ITIL Foundation Online Training - $47/mo Description: 14+ Hours, 200+ Practice Questions, Lifetime Access, 100% Online, Self-paced Click Here

10 Full ITIL Mock Exams for only $25/mo.Check if you are ready to take the ITIL Exam and crack it in the first attempt Click Here

Friday, March 16, 2012

Controlling Physical Access to Facilities

Remember the example about additional layers of control and protection for projects handling bank data? What I was indirectly referring to was access to physical facilities like office building, computers etc.

Information Security Management defines the access control policy, and identifies the necessary physical security measures and who should have access to which site (e.g. the data centre). Facilities Management is responsible for enforcing this policy. The major components of physical access control are:
• The installation, maintenance and management of physical access security controls such as locks and barriers and surveillance equipment
• Monitoring of physical access to protected areas
• Physical security staffing
• Maintenance of floor plans showing areas of restricted access and the relevant security controls.

One of the most common means of breaching physical security is by ‘social engineering’: a rather grandiose term that usually refers simply to talking your way into a secure facility (e.g. by posing as a legitimate contractor, posing as someone else or simply following a legitimate person through an open door). For this reason, security access must not only be controlled appropriately but also continually monitored so that such breaches can be detected and security controls improved. This activity can also be considered a sub-set of the Access Control Management process group.

Prev: Important Concepts

Next: Role of an IT Security Manager

No comments:

Post a Comment


© 2013 by All rights reserved. No part of this blog or its contents may be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the Author.


Popular Posts