SECURITY - GOVERNANCE - RISK - COMPLIANCE
Security Assessment, Manufacture
April 30, 2012
An organization within Manufacturing (consumer market) industry needed an overview of their physical security on multiple sites as they needed to incorporate new European data centres and computer environments in to operational mode that where to be migrated into a central Nordic Data Centre. Activities included were review of existing security procedures, performing a system security base line and, creating client risk threat identification, assessment and evaluation report.
To understand the current maturity of data centres information security posture and evaluate any risks, the following activities was set to be performed;
– Penetration tests of the technical security functions
– Test of the intrusion detection capabilities of network
– Assess configuration of hardware, firewalls, network and network components
– Test monitoring and alert services inside the data centre
– Assessment of disposal and removable media management
– Human physical access policies
– Assessment of privileged users activites on system, firewalls and network
– Assessment of data racks security
–Test physical parameeter security
- Review physicall access logs
- Test of physicall access breach (piggy-backing)
Organization needed an overview of their existing physical security across a new entity just acquired by the organization. The new entity existed in 14 location spread over 3 countries and served as a 'Hub' and their regional manufacturing factories.
To provide the organization with an updated status, onsite inspectiosn was done to form an analysis of urgent needs and priorities to ensure the organizations assets. Main challenges was:
Assessment report was needed to decide future strategy and migration of the new entitity into to the organizations global information security managemnet system.
Contact Fogel Consulting through the contact form to receive further information and possibility to present your own case and business needs.
As start, capturing the security policies and technical controls that needed to be in force during term of agreement.
These were reviewed and the physical access controls and privileged access to system technical was documented and evaluated against interntional standards procedures (e.g. NIST, SANS, PCI/DSS, ISO27001 gobally recognized standards).
All security controls where noted in a data centre review manual that provides the minimum physical security parameters against industry best practices for control of data centre managed system and environments.
- Physical security project included security assessment, both physical onsite and technical of all the in scope environment, of client new hard- and software throughout Europe in 5 different countries. Full assessment serves as criteria for future planning in Transformation of new environments in to a Nordic data centre.
- A final report was delivered to client including a security gap-analysis with risk assessment and recommendations for mitigation prior to migration start. Project outcome and deliverables where used to plan and start transformation project to align with client corporate security strategy and policy.