Page 679 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 679
Implement Site and Facility Security Controls
The security controls implemented to manage physical security can be
divided into three groups: administrative, technical, and physical.
Because these are the same categories used to describe access controls,
it is vital to focus on the physical security aspects of these controls.
Administrative physical security controls include facility construction
and selection, site management, personnel controls, awareness
training, and emergency response and procedures. Technical physical
security controls include access controls; intrusion detection; alarms;
closed-circuit television (CCTV); monitoring; heating, ventilation, and
air conditioning (HVAC) power supplies; and fire detection and
suppression. Physical controls for physical security include fencing,
lighting, locks, construction materials, mantraps, dogs, and guards.
Corporate vs. Personal Property
Many business environments have both visible and invisible
physical security controls. You see them at the post office, at the
corner store, and in certain areas of your own computing
environment. They are so pervasive that some people choose where
they live based on their presence, as in gated access communities
or secure apartment complexes.
Alison is a security analyst for a major technology corporation that
specializes in data management. This company includes an in-
house security staff (guards, administrators, and so on) that is
capable of handling physical security breaches.
Brad experienced an intrusion—into his personal vehicle in the
company parking lot. He asks Alison whether she observed or
recorded anyone breaking into and entering his vehicle, but this is
a personal item and not a company possession, and she has no
control or regulation over damage to employee assets.
This is understandably unnerving for Brad, but he understands
