Navigating the World of Physical Security

Physical Security

The protection of physical items objects, or areas from unauthorized access or misuse.

We have to rember.

This is why we must filter physical acess thru the same lens as the CIA triad.

“Seven Major Sources of Physical Loss” – Donn B. Parker Fighting Computer Crime

Extreme Temperature: Heat or cold can impact access control systems.
Gases: These include war gases, commercial vapors, humid or dry air, and suspended particles.
Liquids: Water and various chemicals may pose challenges.
Living Organisms: Viruses, bacteria, animals, insects, and people can affect access control.
Projectiles: Tangible objects in motion and powered objects are considerations.
Movement: This covers collapse, shearing, shaking, vibration, separation, and sliding.
Energy Anomalies: Electrical surges or failures, magnetism, static electricity, aging circuitry, sound, light, radio, microwave, electromagnetic, and atomic factors can all impact access control.

General Management: General management holds the responsibility for overall facility security and establishing policies and standards for secure operations. This encompasses exterior security measures, fire protection, and building access.
IT Department: The IT department may be responsible for environmental and access security in technology equipment locations, as well as setting policies and standards for secure equipment operation. This includes access to server rooms, wiring closets, power conditioning, server room temperature and humidity controls, and specialized controls such as static and dust contamination prevention.
Overlap of Responsibilities: It’s important to note that these two areas of responsibility, general management and IT, often overlap in terms of securing physical access and equipment.
Information Security Management and Professionals: Information security management and professionals play a crucial role in conducting risk assessments and reviewing the physical security controls that have been implemented, regardless of which department initially implemented them.