Physical Security and Social Engineering
Do current physical security controls, and the way that they are implemented,
provide adequate personnel safety and security for your data?
Are you considering adopting access controls based on new technologies,
such as biometrics?
Are your employees trained to identify and respond to social engineering
attacks?
It is generally accepted that if someone has physical access to any computing resource, that system can inevitably be compromised; intruders with access to your network can install “backdoors” for remote access to your network, keylogging software that steals passwords, and remove hardware that makes your data – and business – unavailable.
Therefore, physical security has evolved as one of the most important security controls that can be applied across the network.
However, the complexity of physical security, including operational management issues, make it difficult to implement. DigitalDefence’s Physical Security and Social Engineering service has three immediate goals:
Therefore, physical security has evolved as one of the most important security controls that can be applied across the network.
However, the complexity of physical security, including operational management issues, make it difficult to implement. DigitalDefence’s Physical Security and Social Engineering service has three immediate goals:
- Ensure a safe working environment for all employees
- Ensure that physical access controls, data centres, server rooms, environmental controls, and key facilities are secure
- Ensure that employees have received the training required to recognize and respond to a social engineering attack
Service Description
- Threat assessment to identify and analyze man-made and natural threats to your physical infrastructure
- Review of organization’s IT security processes and documents related to physical security, incident response, HR processes, emergency plans
- Review of operational controls, such management of on-site contractors and visitors
- On-site inspection of external physical security controls, including environmental design (CPTED), fencing and lights, access points, guards, alarm systems
- Review of IT infrastructure
- On-site inspection of internal physical security controls including access controls (locks and keys, biometrics), use of security zones, doors, windows
- Review of data centre, server rooms, wiring closets
- Review of environmental controls including HVAC, fire detection and suppression systems, water leakage control
- Physical security of workstations, mobile devices, and other endpoints
- Physical security of non-electronic data (printer rooms, records storage areas)
Resources
Protect
Digital Defence’s PROTECT services will help you to identify hidden security threats in your network, and understand their true impact on your organization. This knowledge will help you to build an effective security plan, and act before you become the victim of a security or privacy breach. (461 KB)
... VIEWPhysical Security
Digital Defence’s Physical Security service is based on Canadian Federal Government security standards and industry best practices. (463 KB)
... VIEW