PHYSICAL SECURITY BASICS
The Physical Security addresses the threats, vulnerabilities, and countermeasures that can be
utilized to physically protect an enterprise’s resources and sensitive information. These resources
include personnel, the facility in which they work, and the data, equipment, support systems, and media with which they work. Physical security often refers to the measures taken to protect systems, buildings, and their related supporting infrastructure against threats that are associated with the physical environment.
Physical computer security can also be defined as the process used to control personnel, the
physical plant, equipment, and data involved in information processing. It is expected to understand the threats and controls that are related to physically protecting the enterprise’s sensitive information
assets. Physical security is the first line of defense.
Threats to Physical Security
Before we can begin an investigation into the various ways an enterprise can implement proper
physical security, we obviously need to know what aspects of our environment constitute a threat to our computing infrastructure. When a risk analysis or business impact assessment is performed, a list of all possible threats must be compiled. It does not matter if the likelihood of any specific vulnerability is low or nonexistent (a tsunami, for example), all possible threats must be compiled and examined. Many assessment methods (SSE-CMM or IAM) have the practitioner compile these complete lists before making a determination as to their likelihood.
The triad of Confidentiality, Availability, and Integrity are at risk in the physical environment and must
be protected. Examples of risks:
1. Interruptions in providing computer services — Availability
2. Physical damage — Availability
3. Unauthorized disclosure of information — Confidentiality
4. Loss of control over system—Integrity
5. Physical theft — Confidentiality, Integrity, and Availability
Below are the major threats to Physical Security:
- Weather – Extreme variations of heat or cold, such as sunlight, fire, freezing, and heat are included.
Ex. temperature, humidity, water, flood, wind, snow, lightening, etc. - Fire and Chemical – War gases, commercial vapors, humidity, dry air, and suspended particles
are included. Examples of these would be Sarin nerve gas, PCP from exploding transformers, air
conditioning failures, smoke, smog, cleaning fluid, fuel vapors, and paper particles from printers.
Ex. explosion, smoke, toxic material, industrial pollution, etc. - Earth movement – Collapse, shearing, shaking, vibration, liquefaction, flows, waves, separation,
and slides are included. Examples of these are dropping or shaking of fragile equipment,
earthquakes, earth slides, lava flows, sea waves, and adhesive failures.
Ex. earthquake, volcano, slide, etc. - Object movement – Tangible objects in motion and powered objects are included. Examples of
these are meteorites, falling objects, cars and trucks, bullets and rockets, explosions, and wind.
Ex. building collapse, falling object, car, truck, plane, etc. - Energy – Types of electric anomalies are electric surges or failure, magnetism, static electricity,
aging circuitry, radiation, sound light, and radio, microwave, electromagnetic, and atomic
waves. Examples of these include electric utility failures, proximity of magnets and
electromagnets, carpet static, decomposition of circuit materials, decomposition of paper and
magnetic disks, Electro-Magnetic Pulse (EMP) from nuclear explosions, lasers, loudspeakers,
high-energy radio frequency (HERF) guns, radar systems, cosmic radiation, and explosions.
Ex. electricity, magnetism, radio wave anomalies, etc. - Equipment – Failure of any equipment or its electronic components.
Ex. mechanical or electronic component failure, etc. - Organism – Viruses, bacteria, people, animals, and insects are included. Examples of these are
sickness of key workers, molds, contamination from skin oils and hair, contamination and
electrical shorting from defecation and release of body fluids, consumption of information
media such as paper or cable insulation, and shorting of microcircuits from cobwebs
Ex. virus, bacteria, animal, insect, etc. - Human– Human made crisis.
Ex. strike, war, sabotage, etc.
