Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
Physical access to the facility, servers and network components shall be managed.
Guidance
- Consider to strictly manage keys to access the premises and alarm codes. The following rules should be considered:
- Always retrieve an employee's keys or badges when they leave the company permanently.
- Change company alarm codes frequently.
- Never give keys or alarm codes to external service providers (cleaning agents, etc.), unless it is possible to trace these accesses and restrict them technically to given time slots.
- Consider to not leaving internal network access outlets accessible in public areas. These public places can be waiting rooms, corridors...
Physical access shall be managed, including measures related to access in emergency situations.
Guidance
- Physical access controls may include, for example lists of authorized individuals, identity credentials, escort requirements, guards, fences, turnstiles, locks, monitoring of facility access, camera surveillance.
- The following measures should be considered:
- Implement a badge system and create different security zones.
- Limit physical access to servers and network components to authorized personnel.
- Log all access to servers and network components.
- Visitor access records should be maintained, reviewed and acted upon as required.
Physical access to critical zones shall be controlled in addition to the physical access to the facility.
Guidance
E.g. production, R&D, organization’s critical systems equipment (server rooms…)
Assets related to critical zones shall be physically protected.
Guidance
- Consider protecting power equipment, power cabling, network cabling, and network access interfaces from accidental damage, disruption, and physical tampering.
- Consider implementing redundant and physically separated power systems for organization’s critical operations.
Physical access to the facility, servers and network components shall be managed.
Guidance
- Consider to strictly manage keys to access the premises and alarm codes. The following rules should be considered:
- Always retrieve an employee's keys or badges when they leave the company permanently.
- Change company alarm codes frequently.
- Never give keys or alarm codes to external service providers (cleaning agents, etc.), unless it is possible to trace these accesses and restrict them technically to given time slots.
- Consider to not leaving internal network access outlets accessible in public areas. These public places can be waiting rooms, corridors...
Physical access shall be managed, including measures related to access in emergency situations.
Guidance
- Physical access controls may include, for example lists of authorized individuals, identity credentials, escort requirements, guards, fences, turnstiles, locks, monitoring of facility access, camera surveillance.
- The following measures should be considered:
- Implement a badge system and create different security zones.
- Limit physical access to servers and network components to authorized personnel.
- Log all access to servers and network components.
- Visitor access records should be maintained, reviewed and acted upon as required.
Physical access to critical zones shall be controlled in addition to the physical access to the facility.
Guidance
E.g. production, R&D, organization’s critical systems equipment (server rooms…)
Assets related to critical zones shall be physically protected.
Guidance
- Consider protecting power equipment, power cabling, network cabling, and network access interfaces from accidental damage, disruption, and physical tampering.
- Consider implementing redundant and physically separated power systems for organization’s critical operations.
In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.
In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.
When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.
Sets the overall compliance standard or regulation your organization needs to follow.
.svg)
.svg)
.svg)
Break down the framework into specific obligations that must be met.
.svg)
Concrete actions and activities your team carries out to satisfy each requirement.
Documented rules and practices that are created and maintained as a result of completing tasks.
