Overview

Physical security for IT equipment, network technology, and telecommunications assets has been drastically overlooked in many organizations during the last decade. This was caused in part by large numbers of organizations installing additional computer equipment, local area networks (LANs), and gateways to wide area networks (WANs) in buildings that did not have facilities that were specifically designed facilities to accommodate the equipment.

This chapter provides an overview on why physical security is important and how a physical security program relates to a cyber security program. In addition, basic steps on how to guard against physical attacks executed by disgruntled employees, angry former employees, social and political activists, vandals, saboteurs, thieves and spies, and domestic and international terror- ists are examined. The importance of protecting equipment from potential natural disasters and damaging random events is also covered.

The recommended practices are cumulative and interrelated, which means that the more comprehensive the physical protection program the greater the possibility of reducing damage from a wide array of attacks and events. The practices are listed under threat areas because they are tied to preventing harm caused by the behaviors most characteristic of a specific type of attacker. This is not a perfect categorization but is done to address common behaviors, motivations, and skill sets of the various types of attackers. Please do not ignore the practices because you think there are not threats from specific types of attackers. It is better to take a holistic look at physical security and eliminate as...