Answer:
Physical security is actually easy to overlook when network/application security breaches dominate the headlines. Yet robust physical security is vital. Begin with implementing a good physical security program and then insist on proper enforcement. Here are some important elements to remember:
- Policies/Procedures: These nuts and bolts form the foundational blocks of your program.
- Deterrent Controls: Fences, guards, mantraps, and others discourage and should prevent attempts of breach or intrusion.
- Delaying Controls: Locks, access controls, and other delaying controls slow down intruders.
- Detective Controls: CCTV, smoke/fire alarms are just a few ways to detect incidents early.
- Incident Response Controls: Personnel (think security guards), security mechanisms (such as fire suppression systems) and procedures to respond to incidents.
- Auditing Controls: These include audit logs recording physical access to the facility.
First published on BankersOnline.com 4/27/09