Abidullah Zarghoon, profile picture
Uploaded byAbidullah Zarghoon
PPTX, PDF237 views

Role management

The document discusses various topics related to role management in IT security, including: - IT security roles such as the chief security officer, security engineer, and information security analyst. - Where the IT security department should be located within an organization, including options of being within the IT department, outside of IT, or a hybrid solution. - The importance of top management support for IT security, as well as developing relationships with other departments such as HR, legal, and audit. - Outsourcing some IT security functions to managed security service providers or other firms to leverage external expertise, though all controls should not be outsourced.

Embed presentation

Download to read offline
Role Management ABIDULLAH ZARGHOON
What to expect?  Understanding organization  IT Roles  Where to locate IT security?  Top Management Support  Relationships with other departments  Outsourcing IT security
Understanding Organization  Comprehensive security is not possible without proper security staff  Their placement  Relationships with other organizational units  Requires proper planning and allocation
IT Roles  Chief Security Officer  The title usually used for head of security department  Application security engineer  Application security engineers maintain computer applications and software. They spend almost all their time in an office environment, with most of their work involving writing and testing software.  Security engineer  Security engineers are responsible for creating and implementing solutions that ensure an organization’s products and systems are secure.
IT Roles  Network security engineer  Network security engineers play an essential part in the deployment, configuration, and administration of network- and security-related hardware and software. This includes firewalls, routers, network monitoring tools, and VPNs (virtual private networks). They are also tasked with performing network security risk assessments, and might be asked to help design network infrastructure.  Information security analyst  Information security analysts are responsible for examining security problems and finding solutions. Their duties include researching the industry, finding security threats, and developing strategies to ensure their organization remains secure.
IT Roles  Security Manager  The title given to the responsible body of organization to manage security  IT security specialist  IT security specialists analyze an organization’s cybersecurity posture and its past breaches to understand how incidents occur and what needs to be done to prevent them. Given that IT and cybersecurity are such broad topics, organizations will usually have many IT security specialists, each one focusing on a specific area.
Location of IT Security Department
Within IT Department  Placing the IT security department within the information technology department is attractive because security and IT share many of the same technological skill set.  Report to the responsible of IT of the organization directly, for instance, Chief Information Officer (CIO).  CIO will be accountable for security breaches  CIO will support the security department to create safe IT infrastructure  Easier to implement security changes.  Dependent of IT department
Outside of IT Department  Easier to deal with other departments  Enforce security policies on IT department as well  Mostly advised option  Conflict with the IT department
Hybrid Solution  Role segregation  Operational aspects are divided  IT maintains devices such as firewalls and others  Planning, policy making and auditing relates to security
Top Management Support
Top Management Support  Top management support is crucial to the success of any security program.  IT security is hard to succeed unless top management gives strong and consistent support.  Support of top management will help in the following:  Budget  Support in conflict  Setting personal examples
Relationships with other Departments
Special Relationships  To be successful, the IT security department must develop productive relationships with other departments.  Some departments in an organization are of special importance to the IT security department
HR Department  The relationship between HR and IT security should be rich.  HR is responsible of security training programs.  Controls the process of recruitment and termination of employees.  IT security should be involved in the recruitment and termination process to ensure security issues are taken into account.  HR is involved in penalities when employees break security rules.
The legal Department  Legal department deals with all the issues related to a countries law and regulations.  It is important to have good relationships with legal department  Legal department should ensure that security policies are legally sound  The legal department should be involved if security incident happens
