Physical Security Controls
Physical security controls are the devices, systems, people, and methods you put in place to ensure the physical security of people, devices, and data.
- Physical security is often implemented by incorporating zones
- Each zone is separated by its own barrier(s)
- One or more security mechanisms control entry and exit points through the barriers
- Progression through each zone should be increasingly restrictive
3 Types
Deterrent Controls
Deterrent controls are designed to discourage people who might seek to violate your other security controls.
- generally indicate the presence of other security measures
- E.g., signs that announce of video monitoring, alarm company logo signs
Detective Controls
Detective controls serve to sense and report undesirable events.
- E.g., burglar alarms and other physical intrusion detection systems
- check for indicators of unauthorized activity
- doors or windows opening, breaking glass, movement, temperature changes
- check for undesirable environmental conditions
- flooding, smoke and fire, electrical outages, or contaminants in the air
- could include human or animal guards patrolling or monitoring via tech
Preventative Controls
Preventive controls use physical means to keep unauthorized entities from breaching your physical security.
- E.g., mechanical locks, high fences, bollards, guards and dogs
- may focus specifically on people, vehicles, or other areas of concern
Info
Work best when used together, on their own they are not sufficient.
Using Physical Access Controls
- Preventive controls generally make up the core of our security efforts.
- the more physical security layers, the better
- should implement a level of physical security that is consistent with the value of your asset.
- E.g., military vs small retail store
Examples of Physical Security Controls
- Heating, ventilating, and air conditioning (HVAC)
- Fire suppression — includes devices and systems designed to extinguish fires of different types to minimize damage and stop fires from spreading
- EMI Shielding — includes physical barriers placed around wiring or into building materials to limit electromagnetic interference (EMI) outside protected areas
- Lighting — lights are placed to ensure all areas are well lit, with few dark spots
- Signs — Clear signage indicates which areas are designated for specific purposes and which areas are off limits
- Fencing — Physical barriers deter casual intruders or mark boundaries
- Barricades — Physical barriers deter aggressive intruders or limit vehicle access
- Guards — A physical presence can deter intrusion, and humans can react quickly to changing conditions
- Motion detectors — Devices generate an alert when motion is observed in a small, defined area
- Video surveillance — Devices monitor many areas of a facility from a central location and record actions for later analysis
- Locks — Physical devices limit physical access from unauthorized personnel
- include door locks, cable locks, safes, and locking cabinets
- Mantraps — Mantraps are two sets of doors with a small alcove between them. A person must pass through the first set of doors and allow them to close and lock before the second set of doors will open. A mantrap provides a convenient way to control physical access to a secure space.
- Access lists — lists comprise the names of personnel authorized to access a physical resource
- Proximity readers — Sensors can read smart cards or devices that are close to the reader to grant access to secure areas or resources to any individual carrying the proper device or smart card.
- Biometrics — a form of access control based on physical characteristics or actions
- Protected access (cabling) — involves limiting connectivity to secure IT components by restricting access to connected cabling
- Alarms — Refer to any signal generated by a control that matches a list of events that warrant immediate action.