The Importance of a Computer Physical Security Audit
A computer physical security audit is something that is not only necessary, it can also stave off any unforeseen occurrences. The unexpected can rapidly and easily send an organization into a tailspin, as data and computers tend to control and drive the way in which businesses and people operate and thrive. The best place to start is by creating a master list that lists every piece of hardware as well as equipment even remotely attached to the total infrastructure. As most things are computer based in their operations, this list could grow quite long, which explains why conducting such audits takes time to complete.
A proper audit, whether done internally or contracted out, will include components such as:
1. Physical security - This determines and helps one understand the physical location and safety of hardware and assets. This audits and lists whether equipment is located high or low, if it is physically protected from elements or even human error, and also takes into consideration things such as power, heating, and cooling.
2. Passwords and protection - Most computers have various passwords assigned to them. During an audit not only should those passwords be recorded and stored in a safe and neutral location, but they should also be scrutinized for their sensitivity and security strength. This is the time to determine if improper or weak passwords are being used and thus should be altered or changed.
3. Network security - The security of the network that houses and controls all of the traffic that goes in and out of computers is also important to audit when dealing with overall computer security. Since network security can be compromised, it is important to make sure it is as secure and tight as possible.
4. Data security - Data is the most taxing component of any computer or computing system. The vast amount of data produced lends itself to having to store that data so it can be managed, maintained, accessed and controlled. Data storage is a complex set of both hardware and software. Security aspects of data involve making sure the data is stored in a secure manner, access is controlled and restricted, and technologies such as backup and recovery are utilized to further secure all information.
In conducting a computer physical security audit it is important to make sure that all areas of the network are checked and assessed. This means that essentially everything attached directly or indirectly to the network needs to be accounted for and each element needs to be scrutinized to ensure that security measures are in place.
Some IT departments prefer to conduct their own internal audits while others opt for an external firm to do the assessment. There is even a hybrid option where an internal audit is done in conjunction with an external one. Regardless of how an audit is done, the more comprehensive the audit is, the better the overall security of the network and infrastructure will be.
Image Credit: Wikimedia Commons, by Free Software Foundation