Journal of International Information Management


This paper presents physical security of a computer facility within the context of a corporate environment. The context is established from several different perspectives. It first presents physical security philosophies and illustrates the philosophies via the Onion and Garlic Models. It defines a process for identifying and describing transition strategies between security levels. Once the models are defined, a Macro View of physical security is presented. This view discusses physical security goals and critical factors such as budget, monitoring and redundancy. With this context established, the Micro View is presented. Its focus is on information technology (IT) facilities that protect centralized or clustered IT resources. A variety of environmental threats, threat agents, and precautions are identified. Questions to help assess the security of off-site storage of backup media are provided. Procedures for establishing the transition strategy to the IT facility, authentication, access control logs, suggestions for handling emergency conditions, and other considerations are enumerated.