Physical security systems for protected facilities are generally intended to
- deter potential intruders (e.g. warning signs and perimeter markings);
- detect intrusions and monitor/record intruders (e.g. intruder alarms and CCTV systems)
- trigger appropriate incident responses (e.g. by security guards and police).
It is up to security designers, architects and analysts to balance security controls against risks, taking into account the costs of specifying, developing, testing, implementing, using, managing, monitoring and maintaining the controls, along with broader issues such as aesthetics, human rights, health and safety, and societal norms or conventions. Physical access security measures that are appropriate for a high security prison or a military site may be inappropriate in an office, a home or a vehicle, although the principles are similar.
Whereas logical threats are centered on disclosure, denial of service, and alteration, physical threats must deal with theft, vandalism, and destruction. Threats to physical security can be caused by natural occurring or man-made events or by utility loss or equipment failure. Physical security is to prevent and minimize loss due to man-made and natural events targeting the physical infrastructure of an organization.
Natural Events
Events like Hurricane Katrina, Nepal earthquake demonstrate that an organization might have to address a hurricane, flooding, and a fire at the same time. Natural occurring events can include
- Floods result from too much rain, when the soil has poor retention properties, or when creeks and rivers overflow their banks.
- Fire is common natural disaster that we must deal with. Many controls can be put in place to minimize fire damage and reduce the threat to physical security.
- Hurricanes and tropical storms
- Tidal waves Also known as a tsunami.
- Earthquakes Caused from movement of the earth along the fault lines.
Other natural events include tornados, electrical storms, blizzards, and other types of extreme weather.
Man-made threats to physical security are not as predictable as natural threats. The physical security of the organization might be threatened by outsiders or insiders and include
- Theft of company assets can range from mildly annoying to extremely damaging.
- Vandalism It is the willful destruction of another’s property like the grass fire that two teenage boys started might have seemed like some malicious fun until the winds changed and destroyed the company’s data center.
- Destruction This threat can come from insiders or outsiders. Destruction of physical assets can cost organizations huge sums of money.
- Physical breach – Once a hacker has gained physical access to a server, a single client system, or a network port, the results can be disastrous and they are difficult to identify, track, or locate.
Physical security prevents
- Unauthorized access
- Data stealing from systems
- Data corruption of data stored on a system
- Loss of data or damage to systems caused by natural causes
Main components of physical security are
- Obstacles can be placed in the way of potential attackers and sites can be hardened against accidents and environmental disasters. Such measures can include multiple locks, fencing, walls, fireproof safes, and water sprinklers.
- Surveillance and notification systems, such as lighting, heat sensors, smoke detectors, intrusion detectors, alarms, and cameras, can be put in place.
- Methods can be implemented to apprehend attackers (preferably before any damage has been done) and to recover quickly from accidents, fires, or natural disasters.
