One of the most important lines of defense for an organization is the set of physical controls that it puts in place.
Bollards/Barricades
Bollards are posts or other obstacles that prevent vehicles from moving through an area.
Bollards may look like posts, pillars, or even planters, but their purpose remains the same: preventing vehicle access. Some bollards are designed to be removable or even mechanically actuated so that they can be raised and lowered as needed. Many are placed in front of entrances to prevent both accidents and intentional attacks using vehicles.
Industrial Camouflage
Industrial Camouflage is concealing what would be an important facility behind what is normally seen in a particular area.
If you’re in an industrial area this looks like a building that could be a warehouse, it might be a small workplace, or it could possibly be a data center. Ex. Putting the Call Center at the top of building so it’s inaccessible from potentially angry customers who may seek out it’s location. This security type uses security through obscurity; In the physical world being less likely to be noticed can be helpful in preventing many intrusions that might not otherwise happen. Fences
Many facilities use fencing as a first line of defense. Fences act as a deterrent by both making it look challenging to access a facility and as an actual physical defense.
Highly secure facilities will use multiple lines of fences, barbed wire or razor wire at the top, and other techniques to increase the security provided by the fence. Fence materials, the height of the fence, where entrances are placed and how they are designed, and a variety of other factors are all taken into consideration for security fencing.
Fire Suppression
Fire Suppression Systems are an important part of safety systems and help with resilience by reducing the potential for disastrous fires.
One of the most common types of fire suppression system is sprinkler systems: have water in them all the time fill when a potential fire is detected and then release at specific sprinkler heads as they are activated by heat. Are empty, with open sprinkler heads, until they are activated and then cover an entire area.
Gaseous Agents
Gaseous Agents are used to displace oxygen, reduce heat, or help prevent the ability of oxygen and materials to combust. Often used in Datacenter or Museums water may be the worse case scenario. Chemical Agents
Chemical Agents including both wet and dry agents like foam dispensing systems and dry chemical fire extinguishers are used as well/ Lighting
Lighting plays a part in exterior and interior security. Bright lighting that does not leave shadowed or dark areas is used to discourage intruders and to help staff feel safer.
Automated lighting can also help indicate where staff are active, allowing security guards and other staff members to know where occupants are. It’s easier to see exactly who might be in a particular area if there’s plenty of lighting and if you’re using cameras that don’t use infrared then you’ll want as much lighting as possible to get the best possible picture. You want to make sure you’re providing enough light levels for the cameras or the people who need to be monitoring that area.
Drones and UAVs
Drones can be used to capture images of a site, to deliver a payload, or even to take action like cutting a wire or blocking a camera. Drone laws exist protecting a drone owner’s property,while also enforcing reimbursement laws for any damages causes to a drone. Anti-drone Systems
Includes systems that can detect the Following Wireless signals and electromagnetic emissions of drones Heat they produce via infrared sensors Acoustic systems that listen for the sounds of drones Radar that can detect the signature of a drone flying in the area Optical systems that can recognize drones
Badges
Badges can play a number of roles in physical security.
In addition to being used for entry access via magnetic stripe and radio frequency ID (RFID) access systems, badges also often include a picture and other information that can quickly allow personnel and guards to determine if the person is who they say they are.
Badges can also verify what areas or access they should have, and if they are an employee or guest. This makes badges a target for social engineering attacks by attackers who want to acquire, copy, or falsify a badge as part of their attempts to get past security.
Sensors
Sensors are used to detect a specific type of feedback.
Motion Detection
Motion Detection emits ultrasonic sound waves that reflect off objects and bounce back to the original emission point. When a moving object disrupts the waves, the sensor triggers and completes the desired action, whether this is switching on a light or sounding an alarm. Noise Detection
Noise Detection is used to see if there are any noises occurring in an area and recognize if any increase or decrease in sound is occurring. Noise equals “Intruder Alert” most of the time. Proximity Reader
Proximity Readers use RFID to scan badges without the badge being inserted or swiped through a magnetic stripe reader. Cards
The proximity card readers use an electromagnetic field to detect nearby cards and transmit data through the reader to the access control panel Moisture Detection and Temperature Detection
Moisture Detection tells you if there is a water pipe that breaks and water begins flowing out onto the floor. You might be able to get a heads up very quickly and prevent any further water damage. Helps maintain datacenter environments and other areas that require careful control of the environment, as well as for other monitoring purposes. Temperature Detection constantly monitors the current temperature in your server rooms. Server rooms have to be kept within a certain temperature range to ensure business continuity.
Alarms
Alarms and alarm systems are used to detect and alert about issues, including unauthorized access, environmental problems, and fires.
Alarm systems may be locally or remotely monitored, and they can vary significantly in complexity and capabilities. Alarms that alert too often or with greater frequency are likely to be ignored, disabled, or worked around by staff. This can cause security concerns as adversaries could manipulate this to their advantage by making alarms repeatedly go off; This would cause security staff to not investigate or not thoroughly investigate.
Signage
Signs can remind authorized personnel that they are in a secure area and that others who are not authorized should not be permitted to enter and should be reported if they are seen.
Signs can also serve as a deterrent control, such as those that read “authorized personnel only.” Signs act to prevent those who might casually violate the rules the sign shows, not those actively seeking to bypass the security controls an organization has in place.
