Chapter Two

Hardware Security Issues

IN THIS CHAPTER WE identify the issues that are critical for implementing hardware security. After completing the chapter, we will be able to identify the aspects of hardware security and corresponding controls that are critical for ensuring the confidentiality, integrity, and availability of the systems resource. We will furthermore be in a position to recognize the areas of hardware and network security that we need to include in our audit plan.

HARDWARE SECURITY OBJECTIVE

The primary objective of hardware security is to prevent loss, damage, and any other compromise of information system assets, to ensure there are no interruptions of business services and activities. Hardware assets may require physical protection from various security threats. It may be necessary to ensure that hardware assets do not create or are not exposed to any environmental hazards. These controls additionally reduce the risk of unauthorized data access, unauthorized equipment removal, and disposal. The scope of control may extend to protection and safeguarding of supporting facilities such as power, communication, and so on.

The information systems auditor during the audit would focus on the following four objectives:

1. Effective and efficient use of assets
2. Safeguarding of assets
3. Availability of assets to those permitted to use them
4. Maintenance of integrity of hardware
Hardware
Hardware commonly refers to information systems assets that have a physical ...

Get Understanding and Conducting Information Systems Auditing + Website now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.