IVI Framework Viewer

Physical Infrastructure Security

B3

Implement, monitor, and maintain measures to safeguard the IT physical infrastructure from threats including extremes of temperature, fire, flooding, malicious intent, and utility supply disruptions.

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Physical Infrastructure Security at each level of maturity.

2Basic
  • Practice
    Establish access restrictions for critical and sensitive IT physical infrastructure components and storage locations; and establish monitoring systems for temperature control and fire and flood detection.
    Outcomes
    • IT and facilities departments begin to cooperate in physical security provision.
    • A cross-functional appreciation of the need for security is emerging as physical measures are obvious unlike many other measures that are implemented in electronics or software.
    Metrics
    • % of critical systems in secure locations.
    • % of employees with authorized access.
3Intermediate
  • Practices
    • Extend the IT physical infrastructure security measures to cover utility supply continuity and site disaster recovery planning.
    • Automate responses to environmental issues, and maintain entry and exit logs.
    • Protect most on-site IT services with fault-tolerant designs, uninterruptable power supplies, and wide area network redundancy.
    Outcomes
    • IT and knowledge sensitive areas are physically secured and monitored for intrusion and attack.
    • Their continuity is safeguarded in the event of incidents.
    Metrics
    • % of critical systems in secure locations.
    • % of employees with authorized access.
    • # of access incidents.
    • # of environmental incidents.
4Advanced
  • Practices
    • Fully integrate the IT physical infrastructure security measures with organization-wide business continuity planning and incident management plans, including power and network infrastructure outages.
    • Develop and test backup systems to maintain critical systems online even if a site and its IT infrastructure are taken offline.
    Outcome
    Incident responses relating to physical security incidents are improved and easier to coordinate.
    Metrics
    • % of critical systems in secure locations.
    • % of employees with authorized access.
    • # of access incidents.
    • # of environmental incidents.
5Optimized
  • Practices
    • Continually test and review the IT physical infrastructure security measures to identify opportunities for improvement.
    • Incorporate within the measures the latest recommendations from security and insurance industries and vendors, and from emerging research.
    Outcome
    The effectiveness of IT physical infrastructure security and monitoring is continually maintained.
    Metrics
    • % of sites overdue a review.
    • % of sites with outstanding improvement actions.