It Auditing: Using Controls to Protect Information Assets [IT AUDITING -OS N/D]
A data center is a facility that is designed to house an organization's critical systems. These systems are made up of computer hardware, an operating system, and applications. Applications are leveraged to support specific operational functions such as order fulfillment, customer relationship management (CRM), and accounting. Figure 4-1 shows the relationships among data center facilities, system platforms, applications, and business processes.
As you can see, data-processing facilities are at the foundation of the hierarchy, which is why it is so important that they have the necessary controls to mitigate risk. Major center threats include
-
Natural threats such as weather events, flooding, earthquakes, or fire
-
Man-made threats such as terrorist incidents, riots, theft, or sabotage
-
Environmental hazards such as extreme temperatures or humidity
-
Loss of utilities such as electrical power or telecommunications
You will notice that most of these threats are physical in nature. The remainder of this chapter will be spent on the various controls that mitigate these threats.