Physical security describes both measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media, and guidance on how to design structures to resist various hostile acts. It can be as simple as a locked door or as elaborate as multiple layers of armed security guards and guardhouse placement.
Physical security is not a modern phenomenon. Physical security exists in order to deter persons from entering a physical facility. Historical examples of physical security include city walls, moats, etc.
The key factor is the technology used for physical security has changed over time. While in past eras, there was no passive infrared (PIR) based technology, electronic access control systems, or video surveillance system (VSS) cameras, the essential methodology of physical security has not altered over time. Locks are digitally controlled and audited in modern facilities.
Elements and design
The field of security engineering has identified the following elements to physical security:
In a well designed system, these features must complement each other. There are at least four layers of physical security:
- Environmental design
- Mechanical, electronic and procedural access control
- Intrusion detection
- Video monitoring
- Personnel Identification
The goal is to convince potential attackers that the likely costs of attack exceed the value of making the attack.
The initial layer of security for a campus, building, office, or physical space uses crime prevention through environmental design to deter threats. Some of the most common examples are also the most basic - barbed wire, warning signs and fencing, concrete bollards, metal barriers, vehicle height-restrictors, site lighting and trenches.
The next layer is mechanical and includes gates, doors, and locks. Key control of the locks becomes a problem with large user populations and any user turnover. Keys quickly become unmanageable forcing the adoption of electronic access control. Electronic access control easily manages large user populations, controlling for user lifecycles times, dates, and individual access points. For example a user's access rights could allow access from 0700 to 1900 Monday through Friday and expires in 90 days. Another form of access control (procedural) includes the use of policies, processes and procedures to manage the ingress into the restricted area. An example of this is the deployment of security personnel conducting checks for authorized entry at predetermined points of entry. This form of access control is usually supplemented by the earlier forms of access control (i.e. mechanical and electronic access control), or simple devices such as physical passes.
Full article ▸