Physical/Environmental Security

{`
Kelly School of Business
Indiana University
Information Systems Graduate Programs
`}

Goals of Physical Security

• Deter
• Delay
• Detect
• Assess
• Respond

Threats to Physical Security

• Natural/Environmental threats
• Hurricanes, tornados, earthquakes, forest fires, floods
• Utility systems
• Electrical, communications
• Malicious threats/Human-made/Political events
• Physical attacks, sabotage, vandalism, arson, theft, riots
• Accidental threats
• Done by insiders inadvertently

Sites

• Location
• Rural vs. Urban location
• Full ownership of facility vs. partial ownership
• Geographical location and possibility of natural disasters
• Site construction and planning
• Crime Prevention through Environmental Design (CPTED)
• Used by architects, city planners, and security professionals as a crime reduction technique that has several key elements applicable to the analysis of the building function and site design against physical attack
• Examples
• Using a single, clearly identifiable, point of entry
• Using climbing thorny plants next to fences to discourage intrusion

Layered Defense Model

Procedural Controls

• Guard post
• Checking/escorting visitors
• Managing deliveries
• Security zones and restricted work areas in buildings
• Security for communication links

Infrastructure Support

• Fire prevention, detection, suppression
• Fire and smoke detection systems
• Fire suppression systems
• Dry pipe vs. wet pipe systems
• Boundary protection
• Perimeter walls, fences
• Vehicle and personnel entry and exit gateways

Building Entry Points

• Keys and locking systems
• Walls, doors and windows
• Access controls
• CCTV
• Intrusion detection systems (for physical intruders)
• Portable device security
• Asset and risk registers

Information Protection and Management Services

• Managed services
• Audits, drills, exercises and testing
• Vulnerability and pen tests
• Maintenance and service issues
• Education, training, awareness

Summary