Chapter 13: Physical (Environmental) Security

In This Chapter

• Threats to physical security

• Planning your site and facility design

• Physical access, technical, administrative, and environmental and life safety controls

• Perimeter, interior, and operations/facility security

• Protecting and securing equipment

Overview

If you’ve already read Chapter 4, you may recall our analogy that castles are normally built in a strategic location with towering walls. But what makes a location strategic, and how high is towering? Exactly where should the battlements and bastions be positioned? Who should guard the entrance, and what are the procedures for raising and lowering the drawbridge? And what should you do after burning and pillaging? This is the realm of the physical (environmental) security domain.

For the Physical (Environmental) Security domain of the Common Body of Knowledge (CBK), the Certified Information Systems Security Professional (CISSP) candidate must fully understand the various threats to physical security, the elements of site and facility requirements planning and design, and the various physical security controls, including access controls, technical controls, environmental and life safety controls, and administrative controls, and how to support the implementation and operation of these controls, as covered in this chapter.

 Tip   Many CISSP candidates underestimate the physical security domain. As a result, exam scores are often lowest in this domain. Although much of the information in this domain is redundant and may seem to be common sense, the CISSP exam does ask very specific questions from this domain, and many candidates lack practical experience in fighting fires!