More about ISO 27001 Information Security Management System:
ISO 27001 Certification is a management system standard that specifies the requirement for establishing, implementing. Maintaining and continuous improvement of Information Security Management System. Risk and opportunities are taken into consideration in this standard. Implement physical security. We start with another question.
Is it more likely that a confidential file will be compromised by a black hat by defeating your firewall or by a visitor or black hat, walking up to a PC and copying the file onto a thumb drive? In general, the answers ladder which underscores what you need to implement physical security, physical security may seem to be common sense. Yet it is often overlooked. If unauthorized people gain access to the physical network infrastructure, lots of other security mechanisms may be rendered useless physical access suggests at least the possibility of being able to bypass another security mechanism.
Physical security should be made part of your security policy. So make sure that you write that in begin by defining restricted areas and non-restricted areas obviously, ISO 27001 Certification a server room should be a restricted area network equipment such as routers, firewalls, patch panels, and cabling should be in a restricted area. Backup media or any equipment containing data should also be stored in a restricted area take appropriate measures to secure all areas.
Consider human security guards there are kinds of locks biometrics key cards, cameras, etc., this should be supervised. Even when in non-restricted areas define who is allowed into restricted areas by following the principle of least privilege that is only employees with the legitimate business reason should have access to restricted areas to consider locking down in user workstations. For example, you may wish to disable the physical USB ports that would stop the mini exploits that use thumb drives, such as an employee taking home files or a visitor plugging in a thumb drive with malware on it to any convenient computer.
Configure workstations with a timed auto logout?
So now we can sit down at someone else’s workstation. If the user forgets to log out eliminate unauthorized network equipment that is rogue. The most common type of unauthorized network equipment will be end-users who install a device for convenience, fun, not realizing security problems that this can cause they don’t realize that they could be creating a backdoor into the network. The first step in dealing with this sort of thing is to make sure that you create addresses, what is and what is not allowed to be installed on the network, and make sure end users are educated about this.
For example, more technically advanced users seem to pose a bigger problem. Of course, there is also the possibility that rogue equipment may be installed on your network. Why black hats with the sole purpose of harming rogue wireless access points deserve special attention. This is a very common type of equipment, the most direct way to find wireless access points is to use a program like Insider. To view all SSIDs in the area.
Specifically, unauthorized SSID is in the area and last considered disabling opened Ethernet Cards accessible to end-users, as most rogue equipment must be plugged into an Ethernet jack that will go a long way to preventing the problem. Cisco does allow you to disable ports on switches.
For more information: ISO 27001 Certification