Physical Security Models

Security in general and physical security in particular is very crucial for any origination. Origination’s information security policy holds key to securing organization assets. Security controls can be categorized into three models, administrative controls, physical controls and technical controls, these controls are generally the first line of defense in case of security attack.

Technical and physical control interns come udder umbrella broader field of physical security.

Administrative Controls

The administrative controls include site planning, construction, designing and location of business facility, these also includes measures to detect and prevent common physical attacks. Facility planning technique used to identify systematic relationship between processes and applications of business to effectively plan the business facility, for example organization needs in-house servers at facility, protecting internet connection, electricity, hardware, temperature system etc. would need careful consideration, site planning also required employees and safety expert’s involvement and feedback. Site geolocation consideration is also important in security prospect.

If you are building new facility or buying an existing one, depending upon the nature of your business, you need to consider its geolocation, access to roads, freeways, airport, rivers, and probability of natural disasters etc. for effectively security the facility, you need to have disaster recovery plan as well. Facility design play important role in protection physical resources, you need to outline the facility in a way is hard to access for intruders and easier for employees and daily use.

Crime Prevention Through Environmental Design (CPTED) improve facility security using environment elements that modifies human behavior, has proved very successful.

Technical Controls

This area of controls merely focuses on access control, which by far the most compromised section of security pie. This includes various layers of security in form of smart-cards, intrusion detection and audit systems. It also states the organization wide awareness and response to various security incidents. Smart-card type of access control mechanism based on microchip-based cards, which used to authenticate the user who is trying to access the system.

The smart-cards are registered within the system along with another form of authentication, for example PIN or password, when user try to access the system using smart card, it first authenticates the card and then asks user for another form of identity like PIN or password, upon validating both form of use credential, user is granted or denied access to system.

The problem with smart-card access controls is that, it’s expensive to implement and there were some smart-card attacks in the past in which attacker reversed engineer the smart-card to bypass authentication, in conjunction with software and microprobe attacks to break security.

Proximity reader and Radio Frequency Identification (RFID) is another form of access controls which scans chip-card using radio frequency waves when someone enters protected area, it determines if he or she is authorized person. These readers also used to track equipment within facility, and if anything moves outside the protected area it trigger alarm to notify the authorities.

Physical Controls

Physical controls need to restrict access to business facility, these consist of different layers of protection, for employees and non-employees based on their access level.  The first layer of physical security kicks of setting up parameter or fence around the facility. The entry doors must be protected with cards readers, people must be authorized by their badge before entering the facility.  

Motion detectors can also be used to detect any unusual activities, these induce sound, heat level and light-based detection capabilities. These motion detector works in conjunction with instruction alarms system to trigger alarm in case of anything unusual. CCTV surveillance is also very effective way to achieve physical security inside and outside business facility.