Physical security of Information is often an area that is overlooked with the concentration usually placed on technical controls yet safeguarding the physical environment can have a huge impact on the overall information security of an organisation.
ProCheckUp can perform an assessment based on the guidance laid down in several standards and can adopt an approach which is tailored to an individual organisation:-
PCI DSS requirement 9
Whilst this is based on the protection of card data in reality any critical data or information can be protected using these controls as a base line.
ISO 27K annex A controls also provide a foundation control set for this type of assessment targeted at the overall physical security of an organisation , the Annex A controls are designed to be light touch and based on the overall risk appetite of an organisation.
The CPNI has a whole host of requirements aimed at either preventing or minimising the effects of direct assault on premises
Since the early 1990s, concern that terrorists might use chemical, biological and radioactive (CBR) materials as weapons has increased steadily.
CCTV should form only part of a whole security system; it should not be used on its own. It cannot replace security staff, although it may permit a reduction in their number or their redeployment to other security activities
Explosives and ballistics protection
Most terrorist bombs are improvised and so are known as improvised explosive devices (IEDs). If you believe your business or organisation might become the target of a bomb attack, you should assess the threat and potential damage and plan how to prevent or mitigate it.
Hostile Vehicle Mitigation (HVM)
Vehicle-borne threats range from vandalism to sophisticated or aggressive attacks by determined criminals or terrorists. The mobility and payload capacity of a vehicle offers a convenient delivery mechanism for a large explosive device. The HVM section contains policy and good practice guidance that will help practitioners to determine the vehicle-borne threat, assess site strengths and vulnerabilities, and provide options for HVM.
Lighting and obscuration
Lighting can be an important security measure, but may in fact assist an intruder if used incorrectly.
Perimeters and access control
Keep access points to a minimum and make sure the boundary between public and private areas of your building is secure and clearly signed. Invest in good quality access controls such as magnetic swipe identification cards or 'proximity' cards which are readable from a short distance.
Secure destruction of sensitive items
The destruction of sensitive items should be undertaken via a secure process. This section provides those responsible for information assurance and physical security with best practice guidance on the need for a secure destruction process, the development of robust procedures, and approved destruction equipment manufacturers and service providers.
Search and screening
Organisations may use search and screening measures to detect specific items and materials entering (or leaving) their buildings and sites; effective search and screening measures may additionally have a significant deterrent effect.
Please contact us for more information on how ProCheckUp Physical Security Audits can help you.