Sunday, May 22, 2011

Police in Paris probably doesn't have ISO 27001 in place

It is already three years ago that Flo was wandering through the streets of Paris. Thanks to him that he didn't forget to send us his observations from this tour through the city of love. The pictures he sent us have nothing to do with love, though.

What he discovered was this police station in the heart of the city. It looks quite fine at first, but an expert eye probably instantly sees what is wrong in this picture.

Chapter 9.2.3 "Cabling Security" of ISO 27002 states: "Power and telecommunications cabling carrying data or supporting information services should be protected from interception or damage."

I agree that the cable coming from inside the building, hanging just besides the video camera near the entrance is in a height that a 1,60 m tall woman or man cannot instantly catch it and get some data or video feeds. But, letting this cable reside on a nevertheless easy to reach position outside of the building is definitely a breach according to the above stated paragraph in ISO 27002.

So we might come to the conclusion that the police in Paris has not implemented ISO 27001 in their information security system. Probably they have, but then they should probably re-think their security strategy.

No comments:

Post a Comment