Physical security, which is the protection of physical property, includes both technical and nontechnical elements. It is an often-overlooked but critical side of an information security program. Your capability to secure your information relies on your ability to secure your place physically.
Information security is more dependent on nontechnical policies, procedures, and business processes than on the technical hardware and software solutions that many people and vendors swear by.
Whatever your PC and network-security technology, virtually any attack is possible if an attacker is in your building or data center. That’s why scanning for physical security issues and fixing them before they’re exploited is necessary. Actually, thousands of potential security issues exist. The bad guys are always on the lookout for them, so you should look for these issues first. When these issues are exploited, critical things can happen. All it needs to exploit these flaws is an unauthorized individual entering your building.
Many possible physical security exploits appear strange, but they can happen in organizations that don’t take physical security seriously. The hackers can exploit many physical security vulnerabilities, including weaknesses in a building’s infrastructure, office layout, computer-room access, and design.
In addition to these factors, consider the facility’s proximity to local emergency support (police, fire, and ambulance) and the area’s crime statistics (burglary, breaking and entering, and so on) so you can fully understand what you’re up against.