About Me
CompTIA Security+
1 Threats, Attacks, and Vulnerabilities
1-1 Types of Threats
1-2 Types of Attacks
1-3 Vulnerabilities
1-4 Threat Actors and Motives
1-5 Threat Intelligence
1-6 Incident Response
1-7 Penetration Testing
1-8 Vulnerability Scanning
1-9 Threat Modeling
1-10 Security Controls
2 Technologies and Tools
2-1 Firewalls
2-2 Intrusion Detection Systems (IDS)
2-3 Intrusion Prevention Systems (IPS)
2-4 Security Information and Event Management (SIEM)
2-5 Data Loss Prevention (DLP)
2-6 Security Orchestration, Automation, and Response (SOAR)
2-7 Endpoint Security
2-8 Network Security
2-9 Cloud Security
2-10 Mobile Device Security
2-11 Secure Coding Practices
2-12 Cryptography
2-13 Public Key Infrastructure (PKI)
2-14 Certificate Management
2-15 Security Tools and Utilities
3 Architecture and Design
3-1 Security Models
3-2 Security Controls
3-3 Secure Network Design
3-4 Secure Systems Design
3-5 Secure Application Design
3-6 Secure Cloud Architecture
3-7 Secure Mobile Architecture
3-8 Secure IoT Architecture
3-9 Secure Data Storage
3-10 Secure Backup and Recovery
3-11 Security in DevOps
3-12 Security in Agile Development
3-13 Security in Continuous IntegrationContinuous Deployment (CICD)
3-14 Security in Configuration Management
3-15 Security in Identity and Access Management (IAM)
4 Identity and Access Management
4-1 Authentication Methods
4-2 Authorization Mechanisms
4-3 Identity and Access Management (IAM) Concepts
4-4 Single Sign-On (SSO)
4-5 Multi-Factor Authentication (MFA)
4-6 Federation
4-7 Role-Based Access Control (RBAC)
4-8 Attribute-Based Access Control (ABAC)
4-9 Identity as a Service (IDaaS)
4-10 Identity Lifecycle Management
4-11 Access Reviews and Audits
4-12 Privileged Access Management (PAM)
4-13 Identity Federation
4-14 Identity Provisioning and Deprovisioning
5 Risk Management
5-1 Risk Management Concepts
5-2 Risk Assessment
5-3 Risk Mitigation Strategies
5-4 Business Impact Analysis (BIA)
5-5 Risk Register
5-6 Risk Treatment
5-7 Risk Monitoring and Reporting
5-8 Risk Appetite and Tolerance
5-9 Risk Communication
5-10 Risk Transfer
5-11 Risk Acceptance
5-12 Risk Avoidance
5-13 Risk Reduction
5-14 Risk in Cloud Environments
5-15 Risk in Mobile Environments
5-16 Risk in IoT Environments
6 Cryptography and PKI
6-1 Cryptographic Concepts
6-2 Symmetric Encryption
6-3 Asymmetric Encryption
6-4 Hashing
6-5 Digital Signatures
6-6 Public Key Infrastructure (PKI)
6-7 Certificate Management
6-8 Certificate Authorities (CAs)
6-9 Certificate Revocation
6-10 Key Management
6-11 Cryptographic Protocols
6-12 Cryptographic Attacks
6-13 Quantum Cryptography
6-14 Post-Quantum Cryptography
6-15 Cryptographic Use Cases
7 Security Operations
7-1 Security Operations Concepts
7-2 Security Policies and Procedures
7-3 Security Awareness and Training
7-4 Security Monitoring and Logging
7-5 Incident Response
7-6 Forensics
7-7 Disaster Recovery
7-8 Business Continuity
7-9 Physical Security
7-10 Personnel Security
7-11 Supply Chain Security
7-12 Third-Party Risk Management
7-13 Security Audits and Assessments
7-14 Compliance and Regulatory Requirements
7-15 Security Metrics and Reporting
7-16 Security Operations Center (SOC)
7-17 Security Orchestration, Automation, and Response (SOAR)
7-18 Security in DevOps
7-19 Security in Agile Development
7-20 Security in Continuous IntegrationContinuous Deployment (CICD)
7.9 Physical Security Explained

7.9 Physical Security Explained

Key Concepts

Physical Security involves protecting an organization's assets from physical threats and unauthorized access. Key concepts include Perimeter Security, Access Control, Environmental Controls, and Physical Security Devices.

Perimeter Security

Perimeter Security focuses on protecting the outer boundaries of a facility to prevent unauthorized access. This includes measures such as fences, walls, gates, and barriers.

Example: A company installs a high, secure fence around its premises to deter intruders. The fence is equipped with barbed wire and surveillance cameras to monitor and control access to the facility.

Access Control

Access Control involves managing and restricting entry to a facility or specific areas within it. This includes using locks, keycards, biometric systems, and security personnel.

Example: An office building uses a keycard system to grant access to employees. Each employee is issued a unique keycard that grants them access only to the areas they are authorized to enter. This ensures that unauthorized individuals cannot gain access to sensitive areas.

Environmental Controls

Environmental Controls are measures taken to protect facilities from environmental threats such as fire, water damage, and extreme temperatures. This includes fire suppression systems, HVAC systems, and flood barriers.

Example: A data center installs a fire suppression system that uses inert gases to extinguish fires without damaging equipment. The center also has a HVAC system to maintain optimal temperature and humidity levels, preventing overheating and condensation.

Physical Security Devices

Physical Security Devices are tools and equipment used to enhance the physical security of a facility. This includes surveillance cameras, alarms, motion detectors, and security guards.

Example: A retail store installs surveillance cameras throughout the store to monitor customer and employee activity. The cameras are connected to a central monitoring system that alerts security personnel to any suspicious behavior. Additionally, the store has motion detectors at the entrance to trigger alarms if unauthorized individuals attempt to enter after hours.

Conclusion

Physical Security is essential for protecting an organization's assets from physical threats and unauthorized access. By understanding and implementing Perimeter Security, Access Control, Environmental Controls, and Physical Security Devices, organizations can enhance their overall security posture and safeguard their facilities.

© 2024 Ahmed Baheeg Khorshid. All rights reserved.