What is Physical Security ? Threats to Physical Security

PHYSICAL SECURITY BASICS

The Physical Security addresses the threats, vulnerabilities, and countermeasures that can be
utilized to physically protect an enterprise’s resources and sensitive information. These resources
include personnel, the facility in which they work, and the data, equipment, support systems, and media with which they work. Physical security often refers to the measures taken to protect systems, buildings, and their related supporting infrastructure against threats that are associated with the physical environment.
Physical computer security can also be defined as the process used to control personnel, the
physical plant, equipment, and data involved in information processing. It is expected to understand the threats and controls that are related to physically protecting the enterprise’s sensitive information
assets. Physical security is the first line of defense.
 


Threats to Physical Security

Before we can begin an investigation into the various ways an enterprise can implement proper
physical security, we obviously need to know what aspects of our environment constitute a threat to our computing infrastructure. When a risk analysis or business impact assessment is performed, a list of all possible threats must be compiled. It does not matter if the likelihood of any specific vulnerability is low or nonexistent (a tsunami, for example), all possible threats must be compiled and examined. Many assessment methods (SSE-CMM or IAM) have the practitioner compile these complete lists before making a determination as to their likelihood.
The triad of Confidentiality, Availability, and Integrity are at risk in the physical environment and must
be protected. Examples of risks:
1. Interruptions in providing computer services — Availability
2. Physical damage — Availability
3. Unauthorized disclosure of information — Confidentiality
4. Loss of control over system—Integrity
5. Physical theft — Confidentiality, Integrity, and Availability

Below are the major threats to Physical Security:

  • Weather – Extreme variations of heat or cold, such as sunlight, fire, freezing, and heat are included.
    Ex. temperature, humidity, water, flood, wind, snow, lightening, etc.
  • Fire and Chemical – War gases, commercial vapors, humidity, dry air, and suspended particles
    are included. Examples of these would be Sarin nerve gas, PCP from exploding transformers, air
    conditioning failures, smoke, smog, cleaning fluid, fuel vapors, and paper particles from printers.
    Ex. explosion, smoke, toxic material, industrial pollution, etc.
  • Earth movement – Collapse, shearing, shaking, vibration, liquefaction, flows, waves, separation,
    and slides are included. Examples of these are dropping or shaking of fragile equipment,
    earthquakes, earth slides, lava flows, sea waves, and adhesive failures.
    Ex. earthquake, volcano, slide, etc.
  • Object movement – Tangible objects in motion and powered objects are included. Examples of
    these are meteorites, falling objects, cars and trucks, bullets and rockets, explosions, and wind.
    Ex. building collapse, falling object, car, truck, plane, etc.
  • Energy – Types of electric anomalies are electric surges or failure, magnetism, static electricity,
    aging circuitry, radiation, sound light, and radio, microwave, electromagnetic, and atomic
    waves. Examples of these include electric utility failures, proximity of magnets and
    electromagnets, carpet static, decomposition of circuit materials, decomposition of paper and
    magnetic disks, Electro-Magnetic Pulse (EMP) from nuclear explosions, lasers, loudspeakers,
    high-energy radio frequency (HERF) guns, radar systems, cosmic radiation, and explosions.
    Ex. electricity, magnetism, radio wave anomalies, etc.
  • Equipment – Failure of any equipment or its electronic components.
    Ex. mechanical or electronic component failure, etc.
  • Organism – Viruses, bacteria, people, animals, and insects are included. Examples of these are
    sickness of key workers, molds, contamination from skin oils and hair, contamination and
    electrical shorting from defecation and release of body fluids, consumption of information
    media such as paper or cable insulation, and shorting of microcircuits from cobwebs
    Ex. virus, bacteria, animal, insect, etc.
  • Human– Human made crisis.
    Ex. strike, war, sabotage, etc.