16.1
Table 16.7 is an extract from the Technology Risk Checklist, published by the WorldBank [WORL04] to provide guidance to financial institutions and other organizations. This extract is the physical security checklist portion. Compare this to the security policy outlined in Section 1 of the document SecurityPolicy.pdf, available athttps://app.box.com/v/CompSec4e. What are the overlaps and the differences?
Table
16.7 World Bank Physical Security Checklist
54.
Do your security policies restrict physical access to networked systems facilities?
55.
Are your physical facilities access-controlled through biometrics or smart cards, in order toprevent unauthorized access?
56.
Does someone regularly check the audit trails of key card access systems? Does this notehow many failed logs have occurred?
57.
Are backup copies of software stored in safe containers?
58.
Are your facilities securely locked at all times?
59.
Do your network facilities have monitoring or surveillance systems to track abnormal activity?
60.
Are all unused “ports” turned off?
61.
Are your facilities equipped with alarms to notify of suspicious intrusions into systems roomsand facilities?
62.
Are cameras placed near all sensitive areas?
63.
Do you have a fully automatic fire suppression system that activates when it detects heat, smoke, or particles?
64.
Do you have automatic humidity controls to prevent potentially harmful levels of humidity from ruining equipment?
65.
Do you utilize automatic voltage control to protect IT assets?
66.
Are ceilings reinforced in sensitive areas (e.g., server room)?
16.2 Are any issues addressed in either Table 16.7 or Section 1 of SecurityPolicy.pdf thatare not covered in this chapter? If so, discuss their significance
0 comments