Physical security is the lifeblood of all security controls. If physical security is compromised, all other controls are irrelevant.

Why? Think about it. If someone manages to get into your server, physically accessing your computers, he or she can cause serious damage. Some examples of damage possible can include: removing the hard drives from your computer, stealing computer backup tapes, or simply shutting down the power to your servers. All of these can be accomplished in the blink of an eye, without involving serious technical skills. As we have mentioned before, security is the weakest link in your system. For this reason, we should not overlook physical security.

To understand physical security, we first need to understand physical threats.

The are three types of physical threats:

External physical threats:

  • Flooding, lightning, earthquake, wind, tornado, hurricane, ice, fire, chemical

Internal physical threats:

  • Fire, environmental failure, liquid leakage, electrical interruption

Human physical threats:

  • Theft, vandalism, sabotage, espionage, errors

To prevent these threats from becoming reality, physical security controls should be implemented.  Some examples of effective physical security controls include:

Exterior physical security controls:

  • Fences, Barriers

Entrance physical security controls:

  • Doors and Gates with Locks

Administrative physical security controls:

  • Badges and Escorts

Property physical security controls:

  • Monitoring/Detection Systems, Lighting

Environmental physical security controls:

  • HVAC System, Power Protection, Water and Fire Protection

All of these controls require detailed and careful planning prior to setting up an office with computing facilities. We will discuss physical controls in more detail later.

Tags: Administrative Physical Security Control, Environmental Physical Security Control, Water Protection