Audit Department  Most of the big companies such as banks have internal audit department.  This department examines organizational units for efficiency, effectiveness and adequate controls.  The IT audit department examines the efficiency, effectiveness and controls of processes involving information technology.  IT security audit is usually placed under one of the audit departments. Not the IT security department  This makes the IT security audit independent of IT security department
All other departments  The security department should have good relationships with all the departments in the organization  Security department is not about developing and distributing policies to other departments  Other departments does not trust security department because security makes life harder  It is important to have good relationships with other department to have a conflict free and successful security
Outsourcing IT Security
Outsourcing  It is not common to fully outsource IT security  However, it is an option  Most companies outsource some of the IT security  This allows companies not to lose control of their security
Email Outsourcing  The most common IT security outsourcing is for email  Email connections to and from the Internet are routed through the outsourcer  The outsourcer provides inbound and outbound filtering  This avoids spam and malware in attachments and scripts in email bodies  Outsourcing email filtering is effective because filtering is becoming a highly specialized field  Email filtering relies on rapid response to new threats  Lists of dangerous email sources are updated hourly or even more rapidly
Managed Security Service Provider  This is outsourcing alternative to delegate even more controls to an outside firm  This firm is generally known as Managed Security Service Provider (MSSP)  MSSP places a central logging server on your network.  Ther server uploads the firm’s event log data to MSSP site.  Security experts and security scanning programs checks the logs and alert in case of an incident
Why use MSSP?  Security experts are expected to sit idle most of the time because incidents do not happen regularly  Internal security experts might not be as capable as the MSSP security experts due to the extent of security events MSSP handles every day.  MSSP is independent and will not make exceptions in the companies policy for any top management staff  MSSP can observe the IT staff of the company
Continued  All controls should not be given to MSSP  Policy development and planning are very important for the organization to handle  Contract should be specific even in simple matters  MSSP should be regularly checked with  Poor job by MSSP can cause great damages to the company
IT Asset Management (ITAM)
What is ITAM?  IT Asset Management (ITAM) is defined as the set of business practices that join financial, contractual and inventory functions to support lifecycle management and strategic decision making for the IT environment in support of the organization’s overall business objectives.
Why do ITAM?  Manage IT Assets so that maximum value is gained from the use of the assets across the lifecycle and beyond  Value is: • Financial accountability • Risk reduction such as through proper disposition of waste • Efficiency, performance • Customer satisfaction • Control, long-term manageability
Key Process Areas Acquisition Management Disposal Management Policy Management Asset Identification Documentation Management Program Management Compliance Management Financial Management Project Management Communication and Education Management Legislation Management Vendor Management
To Manage or Not to Manage?  Cost of asset  Volume in the environment  Life expectancy  Risk factors if not managed  Security risks  Loss of productivity  Sarbanes Oxley & other legislation  Redeployment  Leased  Mobility of asset  Cost of building the IT asset management processes
Commonly Managed Assets  Software – Licensing compliance risk – high cost and audits  Mainframes – high cost  Laptops – mobility, cost, risk factors  Desktops – redeployment candidate, often leased  BYOD devices – risk factors  Telecom – division of ownership  Servers – cost, risk to business continuity Should we Manage?  Printers  Monitors  Hub, routers, firewalls
IT Asset Management Policies  Policies govern behaviors within the organization. The purpose of asset management policies are to have assets that are:  Trackable  Maintainable  Cost effective  Used for the good of the organization  Topics are many times buried in policies with other names such as Security, Acceptable use, Disaster Recovery, Expenses, etc.
Policy Topics for Asset Management  Privacy – no expectation of privacy  Prohibited use – limitations on use of equipment and or software  Personal use – rules for use non-business  Use of non-corporate assets on the network – BYOD devices and software allowed? Dialing in from home?  Physical security of the equipment – loss and theft prevention, usually in the Security policy  Commitment to energy conservation – Energy Star program, monitor sleep settings  Environmental Self Audit – policy for disclosure, escalation methods
End of Lifecycle  Redeployment  Retirement  Re-use
Thank You!

