Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
17 views7 pages

Physical Security Controls

The document outlines the importance of physical security controls in cybersecurity, detailing various types and components that protect individuals and assets from threats. It emphasizes five main components: preparation, detection, deterrence, delay, and defense, which collectively enhance an organization's security posture. Additionally, it discusses common physical cyber-attacks and the necessity of user education to mitigate risks associated with these threats.

Uploaded by

nawrami
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views7 pages

Physical Security Controls

The document outlines the importance of physical security controls in cybersecurity, detailing various types and components that protect individuals and assets from threats. It emphasizes five main components: preparation, detection, deterrence, delay, and defense, which collectively enhance an organization's security posture. Additionally, it discusses common physical cyber-attacks and the necessity of user education to mitigate risks associated with these threats.

Uploaded by

nawrami
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Learning Objectives

Learners will be able to…

Identify different physical security controls

List the five main components of physical security

Learn about what attacks are mitigated when


implementing physical security controls

info

Make Sure You Know


You do not need any prior knowledge before starting this assignment.

Limitations
This is a general overview of the different aspects (types, components,
and mitigation) of physical security controls.
Security Controls

Physical Security Controls


Physical security controls in terms of cybersecurity are measures
implemented to protect people, information, physical assets, and
infrastructure that directly impact an organization’s cybersecurity posture.
These controls aim to safeguard critical systems, data centers, networking
equipment, and other physical elements that contribute to an
organization’s security posture. Some examples of cybersecurity physical
security controls include:

The image depicts five examples of physical security controls.


They are: Perimeter Security - physical barriers like fences,
gates, walls, and access controls such as security guards,
surveillance cameras, and intrusion detection systems to restrict
unauthorized entry to premises. Secure Disposal - proper
disposal methods, such as shredding or secure wiping, are
employed to prevent unauthorized access to discarded phsical
media or documents containing sensitive information. Security
Alarms and Sensors - intrusion detection systems, motions
sensors, or alarms can be installed to detect unauthorized entry
or tampering with critial assets or infrastructure. Secure Storage
- lockable cabinets, safes, or secure storage facilities can be used
to protect physical assets. Access Controls - key cards, biometric
authentication (fingerprint, iris scan), or secure locks to limit
access to sensitive areas.

These physical security controls work in conjunction with technical and


administrative controls to create a holistic cybersecurity framework,
ensuring the protection of both digital and physical assets against cyber
threats.
Security Components

Physical Security Components


Physical security, within the realm of cybersecurity, focuses on
safeguarding interconnected systems where cyber and physical elements
converge. It involves a comprehensive approach that incorporates five
fundamental components: preparation, detection, deterrence, delay, and
defense. These components collectively aim to protect individuals,
information, physical assets, and infrastructures from threats. Here is a
closer look at each component:

The image depicts the five components of physical security, gives


a short definition, and provides a few examples. The components
are: Preparation - proactive measures taken to identify
vulnerabilities. Examples include conducting risk assessments,
implementing security controls, and establishing incident
response plans. Detection - identifies and alerts security of
unauthorized activity. Examples include motion detection, noise
detection, and temperature detection. Deterrence - aims to
discourage potential attackers. Examples include displaying
security signage, visible security cameras, and conducting
regular security audits and assessments. Delay - implemented to
slow down or impede attackers’ progress. Examples include
physical barriers, secure locks, and access control vestibules
(mantraps). Defense - active responses to physical security
threats. Examples include security guards, reception, and other
personnel.

By incorporating these components, organizations can establish a


comprehensive physical security strategy that protects individuals, assets,
and infrastructure from physical threats. This, in turn, contributes to a
robust cybersecurity posture by ensuring the overall resilience and
integrity of the interconnected systems. A strong physical security
foundation strengthens the overall security of an organization,
complementing the cybersecurity measures in place to create a holistic and
robust defense against threats.
Security Attacks

Physical Security Attacks


Physical cyber-attacks refer to incidents where physical access or
manipulation is used to compromise or disrupt computer systems,
networks, or digital infrastructure. Here are some examples of physical
cyber-attacks:

The image depicts common physical cyber-attacks and threats, a


short description, and a way to protect against them. The are:
Hardware Tampering - attackers physically tamper with
computer hardware, such as servers, routers, or network
switches, by inserting malicious components or modifying
existing ones. Protection comes from secure storage. Keylogging
Devices - attackers install physical keyloggers, such as small
devices or modified keyboards, to capture keystrokes and obtain
sensitive information, such as passwords or credit card details.
Protection comes from secure storage. Physical Access
Exploitation - by gaining physical access to a network
infrastructure or computer, attackers can potentially manipulate
or disrupt operations, install malware, or steal data directly from
the device. Protection comes from perimeter security.
Piggybacking & Tailgating - unauthorized individuals gaining
access to a secured area by closely following behind an
authorized person, taking advantage of their access privileges
without proper authentication. Protection comes from user
education and training. Shoulder Surfing - attackers physically
observe or eavesdrop on users as they enter passwords, PINs, or
other confidential information. Protection comes from user
education and training. USB-Based Attacks - attackers plant
infected USB drives or other removable media devices in an
organization’s premises, when connected to a computer,
malware is automatically executed. Protection comes from user
education and training. Dumpster Diving - attackers rummage
through discarded documents or hardware to gather sensitive
information, this can include finding credentials, financial data,
or proprietary information. Protection comes from secure
disposal.

End users are often considered the weakest link in network security. This is
because they are more susceptible to falling victim to social engineering
attacks, such as phishing emails or phone scams, which rely on
manipulating human behavior rather than exploiting technical
vulnerabilities. End users may unintentionally let an unauthorized
individual into the building or disclose sensitive information, providing an
entry point for attackers to infiltrate the network. Therefore, it is crucial to
educate and train end users to recognize and respond to potential security
threats, strengthening the overall security of the network.

It is also important to note that physical cyber-attacks often require a


combination of physical access and technical expertise. Implementing
comprehensive physical security measures, access controls, surveillance
systems, and employee awareness programs can help mitigate the risk of
such attacks and protect against potential vulnerabilities in an
organization’s cybersecurity defenses. Oftentimes physical cyber-attacks
can be the first step to an even larger cyber-attack plan to compromise a
network.

You might also like