richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
iso27diy-corp/Corpus/Standards/ISO-27002-OST/ISO27002-EN-2022/a-7.8-Equipment-siting-and-protection.md

2.2 KiB
Raw Blame History

7.8 Equipment siting and protection

| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

|------------------|-----------------------------------------|---------------------------|----------------------------------------|---------------------|

| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Physical_security #Asset_management | #Protection |

Control

Equipment should be sited securely and protected.

Purpose

To reduce the risks from physical and environmental threats, and from unauthorized access and damage.

Guidance

The following guidelines should be considered to protect equipment:

a) siting equipment to minimize unnecessary access into work areas and to avoid unauthorized access;

b) carefully positioning information processing facilities handling sensitive data to reduce the risk of information being viewed by unauthorized persons during their use;

c) adopting controls to minimize the risk of potential physical and environmental threats [e.g. theft, fire, explosives, smoke, water (or water supply failure), dust, vibration, chemical effects, electrical supply interference, communications interference, electromagnetic radiation and vandalism];

d) establishing guidelines for eating, drinking and smoking in proximity to information processing facilities;

e) monitoring environmental conditions, such as temperature and humidity, for conditions which can adversely affect the operation of information processing facilities;

f) applying lightning protection to all buildings and fitting lightning protection filters to all incoming power and communications lines;

g) considering the use of special protection methods, such as keyboard membranes, for equipment in industrial environments;

h) protecting equipment processing confidential information to minimize the risk of information leakage due to electromagnetic emanation;

i) physically separating information processing facilities managed by the organization from those not managed by the organization.

Other information

No other information.