ISO IEC 17799 2000 *
|
|
* ISO 17799 2000 is now
OBSOLETE.
|
| We’ve used a task oriented approach to
translate the ISO/IEC 17799 information security standard into plain
English. This means that our plain English standard consists entirely of
tasks. So if you want to implement the ISO 17799
standard, all you have to do is carry out the tasks that we have listed.
However, you don’t have to perform every task. These are
recommended
tasks, not compulsory tasks.
In order to give you the freedom to choose whether or not you wish to carry out a recommended task, we offer three response options for each task: DO, DONE, or N/A. If you haven’t done the task and you feel it needs to be done, select DO. Select DO if the task addresses one of your information security risks or needs. If you’ve already done the task, select DONE. If the task is not applicable in your situation or does not address your information security risks and needs, then answer N/A (not applicable). |
|
THE FOLLOWING MATERIAL IS NOW OBSOLETE |
ISO IEC 17799 2000
|
| 7. PHYSICAL AND ENVIRONMENTAL SECURITY |
| 7.1 USE SECURE AREAS TO PROTECT FACILITIES | COMMENTS | |||||
| 1 |
Use physical methods to control access to your information processing facilities. |
DO | DONE | N/A | ||
| 2 |
Use physical methods to prevent people from damaging or interfering with your information processing facilities. |
DO | DONE | N/A | ||
| 3 |
Identify the areas within your facility that
should receive special protection and be treated as secure areas. |
DO | DONE | N/A | ||
| 4 |
Use secure areas to protect sensitive or critical information processing facilities. |
DO | DONE | N/A | ||
| 5 |
Use entry controls to protect your information processing facilities. |
DO | DONE | N/A | ||
| 6 | Make sure that your physical protection methods are commensurate with your security risks. | DO | DONE | N/A | ||
| 7.1.1 USE PERIMETERS TO PROTECT SECURE AREAS | COMMENTS | |||||
| 7 |
Use physical security perimeters and barriers
to protect your organization’s information processing facilities. |
DO | DONE | N/A | ||
| 8 | Make sure that your physical security perimeters and barriers provide more protection for high risk areas than low risk areas. | DO | DONE | N/A | ||
| 9 |
Make sure that your physical security barriers
and perimeters are free of physical gaps and weaknesses. |
DO | DONE | N/A | ||
| 10 |
Make sure that external doors and entrance ways are used to prevent unauthorized access to information processing facilities. |
DO | DONE | N/A | ||
| 11 | Restrict building access to authorized personnel. | DO | DONE | N/A | ||
| 12 |
Use physical barriers to prevent unauthorized access. |
DO | DONE | N/A | ||
| 13 |
Make sure that physical barriers are used to prevent contamination from external environmental sources. |
DO | DONE | N/A | ||
| 14 |
Make sure that external perimeter doors are controlled by fire alarm systems. |
DO | DONE | N/A | ||
| 15 | Make sure that all external perimeter doors automatically slam shut in response to a fire. | DO | DONE | N/A | ||
| 7.1.2 USE ENTRY CONTROLS TO PROTECT SECURE AREAS | COMMENTS | |||||
| 16 | Use physical entry controls to protect secure areas. | DO | DONE | N/A | ||
| 17 |
Make sure that your physical entry controls
ensure that only authorized people are given access to secure areas. |
DO | DONE | N/A | ||
| 18 |
Make sure that visitors to secure areas are given a security screening. |
DO | DONE | N/A | ||
| 19 |
Make sure that you supervise all visitors to secure areas. |
DO | DONE | N/A | ||
| 20 |
Record the date and time visitors enter and leave secure areas. |
DO | DONE | N/A | ||
| 21 |
Make sure that all visitors to secure areas
are given specific security instructions. |
DO | DONE | N/A | ||
| 22 |
Make sure that all visitors to secure areas
are made aware of your emergency procedures. |
DO | DONE | N/A | ||
| 23 |
Use physical controls to restrict access to sensitive information. |
DO | DONE | N/A | ||
| 24 |
Use physical controls to restrict access to information processing facilities. |
DO | DONE | N/A | ||
| 25 |
Validate the identity of all persons who wish to access secure areas. |
DO | DONE | N/A | ||
| 26 |
Ensure that all persons who access secure areas wear visible identity tags. |
DO | DONE | N/A | ||
| 27 | Keep a record of access to secure areas. | DO | DONE | N/A | ||
| 28 |
Review access rights to secure areas on a regular basis. |
DO | DONE | N/A | ||
| 29 |
Update access rights to secure areas on a regular basis. |
DO | DONE | N/A | ||
| 7.1.3 USE DESIGN STRATEGIES TO PROTECT SECURE AREAS | COMMENTS | |||||
| 30 |
Design your secure areas to withstand natural disasters. |
DO | DONE | N/A | ||
| 31 |
Design your secure areas to withstand man-made disasters. |
DO | DONE | N/A | ||
| 32 |
Design your secure areas in accordance with all relevant health and safety regulations and standards. |
DO | DONE | N/A | ||
| 33 |
Protect your secure areas from security
threats that neighboring facilities might present. |
DO | DONE | N/A | ||
| 34 |
Site secure areas in order to avoid public access to them. |
DO | DONE | N/A | ||
| 35 |
Site secure area photocopiers and other equipment so that routine access to them will not compromise security. |
DO | DONE | N/A | ||
| 36 | Design your information processing facilities in order to hide their true purpose from the public. | DO | DONE | N/A | ||
| 37 | Use locks to control access to secure areas. | DO | DONE | N/A | ||