More Related Content

PPTX
Understanding the security_organization
byDan Morrill
 
PDF
How to write an IT security policy guide - Tareq Hanaysha
byHanaysha
 
PPT
Information security policy_2011
bycodka
 
PPT
develop security policy
byInfo-Tech Research Group
 
PPTX
Security Organization/ Infrastructure
byPriyank Hada
 
DOCX
Information security management iso27001
byHiran Kanishka
 
PDF
Chapter 12 iso 27001 awareness
bynewbie2019
 
PPT
1. security management practices
by7wounders
 
Understanding the security_organization
byDan Morrill
 
How to write an IT security policy guide - Tareq Hanaysha
byHanaysha
 
Information security policy_2011
bycodka
 
develop security policy
byInfo-Tech Research Group
 
Security Organization/ Infrastructure
byPriyank Hada
 
Information security management iso27001
byHiran Kanishka
 
Chapter 12 iso 27001 awareness
bynewbie2019
 
1. security management practices
by7wounders
 

What's hot

PPT
Security policy
byDhani Ahmad
 
PPT
Information Security Background
byNicholas Davis
 
PPTX
Importance Of A Security Policy
bycharlesgarrett
 
PPT
Information Risk Management Overview
byelvinchan
 
PPT
Information Systems Security Review 2004
byDonald E. Hester
 
PDF
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
byfestival ICT 2016
 
PPTX
Information Security Management
byEC-Council
 
PPT
Information Security Policies and Standards
byDirectorate of Information Security | Ditjen Aptika
 
PPTX
Security Policies and Standards
byprimeteacher32
 
PPT
Network security policies
byUsman Mukhtar
 
PPT
Implementing security
byDhani Ahmad
 
PDF
Physical Security Management System
byDaniel Suchy, CPP, MSyI
 
PPTX
Risk Management and Security in Strategic Planning
byKeyaan Williams
 
PDF
Understanding security operation.pptx
byPiyush Jain
 
PPT
Start With A Great Information Security Plan!
byTammy Clark
 
PPT
Bis Chapter15
byChun Hoi Lam
 
PPTX
Information risk management
byAkash Saraswat
 
PPTX
Information Security Blueprint
byZefren Edior
 
PPTX
Domain 1 - Security and Risk Management
byMaganathin Veeraragaloo
 
PPTX
Cybertopicsecurity_3
byAnne Starr
 
Security policy
byDhani Ahmad
 
Information Security Background
byNicholas Davis
 
Importance Of A Security Policy
bycharlesgarrett
 
Information Risk Management Overview
byelvinchan
 
Information Systems Security Review 2004
byDonald E. Hester
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
byfestival ICT 2016
 
Information Security Management
byEC-Council
 
Information Security Policies and Standards
byDirectorate of Information Security | Ditjen Aptika
 
Security Policies and Standards
byprimeteacher32
 
Network security policies
byUsman Mukhtar
 
Implementing security
byDhani Ahmad
 
Physical Security Management System
byDaniel Suchy, CPP, MSyI
 
Risk Management and Security in Strategic Planning
byKeyaan Williams
 
Understanding security operation.pptx
byPiyush Jain
 
Start With A Great Information Security Plan!
byTammy Clark
 
Bis Chapter15
byChun Hoi Lam
 
Information risk management
byAkash Saraswat
 
Information Security Blueprint
byZefren Edior
 
Domain 1 - Security and Risk Management
byMaganathin Veeraragaloo
 
Cybertopicsecurity_3
byAnne Starr
 

Similar to Role management

PDF
CNIT 160 4d Security Program Management (Part 4)
bySam Bowne
 
PDF
Integration of Information Security Governance and Corporate Governance
byJS
 
PDF
CNIT 160 4d Security Program Management (Part 4)
bySam Bowne
 
PPTX
D1 security and risk management v1.62
byAlliedConSapCourses
 
PDF
Mergers and Acquisition Security - Areas of Interest
byMatthew Rosenquist
 
PDF
CNIT 160 Ch 4a: Information Security Programs
bySam Bowne
 
PPTX
Topic11
byAnne Starr
 
PDF
CNIT 160 Ch 4a: Information Security Programs
bySam Bowne
 
PDF
CNIT 160: Ch 2a: Introduction to Information Security Governance
bySam Bowne
 
PDF
The Business Of Information Security In India - Testbytes
byTestbytes
 
PPTX
(2016_01_20)_IS_Management_Basics_LinkedIn
byIan Naumenko, CISSP, CRISC
 
PPT
MIS chap # 9.....
bySyed Muhammad Zeejah Hashmi
 
PDF
The Business Of Information Security In India - Testbytes
byTestbytes
 
PDF
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
byIGN MANTRA
 
PDF
1678784047-mid_sem-2.pdf
byRimurutempest594985
 
PDF
Rothke stimulating your career as an information security professional
byBen Rothke
 
