- Why ISO27001 Internal Audit Should Not Be CheckList Based? - 02/11/2022
- Comparison of Hardware and Software Firewall - 07/01/2022
- What is dynamic web page for VAPT - 13/12/2021
Fact : Physical security is a small component of the big IT infrastructure security puzzle. Many more controls are needed to achieve better data security
Said by “IT head of a large scale Manufacturing company”
“Thanks for visiting us but we are not worried about our data security. We have a uniformed security person outside the data center room, and premises is covered by 2 Megapixel CCTV system. Nobody is allowed to enter the building without approval”
Myth Debunked With The Fact Below
Every data center or server room needs a great deal of security to protect the infrastructure. While most of the datacenter managers know everything about it, there is still a stigma in the minds of old school managers who think that the physical security is the only thing required.
Far from the truth – the servers in the data center connect to internet and hacking of all types becomes possible to the hackers. These attack actors could be in different city or state or country and are most certainly not required to have physical access to the server room.
A physical security is indeed an important aspect but in today’s modern world, nobody tries to barge into the data center and grab the data. This is especially true because its so easy to have the infrastructure remotely.
Senior management must update their knowledge about information security. They must open their minds up about compliances such as ISO27001 , as well as the vulnerability assessment penetration testing (VAPT) which is imperative for their corporate networks , web and cloud applications and also the mobile applications . Right approach for companies, is to find a best cyber security vendor company or a top of the class information security consulting partner, and improve their organization’s data security via threat modelling and various other apt approaches.
#cybersecurity #mythbusters #myths #ethicalhacking #datasecurity #ciso #cio #cisos