IN THIS CHAPTER WE identify the issues that are critical for implementing hardware security. After completing the chapter, we will be able to identify the aspects of hardware security and corresponding controls that are critical for ensuring the confidentiality, integrity, and availability of the systems resource. We will furthermore be in a position to recognize the areas of hardware and network security that we need to include in our audit plan.
The primary objective of hardware security is to prevent loss, damage, and any other compromise of information system assets, to ensure there are no interruptions of business services and activities. Hardware assets may require physical protection from various security threats. It may be necessary to ensure that hardware assets do not create or are not exposed to any environmental hazards. These controls additionally reduce the risk of unauthorized data access, unauthorized equipment removal, and disposal. The scope of control may extend to protection and safeguarding of supporting facilities such as power, communication, and so on.
The information systems auditor during the audit would focus on the following four objectives: