Physical Security Assessment

SELECTED PROJECTS

PHYSICAL SECURITY ASSESMENT

Clients

Trusted Client


Categories

Security Assessment, Manufacture


Completed

April 30, 2012


Project Budget

$100,000


Project length

5 months

Project Details

BACKGROUND


An organization within Manufacturing (consumer market) industry needed an overview of their physical security on multiple sites as they needed to incorporate new European data centres and computer environments in to operational mode that where to be migrated into a central Nordic Data Centre. Activities included were review of existing security procedures, performing a system security base line and, creating client risk threat identification, assessment and evaluation report. 


To understand the current maturity of data centres information security posture and evaluate any risks, the following activities was set to be performed;


    – Penetration tests of the technical security functions

   – Test of the intrusion detection capabilities of network 

   – Assess configuration of hardware, firewalls, network and network components

   – Test monitoring and alert services inside the data centre

   – Assessment of disposal and removable media management

   – Human physical access policies

   – Assessment of privileged users activites on system, firewalls and network

   – Assessment of data racks security  

   Test physical parameeter security  

   - Review physicall access logs

   - Test of physicall access breach (piggy-backing)

CHALLENGE


Organization needed an overview of their existing physical security across a new entity just acquired by the organization. The new entity existed in 14 location spread over 3 countries and served as a 'Hub' and their regional manufacturing factories.

To provide the organization with an updated status, onsite inspectiosn was done to form an analysis of urgent needs and priorities to ensure the organizations assets. Main challenges was:

  • Understand the culture maturity for information and cybersecurity
  • and protection of production data centres and intellectual capital
  • Evaluate controls and awareness of enherited staff and sub-contractors 
  • Document the physical, personnel and technical security functions in use; 
  • Access control process, Physical security monitoring, removable media process, remote access policies, access privileges and aser education and awareness

Assessment report was needed to decide future strategy and migration of the new entitity into to the organizations global information security managemnet system.


  Assessment & Review of

  Physical Security & Access

Do you need similar expert help?


Contact Fogel Consulting through the contact form to receive further information and possibility to present your own case and business needs.

SOLUTION


As start, capturing the  security policies and technical controls that needed to be in force during term of agreement.

These were reviewed and the  physical access controls and privileged access to system technical  was documented and evaluated against interntional standards procedures (e.g. NIST, SANS, PCI/DSS, ISO27001 gobally recognized standards).

All security controls where noted in a data centre review manual that provides the minimum physical security parameters against industry best practices for control of data centre managed system and environments.

RESULT


- Physical security project included security assessment, both physical onsite and technical of all the in scope environment, of client new hard- and software throughout Europe in 5 different countries. Full assessment serves as criteria for future planning in Transformation of new environments in to a Nordic data centre.

- A final report was delivered to client including a security gap-analysis with risk assessment and recommendations for mitigation prior to migration start. Project outcome and deliverables where used to plan and start transformation project to align with client corporate security strategy and policy.