Administrative Physical Security Controls

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Administrative Physical Security Controls:

Administrative physical security controls are related to the use of proper administrative processes. These processes include facility requirements planning for proper emergency protocol, personnel control, and proper facility security management.

Facility Requirements Planning: Without appropriate control over the physical environment, no amount of administrative, technical, or logical access controls can offer effective security to an organization. Control over the physical environment starts with organizing the security requirements for a facility. A secure facility plan details the security needs of the organization and highlights methods or mechanisms to implement effective security. Such a plan is created through a process called critical path analysis, which is an organized effort to identify relationships between mission-critical applications, methods, and procedures and all of the necessary supporting elements.

When critical path analysis is performed appropriately, a comprehensive picture of interdependencies and interactions necessary to support the organization is produced. Once the analysis is established, the results supply an itemized list to be physically secure. This needs to be accomplished in the preliminary stages of the construction of a facility. One of the central physical security elements established during the construction stage include identifying and designing a secure site that will house the organization’s IT infrastructure and operations.

The security needs of the organization should be the chief concern when identifying a site. The site should be accessible to both employees and external services without close proximity to possible hazards or areas with a high crime rate. Another issue to be considered is the level of susceptibility to natural disasters in the area. The site should not be prone to earthquakes, mud slides, sink holes, fires, floods, hurricanes, tornadoes, falling rocks, snow, rainfall, ice, humidity, heat, extreme cold, and so forth. The site should also be within reachable distance to emergency services, such as police, fire, and hospitals or medical facilities.

Secure Facility Design: The proper security applications for a facility must be planned prior to the construction of the facility. There are several security measures to take into account in the design process, including the combustibility of construction materials, load rating, placement, and control of items such as walls, doors, ceilings, flooring, HVAC, power, water, sewage, gas, etc. The walls are required to have an acceptable fire rating. Closets or rooms that store media must have a high fire rating. The same applies to ceilings, and as with floors, ceilings must have a secure weight-bearing rating. Additionally, the floor needs to be grounded against static buildup and must apply a non-conducting surface material in the data center.

Electrical cables must be contained in metal conduit, and data cables must be enclosed in raceways. The data center should be without windows, but if there are windows they must be translucent and shatterproof. Doors should be fortified against forced entry and have a fire rating equal to the walls. Also, emergency exits must be clearly marked and monitored or alarmed. Personnel safety should be the primary concern. The facility should also be supplied with backup power sources.

All marked locations within a facility should not have equal access. Areas that contain valuable assets or vital importance should have restricted access. Valuable and confidential assets should be placed in the maximum protection area provided by a facility. Work areas and visitor areas should also be planned for. Walls or partitions can be in place to divide similar but distinct work areas. These partitions can impede casual eavesdropping or shoulder surfing, which is a method of collecting information from a system by observing the monitor or the use of the keyboard by the operator. Floor-to-ceiling walls should be used to partition off areas with varying levels of sensitivity and confidentiality. Computer rooms should be designed to support the operation of the IT infrastructure and to block unauthorized physical access.

Facility Security Management: Audit trails and emergency procedures are in the category of facility security management.

These are areas of the Administrative Security Controls that don’t…

View Topics

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?