CobiT definition:
Protection for computer equipment and personnel requires well-designed and well-managed physical facilities. The process of managing the physical environment includes defining the physical site requirements, selecting appropriate facilities, and designing effective processes for monitoring environmental factors and managing physical access. Effective management of the physical environment reduces business interruptions from damage to computer equipment and personnel.
Control over the IT process of
Manage the physical environment
that satisfies the business requirement for IT of
protecting computer assets and business data and minimising the risk of business disruption
by focusing on
providing and maintaining a suitable physical environment to protect IT assets from access, damage or theft
is achieved by
- Implementing physical security measures
- Selecting and managing facilities
and is measured by
- Amount of downtime arising from physical environment incidents
- Number of incidents due to physical security breaches or failures
- Frequency of physical risk assessment and reviews
Control objectives:
DS12 Manage the Physical Environment
DS12.1 Site Selection and Layout
DS12.2 Physical Security Measures
DS12.3 Physical Access
DS12.4 Protection Against Environmental Factors
DS12.5 Physical Facilities Management
Check out the links for details on the control objectives.
No related posts.