From the course: Certified Information Security Manager (CISM) Cert Prep (2022): 3 Information Security Program
Site and facility design
From the course: Certified Information Security Manager (CISM) Cert Prep (2022): 3 Information Security Program
Site and facility design
- [Presenter] Cybersecurity professionals must ensure the physical security of facilities under their control. This includes limiting access to those facilities, authenticating employees seeking to gain access, and tracking contractors and other visitors who access the site. Let's begin our discussion of physical security by discussing some of the different types of facilities that must be protected. Data centers are the most obvious locations of concern to cybersecurity professionals. These secure facilities contain all of the servers, storage, and other computing resources needed to run our business. Data center access must be strictly limited to prevent the potential theft of resources and information. Anyone gaining physical access to a data center would have the ability to cause significant damage and disruption to the business. Not all servers are kept within the relatively safe confines of a managed data center. Some businesses only have simple server rooms that often lack strong security controls. These server rooms may also proliferate within business units of organizations that have central data centers because they tend to pop up organically, beginning with just a few servers in a room and growing until they may have the capacity of small data centers. Media storage facilities also require security attention. Good disaster recovery and business continuity plans place copies of critical business information, including system backups at remote locations. These locations contain sensitive data and they must have equivalent security to the main data center, if not greater security because of their remote location. Cybersecurity professionals often engage in digital forensic investigations. If evidence handled during these investigations may be used in court, investigators must document and preserve the chain of custody ensuring that evidence is not tampered with while under their care. This requires secure evidence storage rooms that are safe from intrusion. Wiring closets are an often overlooked physical security concern. They exist throughout an organization's buildings and if they're not properly secured, they may offer an intruder physical access that may be used to eavesdrop on network communications or gain access to sensitive networks. This need for protection extends to cable distribution runs that leave wiring closets and then travel around an organization's facility to deliver network connectivity. There may be other secure areas of a business that require similar protections. These include operation centers and other restricted work areas. Security professionals should perform an inventory of all sensitive locations under their control and conduct physical security assessments of those facilities.