1.5. PHYSICAL SECURITY CONTROLS
Computer hardware includes the CPU and all peripheral devices. In networked systems, these devices include all bridges, routers, gateways, switches, modems, hubs, telecommunication media, and any other devices involved in the physical transmission of data. These pieces of equipment must be adequately protected against physical damage resulting from natural disasters, such as earthquakes, hurricanes, tornadoes, and floods, as well as other dangers, such as bombings, fires, power surges, theft, vandalism, and unauthorized tampering. Controls that protect against these threats are called physical security controls. Examples of physical security controls include various types of locks (e.g., conventional keys, electronic access badges, biometric locks, cipher locks); insurance coverage over hardware and the costs to re-create data; procedures to perform daily backups of system software, application programs, and data; as well as off-site storage and rotation of the backup media (e.g., magnetic tapes, disks, compact disks [CDs]) to a secure location; and current and tested disaster recovery programs.
Get Auditing Information Systems, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
