3. Control A.11 Physical and environmental security
Takes care of both physical and environmental security of an organization
Two sub-controls:
A.11.1 : Secure areas
A.11.2 : Equipment
Physical security includes security guards, biometric machines etc
Environmental security includes disaster recovery from earthquake, fire etc
Custom eCommerce Solution Providershttp://www.ifourtechnolab.com
4. Control objective of A.11.1 :
To prevent unauthorized physical access, damage and interference to the organization’s
information and information processing facilities.
Security breach of this control can be there if someone gets unauthorized access to
secure areas.
Areas like data centre are critical because of storage of critical information. So, it
should be highly secured.
Control A.11.1 Secure areas
Custom eCommerce Solution Providershttp://www.ifourtechnolab.com
5. A.11.1.1 : Physical security perimeter
Safety measures should be taken across physical security perimeter to protect
areas from any unauthorized access.
Control objective:
Security perimeters shall be defined and used to protect areas that contain either
sensitive or critical information and information processing facilities.
Custom eCommerce Solution Providershttp://www.ifourtechnolab.com
6. Control objective:
Secure areas shall be protected by appropriate entry controls to ensure that only
authorized personnel are allowed access.
Physical entry controls include:
Password
Passphrase
Biometric
Smart card
A.11.1.2 : Physical entry controls
Custom eCommerce Solution Providershttp://www.ifourtechnolab.com
7. A.11.1.3 : Securing offices, rooms and facilities
Control objective:
Physical security for offices, rooms and facilities shall be designed and applied.
Physical security includes:
Security guard
Swipe-in/Swipe-out
Luggage scan
Biometric
Custom eCommerce Solution Providershttp://www.ifourtechnolab.com
8. A.11.1.4 : Protecting against external and environmental threats
Control Objective:
Physical protection against natural disasters, malicious attack or accidents shall be
designed and applied.
External threats include:
Earthquake
Tsunami
Environmental threats include:
Global warming
Fire
Custom eCommerce Solution Providershttp://www.ifourtechnolab.com
9. Control Objective:
Procedures for working in secure areas shall be designed and applied.
Procedures:
CCTV cameras installation
Body scan of people working there
Biometric
A.11.1.5 : Working in secure areas
Custom eCommerce Solution Providershttp://www.ifourtechnolab.com
10. Control Objective:
Access points such as delivery and loading areas and other points where unauthorized
persons could enter the premises shall be controlled and, if possible, isolated from
information processing facilities to avoid unauthorized access.
Unauthorized access:
Shoulder surfing
Theft of employee ID card
Social Engineering
A.11.1.6 : Delivery and loading areas
Custom eCommerce Solution Providershttp://www.ifourtechnolab.com