Physical Security Control

  • Distinguish between logical and physical security, and explain the reasons for placing equal emphasis on both
    • Physical security deals with who has access to buildings, computer rooms, and the devices within them
    • Information security experts, usually focus more on the problems related to logical security
    • A hacker’s physical proximity to a network has less to do with its vulnerability than porous interfaces or operating systems with more holes in them than Swiss cheese.
  • Recognize the importance of the Physical Security domain
    • How to choose a secure site (location) and guarantee the correct design
    • How to secure a site against unauthorized access
    • How to protect equipment, such as personal computers and the information contained on them, against theft
    • How to protect the people and property within an installation
  • Outline the major categories of physical security threats
    • Weather: Tornadoes, hurricanes, floods, fire, snow, ice, heat, cold, humidity, and so forth
    • Fire/chemical: Explosions, toxic waste/gases, smoke, and fire
    • Earth movement: Earthquakes and mudslides
    • Structural failure: Building collapse because of snow/ice or moving objects (cars, trucks, airplanes, and so forth)
    • Energy: Loss of power, radiation, magnetic wave interference, and so forth
    • Biological: Virus, bacteria, and infestations of animals or insects
    • Human: Strikes, sabotage, terrorism, and war
  • Classify the techniques to mitigate risks to an organization’s physical security
  • Classify the five main categories of physical security controls, including their strengths and limitations
    • Education for personnel
      • Being mindful of physical and environmental considerations required to protect the computer systems
      • Adhering to emergency and disaster plans
      • Monitoring the unauthorized use of equipment and services, and reporting suspicious or unusual activity to security personnel
      • Recognizing the security objectives of the organization
      • Accepting individual responsibilities associated with their own security and that of their coworkers, as well as the equipment they use and how they use it
    • Administrative access controls, such as work area restrictions, visitor control, and site selection
    • Physical security controls, such as perimeter security controls, badging, keys and combination locks, security dogs, lighting, fencing, and guards
    • Technical controls, such as smart cards, audit trails, intrusion detection systems, and biometrics
    • Environmental/life safety controls
  • Identify how to use smart cards for physical access control
  • Categorize the different types of biometric access controls and determine their respective strengths and weaknesses