In the previous two installments of this series, we examined information security management and the implementation and monitoring of security controls. Now, in this third and final part of this article series, we’ll be looking at the physical and environmental protection of information assets. We’ll also take a moment to summarize some of what we’ve learned and close with a few thoughts on information security best practices.

Physical access controls for the identification, authentication and restriction of users to authorized facilities.

Physical access controls/countermeasures for the protection of facilities include but are not limited to: bolting door locks, cipher locks, electronic door locks, biometric door locks, manual logging, electronic logging, ID badges, video cameras, security personnel, guard dogs, controlled visitor access, bollards, deadman doors, mantraps, turnstiles, computer workstation locks, controlled single entry point, bug sweeping, alarm systems, and even barbed wire if necessary.

These may seem extreme, but there are many potential forms of physical access issue which may necessitate these responses. Possible physical access issues include tailgating, vandalism, sabotage, espionage, unauthorized copying or modification of data, blackmail, public disclosure of data, theft and embezzlement

Example: RFID chips can be used to grant physical access. From August 2017 onwards, employees at Three Square Market in Wisconsin can have microchips implanted under their skin. Once that “upgrade” is completed, these employees can enter office buildings or pay for cafeteria goods with a wave of the hand.

The following is a list of environmental factors with attendant vulnerabilities and protective measures. Please note that this is not necessarily a complete list.

• Electric Power Vulnerabilities: spike/surge, inrush, outage
• Electrical Power Protection: electric generator, uninterruptible power supply (UPS), dual power feeds, power distribution unit (PDU)
• Physical Environment Vulnerabilities: extreme temperatures, fire, humidity, dust, dirt, physical attacks
• Popular Physical Environmental Controls: fire prevention, fire detection, (Read more…)