents/passwords/shredding
- Biometrics
- Identification (ID) badges
- Key fobs
- Radio Frequency Identification (RFID) badge
- Smart card
- Tokens
- Privacy filters
- Entry control roster
- Digital security
- Antivirus/anti-malware
- Firewalls
- User authentication/strong passwords
- Multifactor authentication
- Directory permissions
- VPN
- Digital light processing (DLP)
- Disabling ports
- Access control lists
- Smart card
- Email filtering
- Trusted/untrusted software sources
- User education/AUP
- Principle of least privilege
Description should also take into account the fact that this list is constantly growing.
Process/Skill Questions:
- Why is physical security not sufficient to protect a network?
- Why is security not just a job for system administrators?
- What more can be done to train workers about security?
- What are the advantages and disadvantages of multifactor authentication?