Shared resources

Asset name: Network locker (NO Office)
Threat: Information interception
Vulnerability: Switch Locker is shared with other companies
Consequence(0 to 3): 2
Likelihood(0 to 3): 3

The neighboring office (and anyone with access) has access to the locker through a door that can only be locked from their side. The people that are responsible for the building, will apparently install an alarm that will go off if anyone opens the door, however we are not very happy about that as a solution, and we’d much rather be able to control exactly who has access to the locker.

?Do you have any suggestion that u can give us?

Answer: Considering the scenario you described, you should try to establish with the people that are responsible for the building an agreement specifying the security controls they need to implement (e.g., install an alarm, give you the key to the locker, etc.). If this solution is not possible, other alternatives you should consider are:
- Implement a separate switch/network
- Implement cryptography to protect communication between the computers in your network and to protect you files.
- Implement access control into the shared folders in your network.

The last alternative in terms of risk management is to accept the risk (and do nothing), and to avoid the risk (e.g., by stopping using the switch).

This article will provide you further explanation about handling suppliers:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/