Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

DS12.4 - Protection Against Environmental Factors

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective DS12.4 - Protection Against Environmental Factors is contained within Process Popup Manage the Physical Environment.

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
10 Members
0 Online
4202 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer


Protection Against Environmental Factors

Design and implement measures for protection against environmental factors. Install specialised equipment and devices to monitor and control the environment.

View value and Risk Drivers  help

Hide value and Risk Drivers help


Value Drivers

  • Identification of all potential environmental threats to the IT facilities
  • Prevention or timely detection of environmental threats
  • Reduced risk of claims against insurance companies being rejected for non-compliance with the requirements of insurance policies, and minimised insurance premiums
  • Appropriate protection against environmental factors
  Risk Drivers
  • Facilities exposed to environmental impacts
  • Inadequate environmental threat detection
  • Inadequate measures for environmental threat protection

View Control Practices  help

Hide Control Practices  help

  1. Establish and maintain a process to identify natural and man-made disasters that might occur in the area within which the IT facilities are located. Assess the potential effect on the IT facilities.
  2. Define and implement a policy that identifies how IT equipment, including mobile and offsite equipment, is protected against environmental threats. The policy should limit or exclude eating, drinking and smoking in sensitive areas, and prohibit storage of stationery and other supplies posing a fire hazard within computer rooms.
  3. Situate and construct IT facilities to minimise and mitigate susceptibility to environmental threats.
  4. Define and implement a process to regularly monitor and maintain devices that proactively detect environmental threats (e.g., fire, water, smoke, humidity).
  5. Define and implement procedures to respond to environmental alarms and other notifications. Document and test procedures, which should include prioritisation of alarms and contact with local emergency response authorities, and train personnel in these procedures.
  6. Compare measures and contingency plans against insurance policy requirements, and report results. Address points of non-compliance in a timely manner.
  7. Ensure that IT sites are built and designed to minimise the impact of environmental risks (e.g., theft, air, fire, smoke, water, vibration, terror, vandalism, chemicals, explosives). Consider specific security zones and/or fireproof cells (e.g., locating production and development environments/servers away from each other).
  8. Keep the IT sites and server rooms clean and in a safe condition at all time, i.e., no mess, no paper or cardboard boxes, no filled dustbins, no flammable chemicals or materials.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 64 total

Must be a Topic member to contribute
View All »
Books
Posted by ISACA 757 days ago
Books
Posted by ISACA 827 days ago
Posted by ISACA 1104 days ago

Events & Online Learning: 7 total

16 Mar 2015
ISACA International Event
Orlando, FL, USA
1 Aug 2016
ISACA International Event
Chicago, IL, USA
4 Jun 2018
ISACA International Event
Philadelphia, PA, USA

Journal Articles: 146 total

Volume 6, 2015
by Ed Gelbstein, Ph.D.
An auditor will sooner or later be faced with two kinds of conflicts: conflict of interest and interpersonal conflict.
Volume 5, 2107
by Marianne Bradford, Ph.D., and Dave Henderson, Ph.D.
Although generalized audit software (GAS) has been shown to significantly improve the efficiency and effectiveness of audits, many auditors do not use this technology.
Volume 1, 2018
by Steven J. Ross, CISA, CISSP, MBCP
Managing availability in a multi-modal environment requires a great deal of attention to details, which are being defined by the multi-modal pioneers of our day.
Volume 1, 2018
by Ian Cooke, CISA, CGEIT, CRISC, COBIT Assessor and Implementer, CFE, CPTE, DipFM, ITIL Foundation, Six Sigma Green Belt
Innovative technologies such as VMs and the cloud help the efficiency and effectiveness of backup and recovery plans, but they do not replace the need to plan, document, or test and test again.
Volume 1, 2018
by ISACA Member and Certification Holder Compliance
An up-to-date listing of the current IT Audit and Assurance Standards, Guidelines, and Tools and Techniques
Volume 1, 2018
by Andrew Clark
With advances in computing power, the abundance of data storage and recent advances in algorithm design, machine learning is increasingly being utilized by corporations to...

Wikis: 2 total

Blog Posts: 20 total

My personal thoughts after listening to C-level executives at the CxO Roundtable Series sponsored by Intel, IBM, HyTrust & ReedSmith. For an invite, please reach out to me. Data Protection under the GDPR For past few months, I’ve been helping to org...
Posted By : Thomas152 | 0 comments
Have you experienced ransomware attack so far and, if yes, what did you do to resolve? I set up Twitter poll here: https://twitter.com/DPleskonjic/status/953608717399941120 It lasts for seven days. Thank you for taking part in the poll.
Posted By : Dragan Pleskonjic | 1 comments
Information Security and Privacy is hot issue at present time. Number of security breaches is rapidly increasing.  In case of late detection, costs of breaches are skyrocketing. In the same time Artificial Intelligence (AI), Machine Learning (ML) are fast...
Posted By : Dragan Pleskonjic | 0 comments
My previous blog under name "Dragan on Security" was at location: http://conwex.info/blog/. It was active from August 28, 2005 to October 3, 2012. By beginning of 2017 it is moved to new location http://www.dragan-pleskonjic.com/blog/. With possibility to...
Posted By : Dragan Pleskonjic | 0 comments
Senior Manager           ultimate responsibility Information security Officer          functional responsibility Security Analyst           Strategic, develops policies and guidelines Owner         - Responsible for asset         - Determine level of clas...
Posted By : Muhammad554 | 0 comments
“Enterprise architecture is now a strategic componentof every forward-thinking organization around the world.”Source: http://feapo.org/press-release-ea-perspectives-white-paper/ Related Article: Common Perspective on Enterprise Architecture: http://feapo....
Posted By : SA | 1 comments