Security professionals are often so focused on technical controls that they overlook the importance of physical controls.

Security professionals are often so focused on technical controls that they overlook the importance of physical controls.

1) Physical Security barriers:

Security professionals are often so focused on technical controls that they overlook the importance of physical controls. The simple reality is that physical access is the most direct path to malicious activity, including unauthorized access, theft, damage, and destruction. Protection mechanisms include controlling the physical security perimeter and physical entry, creating secure offices, rooms, and facilities, and implementing barriers to access, such as monitoring, and alerting. Section 11 of ISO 27002:2013 encompasses both physical and environmental security. Environmental security refers to the workplace environment, which includes the design and construction of the facilities, how and where people move, where equipment is stored, how the equipment is secured, and protection from natural and man-made disasters.

Depending on the site and level of security required, a plethora of access controls are available, including cameras, security guards, mantraps, locks, barriers, metal detectors, biometric scanners, fire-resistant exterior walls that are solid and heavy, and unbreakable/shatterproof glass. The biggest challenge is authorized entry.

AUTHORIZING ENTRY

How does a company identify authorized personnel, such as employees, contractors, vendors, and visitors? Of greatest concern are the fraudulent or forged credentials obtained through careful profiling or the carelessness of authenticated employees. One commonly used option is a badging system. Badges may also function as access cards.

BACKGROUND CHECKS

Your organization should also establish formal policies and procedures to delineate the minimum standards for logical and physical access to your premises and infrastructure hosts. Typically, enterprise organizations conduct criminal background checks, as permitted by law, as part of pre-employment screening practices for employees and matching with the employee’s position within the company and required level of access

SECURING OFFICES, ROOMS, AND FACILITIES

In addition to securing building access, the organization needs to secure the workspaces within the building. Workspaces should be classified based on the level of protection required. The classification system should address personnel security, information systems security, and document security.

WORKING IN SECURE AREAS

It is not enough to just physically secure an area. Close attention must be paid to who is allowed to access the area and what they are allowed to do. Access control lists should be reviewed frequently. If the area is continually monitored, there should be guidelines specifying what is considered “suspicious” activity. If the area is videoed and not continually monitored, then there should be documented procedures regarding how often and by whom the video should be reviewed.

ENSURING CLEAR DESKS AND CLEAR SCREENS

Documents containing protected and confidential information are subject to intentional or accidental unauthorized disclosure unless secured from viewing by unauthorized personnel when not in use. The same holds true for computer screens. Companies have a responsibility to protect physical and digital information both during the workday and during nonbusiness hours

2) Physical barriers are used to protect and prevent unauthorized access to a specific environment (Finnelly, 2016). The physical security systems are intended to detect potential intrusions such as warning signs, intrusion detection such as CCTV systems and triggering appropriate responses to incidents such as by security guards. Thus, it is important to consider the type of physical security barrier before implementing it for effective protection of the intended property. Since there are diverse types of physical security barriers, the following should be considered in order to determine appropriate ones for a specific environment.

The level of security required. This depends on the type of business and the products the company is dealing with. For instance, in a low-security site where a constant staff is always present, speed gate of low glass wing may be appropriate. In a medium security site, a high glass wing gate or a turnstile of full height may be appropriate. By application of speed gates, fewer lanes are required and less time is spent in queues.

The purpose of the physical security barrier. The main purpose for the physical security barrier is to act, as a deterrent thus the type of the security barrier to be implemented should be appropriate to prevent access of unauthorized personnel to the property. In an instance where the security solution is required to withstand an attack, the following security solution can be considered. Ballistic rated security portals.

Throughput requirement. If the need for the physical security barrier is to allow fast but secure users movement, the solution could be a speed gate, which enables swift transit of the users. Speed gates are suitable in reception areas where the flow of authorized personnel is required.