Implement and Manage Physical Security
Physical security is yet another important aspect of the security professional’s responsibilities, and refers to securing physical assets such as land, buildings, computers, and other company property. We’ve discussed about important physical security concepts and technologies in detail before. If you need to refer to the contents of these two domains: 1- Security architecture and engineering domain, 2- Identity and access management domain.
Ensuring physical security requires appropriate controls at the physical perimeter and internal security controls.
The perimeter is the external facility surrounding buildings or other areas, such as space just outside of a data center. Two key considerations are access control and monitoring:
- Access control: Facilities should restrict to the entrance. This is usually handled by key cards and card readers on doors. Other common methods are a visitor center or reception area with security guards and biometric scanners for entry, often required for data centers.
- Monitoring: A monitoring system can alert security personnel to unusual scenarios and provide a detailed view of overall perimeter activities.
Internal Security Controls
For this aspect, we can mention things like limiting access to storage or supply rooms, filing cabinets, telephone closets, data centers, and other sensitive areas. There are a couple of key methods to use:
- Escort Requirements: These requirements are especially important for visitors who will be operating in sensitive areas.
- Key and Locks: Each employee should have the ability to secure company and personal belongings in their workspace. For example, if they have an office, they should lock it when they aren’t in the office. Or if the employee has a desk or cubicle, they should have lockable cabinets or drawers to keep sensitive information locked away.