1 Comment

Physical Security Controls - Part 1

Written by:  • Edited by: Bill Bunter
Updated May 7, 2010 • Related Guides: HIPAA

In this series, I examine the preventive and detective capabilities of various types of physical security controls, including biometrics, fences, locks, and data backups. In Part 1, I start with a description and purpose of physical controls, followed by a discussion of preventive safeguards.

What are Physical Security Controls

Administrative controls rely on the willing compliance of managers and employees. Physical controls rely on the proper application of physical barriers and deterrents to control behavior. It's through the use of physical controls that an organization controls physical access to facilities and systems. They also assist in maintaining the operating environments necessary to continue information processing and delivery activities.

Before moving into the specifics of various physical controls, it's important to understand their proper application and purpose. Figure 1 is an example of one way to view the layers of a physical security solution.

Physical security controls are meant to detect and delay the passage of an intruder as he or she moves inward toward sensitive areas within around or within a facility. Following the principle of diversity in design, the use of different controls at each entry point helps to attain this objective.

Preventive Physical Security Controls

Preventive physical controls provide an environment in which to safely process information as well as barriers to unauthorized access to systems. These controls include:

  1. Alternate power sources
  2. Flood management
  3. Data Backup
  4. Fences
  5. Human guards
  6. Locks
  7. Fire suppression systems
  8. Biometrics
  9. Location

Alternate Power Sources

Under normal circumstances, it's reasonable to rely on the power company as a clean, stable source of power. But as we've all experienced, there are no guarantees that the power coming into your building will always be available. Alternate power sources are used to provide power when utility power fails.

In this section, we'll discuss two types of power sources: uninterruptible power supplies (UPS) and generators. A UPS is a battery powered device that provides power for a short period. It is typically used to provide power long enough to properly shut down your servers (preventing data or system damage) or to switch to a generator. You shouldn't rely on your UPS to indefinitely continue normal operations.

If you must keep one or more servers up during a long-term power outage, consider a generator. With a continuous supply of fuel, a generator can indefinitely supply power to your data center. Because switching to generator power can take a few minutes, it's necessary to supplement your generator with a UPS to prevent a hard shutdown of your data center equipment; the UPS provides power for the time it takes to bring your generator online.

Showing page 1 of 5
1345
Overview of Physical Security
This is a series of two articles discussing the purpose of physical security, common controls, and how to implement them.

Comment

Showing all 1 comments
 
iram Sep 6, 2010 12:56 PM
security
special thank ,tell about the securtiy control in a easy way.
 
blog comments powered by Disqus
Computer Security
FEATURED AUTHORS
Matt Conlon DavidK kb3cpq Zack Jones
Pranav Thadeshwar John Garger Linda Richter Daniel Barros
Most Popular Articles
Email to a friend