An organization can implement the best authentication scheme in the
world, develop the best access control, and install firewalls and intrusion
prevention, but its security cannot be complete without implementation
of physical security. Physical security is the protection of the actual
hardware and networking components that store and transmit
information resources. To implement physical security, an organization
must identify all of the vulnerable resources and take measures to ensure
that these resources cannot be physically tampered with or stolen. These
measures include the following.
• Locked doors. It may seem obvious, but all the security in the world
is useless if an intruder can simply walk in and physically remove a
computing device. High‐value information assets should be secured
in a location with limited access.
• Physical intrusion detection. High‐value information assets should be
monitored through the use of security cameras and other means to
detect unauthorized access to the physical locations where they
exist.