Page 67 - Courses
P. 67

IT Essentials — Physical and Environmental Controls

            •  The laws and regulations of which the organization is to abide.

            Potential Vulnerabilities and Threats

            Organizations and agencies should be mindful of the potential vulnerabilities and threats that they
            face, based on the combination of factors previously mentioned, in order to maintain a proper level
            of physical security.

            Social engineers and other bad actors look for opportunities, both logically and physically, to
            infiltrate buildings or networks.

            The project team works to prevent or minimize infiltration by:
               •  Tracking and discussing the daily status of activities.
               •  Ensuring coordination among the functional leads.
               •  Providing periodic project status reports to the steering committee.
               •  Tracking project schedules, costs, etc.
               •  Performing overall management of the project.
               •  Acting as the liaison between the project team and the steering committee.

            Physical Security Considerations

            Access administrators need to ensure the principle of least privilege is being applied; this is parallel
            to considerations of logical access. In this application, least privilege means that physical access is
            limited to those individuals that need to be in a given location, and physical access should also go
            through regular entitlement checks to ensure such access and/or privileges remain appropriate.

            Internal auditors should keep in mind that physical security is accomplished when physical assets
            are safe from harm.

             TOPIC 3: BASICS OF ENVIRONEMTNAL SECURITY


            The Basics of Environmental Security

            Environmental security includes the practices, policies, and procedures that ensure the safety and
            well-being of people and technology within the immediate area or facility. Recall from the
            introduction of this course that environmental controls refer to the control systems utilized to
            ensure a consistent and safe environment for people, paper, and equipment in an organization.

            Environmental security should always be given ample consideration, as computing equipment can
            be highly sensitive to heat, humidity, static electricity, water, and even dust. Environmental control
            systems monitor for adverse conditions and alert personnel to take action. Because of the criticality
            of these systems, there has been an increase in targeted cyberattacks that take advantage of gaps in
            environmental security.



            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   62   63   64   65   66   67   68   69   70   71   72