Page 65 - Courses
P. 65

IT Essentials — Physical and Environmental Controls

             TOPIC 1: INTRODUCTION

            Introduction

            Today’s physical security and environmental control systems rely heavily on technology; specifically,
            technology that can be exploited through the internet or a cellular network. A common example of a
            physical security system includes the security guard who relies on camera systems, sensors, and
            alarms to evaluate the security of the perimeter. An example of an environmental security system
            may include a third-party cloud vendor who utilizes remote access tools to monitor the systems they
            manage.

            It is very important to monitor the risks and controls associated with physical and environmental
            security systems, as the last decade has seen a significant rise in cyberattacks and cyberattack
            attempts on these types of systems. Strong IT general controls start with effective physical controls
            around the perimeter and within the facility, along with mechanisms to ensure devices are
            environmentally controlled.

            Learning Objectives

            •  Describe the basics of physical security.

            •  Describe the basics of environmental security.


            •  Recall common physical and environmental risks and controls.

            •  Identify the general concepts related to auditing physical and environmental security.




            Physical Security and Environmental Controls

            Physical security refers to all the human resources, hardware, and technology utilized to protect the
            physical infrastructure, physical documents, employees, and customers or the public.

            Environmental controls refer to the control systems and their associated monitoring consoles, which
            ensure a consistent environment for people, paper, and equipment.



            Common Terminology

            Cybersecurity — The protection of information assets by addressing threats to information
            processed, stored, and transported by interconnected devices capable of accessing the internet.

            Environmental Control — Technology control that monitors for a condition, or validates that a
            system is functioning within specification.


            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   60   61   62   63   64   65   66   67   68   69   70