The most common physical and network controls when implementing ISO 27001 in a data center

Security controls for Data Centers are becoming a huge challenge due to increasing numbers of devices and equipment being added.  In this article you will see how to build an ISO 27001 compliant Data Center by identification and effective implementation of information security controls. The article summarizes ISO 27001 Data Center requirements and helps you improve its security.

Security challenges for a Data Center

A Data Center is basically a building or a dedicated space which hosts all critical systems or Information Technology infrastructure of an organization. The number of security attacks, including those affecting Data Centers are increasing day by day. Data Centers contain all the critical information of organizations; therefore, information security is a matter of concern. A Data Center must maintain high standards for assuring the confidentiality, integrity and availability of its hosted IT (Information Technology) environment.

To understand the importance of ISO 27001 certification from the perspective of a CEO of an independent Data Center, read the article ISO 27001 Case study for data centers: An interview with Goran Djoreski.

How to select security controls to fulfil ISO 27001 requirements for a secure Data Center?

The best approach to select security controls for a Data Center should be to start with a risk assessment. In a risk assessment, you analyze the threats, vulnerabilities and risks that can be present for a Data Center. The risk assessment methodology can be the same as you are using for ISO 27001, if you are certified in it. If not, feel free to define your own methodology for risk assessment.

To learn more about risk assessment, read the article ISO 27001 risk assessment: How to match assets, threats and vulnerabilities.

Threats

The following are examples of the most common threats to Data Centers:

• Breach of confidential information
• Denial of (Read more...)