Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Center Requirements IBK3IBV01 College 6 Paul J. Cornelisse.

Published byLydia Williams Modified over 9 years ago

Similar presentations

Presentation on theme: "Data Center Requirements IBK3IBV01 College 6 Paul J. Cornelisse."— Presentation transcript:

1 Data Center Requirements IBK3IBV01 College 6 Paul J. Cornelisse

2 The nature of physical security for a data center should be one of concentric rings of defense with requirements for entry getting more difficult the closer we get to the center of the rings Data Center Requirements

3 The reason for this is obvious: if we take a number of precautions to protect information accessed at devices throughout the organization, then we must at least make sure that no damage or tampering can happen to the hardware on which the information is stored and processed Data Center Requirements

4 We should start by considering the data center itself Is the building that houses the data center standing by itself or is the data center in a building that houses other functions? If the data center is in a dedicated building, what approaches are open to the building? How well-protected are staff as they enter and leave the building? Data Center Requirements

5 Remember The cost of controls must be consistent with the value of the asset being protected The definition of “consistent” depends on what risks your organization’s management decides to accept Data Center Requirements

6

7 Everyone

8 Data Center Requirements Everyone Employees, Authorised Visitors & Vendors

9 Data Center Requirements Everyone Employees, Authorised Visitors & Vendors Emps and Accompanied Vendors only

10 Data Center Requirements

11 When considering the physical access controls that are appropriate for (and consistent with) your organization, we must take into account a number of variables—including: the assets to be protected the potential threat to those assets and your organization’s attitude to risk Data Center Requirements

12 The amount of effort put into protecting physical assets being spent on different forms of protection depends on variables such as: Centralisation (Serverfarms) Decentralisation Attitude of management Data Center Requirements

13 Assess Potential threats Assess the companies attitude towards risk Data Center Requirements

14 Daily business activities involve constant risk assessment Every decision that is taken and will influence how an organization does business, involves a form of risk assessment in the act of making the decision. Data Center Requirements

15 It is no different with information security decisions When facts and opinions have been made available to management and senior management, it is their function to decide on how risks will be managed Data Center Requirements

16 no “one-size-fits-all” solution exists Data Center Requirements

17 consider Data Center Requirements

18 Defined perimeters through strategically located barriers throughout the organization consistent with the value of the assets or services being protected Support functions and equipment are on site Physical barriers, where they are necessary, are extended from floor to ceiling Personnel other than those working in a secure area are not informed of the activities within the secure area Data Center Requirements

19 Working alone and unsupervised in sensitive areas must be prohibited Computer equipment managed by the organization is housed in dedicated areas separate from third party–managed computer equipment Secure areas, when vacated, must be physically locked and periodically checked Personnel supplying or maintaining support services are granted access to secure areas only when required and authorized, their access restricted, and their activities monitored Data Center Requirements

20 Unauthorized photography, recording, or video equipment must be prohibited within the security perimeters Entry controls over secure areas must be established to ensure only authorized personnel can gain access and a rigorous auditable procedure for authorizing access must be put in place Data Center Requirements

21 Visitors to secure areas must be supervised and their date and time of entry and departure will be recorded Visitors to secure areas are granted access only for specific, authorized purposes All personnel must be required to wear visible identification within the secure area Access rights to secure areas are to be revoked immediately for staff members who leave employment Data Center Requirements

22 “No smoking” is the first rule All flammable material—such as printer paper plastic wrapping and tapes should be stored in an area separated from the main server or computer room by a fire-rated wall

23 Data Center Requirements Flammable or highly combustible materials must also be kept out of the premises Ventilation and grounding are the keys Keep the temperature around 23 °C Put in appropriate fire detection systems

24 Data Center Requirements Fire fighting Fire fighting can result in as much damage as the fire does Passive systems Active systems

25 Data Center Requirements Examples of passive systems Sprinklers Flooded Dry Gas Halon 1301 FM200 CO2 One shot!

26 Data Center Requirements Active systems Detectors Pre flooding of dry system pipes Wait until 2 nd criteria is met

27 Data Center Requirements Disposal of documents Verifiable under policies and standards for the protection of data throughout the workplace It makes sense that if we are to spend any money or effort to protect information, then the “circle of protection” ought to surround the information all the way to its destruction

28 Data Center Requirements Avoid using large receptacles clearly marked “Confidential Documents Only.” Every single department in the organization must have easy access to the containers used Collection at fixed points in receptacles lined with opaque bags Locked bins? Attracts attention!

