Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

DS12.1 - Site Selection and Layout

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective DS12.1 - Site Selection and Layout is contained within Process Popup Manage the Physical Environment.

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
5 Members
0 Online
4496 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer


Site Selection and Layout

Define and select the physical sites for IT equipment to support the technology strategy linked to the business strategy. The selection and design of the layout of a site should take into account the risk associated with natural and man-made disasters, whilst considering relevant laws and regulations, such as occupational health and safety regulations.

View value and Risk Drivers  help

Hide value and Risk Drivers help


Value Drivers

  • Minimised threats to physical security
  • Decreased risk of a physical attack on the IT site via reduction of the possibility of the site being identified by unauthorised persons who may initiate such an attack
  • Reduction in insurance costs as a result of demonstrating optimal physical security management
  Risk Drivers
  • Threats to physical security not identified
  • Increased vulnerability to security risks, resulting from site location and/or layout

View Control Practices  help

Hide Control Practices  help

  1. Using the technology strategy, select a site for IT equipment that meets business requirements and the security policy. Take into account special considerations such as geographic position, neighbours and infrastructure. Other risks that need consideration include, but are not limited to, theft, air, fire, smoke, water, vibration, terror, vandalism, chemicals or explosives.
  2. Define a process that identifies the potential risks and threats to the organisation’s IT sites and assesses the business impact on an ongoing basis, taking into account the risk associated with natural and man-made disasters.
  3. Ensure that the selection and design of the site take into account relevant laws and regulations, such as building codes and environmental, fire, electrical engineering, and occupational health and safety regulations.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 63 total

Must be a Topic member to contribute
View All »
Books
Posted by ISACA 882 days ago
Books
Posted by ISACA 952 days ago
Posted by ISACA 1229 days ago

Events & Online Learning: 12 total

Journal Articles: 157 total

Volume 6, 2015
by Ed Gelbstein, Ph.D.
An auditor will sooner or later be faced with two kinds of conflicts: conflict of interest and interpersonal conflict.
Volume 5, 2107
by Marianne Bradford, Ph.D., and Dave Henderson, Ph.D.
Although generalized audit software (GAS) has been shown to significantly improve the efficiency and effectiveness of audits, many auditors do not use this technology.
Volume 3, 2018
by ISACA Member and Certification Holder Compliance
An up-to-date listing of the current IT Audit and Assurance Standards, Guidelines, and Tools and Techniques
Volume 3, 2018
by Steven J. Ross, CISA, CISSP, MBCP
For information security professionals, the trip from a proprietary data center to a combination of cloud computing, Software as a Service (SaaS), colocation (colo) facilities and managed services is not half the fun.
Volume 3, 2018
by Ian Cooke, CISA, CRISC, CGEIT, COBIT Assessor and Implementer, CFE, CPTE, DipFM, ITIL Foundation, Six Sigma Green Belt
In previous columns, I advocated the use of an ISACA paper on creating audit programs. This article will once again apply this process to build an audit program for privacy for your organization.
Volume 3, 2018
by Yuri Bobbert, CISM, CISA, SCF, and Talitha Papelard-Agteres, CISM
Understanding the key factors that influence effective BIS is crucial for business leaders; otherwise, security problems can occur, which can lead to financial loss, unavailability, reputational damage or even bankruptcy.

Wikis: 2 total

Blog Posts: 20 total

Have you experienced ransomware attack so far and, if yes, what did you do to resolve? I set up Twitter poll here: https://twitter.com/DPleskonjic/status/953608717399941120 It lasts for seven days. Thank you for taking part in the poll.
Posted By : Dragan Pleskonjic | 5 comments
My personal thoughts after listening to C-level executives at the CxO Roundtable Series sponsored by Intel, IBM, HyTrust & ReedSmith. For an invite, please reach out to me. Data Protection under the GDPR For past few months, I’ve been helping to org...
Posted By : Thomas152 | 1 comments
Information Security and Privacy is hot issue at present time. Number of security breaches is rapidly increasing.  In case of late detection, costs of breaches are skyrocketing. In the same time Artificial Intelligence (AI), Machine Learning (ML) are fast...
Posted By : Dragan Pleskonjic | 0 comments
My previous blog under name "Dragan on Security" was at location: http://conwex.info/blog/. It was active from August 28, 2005 to October 3, 2012. By beginning of 2017 it is moved to new location http://www.dragan-pleskonjic.com/blog/. With possibility to...
Posted By : Dragan Pleskonjic | 0 comments
Senior Manager           ultimate responsibility Information security Officer          functional responsibility Security Analyst           Strategic, develops policies and guidelines Owner         - Responsible for asset         - Determine level of clas...
Posted By : Muhammad554 | 0 comments
“Enterprise architecture is now a strategic componentof every forward-thinking organization around the world.”Source: http://feapo.org/press-release-ea-perspectives-white-paper/ Related Article: Common Perspective on Enterprise Architecture: http://feapo....
Posted By : SA | 1 comments