• ISO certification consultants Delhi, India, IT Consultancy Services –  ICPL

    ISO 9001:2008

    Quality Management System

  • ISO 14001:2004 Certification - Environmental Management System –  ICPL

    ISO 14001:2004

    Environment Management System

  • OHSAS 18001:2007 Certification, Occupational Health and Safety -  ICPL

    OHSAS 18001:2007

    Occupational Health and Safety

  • ISO 27001:2005 Certification, ITSMS Certification –  ICPL

    ISO 20000-1:2011

    Information Technology Service Management System

  • ISO 22000:2005 Certification, food safety management system –  ICPL

    ISO 22000:2005

    Food Safety Management System

  • Network Penetration Testing, IT Security Services –  ICPL

    ISO 27001:2005

    Information Technology Security Management System

  • ISO 13485:2003 Certification, Quality Management System for Medical Devices – ICPL

    ISO 13485:2003

    Medical Devices

Physical Security Review

Depending on the organization physical security countermeasures will vary. A government agency such as the Department of Defense may have armed guards at the door of the building. Many organizations are not in the position of breaching national security so armed guards are not a necessity. In many cases a receptionist greets any new visitors and makes the appropriate arrangements for an on-site visit. Let's review some physical security countermeasures for the server room, as well as laptops and desktops.

Server Room Protection

Access Control Cards - These are tied to a specific user and must be swiped in order to gain access. The downside is that they can be stolen and used without authorization and they are really expensive to implement.

Biometrics - Uses a physical characteristic such as a fingerprint or retina to identify a user. Due to the cost of implementing this solution, as well as employee privacy issues, biometrics has not been widely accepted yet.

User Awareness - User awareness is by far the most important aspect to security. The Kingston City Council discovered this when they hired a consultant to perform a social engineering test on their users. The consultant gained access to the server room by simply telling the users that he was sent to service the UPS.

Laptop/Desktop Protection

User Awareness - Employees need to be made aware that strangers cannot be in the office without an escort. Awareness programs should encourage all employees to confront and ask an unidentified individual if they need any assistance.

Laptop Locks - These cables are physically connected to the laptop, which are then connected to a desk. A key is required to unlock the cable and, although these cables can be cut, implementing them on easily removable devices such as laptops may deter an attacker from actually making the effort.

OS Hardening - USB ports and CD-R/DVD-R drives should be disabled on all laptops/desktops so that files cannot be easily copied and stolen by a malicious user wandering around in the office.

Rings Approach to Physical Security in Depth

One way to consider an architecture to implement in depth is the rings approach to physical security. The rings are:

Ring 1 - Areas on the perimeter of the business building
Ring 2 - Immediate area around the business building/environmental (fire, floods, moisture, power)
Ring 3 - Internal location of the business building
Ring 4 - Human factors



Indicium deployed most competent resource to provide us with the network security assessment through VAPT and the assessment report was found very professional with in-depth analysis and gap closure consultation which helped HCL Services Ltd to secure it’s networks and servers from intrusions.

Mr. G.G. Rao (CIO)
View All