IT Management & Cyber Security

ISO 27001 Annex : A.11.2 Equipment Its objective is to avoid loss, damage, theft, or compromise of assets and disrupt the operations of the organization. A.11.2.1  Equipment Siting and Protection Control- To mitigate the risk of   environmental  hazards, risks, and unauthorized access, the equipment should be sited and secured. Implementation Guidance- To protect equipment, the following directives should be considered: In order to minimize unnecessary access in work areas, equipment should be sited; Information   processing facilities that handle sensitive information should be carefully positioned to reduce the risk of unauthorized persons viewing information during their use; In order to avoid unauthorized access, storage facilities should be secured; Objects requiring special protection should be protected to reduce the required level of overall protection; The   risk   of potential threats to the environment and physicality such as...

In this article explained ISO 27001 Annex : A.11.1.3 Securing Offices Rooms  and Facilities,  A.11.1.4 Protecting Against External and Environmental Threats,  A.11.1.5 Working in Secure Areas,  A.11.1.6 Delivery and Loading Areas. A.11.1.3 Securing Offices, Rooms and Facilities Control-  Physical  security  should be designed and implemented for the offices, rooms, and facilities. Implementation Guidance-  The following guidelines for safeguarding offices, spaces, and services should be considered: Key facilities should be situated to avoid public access; The presence of the information processing activities should be indicated unobtrusively where appropriate and offer a minimum indication of their intent and no obvious signs outside or inside the building; In order to avoid sensitive information or events that are visible and audible outside, facilities should be installed. Electromagnetic security should also be taken into account...

ISO 27001 Annex : A.11 Physical and Environmental Security in this article explain Secure areas, Physical Security Perimeter and Physical Entry Controls.  A.11.1 Secure areas Its objective is to avoid unauthorized physical access, damage and interference with the  organization’s information  and information processing facilities. A.11.1.1 Physical Security Perimeter Control-  Security perimeters should be established in order to secure areas that contain either sensitive or confidential information and information processing facilities. Implementation Guidance-  When appropriate, for physical security perimeters, the following guidelines should be considered and implemented: Security perimeters should be established and the location and intensity of each perimeter should depend on the security requirements of the assets inside the perimeter and on the results of the  risk assessment ; The building or facility perimeters should be physicall...