When a piece of information is crucial and can cause serious damage to the national security can be considered classified information. Based on the severity of the damage, classified information can be categorized as top secret (if leaked can cause highest level of damage), secret and confidential (will not cause significant damage if confidential information get leaked). [Read more…]
Physical Security of Information Assets
Without paying proper attention to the physical security of information asset your IT assets and infrastructure are always under security threats from known or unknown sources or from accidental hazards. An IT security manager or designer will always need to pay equal or even more attention to ensure that his all the information assets are physically secured. It is not necessary that all the physical security risk to IT assets can be only from physical break into the IT server or assets room, but there are major risk related to environmental risks such as fire. To control the physical security of all IT assets you need to identify all the assets that you consider sensitive and important for your organization. The physical security of IT assets can be broadly categorized based on the following criteria:
1. Security of Asset Location
2. Human access control to the security room
3. Environtal control
physical security
Security of asset location
The location of the information asset room need to physical secured. It is always a good practice not to disclose the location of your server room to public. The lesser people know about the location of your server room the better. First of all, you need to make sure that there one entry to your server room including one emergency exit door. Secondly, the entrance of the access door should not be directly visible to the location of your office where the majority of the officials work. Thirdly, before the main access door there should be another small door or space to reduce the risk of piggy backing.
Human access control
Before entering the server room all the personal need to be authorized to enter the room-there can be an exception to the daily maintenance team. But it is better to have the presence of a supervisor when maintence works are carried out. All the personals need to be physically verified and must carry an identity card, if possible implement digital access control or any biometric access control. The security person before the access room must be present always and they there may be a pool of security guards who will be only duty so as they can be familiar with the faces entering the room on regular basis. Finally, there should be close circuit camera both in and outside of the asset room and you need to make sure the access to the digital recording devices are properly monitored and logged.
Environmental security control
You need to make sure that all the equipment installed inside the server rooms are being auditor regularly. Make sure there are at least two emergency power-off switches for the server room itself-one inside and the other outside the room. All the electrical wiring should be placed inside fire-resistance panels and if there are any office desk or cabinets, then use only those equipments made of fire-resistance materials. Any kind of food intake must be strictly prohibited in the server room
