Information Technology Reference
In-Depth Information
However, occasionally the need arises for additional specific confidentiality
instructions. This can be the case, when a person gets into contact with highly
sensitive data while working for a specific project for example. In such cases the
confidentiality commitment may include restrictive information policies against
units and persons internal to the organisation. Sometimes the signature under a
separate paper may be necessary. And this may not only concern data. Sometimes
reports about internal processes may for example facilitate inferences about
methods of payment, applications etc.
9.4 Physical Security
Besides the security problems directly connected to information and communi-
cation technology itself to be discussed further on, there are the usual security
aspects concerning buildings and equipment, which in most cases have to be solved
physically.
9.4.1 Physical Objects
These are security relevant objects:
The whole area of an organisation or company
All buildings; and especially rooms that have direct communicative access to
computer systems and communication installations
Utility services
All hardware in conjunction with information and communication, mobile or
fixed and
The adjacent neighbourhood of the company grounds, in as much as access to
internal systems may be attempted wirelessly from there.
All these installations have to be secured in different ways, whenever a direct
influence is possible.
9.4.2 Access
The first and most important obstacle against non authorized access is the selective
authorisation of admission to installations of an organisation. This subject will not be
covered in detail here, since admission control is a science in its own right. It is
important that state-of-the-art technologies be used to secure all rooms, which house
central hardware for application systems, by special admission mechanisms within or
in addition to the already practised admission security to the premises itself.
Terminal devices, which are placed in offices, should be physically fixed and
switched off, when offices are deserted.
