Physical information security involves the protection of organizational assets from environmental and manmade threats. It is the first layer of protection in any organization and is described as the certain safety measures that deny unauthorized access to organizational assets, and protects personnel and property from damage or harm (e.g. espionage, theft, or terrorist attacks). It involves the use of multiple layers of interdependent systems, which include CCTV surveillance, security guards, protective barriers, locks, access control protocols, and so on.
Physical security helps to:
Prevent any unauthorized access to the system resources:
Physical security protects information from unauthorized use and implements controls so that the authorized user does not inadvertently or intentionally misuse or compromise the integrity and availability of the information.
Prevent tampering/stealing of data from the computer systems:
Insider can use USB or other portable devices to steal information from a computer. Security administrators deploy monitoring tools that trigger an alarm if an insider connects an external device to any of the systems in the network.
Also Read: How to Hack Facebook
Safeguard against espionage, sabotage, damage, or theft:
Companies deploy surveillance systems, CCTVs, alarm systems, security guards, etc. to monitor and safeguard the organization’s assets. Security administrators also use an access card authentication system for server rooms, file areas, communication closets, off-site backups, phone rooms, IT equipment, and other areas to which only a limited number of people have access.
To protect personnel and prevent social engineering attacks:
Physical security personnel and internal employees need periodic physical security awareness training to protect themselves from social engineering attacks.
Physical security is perhaps the most overlooked aspect of security. Categories of physical security threats are:
This type of threat includes the results of naturally occurring events, including:
Floods: Administrators should conduct periodic inspections to check for water seepage, especially during times of heavy precipitation. They should also check the water detector periodically. Administrators should aware of proper shutdown procedures, and must perform exercise drills regularly.
Fire and Smoke: Administrators should periodically check the proper placement and functioning of fire alarms and extinguishers. They should also install smoke detectors throughout the building(s). The designated smoking area should be as far as possible from the computer system.
Also read: How to hack phone
Earthquakes: Even minor earthquakes may cause dust and debris to fall on computer equipment. Plastic sheets should be readily available in the system room. Covering computing assets in an emergency may mitigate the damage. Operators should properly cover magnetic tapes to prevent wear and tear.
Dust: Dust that naturally accumulates on hardware hinders its performance. Dust can seriously hinder a computer’s ability to cool down. Even if the computer case is closed, dust can still get in through drive openings. An effective way to remove dust from the inside of the CPU is to blow it away from the motherboard and other components using compressed air.
Man-made threats are one of the most important topics when we talk about Physical Information Security
The biggest threat to the physical components of an organization and its network are from human errors, be they intentional. For example, human errors include hitting the wrong button and unplugging the wrong cord.
Man-made threats include:
Terrorist activities include the following:
- Random killings
Wars: Wherever they occur, wars destroy the major buildings, industries, and infrastructures and change the economic conditions of countries. Also, pollution can spread due to bombs and expelled gases.
Explosion: To prevent explosions chemicals should be isolated and kept away from computers.
Dumpster diving and theft: “Dumpster diving” involves searching the garbage of the targeted company in order to acquire important information. Attackers search for information such as phone numbers, credit card numbers, and other information commonly thrown away in dustbins. Attackers can also use discarded storage media such as floppy disks, CDs, and tapes to obtain important information.
Lack of proper security may result in equipment theft. A guard on the premises can help prevent this.
Vandalism: Disgruntled or former employees may try to compromise the system. In addition, in a case in which a disaster causes panic, the system might be mishandled.
Also Read: SQL Injection
If you need any extra information about Physical Information Security you can comment below we will help you soon.
– Ajinkya Kadam