Physical Security Controls: Not Just Technical Measures

Physical Security Controls

Prev Question Next Question

Question

Which of the following is related to physical security and is not considered a technical control?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D.

All of the above are considered technical controls except for locks, which are physical controls.

Administrative, Technical, and Physical Security Controls Administrative security controls are primarily policies and procedures put into place to define and guide employee actions in dealing with the organization's sensitive information.

For example, policy might dictate (and procedures indicate how) that human resources conduct background checks on employees with access to sensitive information.

Requiring that information be classified and the process to classify and review information classifications is another example of an administrative control.

The organization security awareness program is an administrative control used to make employees cognizant of their security roles and responsibilities.

Note that administrative security controls in the form of a policy can be enforced or verified with technical or physical security controls.

For instance, security policy may state that computers without antivirus software cannot connect to the network, but a technical control, such as network access control software, will check for antivirus software when a computer tries to attach to the network.

Technical security controls (also called logical controls) are devices, processes, protocols, and other measures used to protect the.

C.I.A.

of sensitive information.

Examples include logical access systems, encryptions systems, antivirus systems, firewalls, and intrusion detection systems.

Physical security controls are devices and means to control physical access to sensitive information and to protect the availability of the information.

Examples are physical access systems (fences, mantraps, guards), physical intrusion detection systems (motion detector, alarm system), and physical protection systems (sprinklers, backup generator)

Administrative and technical controls depend on proper physical security controls being in place.

An administrative policy allowing only authorized employees access to the data center do little good without some kind of physical access control.

From the GIAC.ORG website.

The correct answer to this question is D. Locks.

Physical security controls are used to protect physical assets, including people, facilities, and equipment. Technical controls, on the other hand, are security measures that rely on technology to enforce security policies.

Access control mechanisms, intrusion detection systems, and firewalls are all examples of technical controls. Access control mechanisms are used to restrict access to physical or logical resources, such as buildings, computer systems, or files. Intrusion detection systems are used to detect and respond to unauthorized access attempts or other security incidents. Firewalls are used to control network traffic and prevent unauthorized access.

Locks, however, are not considered a technical control because they do not rely on technology to enforce security policies. Locks are a physical security control that are used to prevent unauthorized access to physical assets. They can be used to secure doors, windows, cabinets, and other physical barriers.

In conclusion, physical security controls, including locks, are an important component of any comprehensive security program. While technical controls such as access control mechanisms, intrusion detection systems, and firewalls are important, they should be used in conjunction with physical security controls to provide a layered approach to security.