8.5 Physically Securing Technology Facilities

 < Day Day Up > 

Organizations also need to analyze infrastructure interdependencies and improve the physical security of cybersystems and telecommunications systems to make them meet potential government standards. Those organizations with in-house telecommunications and network facilities can provide a point of entry into regional or national network infrastructures. Thus, the physical security of these facilities can be equally as important as the cybersecurity of the networks.

Implementing physical security to such facilities requires that the access and the activities of employees, service provider staff, and contractors be controlled, managed, and monitored. Efforts to manage the physical security of computer and network facilities should at minimum include those items in the security checklist shown in Table 8.1.

Table 8.1: Physical Security Checklist for Technology Facilities

Physical Security Method

Status (e.g., Completed, Pending, or N/A)

Only personnel who require access to perform their official duties will be permitted in the facilities.


A facilities access roster will be established.


A log is kept of all personnel who are issued the combination/key to the computer room and each person will be required to sign for that combination/key.


A cipher lock or suitable substitute will be placed on each door to the facilities.


The combination of a cipher lock will be changed frequently, especially when a person who was previously given the combination leaves the organization.


Keys or access card keys will be returned to the organization upon separation, transfer, or termination of an employee.


Loss of keys or disclosure of cipher key code will be reported to the security director immediately.


There will be signs posted designating the facilities as a restricted area.


Contract personnel and others not authorized with unrestricted access, but who are required to be in the controlled area, will be escorted by an authorized person at all times when they are within the controlled area.


All access to the facilities will be logged, and logs will be regularly reviewed by management.


There shall be no signs to indicate that information system or network equipment is located in any particular building or area.


Media used to record and store sensitive software or data will be labeled, protected, controlled, and secured when not in use.


Physical access controls will also be implemented in locations of wiring used to connect elements of the systems, supporting services (such as electric power), backup media, wiring closets, and any other elements required for the facilities operation


 < Day Day Up > 

Implementing Homeland Security for Enterprise IT
Implementing Homeland Security for Enterprise IT
ISBN: 1555583121
EAN: 2147483647
Year: 2003
Pages: 248

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net