One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 3506842 |
| Date de publication | 2021-10-13 15:59:00 (vue: 2021-10-13 04:05:15) |
| Titre | Topic-specific policy 2/11: physical and environmental security |
| Texte | Yesterday I blogged about the "access control" topic-specific policy example in ISO/IEC 27002:2022. Today's subject is the "physical and environmental security" policy example.Physical security controls are clearly important for tangible information assets, including IT systems and media, documentation and people - yes, people.The first "computers" were humans who computed numbers, preparing look-up tables to set up field guns at the right elevation and azimuth angles to hit designated targets at specific ranges given the wind speed and direction, terrain and ordinance - quite a lot of factors to take into account in the field, so the pre-calculated tables helped speed and accuracy provided the gunners used them correctly anyway, and I'm sure they were highly trained and closely overseen!Aside from a little mental arithmetic, most of us don't "compute" many numbers today but we still process staggering quantities of information flowing constantly from our senses and memories. In the work context, the trite mantra "Our people are our greatest assets" may be literally true, given the knowledge, experience, expertise and creativity of workers. We have valuable intangible proprietary and personal information locked in our heads, trade secrets, innovative ideas and more. We are information assets, although to be fair the true values vary markedly (and, yes, some are liabilities!). Why do you think some people are paid more than others?Aside from the commercial value aspect, workers require adequate protection against unacceptable health and safety risks according to national laws and regulations. We also deserve respect, personal space, privacy, understanding, fair and reasonable compensation and so on, raising ethical and further legal or contractual obligations. Environmental protection ensures that workers have reasonably pleasant workplaces, partly for health and ethical reasons, partly for productivity reasons. Computer systems likewise work more reliably under manufacturer-specified ambient temperatures and require appropriate electricity supplies. The total demands for cooling and power can be significant in a large computer room or data centre. Oh and don't forget the physical security and environmental controls for portable equipment and home offices - safe storage, for instance, plus security cables, etched corporate logos, good quality power supplies and UPSs, spare batteries and more. Environmental controls relating to noxious by-products, greenhouse gases, dangerous emissions, excessive noise, explosive/flammable products, dangerous processes etc. are particularly important for chemical and manufacturing industries, among others ... but are they 'information security controls'? I would argue yes for some, perhaps most of them. For instance, electric valve and sluice gate controllers on a sewage treatment plant that are computerised and networked smart things are at risk from malware, hackers, inept system administration or configuration errors, software design flaws and programming bugs, mechanical problems, power glitches and more. So, there is clearly a wide variety of information risks and controls in this area, collectively presenting significant challenges in various organisatio |
| Envoyé | Oui |
| Condensat | $20 these tomorrow conversely environmental for if so 2/11: 27002:2022 about accepting access accident according account accuracy adequate administration against airport all also although ambient among angles anything anyway appreciate appropriate are area argue arithmetic aside aspect asset assets attempt audits awareness azimuth back badly basic basis batteries better blogged bugs build but cables calculated camera can case centre challenges chance charge checking chemical clearly closely collectively commercial common companies compensation compute computed computer computerised computers configuration constantly context contractual control controllers controls cooling corporate correctly costs cover covers creativity cut dangerous data demands deserve design designated determine did direction documentation doesn don down during ears electric electricity elevation emissions ensures environmental equipment errors essentials etched ethical everything exactly example excessive experience expertise explosive/flammable eyes factors fair field find fire first flat flaws flood flowing forget foundation from fundamentals further gases gate get given glitches goes good greatest greenhouse guidance guide gunners guns hackers hand have heads health helped highly hit home how however humans ideas implicitly important including industries inept information innovative installation instance intangible iso/iec issues jet job: just kinds knowledge large last laws laying legal length liabilities likewise limited literally little locked logos look lot malware managed management mantra manufacturer manufacturing many markedly may maybe mechanical media memories mental merely more most national networked noise none not nothing noxious numbers obligations obvious office offices often one open ordinance organisation organisations other others otherwise over overseen page paid part particularly partly passenger people per perhaps personal physical plant pleasant plus point policies policy portable power practice pre preparing presenting presently privacy problems process processes etc productivity products programming proprietary protection provided quality quantities quite raising ranges readable ready reasonable reasonably reasons regardless regulations relating reliably require respect reviewed right risk risks room rough safe safety same secaware secrets security senses seriously set sewage shorter should significant simply since situations sluice smart things software some something space spare special specific specified speed staggering starting storage structure subject such supplies sure surprising system systems tables take tangible targets temperatures template template is templates terrain than that theft them there think time today too topic total trade trained training treatment trim trite true unacceptable under understanding unless/until upss used valuable value values valve variety various vary wandering way well which who why wide wind worded work workers workplaces worthwhile would wrong yesterday your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.