|
Departments responsible
must ensure that adequate physical security protections are
implemented to maintain the availability, confidentiality and
integrity of the organization’s IT infrastructure. Proper
investments in physical security shall be made by analyzing the
risks, threats, and vulnerabilities as identified in the IT security
framework.
The location and layout of the facility shall be
documented clearly. Physical security attributes for computer or
telecommunications rooms shall be given importance and strict access
control shall be addressed. Facility access control shall be
discussed with the concerned operations managers and documented.
Physical data storage
and telecommunications controls shall be physically protected.
Physical security controls for mobile/remote computing
also must be addressed as Laptops and Personal Digital
Assistants (PDA s) and
Portable data storage devices like tape drives, zip drives,
removable hard drives, USB data storage devices may be misused by
the employees to smuggle the data.
|