• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Protection of Information Assets

Temple University

Protection of Information Assets

MIS 5206.001 ■ Fall 2023 ■ David Lanter
  • HomePage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit #1: Understanding an Organization’s Risk Environment
      • Unit #2: Case Study 1 – Snowfall and stolen laptop
      • Unit #2: Data Classification Process and Models
      • Unit #3: Risk Evaluation
      • Unit #4 Case #2: Autopsy of a Data Breach: The Target Case
      • Unit #5: Creating a Security Aware Organization
      • Unit #6: Physical and Environmental Security
    • Second Half of the Semester
      • Unit #8 Case Study 3 – A Hospital Catches the “Millennium Bug”
      • Unit #9: Business Continuity and Disaster Recovery Planning
      • Unit #10: Network Security
      • Unit #11: Cryptography, Public Key Encryption and Digital Signatures
      • Unit #12: Identity Management and Access Control
      • Unit #13: Computer Application Security
  • Deliverables
    • Weekly Deliverables
      • “In the News” Articles
      • Answers to Reading Discussion Questions
      • Comments on Reading Discussion Question and Other Students’ Answers
    • Case Studies
    • Team Project

Unit #6 – Question 3

September 28, 2023 by David Lanter 20 Comments

A company’s physical security team analyzed physical security threats and vulnerabilities for its systems. What types of vulnerabilities did the company focus on?

Filed Under: Unit 06: Physical and Environmental Security Tagged With:

Reader Interactions

Comments

  1. Celinemary Turner says

    September 30, 2023 at 7:28 am

    Physical security vulnerabilities refer to the potential weaknesses in a company’s physical environment that could be exploited to cause harm to the company’s systems or data. These are the types of vulnerabilities the company could focus on:
    1. Access Control Vulnerabilities: These vulnerabilities arise when unauthorized individuals can gain physical access to the company’s premises. This could be due to weak door locks, lack of security personnel, or ineffective access control systems.
    2. Surveillance Vulnerabilities: If a company’s premises are not adequately monitored, it can lead to security breaches due to a lack of security cameras, poor lighting in certain areas, or ineffective alarm systems.
    3. Environmental Vulnerabilities: These vulnerabilities are related to the physical environment in which the company operates. It could include things like natural disasters (earthquakes, floods, etc.), fire hazards, or building structure issues that could lead to physical damage.
    4. Infrastructure Vulnerabilities: These vulnerabilities are related to the company’s physical infrastructure. This could include power, HVAC system failures, or issues with the company’s network cabling.
    5. Human Error: This refers to vulnerabilities arising from mistakes made by employees or others. Also, it may include leaving doors unlocked, losing keys or access cards, or accidentally damaging equipment, the company’s physical security team analyze these vulnerabilities they will develop mitigation strategies, such as implementing more robust access control systems, improving surveillance, making environmental changes, strengthening infrastructure, and training employees to reduce human error.

    Log in to Reply
    • Eyup Aslanbay says

      October 2, 2023 at 10:12 pm

      Good list of the different ways a company’s security can be at risk. It’s clear and shows you’ve thought about everything from doors to natural disasters.

      Log in to Reply
    • Edge Kroll says

      October 3, 2023 at 9:31 pm

      I overlooked human error, that is an excellent point to monitor. As oftentimes a security breach will begin with something as simple as an employee leaving an ID badge out. It is as important to continuously monitor these processes as it is to monitor any other business practices.

      Log in to Reply
    • Ooreofeoluwa Koyejo says

      October 3, 2023 at 10:48 pm

      This is a detailed list of some physical security vulnerabilities that organisations might face, it is important to analyze these vulnerabilities alongside the threats to them in order to have a comprehensive risk overview which will inform the controls to be used to address them according to the organisation’s acceptable risk level.

      Log in to Reply
  2. Nicholas Nirenberg says

    October 1, 2023 at 7:32 pm

    There are many physical security threats that can be analyzed by a security team. Some of them are as follows:
    – Physical intrusion vulnerabilities such insecure doors, lack of fencing, and lack of or inadequate alarms.
    – Security personnel vulnerabilities such as untrained guards, inattentive guards, or guards which are possible insider threats.
    – Surveillance and monitoring weaknesses such as lack of full area coverage with CCTV, lack of real time CCTV, lack of long term storage of video logs, and lack of personnel to review and analyze logs.
    This is just a sampling of what the team could have focused on, as there are a plethora of additional physical security vulnerabilities would would need to be addressed such as environmental weakness, visitor/outsider weakness, and mobile device vulnerabilities to name a few.

