You might be wondering if physical security is really important in this digital age. After all, you have been studying how to protect IT assets via a keyboard, not by wearing a security officers uniform and guarding the server rooms door. Should IT professionals ignore potential physical security threats?
Before answering, you may want to consider a few real events. In 2008, an online newspapers web server was stolen, which cost them considerable downtime (Simons, 2008). In 2010, a company had an unencrypted hard drive containing 79,000 personal records stolen (Maxon, 2010). In 2012, a major health care organization had 57 unencrypted hard drives containing protected health information stolen (Lewis, 2012). What did these events have in common? Their IT departments ignored physical security threats and access controls.
For this Assignment, write a 2-page paper that outlines a plausible worst-case scenario where an attacker defeats physical security controls, gains access to physical IT assets, and bypasses access controls.
Lewis, N. (2012). Data theft costs tennessee blue cross big bucks. InformationWeek. Retrieved from http://www.informationweek.com/healthcare/security-privacy/data-theft-costs-tennessee-blue-cross-bi/232602626
Maxon, T. (2010). Hard drive containing personal information on AMR retirees, employees stolen. Dallas Morning News. Retrieved from http://www.dallasnews.com/business/headlines/20100702-Hard-drive-containing-personal-information-on-1148.ece
Simons, M. (2008). FT web site hit after server theft. TechWorld. Retrieved from http://news.techworld.com/security/102128/ft-website-hit-after-server-theft/