PDF
Cyber security series administrative control breaches
byJim Kaplan CIA CFE
 
PPT
Chapter 5 Planning for Security-students.ppt
byShruthi48
 
PPTX
crisc_wk_2a.pptx
bydotco
 
PPTX
Planning for security and security audit process
byDivya Tiwari
 
CNIT 160 4d Security Program Management (Part 4)
bySam Bowne
 
Integration of Information Security Governance and Corporate Governance
byJS
 
CNIT 160 4d Security Program Management (Part 4)
bySam Bowne
 
D1 security and risk management v1.62
byAlliedConSapCourses
 
Mergers and Acquisition Security - Areas of Interest
byMatthew Rosenquist
 
CNIT 160 Ch 4a: Information Security Programs
bySam Bowne
 
Topic11
byAnne Starr
 
CNIT 160 Ch 4a: Information Security Programs
bySam Bowne
 
CNIT 160: Ch 2a: Introduction to Information Security Governance
bySam Bowne
 
The Business Of Information Security In India - Testbytes
byTestbytes
 
(2016_01_20)_IS_Management_Basics_LinkedIn
byIan Naumenko, CISSP, CRISC
 
MIS chap # 9.....
bySyed Muhammad Zeejah Hashmi
 
The Business Of Information Security In India - Testbytes
byTestbytes
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
byIGN MANTRA
 
1678784047-mid_sem-2.pdf
byRimurutempest594985
 
Rothke stimulating your career as an information security professional
byBen Rothke
 
Cyber security series administrative control breaches
byJim Kaplan CIA CFE
 
Chapter 5 Planning for Security-students.ppt
byShruthi48
 
crisc_wk_2a.pptx
bydotco
 
Planning for security and security audit process
byDivya Tiwari
 

Recently uploaded

PPTX
Route_Inspection_Problem_Presentation.pptx
byIqraHanif27
 
PDF
splunk-peak-threat-hunting-framework.pdf
bylobster6719
 
PDF
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
PDF
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
PPTX
UNIT III TYPOLOGY OF CRIME AND CRIMINAL BEHAVIOUR (1).pptx
bybloodyhumanoid
 
PPTX
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 
PDF
The Future of AI-Powered Fashion Design 10 Top Generators for 2026
bymockitseo
 
PPTX
Pizza Chain Market Data Scraping for Better Insights Report.pptx
byWeb Data Crawler
 
PDF
IAC 500 Sensor - Humidity Measurement Device
byCS Instruments
 
PDF
Beyond BBB: Practical Alternatives to Posterior Approximation in Bayesian Neu...
byTomasz Kusmierczyk
 
PPTX
DATALIVA-Presentation-EN_2026 Budgeting SAP Odoo ERP
byMustafa Kuğu
 
PPTX
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
PDF
Benefits of Using the IAC 500 Sensor for Ambient Conditions
byCS Instruments
 
PPTX
Digital transformation success powered by EPM and NexInfo.pptx
byjayasuryanexinfo
 
PPT
HDTV and DTV Standards: The United States Opts for a Digital HDTV Standard
byJeffrey Hart
 
PDF
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
PDF
How to Connect HP LaserJet MFP M234dwe to WiFi
byPrinter Tales
 
PDF
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
PPTX
Why 2026 Could Be a Turning Point for Decentralized Exchanges.pptx
bycalliemorgan193
 
PPTX
Search Engine Responses to Conspiratorial Search Practices AANZCA 2025 Presen...
bykkasianenko
 
Route_Inspection_Problem_Presentation.pptx
byIqraHanif27
 
splunk-peak-threat-hunting-framework.pdf
bylobster6719
 
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
UNIT III TYPOLOGY OF CRIME AND CRIMINAL BEHAVIOUR (1).pptx
bybloodyhumanoid
 
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 
The Future of AI-Powered Fashion Design 10 Top Generators for 2026
bymockitseo
 
Pizza Chain Market Data Scraping for Better Insights Report.pptx
byWeb Data Crawler
 
IAC 500 Sensor - Humidity Measurement Device
byCS Instruments
 
Beyond BBB: Practical Alternatives to Posterior Approximation in Bayesian Neu...
byTomasz Kusmierczyk
 
