Page 66 - Courses
P. 66
IT Essentials — Physical and Environmental Controls
Environmental Security — The practices, policies, and procedures that ensure the safety and well-
being of people, facilities, and equipment.
Malware — Malicious software designed to infiltrate, damage, or obtain information from a
computer system without the owner’s consent.
Patch — Small changes to programming logic that address minor enhancements, software errors, or
security vulnerabilities.
Physical Security — The process of physically limiting an individual’s access to buildings, people, and
documents.
Physical Controls — Controls developed to protect objects from harm, or that alert when an unusual
event or action takes place.
TOPIC 2: BASICS OF PHYSICAL SECURITY
The Basics of Physical Security
Physical security is the process of physically limiting access to buildings, people, and documents. In
contrast, logical security – which is often at the top of the mind when considering IT and
cybersecurity – is the process of electronically limiting access to data and information assets
through applications, files, and databases.
Tangible Assets
Physical security provides protection for tangible assets — assets that can be touched.
An organization’s tangible assets can include:
• Office equipment (printers, etc.).
• Computer equipment (PCs, servers, routers, switches, gateways, etc.).
• Software applications.
• Physical documents (data and information assets).
• Devices that house logical data and information assets.
• People.
• Buildings.
Physical Security Factors
Ensuring physical security will vary based on a number of factors, including:
• Industry.
• Physical location of the organization.
• Geo-political climate.
• Types of data and information gathered, stored, and transmitted to/through the organization or
agency.
Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
