Physical security involves safeguarding the physical components that accommodate the information, physical locations housing the equipment, and people liable for system maintenance. According to Stallings & Brown (2015).physical security should likewise avert any physical accessibility or intrusion that increases the likelihood of compromising logical security. Generally, the physical component of security involves safeguarding information from physical damage. To achieve this, the safety mechanisms that should be effective should not be restricted to the physical position of the information but branch out further to improvesafety. The physical measures report will be based on the national institute of standards and technology, focusing on the NIST Special Publication 800-116 and the types of areas safeguarded.
Protected Area Types Described in NIST SP 800-116.
The NIST Special Publication 800-116 is the guiding principle for the integration of personal identity verification credential for gaining entry to facilities (NIST,2018). The guidelines are designed to assist in creating a safe architecture that presents a corporation with the capability of having a secure, effective, and valued system but is accomplished in a scalable way to conform to the company’s essentials and assets. The NIST SP 800-116 guidelines achieve the stated functions involve the use of four protected area types whereby the corporation can suitably tailor security mechanisms. The regions consist of limited, controlled, exclusion and unrestricted areas. Based on the arrangement, the exclusion region is considered the most secure area and works outwards towards the unrestricted region. Based on the NIST SP 800-116 model, a single authentication element is needed before accessing a controlled area, two-aspect authentication for a limited region, and three aspect authentication for the exclusion region (NIST, 2018). The regions are designed based on a company’s prospective safety risks and budget, which is considered part of the evaluating the threats.
Figure 1: Four Types of Protected areas(https://csrc.nist.gov/csrc/media/publications/sp/800116/rev1/draft/documents/sp800116r1_draft.pdf)
According to NIST (2018), an unrestricted area signifies a region whereby accessibility isneither constrained nor regulated by a proprietor or registrant. In this area, any individual may access and leave as they wish. In most organizations, the unrestricted area may be the company’s main lobby or parking bay, while other individuals may deem it as an asset on the company’s property. Most aspects rely upon the organization’s belief regarding how significant the data is to the company’s operations and survival. Second, a company’s controlled region is considered as an area that necessitates some constraining mechanisms. According to Stallings and Brown (2015)., access to a controlled region is only accessible to authorized personnel. The corporation might consider this region as anywhere beyond the company’s front lobby or the room that maybe branded ‘employees only’ in variouscircumstances. The entrance can be fortified; however, no top-secretdatamay be stored within this region.
A limited area is a region considered to be highly secured compared to the controlled territory. Any unregulated access in this area may pose significant threats to the company’s security. In most cases, the limited region is not just monitored using Cctv cameras but may also involve guards securing a locked region, depending on a company’s concept of security. An example of limited areas can be bank vault, whereby accessibility is minimalized, and only accredited staff are granted access. The exclusion area contains the company’s security interests as it is the region with the greatest restrictive measures. Areas considered to be exclusion regions may include server rooms or a region used by a company to store the trading secrets.
A company’s capability to establish and distinguish the protected areas founded on NIST SP 800-116 facilitates a safe working environment. The NIST SP 800-116 model allows corporations to customize security mechanisms founded on security alterations and monetary positions. Each form of the protected area assessed in the NIST SP 800-116 model offers additional security mechanismsfor companies. To safeguard a company’s most discrete information, a company may opt to use the exclusion area as it contains strict security mechanisms.
NIST. (2018, June). NIST Special Publication (SP) 800-116 Rev. 1: Guidelines for the use of PIV credentials in facility access. Retrieved from https://csrc.nist.gov/csrc/media/publications/sp/800116/rev1/draft/documents/sp800116r1_draft.pdf
Stallings, W., & Brown, L. (2015). Computer security: Principles and practice (3rd ed.). Boston: Pearson. Retrieved from: https://csuglobal.redshelf.com/library/.