Welcome » IT Booklets » Information Security » Security Controls Implementation » Physical And Environmental Protection
Financial institutions should define physical security zones and implement appropriate preventative and detective controls in each zone to protect against the risks of
The confidentiality, integrity, and availability of information can be impaired through physical access and damage or destruction to physical components. Conceptually, those physical security risks are mitigated through zone-oriented implementations. Zones are physical areas with differing physical security requirements. The security requirements of each zone are a function of the sensitivity of the data contained or accessible through the zone and the information technology components in the zone. For instance, data centers may be in the highest security zone, and branches may be in a much lower security zone. Different security zones can exist within the same structure. Routers and servers in a branch, for instance, may be protected to a greater degree than customer service terminals. Computers and telecommunications equipment within an operations center will have a higher security zone than I/O operations, with the media used by that equipment stored at yet a higher zone.
The requirements for each zone should be determined through the risk assessment. The risk assessment should include, but is not limited to, the following threats: