IT Security and Information Assurance
IT Security and Information Assurance
- There are guards at the entrance of office building.
- Identity Cards provided by the office are shown at the time of entrance.
- An officer in the ‘time room’ records the time of entering and leaving for each employee.
- Visitors are required to show their National Identity Cards to prove their identity. Also, someone from the inside is needed to escort the visitor to fulfill the specified purpose.
- Surveillance cameras present inside the building to check that only the authorized personnel can access the various sites. Not all employees have a right to access all sites within the building.
- All room doors are locked and the keys are deposited in the security office before leaving.
- Fire detectors and sprinklers are installed in all rooms and corridors.
- UPS for computer systems and generators for providing electricity to the rest of the office have been installed.
- Central heating and air-conditioning system exists.
Analysis and Recommendation: All the above security measures are present to ensure the physical security. However, some measures need to be taken to further enhance the physical security. Metal detectors and CCTV cameras need to be installed at the entrance of the building. Security dogs should also be made use of. Moreover, access to building and rooms using smart cards instead of or in addition to the traditional lock and key system will ratchet up security. Employees should also be given a briefing on the steps to take in case of a threatening or emergency situation.
1. Describe how physical security controls are needed to augment logical security controls in a typical data center.
Anyone who plans to enter the most secure part of the data center should be authenticated at least three times; first at the general entrance, then at the entrance to the employee area and finally to the entrance of the central point of the data center (Scalet, 2005). This needs to be done to ensure that employees, other than the system administrators, who have access to the building, cannot access the data console. This prevents internal security breaches. Physical security controls inhibit the access to a data center altogether. If physical security controls are weak, there is a greater chance that the logical security controls will be broken into. Moreover, the security data also needs to be protected because if anyone gets hold of the security plan, all controls may fall limp.
2. What physical security controls would you recommend for server rooms or network switching equipment closets if a full-blown data center is not practical?
First and foremost, the server rooms or network switching equipment closets need to be locked at all times. In order to access them, two levels of security should be installed. Other than the traditional lock and key, smart card access using a PIN should be established. Three 8 hour shifts of guards during the day should be arranged for. Twenty-four hour surveillance is a sine qua non to monitor the entrance of the server room or closet (“Physical Security”, n.d.). Internet protocol cameras have made monitoring possible from anywhere in the world.
Although a fire alarm system is of the essence, the fire suppression system should be such so as not the damage the hardware (“Physical Security”, n.d.). The printers also need to be secured to their stations because the printers nowadays have memory that stores the recently printed documents (“Physical Security”, n.d.). There should be no or limited windows to the server room and the window should have bomb-resistant laminated glass (Scalet, 2005).
Works Cited
Physical Security. (n.d.). Retrieved from http://www.ukessays.com/essays/it-research/physical-security.php
Scalet, Sarah D. (2005, Nov 1). 19 Ways to Build Physical Security into a Data Center. Retrieved from http://www.csoonline.com/article/2112402/physical-security/19-ways-to-build-physical-security-into-a-data-center.html