Physical Security Planning
Jon Feingersh Photography Inc. / DigitalVision / Getty Images
Organizations can implement the best authentication scheme in the world, develop the best access control, and install firewalls and intrusion prevention. However, their security cannot be complete without implementing physical security.
The goal of physical security is to protect the actual hardware and networking components that store and transmit information resources. This involves taking measures to prevent unauthorized access to the organization’s assets. These measures include the following:
· Locked doors: It may seem obvious, but security is useless if an intruder can simply walk in and physically remove a device. High-value information assets should be secured in a location with limited access.
· Physical intrusion detection: High-value information assets should be monitored through security cameras and other means to detect unauthorized access to the physical locations.
· Secured equipment: Devices should be physically locked down. One employee’s hard drive could contain all your customer information.
· Environmental monitoring: An organization’s servers and other high-value equipment should always be kept in a room that is monitored for temperature, humidity, airflow, and unauthorized access. The risk of a server failure rises when these factors go out of a specified range.
· Employee awareness and training: Physical security requires educating all employees on organizational policies and best practices related to security, such as upholding visitor policies, workstation locking, device encryption, following policies related to traveling with work devices, and reporting suspicious activity (Kostadinov, 2017).
Kostadinov, D. (2017). Tips for managing physical security. Infosec. https://resources.infosecinstitute.com/category/enterprise/securityawareness/managing-physical-security/#gref).
Licenses and Attributions
from Information Systems for Business and Beyond by David T. Bourgeois is available under a license. © 2014, David T. Bourgeois. UMGC has modified this work and it is available under the original license.