UnixTime

Research Note

EXAM-021 - Room Security and Physical Monitoring

- A.7.3 is risk-based physical design for offices, rooms, and facilities. - A.7.3 includes avoiding visible clues to sensitive targets, such as server-room signs or exposed dire...

On this page

Memory cues

Control Cue
A.7.3 Securing Offices Rooms and Facilities Secure the room based on what it contains
A.7.4 Physical Security Monitoring Detect physical intrusion and respond

What the exam is likely testing

  • A.7.3 is risk-based physical design for offices, rooms, and facilities.
  • A.7.3 includes avoiding visible clues to sensitive targets, such as server-room signs or exposed directories.
  • A.7.4 is continuous monitoring for unauthorized physical access.
  • Monitoring is not only CCTV; it includes procedures, response, escalation, testing, and false-alarm handling.
  • Physical monitoring should link to information security incident processes where information/assets may be affected.

Quick distinction

Question A.7.3 A.7.4
Main concern Are rooms/facilities protected according to what they contain? Is unauthorized physical access detected and escalated?
Main evidence Room assessment, signage review, control mapping Monitoring procedure, alarm logs, test records, false alarm register
Main trap Exposing sensitive targets through signs/directories Treating CCTV/alarm installation as enough
Audit method Walk rooms and look for exposed clues Test alarm response and interview responders

Practical mentor takeaway

Last-day cue

A.7.3 is secure design for rooms. A.7.4 is continuous detection and response for unauthorized physical access.

  • Iso27001
  • Exam
  • Physical controls

Note Metadata

Aliases: A.7.3 A.7.4 exam cues

Source: 09-Exam-Preparation/EXAM-021-Room-Security-and-Physical-Monitoring.md