S 1.12 Avoidance of references to the location of building parts requiring protection
Initiation responsibility: Building Services Manager
Implementation responsibility: Building Services
Every building has areas with different usage scenarios and different protection requirements. The parts of a building requiring protection include, for example, server rooms, computer centres, data media archives, central air conditioners, power distributors, switching and patch rooms, replacement part stores.
Such areas should not bear any references to their use. Signs on the door such as COMPUTER CENTRE or ARCHIVE provide a potential attacker who has gained entry to the building further information so that he can better prepare for his attack, and therefore have a greater chance of success.
If it is impossible to avoid installing business-relevant information or IT in rooms or sections of the building that can easily be seen from outside the building (see also S 1.13 Layout of building parts requiring protection), then suitable safeguards must be taken to block the view from outside or design the interior of the room so that its purpose is not obvious. It must be ensured in this case that more than just one window on an entire floor is equipped with privacy protection.
Review questions:
- Has information on the locations of areas requiring protection been avoided?
- Is it ensured that building areas requiring protection cannot be easily viewed from outside?