Physical security measures were act

Physical security measures were actually fairly good at the Business, for a homebased business. The dedicated office with a lock on the door is a simple thing that affects this more than the owner had thought about. For example, babysitters and workers can be in the house without necessarily having access to the office. The Business also had smoke detectors, fire extinguishers, UPS’s, motion sensor-activated exterior lights, and the like. Assets were stored pretty well as far as flood potentials were concerned (stock in plastic totes on shelves).
However, both stock and paper records were in the garage, with no additional protection from a fire or break-in. I recommended that the Business owner find a way to protect both stock and paper records from both fire and break-in, but this recommendation was met with the problem of cost. Fireproof lockboxes large enough to protect the 10.5 cubic feet of business records are certainly available. However, enough fireproof safe space to protect the 200+ cubic feet of stock is just not economical for a business this size.
The alternative chosen was a locking cabinet for the business records. The measures already in place for the stock (plastic totes, being up on shelves, and business insurance) will have to be sufficient. The Business owner chose (correctly, in my opinion) to accept the (fairly low) risk of having her stock stolen or lost in a fire, rather than pay for a mitigation method that would cost her more than she could afford.
In addition, I recommended physical defense in depth for the computers: physically securing the computers so that they would take more than a moment to pick up and remove from the premises. The owner accomplished this with industry-standard PC cables, manufactured for the purpose. Computer security was a large task, and these audits and the specific recommendations made for each computer and the router are documented in Appendices 2 through five.
Because of the danger of lost orders, I recommended the creation of a half-page form, printed on colored paper, for phone orders, and the placement of copies beside all store phones. Once a phone order is taken, the order can be placed directly on the “Orders” clipboard, and this should reduce the risk of loss. The colored paper, too, should help prevent the forms from getting lost in the shuffle. This is decidedly “lowtech” information technology, but it suits the Business’s budget and addresses the problem. A copy of the form has been reproduced at the end of Appendix 7.