29 Data Center Requirements Ways of disposing: Certified recycler Shredders Cheap ones are unsafe Labor intensive Shredding service (Certified)

30 Data Center Requirements Everyone outside the organization involved in the destruction of the documents (waste haulers, recycling facilities, landfill, and incinerator owners) should sign an agreement stating they know they will be handling confidential information and agree to maintain the confidentiality of the information

31 Data Center Requirements Contracts Specify the method of destruction/disposal Specify the time that will elapse between acquisition and destruction/disposal of documents (or electronic media, if that is also to be disposed of) Establish safeguards against breaches in confidentiality Indemnify the organization from loss due to unauthorized disclosure Require that the vendor maintain liability insurance in specified amounts at all times the contract is in effect Provide proof of destruction/disposal

32 Data Center Requirements Ensure that the loading dock is secure at all times A container for the documents and the loading dock itself must be designed to minimize or eliminate the risk of documents blowing around in the wind before or while they are being collected for disposal

33 Data Center Requirements Duress Alarms Silent alarms Intrusion Detection Systems The simplest intrusion detection system is a guard patrol

34 Data Center Requirements Elements to be considered Video surveillance Illumination Motion detection sensors Heat sensors Alarm systems for windows and doors “Break-glass” sensors (these are noise sensors that can detect the sound made by broken glass) Pressure sensors for floors and stairs

35

Download ppt "Data Center Requirements IBK3IBV01 College 6 Paul J. Cornelisse."

Similar presentations

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.
Safety in Hospitals A Computer – Based Learning Program for Students.

Safety in Hospitals A Computer – Based Learning Program for Students.
Emergency Preparedness and Response

Emergency Preparedness and Response
Chapter 7: Physical & Environmental Security

Chapter 7: Physical & Environmental Security
Emergency Action Plans

Emergency Action Plans
Universal Waste Management Training. Introduction DEC and EPA have established standards for the handling of “Universal Wastes”. “Universal Wastes”, in.

Universal Waste Management Training. Introduction DEC and EPA have established standards for the handling of “Universal Wastes”. “Universal Wastes”, in.
Temporary storage Sven Hagemann GRS. Types of temporary storage 1.Storage of commodity mercury  Dealer, wholesaler, governmental stocks 2.Storage of.

Temporary storage Sven Hagemann GRS. Types of temporary storage 1.Storage of commodity mercury  Dealer, wholesaler, governmental stocks 2.Storage of.
FACILITY SAFETY: Creating a Safe and Secure Environment in the Community Health Center Presented by Steve Wilder, BA, CHSP, STS Sorensen, Wilder & Associates.

FACILITY SAFETY: Creating a Safe and Secure Environment in the Community Health Center Presented by Steve Wilder, BA, CHSP, STS Sorensen, Wilder & Associates.
In-depth look at ISACS 05.20 Stockpile Management: Weapons Photo: MAG.

In-depth look at ISACS Stockpile Management: Weapons Photo: MAG.
A best practice guide to...

A best practice guide to...
Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.

Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.

Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
CASH HANDLING Training Presentation

CASH HANDLING Training Presentation
The Islamic University of Gaza

The Islamic University of Gaza
Understanding the management of risks to health and safety on the premises of a retail business Unit 352.

Understanding the management of risks to health and safety on the premises of a retail business Unit 352.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Information systems Integrity Protection. Facts on fraud  UK computer fraud 400 Million £  17 000 on 136 000 companies  avg case 46 000 £  France.

Information systems Integrity Protection. Facts on fraud  UK computer fraud 400 Million £  on companies  avg case £  France.
General Security Principles and Practices Chapter 3.

General Security Principles and Practices Chapter 3.
NVIC VESSEL SECURITY PLAN OUTLINE

NVIC VESSEL SECURITY PLAN OUTLINE

Similar presentations

Ads by Google