Access Control Vestibule (ManTrap)
Access Controls Vestibules (ManTraps) are used as a means to ensure that only authorized individuals gain access to secure areas and that attackers do not use piggybacking attacks to enter places they shouldn't be. An access control vestibule is a pair of doors that both require some form of authorized access to open
Camera Systems
Camera Systems are a common form of physical security control, allowing security practitioners and others to observe what is happening in real time and to capture video footage of areas for future use when conducting investigations or for other reasons.
Cameras come in a broad range of types, including: black and white, infrared, and color cameras, with each type suited to specific scenarios Motion recognition
Motion recognition cameras activate when motion occurs. These types of camera are particularly useful in areas where motion is relatively infrequent. Motion recognition cameras, which can help conserve storage space, will normally have a buffer that will be retrieved when motion is recognized so that they will retain a few seconds of video before the motion started; that way, you can see everything that occurred. Object Recognition
Object Recognition cameras and similar technologies can detect specific objects, or they have areas that they watch for changes. These types of camera can help ensure that an object is not moved and can detect specific types of objects like a gun or a laptop.
Closed-Circuit Television (CCTV)
CCTV displays what the camera is seeing on a screen. Some CCTV systems include recording capabilities as well, and the distinction between camera systems and CCTV systems is increasingly blurry as technologies converge.
Personnel
Guards
Security Guards are used in areas where human interaction is either necessary or helpful.
Guards can make decisions that technical control systems cannot, and they can provide additional capabilities by offering both detection and response capabilities. Guards are often placed in Reception areas to get a glance of everyone who enters the premise.
Two-Person Control Scheme
In Two-Person Control Schemes, two trusted staff members must work together to provide access—with dual keys, with passwords, or with two portions of an access control factor.
Ex. Two people are required to launch nuclear weapons after entering their keys and turning them at the same time.
Robot Sentries
This is an emerging technology but it’s one that allows us to replace the human with something that is much more automated and then have our human guards perform much more important tasks.
Faraday Cage
A Faraday Cage is an enclosure made up of conductive mesh that distributes charges from wireless device signals, thus stopping them.
High-security facilities may be constructed as a Faraday cage, or they may have one inside them to prevent cell phone and other electronic and wireless communications from occurring. Faraday cages are also sometimes used to allow wireless devices to be tested inside them without impacting other production networks and devices.
Screened Subnet (DMZ)
Screened Subnets can be logical or physical segments of a network that are used to contain systems that are accessible by the outside world or some other less secure population Screened subnets rely on network security devices like firewalls to provide segmentation that limits the flow of traffic into and out of the screened subnet, thus keeping higher security zones secure.
Protected Cable Distribution
Protected Cable Distribution is also an important factor in security.
The physical network and other telecommunication lines that an organization uses are also susceptible to attack Adversaries can still tap into the physical network cable itself if given the chance. Government installations and other extremely high-security facilities may use locks, secure cable conduits and channels, tamper-evident seals, and even conduit and cables that can detect attempts to access them via pressure changes, changes in shielding conductivity, or other techniques.
USB Data Blocker
USB Data Blockers are used to ensure that USB cables can only be used to transfer power, not data when chargers and other devices cannot be trusted.
Visitor Logs
If you’re an employee you’re probably using that ID badge to unlock a door which of course will create a log entry.
If you’re a visitor, the security guard is usually adding your name to a visitor logs, so that everyone knows exactly who has gained access to that facility.
Locks
Locks are one of the most common physical security controls you will encounter. Biometric Locks
Uses biometric identifiers such as fingerprints or retina scans. Physical Locks
Uses keys, push buttons, or code entry methods. Electronic Locks
Are connected to computer systems with card readers or passcodes associated with them. Cable Locks
Are used to physically secure computers and laptops to a desk or location.
Air Gap
An Air Gap is a way to provide a physical separation between devices or between networks. This might be a common way to prevent access between a secure network and an insecure network. Or you may want to have an air gap between different customer’s networks
An air-gapped computer is physically segregated and incapable of connecting wirelessly or physically with other computers or network devices. To transfer data between a computer or network and an air-gapped system, data is copied to a removable media device such as a USB drive and is physically carried by the user to the other system. Ex. Stock Market Networks, Nuclear Power Plant Networks, Airplane networks.
Secure Areas
Vaults and Safes
Vaults are room-sized and built in place. Datacenters and vaults are typically designed with secure and redundant environmental controls, access controls, and additional security measures to ensure that they remain secure. Safes are typically smaller and portable. Can have more of them due to how inexpensive they are compared to entire vaults! Hot Aisle and Cold Aisle
The Hot and Cold Aisles in the data center are part of an energy-efficient layout for server racks and other computing equipment.
The goal of a hot/cold aisle configuration is to manage airflow in a way that conserves energy and lowers cooling costs
Secure Data Destruction
Secure Data Destruction at the end of data’s life span helps prevent data breaches, dumpster diving, and unauthorized data access. Third-party destruction services are a good fit for many organizations with typical security needs, because they ensure appropriate destruction without requiring internal investment in the tools and time to securely destroy media and systems. 
2.7 Explain the Importance of physical security controls
