Which threat could occur if no physical measures are taken?

Which threat could occur if no physical measures are taken?

A. Unauthorised persons viewing sensitive files

B. Confidential prints being left on the printer

C. A server shutting down because of overheating

D. Hackers entering the corporate network

Answer: C

Explanation:

Which threat could occur if no physical measures are taken? A server shutting down because of overheating could occur if no physical measures are taken. Physical measures are actions or devices that protect information and information processing facilities from physical threats and hazards, such as fire, flood, earthquake, theft, vandalism, etc. Physical measures include locks, alarms, fences, cameras, fire extinguishers, ventilation systems, etc. If no physical measures are taken, the information and information processing facilities could be exposed to environmental damage or interference that could compromise their availability, integrity, or confidentiality. For example, if a server room has no adequate cooling system, the servers could overheat and malfunction or stop working altogether, resulting in loss of data or service. ISO/IEC 27001:2022 requires the organization to implement physical and environmental security controls to prevent unauthorized physical access, damage and interference to the organization’s information and information processing facilities (see clause A.11).

Reference: [CQI & IRCA Certified ISO/IEC 27001:2022 Lead Auditor Training Course], ISO/IEC 27001:2022 Information technology ― Security techniques ― Information security management systems ― Requirements, [What is Physical Security?]