physical security in information systems
How do you stop unauthorised physical access to information systems? How do you protect the security of the information systems assets themselves (e.g. computer rooms, laptops and disks)? The answers lies in physical security controls. The key controls you need to be aware of are summarised in this revision note.
Ensuring that there is a proper physical environment for systems, records and staff is essential for maintaining confidentiality, integrity and availability of information.
Management need to think about the following aspects of physical security:
- of information and information systems from the elements is as important as protecting them from unauthorised people
- of physical access, which should be restricted to authorised personnel. IT equipment is tempting to thieves, and can be damaged by accidents or sabotage
- of the physical operating environment in a computer server room is as important as ensuring that paper records are not subject to damage by fire or flooding.
- of supporting equipment such as air conditioning plant or mains services
The main physical security controls are as follows:
Controlling Physical Access
The objective with physical access controls is to stop unauthorised people getting near to computer systems.
The key is to have a range of controls that include:
- Personnel (e.g. security) controlling human access
- Use of locks, key pads or car entry systems to sensitive computer locations
- Intruder alarms (detection)
Increasingly, computer equipment is smaller and lighter - which makes it easier to steal. So it makes sense for such equipment to be:
- Locked away when not in use
- Marked with identification (e.g. bar code / security code)
The locations in which information systems are held also need to be protected. Measures include:
- Site preparation (e.g. materials that are fireproof)
- Detection equipment (e.g smoke detectors)
- Extinguishing equipment (e.g. sprinklers)
- Protection of power supplies (e.g. back up generator)
Working with Our Strategic Partners
Boston House | 214 High Street | Boston Spa | West Yorkshire | LS23 6AD | Tel +44 0844 800 0085 | Fax +44 01937 529236
Company Registration Number: 04489574 | VAT Reg No 816865400