Chapter 13

Physical (Environmental) Security

In This Chapter

Recognizing threats to physical security

Planning your site and facility design

Identifying physical (environmental) security controls

Using physical security concepts and controls to protect your facilities

If you’ve already read Chapter 4, you may recall our analogy that castles are normally built in a strategic location with concentric towering walls. But what makes a location strategic, and how high is towering? Exactly where should you position the battlements and bastions? Who should guard the entrance, and what are the procedures for raising and lowering the drawbridge? And what should you do after all the burning and pillaging? These questions fall into the realm of the Physical (Environmental) Security domain.

For the Physical (Environmental) Security domain of the Common Body of Knowledge (CBK), the Certified Information Systems Security Professional (CISSP) candidate must fully understand the various threats to physical security; the elements of site- and facility-requirements planning and design; the various physical security controls, including access controls, technical controls, environmental and life safety controls, and administrative controls; as well as how to support the implementation and operation of these controls, as covered in this chapter.

Many CISSP candidates underestimate the physical security domain. As a result, exam scores are often lowest in this domain. Although much of the information in this domain may seem to be common sense, the CISSP exam does ask very specific and detailed questions about this domain, and many candidates lack practical experience in fighting fires!