    Log in to Reply
  3. Bo Wang says

    October 1, 2023 at 8:18 pm

    They will focus on the following vulnerabilities. Theft of data, such as access cards and devices. A hacker attack on a system. Whether the construction location of the equipment is reasonable, and whether the service life of the equipment and schedule maintenance are up to standard.

    Log in to Reply
    • Ooreofeoluwa Koyejo says

      October 3, 2023 at 10:46 pm

      Testing of the controls put in place for physical security is also required as a measure to guarantee that the controls implemented are sufficient and adequate to address the physical security risks identified and analyzed through the vulnerabilities and threats.

      Log in to Reply
  4. Yannick Rugamba says

    October 1, 2023 at 8:30 pm

    When it comes to assessing the security risks and vulnerabilities of a company’s systems there are areas to consider. One major concern is unauthorized access, where individuals may find ways to bypass security measures or use stolen credentials. Another potential risk is surveillance spots, where certain areas are not covered by cameras and could be exploited. Infrastructure vulnerabilities also need attention, such, as building structures or critical equipment that’s easily accessible. Moreover, environmental threats like disasters can disrupt operations while utility failures have the potential to compromise security systems. Additionally, we must address the possibility of information leaks where sensitive data might accidentally become exposed as the importance of providing proper security training for employees. Considering both insights and specific guidelines from the “PHYSBITS” document it becomes clear that a comprehensive approach that integrates both IT security measures is essential, for effective protection.

    Log in to Reply
    • Celinemary Turner says

      October 2, 2023 at 8:44 pm

      You’ve highlighted critical aspects of security risks that organizations should be vigilant about. A holistic approach to security encompassing physical and IT security measures is crucial. Organizations can better protect their assets, data, and operations by considering them and integrating physical and IT security measures effectively.

      Log in to Reply
  5. Jon Stillwagon says

    October 1, 2023 at 9:02 pm

    Some vulnerabilities that the company might focus on would be theft, intrusion, exploitable vulnerabilities, and human errors. A company wants to keep its information or data private so it would check to see if an attacker can steal their information. The company would want to keep the amount of attackers from getting into their systems to a minimum. It doesn’t necessarily always keep them out because eventually one of the attackers will find a way to get in which is where I see honeypots or other strategies to distract the attacker from attacking their main system. Exploitable vulnerabilities would be something the company to focus on because if the attackers find an exploit in their system the attackers could easily find a way to get in and do some damage or take information. Human errors would be a good thing to focus on because the last thing you want is for one of your employees to make a mistake and cause chaos for the company. The company would need to remind the employees of things to look for or keep them updated with information so they could apply it to the company.

    Log in to Reply
    • Celinemary Turner says

      October 2, 2023 at 8:54 pm

      Your points are very valid. Protecting sensitive data from theft is a fundamental concern for organizations. Implementing robust access controls, encryption, and data loss prevention measures can help safeguard valuable information. Also, Regular vulnerability assessments and penetration testing can help identify and address weak points in the security posture before attackers can exploit them.

      Log in to Reply
    • Nicholas Nirenberg says

      October 3, 2023 at 11:49 pm

      Hi Jon, I like how you mentioned that it is nearly impossible to completely secure your IT infrastructure and that a more effective method would be to mitigate some risk by using honeypots or honeynets. It’s a good example of mitigation of risk because it takes some risk and applies a management strategy to lower that risk. In my option it would be the best way to address the problems you presented.

      Log in to Reply
  6. Edge Kroll says

    October 1, 2023 at 9:11 pm

    The company’s physical security team likely focused on vulnerabilities related to the physical infrastructure and access points in its system. These vulnerabilities may include access control weaknesses, such as unauthorized personnel gaining entry to critical areas, or gaps in surveillance and monitoring systems. They may also examine vulnerabilities related to the facility’s design, such as inadequate fencing or barriers, which could make it easier for intruders to breach security. Additionally, vulnerabilities in the supply chain, like the delivery of unauthorized or malicious hardware components, could be of concern.
    Furthermore, the team might have assessed vulnerabilities related to natural disasters and environmental factors, like fire hazards, flood risks, or seismic activity, that could disrupt the physical security of the systems.

