Physical security is the most neglected aspect of preventing a security breach
It is generally accepted that if someone has physical access to any computing resource, that system can inevitably be compromised; therefore, physical security has evolved as one of the most important security controls that can be applied across the network.
However, in today’s world, the convergence of physical security and logical security solutions requires IT directors to manage far more information than ever before. The complexity of physical security, including operational management issues, makes it difficult to implement.
DigitalDefence’s Physical Security Services has two immediate goals:
- Ensures a safe working environment for all employees; and,
- Ensurses that physical access controls, data centres, server rooms, environmental controls, and key facilities are secure.
Using a non-invasive methodology based on Crime Prevention Through Environmental Design, CPTED, DigitalDefence will assess your organization’s physical security controls, including:
- Risk identification and analysis, including threat assessment; including analysis of relevant crime data
- Review of compliance requirements specific to the customer’s industry
- Review of site and physical premises
- Perimeter security (physical environment, fences, gates, other access points)
- Security lighting
- Mechanical and electronic access controls, including management of locks and keys
- Management control systems for physical access controls, including security of systems connected to the internal LAN or accessible via remote access
- Alarm systems and sensors
- Video monitoring
- Visitor entry, verification, and management procedures
- General operational procedures affecting physical security
- Effective use of security personnel
We will ensure that all controls have been validated, and can provide physical penetration testing scenarios to ensure employees are prepared for on-site social engineering threats.
NOTE: DigitalDefence does not conduct sweeps to find covert listening or transmission devices (“bugs”); however, we have partnerships with several reputable firms that can provide this service if needed.
Highlights employee safety; builds trust between employees and the organization
Ensures the integrity and availability of vital network resources and data
Provides protection against social engineering attacks – the most successful means of compromising an organization’s data
Minimizes corporate liability and costs associated with a data breach
Standards-based assessment complies with Canadian Federal government (RCMP) standards