|Physical Security Controls
Physical security is the part of your security plan that allows you to prevent physical damage to your environment while allowing better monitoring and evidence collection.
Physical security is the most visible of your security controls and by its presence reduces the number of security related incidents.
Compliance requirements for C-TPAT, HIPAA, Safe Harbor, Sarbanes-Oxley and others, require that sound physical security controls are in place and are being practices.
· Improved security and reduction of technology costs by providing a physical layer to your defense architecture
· Improved security awareness across the organization
· Quicker response time for security related events with lower risk to staff
· Compliance controls are addressed
It is essential to understand the threats that can cause business information to be at risk with regards to physical security.
The topic of physical security addresses the risks to information resources by focusing on (but not limited to):
· Personnel safety (guards, gates, lighting, secure access, etc.)
· Physical damage (unique documents, facilities, networks, systems, etc.)
· Disclosure of information (information on desks, bulletin-boards, file cabinets, etc.)
· Physical theft (documents, systems, tapes, discs, etc.)
These events can be caused by:
· Facility damage or inaccessibility (fire, smoke, HazMat issues, power outages, etc.)
· Natural disasters (storms, floods, earthquakes, etc.)
· Human behavior (accidents, acts of terrorism, sabotage, vandalism, strikes, etc)
JCHCI can help you develop a physical security strategy to address:
· Secure site design and configuration
· Facility access controls
· Facility monitoring controls
· Clean desk practices
· Equipment and personnel security controls
· Social engineering