Physical access to a computer is a tremendous advantage for an attacker or malicious insider.
- Control access to all areas containing valuable assets (e.g., building access, electrical closets, server rooms, workstations and work areas with sensitive information, etc.)
- Audit all access to sensitive areas
- Make it easy to identify "who is allowed where", for sensitive areas, consider use of special badges indicating proper access privilege.
- Test your controls, just as with electronic controls, physical controls should be tested periodically
Physical security is security too!
- Use human guards, key-pads, proximity badges, biometric devices, etc.
- Question/report strangers in your work area to a supervisor or building security
- Protect confidential or sensitive information materials from being viewed by others (e.g. desk, printers, fax, etc.)