Page 69 - Courses
P. 69

IT Essentials — Physical and Environmental Controls

               •  Information security should ensure that the security architecture is correct for environmental
                   and physical security systems, including ensuring that the devices on the network are
                   monitored, alerting is enabled, and events are effectively assessed and addressed.

            Disruption of Service

            Network placement and managing access are critical for achieving environmental security.
            Environmental security at most organizations includes a series of consoles that monitor:
            •  Detectors for fire, smoke, carbon monoxide, electrostatic, and water.
            •  Sensors for humidity and temperature (heating, ventilation, and air conditioning [HVAC]/chiller).
            •  Banks of battery backups and desktop/rack uninterrupted power supply units (UPS) and diesel
               generators.

             TOPIC 4: COMMON RISKS AND CONTROLS

            Sources of Potential Impact

            Before the organization addresses vulnerabilities and threats to their data and information assets,
            they should first address the sources of potential impact (risks) to their physical environment.

            Review the conversation between the internal auditor and the facilities manager on the next screen.

            Physical and Environmental Risks

            Good day Sara, and thank you for meeting with me today. As you know, I am starting the physical
            and environmental security audit, and I am excited to learn more about our current controls.

            Yes. It is my pleasure to perform a walk-through of our physical and environmental security controls.
            Before we get started with our tour, let me give you a bit of background; it will help you to
            understand how we have determined what safeguards to implement.
            As you know, each year, we perform a risk assessment specific to physical and environmental
            security. During the identification phase, we review our asset inventory, along with the list of
            associated vulnerabilities, threats, and risks.

            What risks and vulnerabilities to physical and environmental security did you and your team
            discover during your assessment?

            Let’s take a look at our list.

            Physical and Environmental Risks:
            •  Natural disaster.
            •  Equipment failure.
            •  Critical service disruption (telephone, internet, cellular network, satellite network, and utilities
               (power, gas, water).
            •  Unauthorized access to the facility.
            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   64   65   66   67   68   69   70   71   72   73   74