We will take a short break from the technical topics this week, and look at physical security. These are the controls designed to ensure that our IT infrastructure is physically secure. Physical facilities that house information systems are a sought-after target—although the equipment is certainly expensive, in many organizations the data is even more valuable.
We will look at the various methods of protecting physical infrastructure, and some of the standards in the industry.
The (ISC)2 Common Body of Knowledge (CBK) defines the key areas of knowledge for physical and environmental security in this way:
The Physical (Environmental) Security domain addresses the threats, vulnerabilities, and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information. These resources include people, the facility in which they work, and the data, equipment, support systems, media, and supplies they utilize.
Physical security describes measures that are designed to deny access to unauthorized personnel (including attackers) from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts.
The candidate will be expected to know the elements involved in choosing a secure site, its design and configuration, and the methods for securing the facility against unauthorized access, theft of equipment and information, and the environmental and safety measures needed to protect people, the facility, and its resources.
Key areas of knowledge:
- Understand site and facility design considerations
- Support the implementation and operation of perimeter security
- Support the implementation and operation of internal security
- Support the implementation and operation of facility security
- Support the protection and securing of equipment
- Understand personnel privacy and safety
This week’s topics:
- Site Access Controls
- Secure Siting
- Equipment Protection
- Environmental Controls
In this unit, plan to:
- Read: pages 294-317 in the Security Essentials text
- Complete: this week’s written assignment
- Complete: this week’s practical assignment
- Prepare: for the Case Study Review