Physical access to a computer is a tremendous advantage for an attacker or malicious insider.

  • Control access to all areas containing valuable assets (e.g., building access, electrical closets, server rooms, workstations and work areas with sensitive information, etc.)
  • Audit all access to sensitive areas
    • Make it easy to identify "who is allowed where", for sensitive areas, consider use of special badges indicating proper access privilege.
  • Test your controls, just as with electronic controls, physical controls should be tested periodically

Physical security is security too!

  • Use human guards, key-pads, proximity badges, biometric devices, etc.
  • Question/report strangers in your work area to a supervisor or building security
  • Protect confidential or sensitive information materials from being viewed by others (e.g. desk, printers, fax, etc.)