A lack of physical security perimeter controls may compromise many of the controls necessary to maintain a complete Security Program.
Organizations are at significant risk if someone can stroll into an office, take information or information assets, and leave without a trace that they were ever there. Physical security perimeters are necessary to help organizations maintain a secure environment. These perimeter controls are the focus of pitfall #40 in my eBook, Security Program Pitfalls and Prescription to Avoid Them.
Security perimeters, such as walls that act as barriers, card-controlled entry doors, and staffed reception desks should be used to protect your organization’s facilities. This is especially important for rooms, offices, or data centers that contain sensitive information, or the information systems used to process or manage that type of information. Physical protection guidelines for working in secure areas, such as a data center, should be designed, implemented, and communicated to all appropriate personnel. Access to data centers or other high-risk areas should require an additional layer of physical access requests and approvals prior to access being granted.
Facility access points such as delivery and loading areas or other points of entry potentially accessible by unauthorized persons should be controlled. If possible, these areas should be isolated from information processing areas to avoid the opportunity for unauthorized access to your secure areas, information, and information systems.
Information systems that store, process, or transmit protected or otherwise sensitive information should not be located in areas that are unattended or have unrestricted access to the public, customers, or consumers. This dramatically increases the risk of unauthorized viewing or even potential theft of assets. Information systems should be located in rooms with doors and windows that are locked when left unattended. External protective measures should also be considered, particularly for offices or other locations at ground level.
To learn more about this pitfall, and 99 more, get my book: 100 Security Program Pitfalls and Prescriptions to Avoid Them (available on Amazon here). Or register for a demo of the ASCENT Security and Compliance Portal and get a free synopsis of the 100 Security Program Pitfalls eBook today.