Chapter 10. Physical (Environmental) Security
The Physical Security domain examines how elements of the surrounding physical environment and supporting infrastructure affect the confidentiality, integrity, and availability (C.I.A.) of information systems. We are not talking about logical controls here, but you will notice that some of the physical controls we describe are duplicated in some of the other domains, such as biometrics in the Operations and Access Control domain (Chapter 6). Natural disasters are an example of physical threats to security. Perimeter and facility access controls to prevent unauthorized entry or theft are elements of physical security. The area known as Industrial Security contains many of these concepts, such as closed-circuit television (CCTV), guards, fencing, lighting, and so forth.
To most engineers or security professionals, this domain is probably the least "sexy" of the 10 domains. Who cares how high perimeter fencing should be to protect critical buildings? But you need to know this stuff because (1) some of this information will be on the test, and (2) the best-configured firewall in the world will not stand up to a well-aimed brick.
A security practitioner needs to be aware of the elements that threaten the physical security of an enterprise and how controls can mitigate the risk incurred from those elements. In this chapter, we will examine threats to physical security and controls for physical security. Physical security addresses the physical ...