Overview

To have effective physical security for IT equipment, network technology, and telecommunications assets, it is important that responsibilities be assigned to staff who are appropriately placed in an organization. An individual in a management position must be responsible for overseeing planning, implementation, and maintenance of plans and procedures. Staff responsible for physical security need to be trained and have their performance evaluated. To simplify establishing a physical IT security function, the following conditions should be considered:

• How existing physical security efforts are managed and staffed

• The financial resources available for new security efforts

• The human resources that are in place for physical security

Action step 1.01 in Chapter 1 called for establishing a working group to evaluate how your organization is addressing the physical security of IT assets and to evaluate and plan alternatives or improvements. The work of the physical security working group can help establish a security function including:

• The organizational placement of the physical IT security function

• Establishing interdepartmental relationships for physical security

• Evaluating financial resources

• Determining the role of corporate security in physical IT security

• Determining the role of cyber security in physical IT security

• Determining the role of network security in physical IT security

• Developing relationships with law enforcement agencies Developing relationships with private security providers

• Establishing and utilizing an alert system for incidents

This chapter discusses these aspects of physical IT security and provides action items to enable organizations to move ahead in establishing a function to address physical security needs.

2.1 Organizational...