Content and work co-located at secured facilities.
|Content and work together and secured|
Content and work co-located at non-secured facilities.
|Content and work together and not secured|
Content at secured facilities, workers not.
|Content secured||Infrastructure not secured||Infrastructure logically secured||Infrastructure physically secured||Workers not secured|
Content at secured facilities, workers at a distant secured facility.
|Content secured||Infrastructure not secured||Infrastructure logically secured||Infrastructure physically secured||Workers secured|
Content not secured, workers at secured facility.
|Content not secured||Infrastructure not secured||Infrastructure logically secured||Infrastructure physically secured||Workers secured|
Content not secured, workers not secured.
|Content not secured||Infrastructure not secured||Infrastructure logically secured||Infrastructure physically secured||Workers not secured|
Different enterprises locate content and work differently, and this has a wide ranging effect on how information protection is to be done.
Non-habitable locations require no local secured facility (from an information security standpoint), since there is no relevant threat, other than nature. In this case, the facility protection afforded to the system due to nature is is not substantially different from that required from an information protection perspective.
Habitable location Facility security should meet the standards of the risk levels involved, thus secured facilities are required at the High and Medium risk levels.
Infrastructure Not Secured is, by default, insecure outside of a facility. Thus if loss of infrastructure services has serious negative consequences, workers must be co-located with the system so that such failures don't realize those consequences. Of course this cannot apply when the workers cannot survive...
Infrastructure Physically Secured implies physical means are used to secure infrastructure. This is very expensive outside of a facility and is thus rarely used in that case.
Infrastructure Locgically Secured implies some combination of cryptographic protection that affords integrity and/or confidentiality, some degree of path diversificaiton for availability, logging for acocuntability, and/or some form of use control. Depending on particulars, some combination of these may be used.
Similarly, as risk goes up and time till harm goes down, except for remote facilities with only local consequences not producing serious harm to people or the environment, control becomes more critical, and workers must be located close enough to meet response times to mitigate High consequences and should be so located to mitigate Medium consequences.
For many environments, high risk with short time frames and complex decision-making processes implies the need for local control and the co-location of some content, controls, and the people who operate them. However, for other content, controls, and people, co-location may not be required. Some lights out facilities (e.g., automated warehouses and car parks) may fail safe and await human assistance, while others (e.g., chemical processing facilities) may produce hazards if not addressed in a more timely fashion with human intervention.
For non-critical workers, co-location introduces added risk. There is no reason for them to be co-located with the system except when it brings enough advantage to compensate for the added risks of more people closer to system. Thus, except for low risk situations, non-critical workers should not be co-located with the system. And in Medium and High risk situations, all workers should be in secured facilities when interacting with system.