Information Security Best Practices: 205 Basic Rules

Physical security involves limiting access to computer hardware, wiring, displays, and network devices. Your security policy must address it in order to prevent accidents, damage or tampering of physical hardware. The following set of best practices provide a set of guidelines for increasing physical security.
The most obvious component of physical security is the computer itself. This collection of best practices stresses steps that can be taken to protect the machines from a variety of risks.
INFOSEC Best Practice #29
Locate all server computer hardware for mission-critical systems in a secure location that is locked and restricted to authorized personnel.
Server computers usually service departments or groups of users. These systems must be located in secure, restricted areas to limit the possibility of a user accidentally shutting off the machine, damaging it by spilling a liquid on it, or seeing sensitive passwords or data. Open rooms provide an opportunity for malicious users to copy sensitive data onto portable media (i.e., floppies, tapes, CDs) or plant viruses on the server. Combination locks, keyed entry, or access cards must secure each entrance. Backup keys must be kept in a locked cabinet located in a secured room.
INFOSEC Best Practice #30
Use an air conditioning system in rooms where server computers are located.
Rooms with server computers must have proper air conditioning and humidity control. Air conditioning units located in the server room minimize the impact from building related HVAC events. Computers and other related hardware have temperature and humidity operational...