Categories Topics
Description
Physical (and Environmental) Security

Overview
The main objective of Physical and Environmental Security is to protect facilities from environmental damage and unauthorized physical access.

Guidelines
Physical security includes a number of physical and environmental controls needed to ensure the safety and security of the organization's most prized assets (i.e. people and information) to include:
  • Fire/smoke detection, prevention and suppression
  • Power stability and safeguards
  • Water damage protection of computing facilities
  • Air quality, temperature and humidity controls
  • Storage of flammable supplies in accordance with local regulatory guidelines
  • Restricted physical access
Strong safety controls, such as fire and smoke detection and suppression, will help protect the organization from many different threats to physical security and safety and shall alert security staff or fire department of potential fire. Water sprinklers should also be implemented in facilities outside of server hosting facilties to meet fire code guidelines.

The information processing facilities (e.g. data center, raised floor, server rooms) should also ensure water protection is in place to prevent potential flooding or water damage that could reduce the availability of critical systems.  Flammable supplies should also be stored in conjunction with local regulatory guidelines.

Physical Access includes mechanisms to prevent unauthorized access to facilities (e.g. security gurards, ID badge/card readers, visitor sign in, alarms, etc.).  Please see topic "Physical Access" for additional physical controls.

Topic Category
Physical (and Environmental) Security
 
News Articles
Hackers built a 'master key' for millions of hotel roomswww.zdnet.com4/25/2018
Smart Locks Bricked by Bad Updatethreatpost.com8/15/2017
US visa applicants will have to provide social media handleswww.helpnetsecurity.com6/2/2017
German minister seeks facial recognition at airports, train stationswww.theregister.co.uk8/22/2016
US Customs wants foreign nationals to reveal their social media handleswww.zdnet.com6/28/2016
DIY security offers smarter peace of mindwww.cnet.com5/2/2014
Police want to use your home security cameras for surveillancenews.cnet.com1/26/2014
Shop-a-suspect web security system: 'We've helped cops nab 100 suspects'www.theregister.co.uk9/10/2013
Nicked unencrypted PC with 6,000 bank details lands council fat finewww.theregister.co.uk6/7/2013
AT&T debuts 'Digital Life' robo-home and security techwww.theregister.co.uk4/26/2013
Boston bombings: How facial recognition can cut investigation time to secondsnews.cnet.com4/18/2013
Vudu resets user passwords after hard drives lost in office burglarynews.cnet.com4/9/2013
Crooks Spy on Casino Card Games With Hacked Security Cameras, Win $33Mwww.wired.com3/15/2013
Vulnerability Lets Hackers Control Building Locks, Electricity, Elevators and Morewww.wired.com2/6/2013
Hackers squeeze through DVR hole, break into CCTV cameraswww.theregister.co.uk1/29/2013
Does Your Alarm Have a Default Duress Code?krebsonsecurity.com1/2/2013
Share With 911: Empowering the school community to keep kids safewww.zdnet.com1/2/2013
Simple, low-tech solutions for school safetywww.zdnet.com12/22/2012
Flaw in Home Security Cameras Exposes Live Feeds to Hackerswww.wired.com2/7/2012
Romanian Man Charged in $1.5 Million ATM Skimming Scamwww.wired.com1/6/2012
Policies
Physical and Environmental Control Policy
Standards
PCI Card Production Physical Security Requirements v1.0PCI5/9/2013