CISSP Certified Information Systems Security Professional Quotes

“without control over the physical environment, no collection of administrative, technical, or logical access controls can provide adequate security. If a malicious person can gain physical access to your facility or equipment, they can do just about anything they want, from destruction to disclosure or alteration. Physical controls are your first line of defense, and people are your last.”
― James M. Stewart, CISSP: Certified Information Systems Security Professional Study Guide

“Senior management approval and buy-in is essential to the success of the overall BCP effort. If possible, you should attempt to have the plan endorsed by the top executive in your business—the chief executive officer, chairman, president, or similar business leader. This move demonstrates the importance of the plan to the entire organization and showcases the business leader’s commitment to business continuity. The signature of such an individual on the plan also gives it much greater weight and credibility in the eyes of other senior managers, who might otherwise brush it off as a necessary but trivial IT initiative.”
― James M. Stewart, CISSP: Certified Information Systems Security Professional Study Guide

“A segregation of duties policy is highly relevant for any company that must abide by the Sarbanes-Oxley Act of 2002 (SOX) because SOX specifically requires it.”
― James M. Stewart, CISSP: Certified Information Systems Security Professional Study Guide