    Log in to Reply
    • Ooreofeoluwa Koyejo says

      October 3, 2023 at 10:44 pm

      Some organisations have dedicated loading bays and delivery areas to ensure the secure delivery of devices, machines and tools, as a measure to maintain physical security and to separate the common entry and exit points from the physical entries used for this other purpose.

      Log in to Reply
  7. Hashem Alsharif says

    October 1, 2023 at 9:31 pm

    When looking at the physical security threats and vulnerabilities for a companies systems, it’s important to understand that it can come from many different areas. These include:
    Vulnerabilities within the environment: This can be seen through natural disasters. There may be something such as a hurricane, flood, and/or tornado, all of which have a very high likelihood of damaging company property. While some of these can be mitigated, things such as earthquakes, which don’t always have warnings, can happen out of nowhere, ruining the companies technology.
    Another area of vulnerability is through human-caused events, such as Unauthorized physical access, vandalism, theft, and misuse. There are some security measures that can be done such as implementing cameras, front door security, keycards, and placing important tech/information behind a locked door. The other vulnerability is in regards to technical threats. A prime example of this would be through a power outage. If a UPS is provided for the computers in the company, it can give them enough time to save their work and/or back it up before losing everything.

    Log in to Reply
    • Celinemary Turner says

      October 2, 2023 at 9:04 pm

      In today’s interconnected world, where physical and digital assets are at risk, i believe organizations must maintain a proactive and adaptable security posture to protect their people, technology, and data effectively.

      Log in to Reply
  8. Eyup Aslanbay says

    October 2, 2023 at 12:55 am

    There are several physical security vulnerabilities that companies may face. These include unauthorized access, ineffective access controls, environmental threats, unprotected infrastructure systems (such as power and water supplies), a lack of security staff, inadequate security equipment like cameras and alarms, and insufficient vehicle and guest access control. Additionally, there’s often a lack of security awareness. Companies should address all of these concerns. However, it’s essential to prioritize them and establish a likelihood and impact rate for each risk. If there is a constraint, they should focus on high risks. Hazards can vary and may be unexpectedly significant.

    Log in to Reply
    • Bo Wang says

      October 3, 2023 at 3:40 pm

      It is very necessary to prioritize risks, which can greatly reduce the cost of risk management.

      Log in to Reply
    • Hashem Alsharif says

      October 3, 2023 at 11:54 pm

      Not only is lack of security staff an issue, but so is a lack of an effective security staff. There have been multiple places i’ve been to where I could tell the security didn’t really care about their job and you could tell they were doing the bare minimum. So, not only should we prioritize having security staff, but we should also prioritize having an effective security staff.

      Log in to Reply
  9. Ooreofeoluwa Koyejo says

    October 3, 2023 at 10:41 pm

    Some of the vulnerabilities considered by the physical security team which could be a part of the overall security team can be classified into these:
    1. Hardware vulnerabilities which include weaknesses in physical access control, surveillance, theft, etc.
    2. Environmental vulnerabilities such as weather conditions, unexpected natural disasters
    3. Electrical, and maintenance vulnerabilities such as lighting, alarms, ventilation, heating, and air conditioning (HVAC)

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Unit 01: Understanding an Organization's Risk Environment (5)
  • Unit 02: Case Study 1 – Snowfall and a stolen laptop (2)
  • Unit 02: Data Classification Process and Models (6)
  • Unit 03: Risk Evaluation (6)
  • Unit 04: Case Study 2 – Autopsy of a Data Breach – The Target Case (4)
  • Unit 05: Creating a Security Aware Organization (6)
  • Unit 06: Physical and Environmental Security (6)
  • Unit 08: Case Study 3 – A Hospital Catches the "Millennium Bug" (3)
  • Unit 09: Business Continuity and Disaster Recovery (6)
  • Unit 10: Network Security (6)
  • Unit 11: Cryptography, Public Key Encryption and Digital Signature (6)
  • Unit 12: Identity Management and Access Control (6)
  • Unit 13: Computer Application Security (6)
  • Welcome (1)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in