Cabling Security

Cabling security in ISO 27001 requires organizations to ensure that cables carrying power, data, or supporting information services are protected from physical damage, electromagnetic interference, and malicious interception.

Damaged power cables can cause sudden and catastrophic system outages, while unprotected data cables can be covertly tapped by attackers to intercept sensitive network traffic or suffer data corruption from environmental interference.

Practical examples include routing cables through locked drop ceilings, utilizing armored conduits, restricting access to network patch panels, and clearly labeling network lines versus power lines to avoid accidental disconnection.

Organizations can prevent interception by physically securing cable routes with conduits, conducting regular physical inspections, and employing strong network encryption (like IPsec or TLS) so that intercepted data remains entirely unreadable.

Yes. While fiber optic cables are naturally resistant to electromagnetic interference and are more difficult to tap covertly, they are physically more fragile than copper and require careful routing with proper bend radiuses to prevent breakage.

In a data center, cabling should be isolated using secure under-floor pathways or overhead trays, separated clearly from high-voltage power lines to avoid interference, and terminated only in strictly access-controlled cages.

EMI from heavy machinery, fluorescent lights, or large power cables can degrade network signals or corrupt data traveling over unshielded copper cables, making physical separation and proper shielding crucial.

In shared environments, organizations must minimize exposed wiring, use locked riser cabinets, enforce strict physical access to IT closets, and ensure all data traversing the shared physical network is heavily encrypted.

Auditors typically review the organization's Physical Security Policy covering cable management, physical facility floor plans showing secure cable routing, and SOC 2 or ISO 27001 compliance certificates from outsourced data center providers. Tools like WatchDog Security's Compliance Center can help map these artifacts to A.7.12 and keep evidence current between audits.

Cabling routes and their physical protections should be inspected at planned intervals, typically annually or immediately following any significant facility modifications, to verify that conduits remain intact and no rogue devices have been attached.

A.7.12 evidence often spans policies, floor plans, access controls, and inspection records, which can be hard to keep consistent across sites. Tools like WatchDog Security's Compliance Center can help track control ownership, link required artifacts, and maintain a single audit-ready evidence set for cabling security.

Cabling issues vary in impact and likelihood, so treating them as discrete risks helps prioritize remediation across locations and budgets. WatchDog Security's Risk Register can help document scenarios (e.g., cable interception, sabotage, accidental damage), assign owners, and track treatment plans through to closure.