10.1. Physical Security
This part of the security policy describes the physical threats that an organization faces, the measures in place to protect it, and specific guidance on implementation. In the context of information security, the goal is to protect the information systems from attack and compromise. This can be achieved in a number of ways and simple examples include requiring doors to be locked or specifying a particular brand of high-security lock to be used. Physical security can be described in as detailed a manner as you wish but usually covers the following areas:
Perimeter security;
Cameras and closed-circuit TV;
Access control;
Human security;
Physical mail security;
Again, this list is not set in stone and contains overlapping subject matter.
10.1.1. Perimeter Security
Perimeter security ensures that the physical borders of the site are secure. The way this is implemented in practice is dependent on the nature of the site, the assets needing protection and the perceived level of threat. For example, a paper factory probably doesn't need 3-meter walls capped with razor wire and motion sensors but for a prison this would be the bare minimum. The security function of a perimeter is to provide a physical and legal deterrent to intrusion and a clear, legally enforceable perimeter.
Examples of policy statements that address perimeter security include the following:
Perimeter fencing should be no less than [3] meters tall and by its nature should indicate the boundary of ...
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