DATALIVA-Presentation-EN_2026 Budgeting SAP Odoo ERP
byMustafa Kuğu
 
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
Benefits of Using the IAC 500 Sensor for Ambient Conditions
byCS Instruments
 
Digital transformation success powered by EPM and NexInfo.pptx
byjayasuryanexinfo
 
HDTV and DTV Standards: The United States Opts for a Digital HDTV Standard
byJeffrey Hart
 
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
How to Connect HP LaserJet MFP M234dwe to WiFi
byPrinter Tales
 
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
Why 2026 Could Be a Turning Point for Decentralized Exchanges.pptx
bycalliemorgan193
 
Search Engine Responses to Conspiratorial Search Practices AANZCA 2025 Presen...
bykkasianenko
 

Role management

  • 1.
  • 2.
    What to expect? Understanding organization  IT Roles  Where to locate IT security?  Top Management Support  Relationships with other departments  Outsourcing IT security
  • 3.
    Understanding Organization  Comprehensivesecurity is not possible without proper security staff  Their placement  Relationships with other organizational units  Requires proper planning and allocation
  • 4.
    IT Roles  ChiefSecurity Officer  The title usually used for head of security department  Application security engineer  Application security engineers maintain computer applications and software. They spend almost all their time in an office environment, with most of their work involving writing and testing software.  Security engineer  Security engineers are responsible for creating and implementing solutions that ensure an organization’s products and systems are secure.
  • 5.
    IT Roles  Networksecurity engineer  Network security engineers play an essential part in the deployment, configuration, and administration of network- and security-related hardware and software. This includes firewalls, routers, network monitoring tools, and VPNs (virtual private networks). They are also tasked with performing network security risk assessments, and might be asked to help design network infrastructure.  Information security analyst  Information security analysts are responsible for examining security problems and finding solutions. Their duties include researching the industry, finding security threats, and developing strategies to ensure their organization remains secure.
  • 6.
    IT Roles  SecurityManager  The title given to the responsible body of organization to manage security  IT security specialist  IT security specialists analyze an organization’s cybersecurity posture and its past breaches to understand how incidents occur and what needs to be done to prevent them. Given that IT and cybersecurity are such broad topics, organizations will usually have many IT security specialists, each one focusing on a specific area.
  • 7.
    Location of ITSecurity Department
  • 8.
    Within IT Department Placing the IT security department within the information technology department is attractive because security and IT share many of the same technological skill set.  Report to the responsible of IT of the organization directly, for instance, Chief Information Officer (CIO).  CIO will be accountable for security breaches  CIO will support the security department to create safe IT infrastructure  Easier to implement security changes.  Dependent of IT department
  • 9.
    Outside of ITDepartment  Easier to deal with other departments  Enforce security policies on IT department as well  Mostly advised option  Conflict with the IT department
  • 10.
    Hybrid Solution  Rolesegregation  Operational aspects are divided  IT maintains devices such as firewalls and others  Planning, policy making and auditing relates to security
  • 11.
  • 12.
    Top Management Support Top management support is crucial to the success of any security program.  IT security is hard to succeed unless top management gives strong and consistent support.  Support of top management will help in the following:  Budget  Support in conflict  Setting personal examples
  • 13.
  • 14.
    Special Relationships  Tobe successful, the IT security department must develop productive relationships with other departments.  Some departments in an organization are of special importance to the IT security department
  • 15.
    HR Department  Therelationship between HR and IT security should be rich.  HR is responsible of security training programs.  Controls the process of recruitment and termination of employees.  IT security should be involved in the recruitment and termination process to ensure security issues are taken into account.  HR is involved in penalities when employees break security rules.
  • 16.
    The legal Department Legal department deals with all the issues related to a countries law and regulations.  It is important to have good relationships with legal department  Legal department should ensure that security policies are legally sound  The legal department should be involved if security incident happens
  • 17.
