Today, an organization’s nformation system goes beyond the company itself. Backup servers are located abroad, all employees not working in the same building and some of them are in other countries or other cities, working in home office …
Physical security is also taken into account these new challenges: secure access to the information system using a vpn, for exemple, provide encrypted laptop to employees working in mobility, etc. Regarding servers, which are at the heart of the information system, if we do not create security zones, an attacker could access very easily and thus steal data or even erase the contents of the servers.
Create security zones with security access, for exemmple with a key to open a lock, or access the servers being accompanied by an employee of the data center, are examples of the most common measures in terms of physical security. The Iso 27001 standard also provides that regular monitoring is done at the level of measures against fires, floods and regular review of air conditioners in data centers to limit the destruction of data due to weather or technical problems related to the physical security.
In businesses, issues related to operational security arise quickly to CISO: what processes put in place? At what level manage, how to formalize them, how to ensure that these processes function properly in the long term? Policies and procedures govern network security, remote access and monitoring system, this particular enables sustainably improve the maturity of the security of the information system.by