Building Security Systems
Risk identification should be part of the process of working out the details of how data will be stored, and appropriate security measures to mitigate those risks should be implemented. This includes physical and environmental controls that are often in place but frequently not fully or correctly implemented. Understanding the requirements for these areas is a vital aspect of supporting the IT infrastructure.
Computers and other devices should be locked to desks using appropriate cables, especially in areas where the item is accessible to the public.
Locks on safes, filing cabinets, and other storage areas must be commensurate with the risk and sensitivity of the data being stored within the area ...