IT security policies and procedures to guard against unauthorized access to restricted areas such as server rooms, control and privileges of administrators, password policies, remote access policies, and access card privileges. Includes security guards, allowing visitors inside the facility after proper vetting, escorting visitors, building access, and surveillance cameras at each and every important location, both outside and inside of the facility. General management policies and procedures to secure the facility. Normally, organizations have standard policies and procedures to protect the facility including the data/computer center: The physical and environmental security mechanism should protect the threats either by automatic controls or driven by a set of manual processes. Examples include static electricity or carpets, cosmic radiation, explosion, and decomposition of magnetic tapes Movements: Collapse, shearing, shaking, vibrations, and so on.Įnergy Anomalies: Electric surges, failures, magnetism, static electricity, radiation, sound, light, radio and microwaves. Projectiles: Tangible objects in motion such as moving vehicles, cars, trucks, and explosions Organisms: Viruses, bacteria, people, animals, and insects Example would be water pipe leakages, sanitary leakages, fuel leaks, spilled drinks, acids, and chemicals used for cleaning Examples would be transformer explosion gas, air-conditioning failures, smoke or smog, printer’s liquids and toners, and cleaning liquids Gases: War gases, commercial vapors, humidity, dry air, and so on. Temperature: Extreme variation of temperature Seven major sources of physical loss have been identified as: 1 Table 14-1 summarizes the security threats based on the CIA triad. Water leakages and power surges also represent physical threats and appropriate measures need to be taken to protect these assets. Natural calamities such as fire and floods, can also destroy the data including physical backup tapes inside the facility. Deliberate acts of sabotage or vandalism of the facility, employees stealing computers, computer accessories, confidential data, and passwords from the facility are all physical threats and need to be addressed. All these are physical security related threats that need to be curtailed. Someone can sneak into the facility and photograph or take video and hand it over to a competitor. An unauthorized person entering into the electrical control room and switching off the power to the server room could lead to a complete shutdown of the data center. Spilling water or a cup of hot coffee on the computer has the potential to destroy the electronic component of the computer and make the system dysfunctional. They may not be required to take care of physical security but somebody who provides the infrastructure facilities for the cloud needs to ensure the physical security as the servers and the infrastructure are still located in some physical facility somewhere. People may be thinking that having moved their infrastructure on to the cloud, they would not be impacted by physical security. Since all the system resources are placed inside a physical facility, the environment around and within this facility should be safeguarded from both natural and unnatural events. Physical security is as important as other technical security measures that are provided for the information. Physical security refers to the measures taken to protect the physical environment and infrastructure that is housing the information system resources, including hardware, software, and other networking devices against physical threats such as theft, fire, water, floods, and so on.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |