physical security in information systems

How do you stop unauthorised physical access to information systems? How do you protect the security of the information systems assets themselves (e.g. computer rooms, laptops and disks)? The answers lies in physical security controls. The key controls you need to be aware of are summarised in this revision note.

---

Ensuring that there is a proper physical environment for systems, records and staff is essential for maintaining confidentiality, integrity and availability of information.

Management need to think about the following aspects of physical security:

(1) Protection
- of information and information systems from the elements is as important as protecting them from unauthorised people
- of physical access, which should be restricted to authorised personnel. IT equipment is tempting to thieves, and can be damaged by accidents or sabotage

(2) Maintenance
- of the physical operating environment in a computer server room is as important as ensuring that paper records are not subject to damage by fire or flooding.
- of supporting equipment such as air conditioning plant or mains services

The main physical security controls are as follows:

Controlling Physical Access

The objective with physical access controls is to stop unauthorised people getting near to computer systems.

The key is to have a range of controls that include:

- Personnel (e.g. security) controlling human access
- Use of locks, key pads or car entry systems to sensitive computer locations
- Intruder alarms (detection)

Preventing Theft

Increasingly, computer equipment is smaller and lighter - which makes it easier to steal. So it makes sense for such equipment to be:

- Locked away when not in use
- Marked with identification (e.g. bar code / security code)

Physical Environment

The locations in which information systems are held also need to be protected. Measures include:

- Site preparation (e.g. materials that are fireproof)
- Detection equipment (e.g smoke detectors)
- Extinguishing equipment (e.g. sprinklers)
- Protection of power supplies (e.g. back up generator)

About tutor2u tutor2u is the leading global publisher of e-learning resources for Economics, Business, Politics, Enterprise, Law, Sociology, Religious Studies and related subjects. Our materials are used by over 3,500 schools and colleges in the UK and in educational institutions in over 85 other countries. tutor2u offers a range of free and subscription-based materials - designed to support teachers and inspire students. The business also runs a popular series of student revision workshops and teacher conferences. tutor2u was named Online Learning Resource of the Year at the prestigious BETT Show - the World's leading educational show.

Privacy & terms of Use Our privacy policy is published here: www.tutor2u.net/privacy.asp. The terms of use of this website are set out here: www.tutor2u.net/terms.asp. " tutor2u" is a registered trade mark. The information contained on this website is copyright Tutor2u Limited. All rights reserved

Contact us The sales team at tutor2u can be contacted by phone on 0844 800 0085. Orders can be faxed to 01937 529236. The office address is: Tutor2u Limited, Boston House, 214 High Street, Boston Spa, UK LS23 6AD   To contact tutor2u by email, please use this form: Tutor2u - Contact Form

Teacher Newsletters & Subject Blogs tutor2u publishes a variety of free teacher newsletters and blogs for our featured subjects. Teachers can access these materials here: Teacher Newsletters  A daily RSS feed for each of our free subject blogs can be accessed here