Safe placement of equipment

Critical
High
Normal
Low

For example, data processing equipment, as well as other important equipment, should be placed in the premises safely and with consideration. Placement should restrict unauthorized access to devices.

Connected other frameworks and requirements:
Toiminnan jatkuvuuden hallinta
F08: Toiminnan jatkuvuuden varmistaminen
11.1.3: Securing offices, rooms and facilities
ISO 27001
11.2.1: Equipment siting and protection
ISO 27001
11.1.4: Protecting against external and environmental threats
ISO 27001

Strong authentication for processing or storage areas of highly confidential information

Critical
High
Normal
Low

Access to areas where confidential information is handled or stored should be restricted to authorized individuals through appropriate access control, e.g. using a two-step authentication mechanism such as an access card and a passcode.

Connected other frameworks and requirements:
11.1.1: Physical security perimeter
ISO 27001
11.1.3: Securing offices, rooms and facilities
ISO 27001
PR.AC-2: Physical access control
NIST CSF
DE.CM-2: The physical environment monitoring
NIST CSF
7.1: Physical security perimeters
ISO 27001

Preventing unauthorized viewing personal data

Critical
High
Normal
Low

Irrespective of the form in which the information is presented, personal data or other confidential information shall be processed in such a way that the information isn't disclosed for outsiders.

Connected other frameworks and requirements:
11.1.3: Securing offices, rooms and facilities
ISO 27001
F06: Salakatselulta suojautuminen
7.3: Securing offices, rooms and facilities
ISO 27001

Preventing eavesdropping

Critical
High
Normal
Low

Conversations concerning personal data or other confidential information shall not be conveyed to adjacent premises to those who do not have the right to information.

Connected other frameworks and requirements:
11.1.3: Securing offices, rooms and facilities
ISO 27001
F07: Salakuuntelulta suojautuminen
7.3: Securing offices, rooms and facilities
ISO 27001

Electromagnetic data breach management

Critical
High
Normal
Low

Electronic devices such as cables, monitors, copiers, tablets and smartphones leak electromagnetic radiation, from which it is possible to find out the original transmitted data with the right hardware and, for example, steal the entered username and password.

Openings in the premises' structures (windows, doors, air conditioning) are protected to prevent radiation from escaping. In addition, equipment handling confidential data is located so as to minimize the risk of leakage due to electromagnetic leakage.

Connected other frameworks and requirements:
11.1.3: Securing offices, rooms and facilities
ISO 27001
11.2.1: Equipment siting and protection
ISO 27001
I14: Hajasäteily (TEMPEST)
PR.DS-2: Data-in-transit
NIST CSF
7.3: Securing offices, rooms and facilities
ISO 27001
No items found.