Physical Security for IT Standards, Guidelines and Methods

Print Friendly, PDF & Email

Here are a few of the standards, guidelines and methods we apply to develop and implement a Physical Security for IT program.

Some references are links to HTML pages on other websites, and open in a new web page. Other references are Adobe PDF file downloads (download instructions follow below).

To download a document file to your computer, right-click on a the filename link then select:
  • Save Target As... (in Internet Explorer)
  • Save Link Target As... (in Netscape)
  • Save Link As... (in FireFox or Google Chrome)

Files that are 1 MB or larger have their size listed next to the file name.

Standards
icon-html-64x64 ANSI/ASIS PAP.1-2012 Security Management Standard

This standard for Physical Asset Protection (PAP) is available free to ASIS International members. One purpose for the standard is to provide a foundation for a converged approach to security (which advocates that all areas of Physical and Information security work together. The Standard is applicable to organizations of all sizes across all sectors: private, public and not-for-profit.
Guildelines
icon-html-64x64 BOOK: Physical Security for IT

Written by an IT security expert, Michael Herbschloe, this is the only book that thoroughly addresses physical protection for IT systems.
adobe-pdf-logo-150x150 Cisco-Best-Practices.pdf

Contains the Cisco Powered Network Program Data Center Best Practices Checklist
adobe-pdf-logo-150x150 Data-Center-Physical-Security-Best-Practices-Checklist.pdf

Based upon SAS 70 audit practice.
Methods
icon-html-64x64

OCTAVE Allegro information security assessment method

OCTAVE Allegro is a free assessment method intended for self-directed application, by individuals who have never performed an information asset risk assessment. That is why the method is very clearly documented, and why the documentation contains worksheets, questionnaires and forms to guide assessors through each assessment action. It also contains the work product from an example assessment. This helps you to see if you are doing too much or too little. The link above will take you to the page from which the OCTAVE Allegro materials can be downloaded.

OCTAVE Allegro consists of eight steps organized into four phases:

  • Phase 1 - Assessment participants develop risk measurement criteria consistent with organizational drivers: the organization's mission, goal objectives, and critical success factors.
  • Phase 2 - Participants create a profile of each critical information asset that establishes clear boundaries for the asset, identifies its security requirements, and identifies all of its containers.
  • Phase 3 - Participants identify threats to each information asset in the context of its containers.
  • Phase 4 - Participants identify and analyze risks to information assets and begin to develop mitigation approaches.