Physical Security

Containers, from cabinets to secure buildings, play a similar role for protecting information systems as for protecting information. The hosts processing information are housed in facilities that effectively are security containers designed to protect the confidentiality, integrity and availability of the information systems. The confidentiality of data within computers is protected by limiting authorized access to devices.  The availability of systems is improved when housed in large data centers that are placed in locations that consider reduced threat event frequency by acts of nature (earthquakes, floods, wind damage) and provided with backup power that responds to reduce the impact of threat events. Finally, security control systems are also located within the facility. Since the integrity of these systems are the foundation for the security controls across the organization information system (e.g., encryption key controls), they may be placed within a container in the data center to further limit who is authorized access.

Copyright © 2019 Christopher T. Carlson

Excerpt from How to Manage Cybersecurity Risk – A Security Leader’s Roadmap with Open FAIR

Return to Defense in Depth

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s