December 15, 2022
CISSP Study Guide: Physical Access Controls
December 15, 2022
There are several types of physical access control methods that can be applied to administer, monitor, and manage access to a facility. These physical access control mechanisms range from deterrents to detection mechanisms. If facilities that have different sections, divisions, or areas that are designated as public, private, or restricted should have specialized physical access controls, monitoring, and prevention mechanisms for each of the designated areas. These methods can be used to separate, isolate, and control access to the areas of the facility and include fences, gates, turnstiles and mantraps; security guards and guard dogs; badges, keys and locks; motion detectors and alarms; as well as adequate lighting.
A fence can be used to cordon off different areas and can include a wide range of components, materials, and construction methods. It can come in various constructs: painted stripes on the ground, chain link fences, barbed wire or cement walls. Various types of fences are effective in keeping out different types of intruders: fences that are 3 to 4 feet high hinder casual trespassers; fences that are 6 to 7 feet high are difficult to climb; and fences that are 8 feet high with three strands of barbed wire deter aggressive intruders.
Gates can be used to control entry and exit points in a fence. The deterrent of a gate must be equivalent to the deterrent level of the fence to maintain effective security of the fence as a whole. Additionally, hinges and locking mechanisms of the gate should be fortified to diminish tampering, destruction, or removal. As an extra layer of security, gates can be protected by security guards, guard dogs or CCTV.
A turnstile is a specialized gate that allows only one person at a time from gaining entry to a building or room, and often permits entry but not exit or vice versa. A mantrap is a double set of doors that are often guarded by security personnel. It’s designated as a holding area until an individual’s identity and authentication is verified. If that information is verified and they are cleared for entry, the inner door opens, allowing them to enter the facility. If they are not cleared for entry, both doors remain locked until an escort arrives to escort them off the property or arrest them for trespassing.
Locks and keys are a basic form of security and authorization mechanism. A user requires the correct key or combination to gain entry. Such users are considered authorized. Key-based locks are the most utilized and inexpensive forms of physical access control devices. Combination locks offer a wider range of control and they can be configured with multiple valid access combinations.
Security guards may be stationed around a perimeter or inside to oversee access points or watch detection and surveillance monitors. They can work with and respond to different conditions or situations and are trained to recognize attack and intrusion activities and patterns. Security guards are an effective form of security control when immediate, onsite, situation response and quick decision-making is required. There are a number of disadvantages to utilizing, maintaining, and relying upon security guards. Not all environments and not all facilities are designed to accommodate security guards. Furthermore, not all security guards can provide 100 percent reliability. Situations where their lives may be endangered, a security guard may be more concerned about self-protection than the preservation of the security of the facility.
Guard dogs can be an effective alternative to security guards. They can be deployed as a perimeter security control and have proven to be an effective deterrent mechanism. However, guard dogs require significant and ongoing maintenance, and impose serious insurance and liability requirements.
A badge, or ID card is a physical form of identification or electronic access control device. Examples such as name tags or smart cards can use several methods of authentication to provide authorization to access a facility, designated security areas, or secured workstations. Badges typically include photos and magnetic strips with encoded data, as well as specific information about the user to help verify identity. Badges may also be used in locations where physical access is monitored by security guards. The badge is a form of visual ID inspected by security. Alternatively, badges can be used with scanning devices that read the magnetic strip. In this case, the badge can be used either for identification or for authentication.
Effective lighting is another method that’s typically implemented in perimeter security control. Its chief purpose is to forestall would be intruders, trespassers, and prowlers who are more inclined to attempt unlawful entry in the dark. Though lighting is helpful, it’s not a guaranteed deterrent and should only be used as an added security measure, rather than the primary method. As well, effective lighting should not expose the locations of security guards, guard dogs, and patrol posts.
A motion detector is a device that senses movement in a pinpointed area: When a motion detector picks up significant movement in the environment it triggers an alarm, which can be a deterrent, notification mechanism or a method to keep away would-be intruders. Deterrent alarms may also trigger doors to close and engage locks, making further intrusion more difficult. Alarms that trigger repellants will blare a siren and activate lights. These types of alarms are used to hinder the intruder from furthering their activities and hopefully encourage them to leave the premises. Alarms that trigger notification are often silent, but they log data about the unfolding incident and notify security administrators, security guards, and law enforcement.
When motion detectors and alarms are used, secondary verification methods should be used to avoid false triggers. These can happen when birds, animals or authorized persons accidentally trip the alarm. Using two or more detection systems and relying on two or more triggers to occur before the alarm is triggered can diminish the rate of false alarms and preserve certainty of sensing actual intrusions or attacks.
A closed-circuit television (CCTV) system is a security tactic similar to motion detectors, and alarms but is not an automated detection-and-response system. CCTV relies on designated personnel to monitor the captured video to observe suspicious and malicious activities and to trigger alarms. CCTV is usually not employed as the main detection mechanism, but as a secondary tactic that is reviewed after an alert of an automated system occurs.
Let's build your cybersecurity career together
Accelerate in your role, prepare for certifications, and develop cutting edge skills with the most in-demand training in the industry.
2,000+learning activities led by highly experienced cybersecurity professionals