|Figure 4 - Equipment not protected|
from people or object
...We found conditions indicating that the City has weak information security awareness and is lacking strong leadership and authority for information security governance.
As an illustration of this issue, for almost half of the eighteen sites we sampled throughout the City, we identified one or more of the following conditions: Network equipment is not physically protected from access by the general public, Network equipment is mounted precariously or not protected from contact with people or objects, The general public has inappropriate access to portions of the City’s internal data network
Additionally, we found the following conditions that inhibit the ability to ensure the confidentially, integrity, and availability of City business systems: Network equipment is installed in environmentally harsh conditions without temperature monitoring or regulation, and subject to adverse and extreme temperature ranges, Audible alarms signaling temperatures out of tolerance within equipment rooms are not monitored, Computers are installed with access to sensitive networks in areas allowing direct physical access to hardware by prisoners incarcerated by the City and County of Denver Prisoners are allowed physical access to alter computer configuration settings Prisoners are allowed to make to make unauthorized access attempts to the Internet which results in continuous system maintenance and configuration corrections (emphasis added), Areas where network equipment is received, tested, and configured are open to the general public, Network monitoring software is accessible by any internal user, Wireless access points are not installed for optimal performance.
Door to equipment room open, no lock.