Fundamentals of Physical Security

---

Goals

• Define physical security, including physical protection for people (safety and evacuation), data (availability, residual data concerns, and backups), and equipment (site selection, securing access, and environmental conditions)
• Identify types of physical threats
• Identify the three main types of physical controls (i.e., deterrent, detective, and preventive)
• Identify elements of risk management in policies and procedures
• Identify the layers of a defense-in-depth strategy
• Compare the abilities of physical, logical, and administrative controls, and combinations of same, to protect resources
• Identify cybersecurity concepts and principles that protect IT infrastructure
• Identify the types of assets or resources that can be secured
• Categorize security principles and cyber defense concepts according to the type of asset or resource needing protection
• Classify threats and attacks according to what leg of the CIA triad is targeted
• Categorize control mechanisms (i.e., physical, logical, administrative) according to the type of risk they mitigate or eliminate
• Identify physical and environmental factors that can corrupt, damage, or destroy information

Physical Security

• Physical Security

Implementing Physical Security

• Business Continuity Plan (BCP)
• Disaster Recovery Plan (DRP)

Identifying Physical Threats

• Physical Security Threats

Physical Security Controls

• Physical Security Controls

Protecting People, Data, & Equipment

Physical security primarily aims to protect the individuals who keep your business running.

• Protecting People
• Protecting Data
• Protecting Equipment

Incidents and Disasters

Incidents are any event that negatively impacts an organization.

Disasters are incidents that have a significant negative impact on the organization.

• Incident Response (IR)