Memory cues
| Control | Cue |
|---|---|
| A.7.3 Securing Offices Rooms and Facilities | Secure the room based on what it contains |
| A.7.4 Physical Security Monitoring | Detect physical intrusion and respond |
What the exam is likely testing
- A.7.3 is risk-based physical design for offices, rooms, and facilities.
- A.7.3 includes avoiding visible clues to sensitive targets, such as server-room signs or exposed directories.
- A.7.4 is continuous monitoring for unauthorized physical access.
- Monitoring is not only CCTV; it includes procedures, response, escalation, testing, and false-alarm handling.
- Physical monitoring should link to information security incident processes where information/assets may be affected.
Quick distinction
| Question | A.7.3 | A.7.4 |
|---|---|---|
| Main concern | Are rooms/facilities protected according to what they contain? | Is unauthorized physical access detected and escalated? |
| Main evidence | Room assessment, signage review, control mapping | Monitoring procedure, alarm logs, test records, false alarm register |
| Main trap | Exposing sensitive targets through signs/directories | Treating CCTV/alarm installation as enough |
| Audit method | Walk rooms and look for exposed clues | Test alarm response and interview responders |
Practical mentor takeaway
Last-day cue
A.7.3 is secure design for rooms. A.7.4 is continuous detection and response for unauthorized physical access.
- Iso27001
- Exam
- Physical controls
Note Metadata
Aliases: A.7.3 A.7.4 exam cues
Source: 09-Exam-Preparation/EXAM-021-Room-Security-and-Physical-Monitoring.md