Page 724 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 724
Exam Essentials
Understand why there is no security without physical
security. Without control over the physical environment, no amount
of administrative or technical/logical access controls can provide
adequate security. If a malicious person can gain physical access to
your facility or equipment, they can do just about anything they want,
from destruction to disclosure and alteration.
Be able to list administrative physical security controls.
Examples of administrative physical security controls are facility
construction and selection, site management, personnel controls,
awareness training, and emergency response and procedures.
Be able to list the technical physical security controls.
Technical physical security controls can be access controls, intrusion
detection, alarms, CCTV, monitoring, HVAC, power supplies, and fire
detection and suppression.
Be able to name the physical controls for physical security.
Physical controls for physical security are fencing, lighting, locks,
construction materials, mantraps, dogs, and guards.
Know the functional order of controls. These are deterrence,
then denial, then detection, and then delay.
Know the key elements in making a site selection and
designing a facility for construction. The key elements in making
a site selection are visibility, composition of the surrounding area, area
accessibility, and the effects of natural disasters. A key element in
designing a facility for construction is understanding the level of
security needed by your organization and planning for it before
construction begins.
Know how to design and configure secure work areas. There
should not be equal access to all locations within a facility. Areas that
contain assets of higher value or importance should have restricted
access. Valuable and confidential assets should be located in the heart
or center of protection provided by a facility. Also, centralized server
