If you sat for the December 2009 CISA exam, today (January 28th) is a very BIG day! ISACA finally released the results. Yes, I am very happy to announce that I passed the exam! So, now that I can speak with some authority on the exam, I plan to have various CISA knowledge/exam related discussions in this space.
So, here is the first one. However, I have to say first that this was originally going to be a seperate discussion based on things that have transpired at work. The place where I work doesn't exactly have the best HVAC in the world. Both the workplace AND the development labs are really quite warm. So warm in fact that often we have to shut down systems in order for the heat to be somewhat tolerable. So...What does this have to do with security you ask?
Poor HVAC systems = Denial of Service = Loss of availability.
Here's a real life example...Access to a specific protected network (think SCADA network) was unavailable for over a day. Why? the closet in which a major network device (I guess I'm free to say it...It's a Type-1 Crypto device called a Taclane) overheated and the Taclane died. Being the main access point into this particular network, hundreds of people were unable to perform any work on this protected network. How many thousands of dollars in lost productivity did this cost my client? Had the room the Taclane is stored in been equipped with proper HVAC and monitoring this would have been avoided.
Remember, while you are preparing for a CISSP or CISA exam, a main guiding thought is that Information Security is not just about "hackers" and theft. It is also about the availability of systems. Availablity can be seriously impacted if servers need to be shut down due to poor HVAC systems. The quality and monitoring of HVAC systems that serve data centers, or ANY important systems should be on your list of things to check when performing an analysis of your company's security posture.
As a final side note, I would like to thank J.P and K.N for their unwavering love of my blog! Looking forward to more ideas from the fan club guys!
Thanks for reading!
Graham Thompson, CISSP, CISA* (waiting for application process to be finished)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment