Overview

In January 2000, the Critical Infrastructure Assurance Office of the United States government released a guidebook entitled Practices for Securing Critical Information Assets. Physical security involves the protection of building sites and equipment (and information and software contained therein) from theft, vandalism, natural and manmade disasters, and accidental damage.

Managers must be concerned with building construction, room assignments, emergency procedures, regulations governing equipment placement and use, energy and water supplies, product handling, and relationships with employees, outside contractors, and agencies. Some solutions may require the installation of key locks, fire extinguishers, surge protectors, window bars, automatic fire equipment, and alarm systems. This chapter examines the process of developing physical security plans that will encompass all of these requirements.

The types of threats that must be addressed were covered in Chapter 1. Alternative methods on how to organize a physical IT security program were covered in Chapter 2. This chapter examines the basic aspects of the physical IT security planning process including:

• An overview of the planning process

• Developing the IT physical security plan

• Utilizing existing risk exposure analysis

• Integrating physical IT security and cyber security planning

• Integrating physical IT security and disaster recovery planning

• Integrating physical IT security and business continuity planning

• Working with your insurance company

• Establishing an incident response team

Developing a physical IT security plan does not need to be complicated. As was shown in Chapter 2, there are several ways to staff and implement physical IT security needs without establishing a specialized unit or...