12 new national NIS2 framework versions published! Read more ->
Cyberday back to normal - related blog
To mitigate the risk of unauthorized physical access, damage, and interference to an organization's information and associated assets within offices, rooms, and facilities, it is crucial to design and implement robust physical security measures. This can be done e.g. designing buildings to be discreet, with minimal indicators of their purpose to outsiders and restricting access to directories, internal telephone books, and online maps that identify locations of confidential information processing facilities.
Conversations concerning personal data or other confidential information shall not be conveyed to adjacent premises to those who do not have the right to information.
Irrespective of the form in which the information is presented, personal data or other confidential information shall be processed in such a way that the information isn't disclosed for outsiders.
Access to areas where confidential information is handled or stored should be restricted to authorized individuals through appropriate access control, e.g. using a two-step authentication mechanism such as an access card and a passcode.
For example, data processing equipment, as well as other important equipment, should be placed in the premises safely and with consideration. Placement should restrict unauthorized access to devices.
Electronic devices such as cables, monitors, copiers, tablets and smartphones leak electromagnetic radiation, from which it is possible to find out the original transmitted data with the right hardware and, for example, steal the entered username and password.
Openings in the premises' structures (windows, doors, air conditioning) are protected to prevent radiation from escaping. In addition, equipment handling confidential data is located so as to minimize the risk of leakage due to electromagnetic leakage.
.png)
