Physical Security Should Not Be Covered During The Education Of Employees
Physical security should concern more on unauthorized access and misuse, besides the integrity and availability of the sites, system and network devices.
To protect the company from terrorism, advice from the Federal agency is needed, thus 11.2.1 is essential for a company when making policies on terrorist threat.
The internal procedures as well as external support and cooperation are both the support resource the Company should take advantage of when facing terrorist threat, since usually one company could not handle the terrorist threat by itself.
11.2.3 is just one aspect that should be covered during the education of employees, which should not be kept in this chapter, And the scope should not restrict to the bomb warning.
Terrorist threat policies should also include something about the arrangement of the armed guards. This is added in the revised document as 11.2.4.
Some of the parts in the company should have installation of defense equipment such as bulletproof glass to protect against the terrorist threat. This is added in the revised document as 11.2.5. Computer Room
Classification of the computer rooms into different security categories is needed according to the different security requirements of the information assets. Thus, it cannot simply separate the systems, servers and network equipment as is described in 11.3.1. And data center…