Physical Infrastructure Security
Establish and maintain measures to safeguard the IT physical infrastructure from harm. Threats to be addressed include extremes of temperature, malicious intent, and utility supply disruptions.
Improvement Planning
Practices-Outcomes-Metrics (POM)
Representative POMs are described for Physical Infrastructure Security at each level of maturity.
- 1Initial
- Practice
- Secure sensitive systems such as payroll and cheque printing.
- Outcome
- Some network equipment and systems have been physically secured.
- Metric
- % Critical systems in secure locations
- 2Basic
- Practice
- Identify and secure locations of critical and sensitive IT infrastructure components, and sensitive information storage locations (e.g. confidential printed reports).
- Outcome
- A cross functional appreciation of the need for security is emerging and physical measures are obvious unlike many other measures that are implemented in electronics or software. IT and facilities departments co-operate in physical security provision.
- Metric
- % Critical systems in secure locations % People with authorized access.
- 3Intermediate
- Practice
- Develop an integrated IT and physical environment security system for access and environmental controls.
- Outcome
- IT and knowledge sensitive areas are physically secured and monitored for intrusion and attack in IT and other participating business units.
- Metric
- # Access incidents # Environment incidents % Manually detected incidents
- 4Advanced
- Practice
- Integrate physical environment security with access controls and surveillance systems organization-wide.
- Outcome
- Security awareness and staff vigilance re-enforce security efforts at all levels. Incident responses relating to physical security incidents are improved and easier to coordinate.
- Metric
- % Environment monitoring equipment centrally managed % Devices monitored for unauthorized tampering
- 5Optimized
- Practice
- Regularly review and improve physical environment security across the business ecosystem.
- Outcome
- The effectiveness of physical environment monitoring and security is maintained at a level appropriate to the business ecosystem.
- Metric
- # Sites overdue a review % Sites with outstanding improvement actions.