| 38 | Lock all information processing facility doors and windows when these facilities are not being used. | DO | DONE | N/A | ||
| 39 |
Install external window protections for your information processing facilities. |
DO | DONE | N/A | ||
| 40 |
Use intruder detection systems to prevent access to secure areas. |
DO | DONE | N/A | ||
| 41 | Make sure that your intruder detection systems cover all external doors and accessible windows. | DO | DONE | N/A | ||
| 42 |
Make sure that your intruder detection systems comply with professional installation and maintenance standards. |
DO | DONE | N/A | ||
| 43 |
Test your intruder detection systems on a regular basis. |
DO | DONE | N/A | ||
| 44 |
Keep unoccupied secure areas alarmed at all times. |
DO | DONE | N/A | ||
| 45 |
Separate your information processing
facilities from facilities that are managed by third parties. |
DO | DONE | N/A | ||
| 46 | Prevent public access to internal directories and documents that specify the location of sensitive information processing facilities. | DO | DONE | N/A | ||
| 47 |
Site fallback equipment away from secure areas
in order to avoid damage during a disaster. |
DO | DONE | N/A | ||
| 48 |
Site backup media away from secure areas
in order to avoid damage during a disaster. |
DO | DONE | N/A | ||
| 49 |
Store hazardous materials away from secure areas. |
DO | DONE | N/A | ||
| 50 |
Store combustible materials away from secure areas. |
DO | DONE | N/A | ||
| 7.1.4 USE WORK GUIDELINES TO PROTECT SECURE AREAS | COMMENTS | |||||
| 51 |
Use guidelines to control the work that your personnel perform in secure areas. |
DO | DONE | N/A | ||
| 52 |
Use guidelines to control the work that third parties perform in secure areas. |
DO | DONE | N/A | ||
| 53 |
Allow third party support service personnel
to access secure areas only when access is clearly required. |
DO | DONE | N/A | ||
| 54 |
Monitor third party access to your secure areas. |
DO | DONE | N/A | ||
| 55 |
Ensure that third party access to secure areas is authorized. |
DO | DONE | N/A | ||
| 56 | Use a need-to-know policy to control information about your secure areas and facilities. | DO | DONE | N/A | ||
| 57 | Supervise all work performed in secure areas. | DO | DONE | N/A | ||
| 58 | Lock secure areas that are vacant. | DO | DONE | N/A | ||
| 59 | Check secure areas that are vacant. | DO | DONE | N/A | ||
| 60 | Prevent the unauthorized use of photographic and other recording equipment inside secure areas. | DO | DONE | N/A | ||
| 7.1.5 USE HOLDING AREAS TO PROTECT SECURE AREAS | COMMENTS | |||||
| 61 | Control the use of delivery and loading areas. | DO | DONE | N/A | ||
| 62 |
Separate your delivery and loading areas from
all of your information processing facilities. |
DO | DONE | N/A | ||
| 63 |
Make sure that all delivery and loading functions are carried out in a carefully controlled holding area. |
DO | DONE | N/A | ||
| 64 |
Make sure that you restrict access to your holding area. |
DO | DONE | N/A | ||
| 65 |
Make sure that holding area is designed so that supplies can be unloaded without allowing access to secure areas. |
DO | DONE | N/A | ||
| 66 |
Make sure that your holding area is
designed so that the external door is secured when the internal door is open. |
DO | DONE | N/A | ||
| 67 |
Inspect all incoming supplies and materials
to ensure that all hazards are identified before these items are transferred to secure areas. |
DO | DONE | N/A | ||
| 68 | Record all incoming supplies and materials. | DO | DONE | N/A | ||
| 7.2 PROTECT EQUIPMENT FROM HAZARDS | COMMENTS | |||||
| 69 |
Protect your equipment from security threats and hazards. |
DO | DONE | N/A | ||
| 70 |
Protect your equipment from environmental threats and hazards. |
DO | DONE | N/A | ||
| 71 |
Make sure that your physical security measures reduce the risk that people will have unauthorized access to your data. |
DO | DONE | N/A | ||
| 72 |
Make sure that physical security measures protect your data from loss or damage. |
DO | DONE | N/A | ||
| Etcetera ... | DO | DONE | N/A | |||
| How to Order | Our Products | Our Prices | Our Guarantee |
| Home Page | Table of Contents | Our License | Our Customers |
|
PRAXIOM RESEARCH GROUP
LIMITED |
|||
|
Updated on December 1, 2008. On the Web since May 25, 1997. |
|||
Disclaimer and Limitation of Liability
The publisher and authors have used their best efforts in designing
and
developing this electronic publication. We make no representation
or warranties
with respect to accuracy or completeness of the contents of this
publication and
specifically disclaim any implied warranties or merchantability
or fitness for any
particular purpose and shall in no event be liable for any loss
of profit or any
other commercial damage, including but not limited to special,
incidental,
consequential, or other damages.
Legal
Restrictions on the Use of this Page
Thank
you for visiting this page. You are, of course, welcome to view our
material as often as you wish, free of charge. And as long as you
keep intact
all copyright notices, you are also welcome to print or make one
copy of this
page for your own personal, noncommercial, home use. But, you are not
legally authorized to print or produce additional copies, or to
copy and paste
any of our material onto another web site. If you would like
to purchase our
material, please contact our Sales Desk. Our staff would be very
pleased
to take your order or to answer any questions you might have.
Copyright © 2005 - 2008 by Praxiom Research Group Limited. All Rights Reserved.