Information Technology Reference
In-Depth Information
n
n
All access is via username and password.
Each individual accessing these repositories must have a unique username
and password.
User passwords meet minimum standards.
Force password change every 30 days.
n
n
13.5.4.3 E-Commerce
E-commerce includes business-to-business and business-to-consumer. The number
of Internet users continues to grow, as does their willingness to shop online.
13.5.4.4
Physical Infrastructure
Physical infrastructure may include facilities housing key operations critical to
operations and revenue. Protection of physical infrastructure is important with
respect to:
n
n
n
Location
Access
Infrastructure
Factors relevant to physical location include local crime rates, building sig-
nage (e.g., XYZ corporate headquarters versus a more anonymous presence),
surrounding buildings and businesses (e.g., closest corporate neighbor may
manufacture or transport hazardous material), and exposure to natural elements
(e.g., floodplain, tornado alley, or earthquake zone). Building access policies
and implementation include monitoring for authorized access and creating audit
trails of entry, and perhaps movement throughout the facilities. Access to lobby
areas does not necessarily imply access permission to the general work area and
data operations centers.
Building infrastructure includes electric, air conditioning, water, construction,
phone service, and location of key infrastructure pieces (e.g., services demark loca-
tions). Known power interruptions may imply the need for UPS and building gen-
erators. Air conditioning units that are water cooled may be shut down in the event
of a water-main break; if this building is located in an area where environmental
conditions may increase the likelihood of water-main breaks, air-cooled backup
units may be appropriate.
13.5.4.5 Desired Results of Target Attack
The desired result for the target may be any of the following:
