Physical Security
The following list identifies some of the possible causes of physical damage and measures that can be taken to reduce the likelihood of them happening. If the computer system is essential to the organisation (e.g. banking) then the entire installation would be duplicated in a different location so that operations could continue uninterrupted should one of the systems be 'down' due to damage or routine maintenance.
| Malicious Damage and Theft | This may be caused if an unauthorised person gains entry to the computer room. It can be prevented by restricting physical access to the computer system - particularly in a mainframe installation. This could include the use of security guards, electronic locks on doors that operate with a code number or swipe card - logging movement of personnel as well as controlling access. Theft is a particular problem with microcomputer based systems where the memory and processor chips themselves may be a target for thieves who can escape with these items more easily than with a complete system. Control of access is again the main deterrent. |
| Protection against fire | This may, for a microcomputer system require no more than a smoke detector and foam fire extinguisher - note that water based extinguishers cannot be used for electrical equipment. A mainframe would have a gas based system that would flood the room with an inert (non-poisonous) gas to smother any fire. In either case, if the alarm system is triggered then some damage is likely to occur. Fireproof safes should be used to store back up data and in critical cases this data should be stored at another site. |
| Storm and Flood protection | The most effective way of protecting against natural disasters is in the siting, construction and design of the computer installation. Possible sources of danger should be identified before the installation is constructed. |
| Electrical Damage | Electrical power is subject to sudden variations called spikes that may damage equipment or cause loss or corruption of data. A power failure could cause loss of data and would prevent the system from operating. In the case of a microcomputer an Uninteruptable Power Supply (UPS) can be used to provide about 30 minutes of power if the mains cuts out. This allows time to shut the system down without risk of damage. The UPS will also protect against spikes, as do special filter plugs. A mainframe would require its own backup generator to protect against loss of power. |
Security of Access
If access to data is not secure then the data could be obtained by a rival or maliciously or accidentally destroyed. This has been dealt with in Core 1 in section 1.09 on Malpractice and Data Theft. The parts headed Theft of Software and Data and Hacking are particularly relevant. In summary, the precautions that protect against unauthorised access to data include:
- Hierarchical password systems giving users access only to the data that they require and limiting their access to the type needed (e.g. read only)
- Encrypting data - particularly when it is being transmitted.
- Enforcing password discipline - setting minimum password length, disallowing reuse of old passwords and have an expiry time.
- Not leaving remote terminals logged on.
- Monitoring access to detect departures from normal patterns.
- Shredding waste print out.
Integrity of Data
There is not much point in having physically secure data that is kept safe from unauthorised access if the data itself is full of errors. The section on verification and validation discusses methods that can be used to try to ensure that the data entered into the system is correct.
In addition standard administrative controls and clerical checks should be used to ensure that the data collected for use by the system is correct. These controls will extend to ensuring that the correct file is being processed, that write protect tags are used and that data which is stored off line is properly identified and catalogued.
© LEV
