III. Physical Security

Protection against theft, changes, or unauthorized access to the personal computer or workstation is difficult. Consider the following protective actions:

A. Location and Construction

Evaluate potential locations for the computer room. Consider the importance of having direct access from the outside and the need to protect windows. Decide if windows should have bars or electronic detection devices. Should there be a system to control keys and other access devices?

For example, a particular situation might require heavy doors with dead bolts. If the doors are not new, they should have new locks. Seal windows at ground level or protect them with metal bars. Additionally, consider alarms and detection devices.

B. Computer Room Access.

Depending on organizational need, restrict access to rooms containing microcomputers to specifically authorized personnel. Consider special precautions for stand alone computers, e.g., those on an employees desk.

C. Physical Control

Protect microcomputers with lockable equipment enclosures, lockable power switches, fasteners, and securing de­vices. Consider devices such as those that sound an alarm when equipment is moved or disconnected from a wall socket.

One example of an advanced device, such as one used by the Department of the Navy, employs a crystal oscillator with various broadcasting frequencies embedded in the microcomputer. Antennas located throughout the area can be used to track any movement of the microcomputer.

Standardized inventory and control forms may be used throughout any organization interested in controlling hard­ware, software, or data. These forms should contain information about the location of the microcomputer, who is re­sponsible, and any changes made since the original installation. Centrally record the physical location and configura­tion of each microcomputer.

Some standard devices normally associated with a microcomputer, such as a mouse, internal cards and wires, do not lend themselves well to the above procedures. These devices might be subject to external controls, such as check-out, removal from the machine on a daily basis, etc.

It is particularly important to protect floppy disks from contaminants, unauthorized access, destruction and damage. Procedures should ensure that all diskettes (floppy disks), be labeled before use and stored in a secure place when not in use. One method of protecting diskettes against theft is to hide a signaling device (such as those used in li­braries) in the jacket cover of the floppy.