    Audit Department  Mostof the big companies such as banks have internal audit department.  This department examines organizational units for efficiency, effectiveness and adequate controls.  The IT audit department examines the efficiency, effectiveness and controls of processes involving information technology.  IT security audit is usually placed under one of the audit departments. Not the IT security department  This makes the IT security audit independent of IT security department
  • 18.
    All other departments The security department should have good relationships with all the departments in the organization  Security department is not about developing and distributing policies to other departments  Other departments does not trust security department because security makes life harder  It is important to have good relationships with other department to have a conflict free and successful security
  • 19.
  • 20.
    Outsourcing  It isnot common to fully outsource IT security  However, it is an option  Most companies outsource some of the IT security  This allows companies not to lose control of their security
  • 21.
    Email Outsourcing  Themost common IT security outsourcing is for email  Email connections to and from the Internet are routed through the outsourcer  The outsourcer provides inbound and outbound filtering  This avoids spam and malware in attachments and scripts in email bodies  Outsourcing email filtering is effective because filtering is becoming a highly specialized field  Email filtering relies on rapid response to new threats  Lists of dangerous email sources are updated hourly or even more rapidly
  • 22.
    Managed Security ServiceProvider  This is outsourcing alternative to delegate even more controls to an outside firm  This firm is generally known as Managed Security Service Provider (MSSP)  MSSP places a central logging server on your network.  Ther server uploads the firm’s event log data to MSSP site.  Security experts and security scanning programs checks the logs and alert in case of an incident
  • 23.
    Why use MSSP? Security experts are expected to sit idle most of the time because incidents do not happen regularly  Internal security experts might not be as capable as the MSSP security experts due to the extent of security events MSSP handles every day.  MSSP is independent and will not make exceptions in the companies policy for any top management staff  MSSP can observe the IT staff of the company
  • 24.
    Continued  All controlsshould not be given to MSSP  Policy development and planning are very important for the organization to handle  Contract should be specific even in simple matters  MSSP should be regularly checked with  Poor job by MSSP can cause great damages to the company
  • 25.
  • 26.
    What is ITAM? IT Asset Management (ITAM) is defined as the set of business practices that join financial, contractual and inventory functions to support lifecycle management and strategic decision making for the IT environment in support of the organization’s overall business objectives.
  • 27.
    Why do ITAM? Manage IT Assets so that maximum value is gained from the use of the assets across the lifecycle and beyond  Value is: • Financial accountability • Risk reduction such as through proper disposition of waste • Efficiency, performance • Customer satisfaction • Control, long-term manageability
  • 28.
    Key Process Areas AcquisitionManagement Disposal Management Policy Management Asset Identification Documentation Management Program Management Compliance Management Financial Management Project Management Communication and Education Management Legislation Management Vendor Management
  • 29.
    To Manage orNot to Manage?  Cost of asset  Volume in the environment  Life expectancy  Risk factors if not managed  Security risks  Loss of productivity  Sarbanes Oxley & other legislation  Redeployment  Leased  Mobility of asset  Cost of building the IT asset management processes
  • 30.
    Commonly Managed Assets Software – Licensing compliance risk – high cost and audits  Mainframes – high cost  Laptops – mobility, cost, risk factors  Desktops – redeployment candidate, often leased  BYOD devices – risk factors  Telecom – division of ownership  Servers – cost, risk to business continuity Should we Manage?  Printers  Monitors  Hub, routers, firewalls
  • 31.
    IT Asset ManagementPolicies  Policies govern behaviors within the organization. The purpose of asset management policies are to have assets that are:  Trackable  Maintainable  Cost effective  Used for the good of the organization  Topics are many times buried in policies with other names such as Security, Acceptable use, Disaster Recovery, Expenses, etc.
  • 32.
    Policy Topics forAsset Management  Privacy – no expectation of privacy  Prohibited use – limitations on use of equipment and or software  Personal use – rules for use non-business  Use of non-corporate assets on the network – BYOD devices and software allowed? Dialing in from home?  Physical security of the equipment – loss and theft prevention, usually in the Security policy  Commitment to energy conservation – Energy Star program, monitor sleep settings  Environmental Self Audit – policy for disclosure, escalation methods
  • 33.
    End of Lifecycle Redeployment  Retirement  Re-use
  • 34.