As an Information Security Officer (ISO) for a small pharmacy, it is my responsibility to ensure both physical and logical access controls are in place to protect the medications and funds that are maintained and located on the premises. Additionally, my responsibility would include maintaining the privacy of our customers' personal information. The ISO's duties may include providing reports to company management, establishing information security procedures and standards, and advising and recommending to the pharmacy on security improvement issues. Potential physical vulnerabilities and threats that require consideration include; not allowing customers to enter after working hours, only employees will enter the premises through the after hours entrance, the back door should only be used by employees and non-employees should be prohibited from using of the door. A double lock system should be used for entry to ensure security during non-business hours. Other physical security vulnerabilities that need to be considered are attacks on security mechanisms such as locks and security personnel, disruption of sensing devices such as smoke detectors, motion detectors and closed circuit TV. Physical security threats are concerns associated most with attackers gaining physical access to premises. Attackers can cause physical destruction of equipment or sabotage it. Furthermore, attackers can be responsible for theft, fraud and vandalism. The attacker can sabotage the system if he has sufficient knowledge of the system, for example a former employee, and gains access to the system and thus makes the system unusable, deletes or modifies information. Theft can include the actual products off the paper equipment. Furthermore, each user will have to change their password every sixty days. The costs and benefits of implementing control activities should be considered. While the risks are real, our pharmacy must decide how much money it is willing to spend to protect our assets. The cost must be weighed against the cost of continuing to operate and the cost of the threat to us of losing information and reputation. As a general rule, the cost of implementing and maintaining a control activity should not exceed the benefits derived from that control activity (Microsoft 2006). The countermeasures listed in our presentation are ways to improve our security systems in our pharmacy. The ISO must remain vigilant in the never-ending fight against the forces of evil and darkness that seek to invade and devastate our pharmacy.