Recommended Physical Auditing Tasks

Physical audits are usually the easiest, but the most neglected of the auditing tasks. Here are a couple of essential physical audit tasks every organization should perform:

  • Power conditioning One of the most common causes for failure in critical systems is inadequate power conditioning. Policies should dictate that objects of a high enough risk level be attached to an uninterruptible power supply (UPS). All other devices should, at a minimum, be attached to a surge suppressor. Organizations that place numerous critical objects in a single room should also consider purchasing a full-room UPS. Also be sure to look at details like whether or not someone would be alerted if a UPS failed, or if the batteries are large enough to last until a local generator kicks.

  • Environmental conditions Another common cause for failure in critical devices is poor environmental conditions such as heat and humidity. Auditors should check to ensure that rooms holding equipment have the proper environment conditioning.

  • Physical access controls Auditors should consider the Rule of Least Privilege for physical access. Rooms should have adequate controls to keep unauthorized individuals out. Within the room, critical devices should be locked in cabinets along with access to their power cords and network connections. The level of access control should reflect the highest risk object within the room. A room that stores a non-critical FTP server may not even need a lock, whereas a room storing cancer research data should require a thumbprint for access.

  • Emergency response equipment Electronic-safe fire extinguishers should be located within and near major computer rooms. Fire and intrusion alarms should be in place and tested regularly. Emergency plans for physical issues should be in an easy-to-find location within the room and in a backup location.

  • Monitoring The degree to which a room is monitored should reflect the most sensitive object within the room. Auditors should note personnel, guards, and cameras in the area. It is also important to consider how items like door sensors and cameras are monitored by security and how long records and recordings are kept.

  • Cabling and Mounting Poor cabling can cause numerous issues with system and device availability. Cables that are unorganized and unlabeled can drastically increase the time required to respond to an event or recover from a disaster. Auditors should check the condition of cables in all areas that hold equipment. In addition, important equipment should be securely mounted in a rack or shelf.



Inside the Security Mind(c) Making the Tough Decisions
Inside the Security Mind: Making the Tough Decisions
ISBN: 0131118293
EAN: 2147483647
Year: 2006
Pages: 119
Authors: Kevin Day

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net