Physical security is often a second thought when it comes to information security. Since physical security has technical and administrative elements, it is often overlooked because most organizations focus on “technology-oriented security countermeasures” (Harris, 2013) to prevent hacking attacks. Hacking into network systems is not the only way that sensitive information can be stolen or used against an organization. Physical security must be implemented correctly to prevent attackers from gaining physical access and take what they want. All the firewalls, cryptography and other security measures would be useless if that were to occur. The challenges of implementing physical security are much more problematic now than in previous decades. Laptops, USB drives, tablets, flash drives and smartphones all have the ability to store sensitive data that can be lost or stolen. Organizations have the daunting task of trying to safeguard data, equipment, people, facilities, systems, and company assets. The company could face civil or criminal penalties for negligence for not using proper security controls. The objective of physical security is to safeguard personnel, information, equipment, IT infrastructure, facilities and all other company assets. The strategies used to protect the organization’s assets need to have a layered approach. It is harder for an attacker to reach their objective when multiple layers have to be bypassed to access a resource. The information in this paper will cover the importance of physical security along with the strategies that should be in place to implement physical security at facilities using administrative, technical and physical controls.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program