Information Security Specialist Exam - Physical Security


1. Access Control Management

  • Authentication methods (biometric, IC card, PIN)
  • Anti-passback
  • Interlock (double door system)
  • Server room/data center access logs
  • Tailgating prevention

Sub-keywords:

  • Multi-factor authentication (MFA)
  • Badge readers and proximity cards
  • Access control lists (ACL)

2. Facility & Equipment Security

  • Security zoning (area segregation)
  • Clear desk/clear screen policy
  • CCTV (surveillance cameras)
  • Manned and automated security
  • Perimeter security and boundary protection
  • Uninterruptible Power Supply (UPS)
  • Emergency generator systems

Sub-keywords:

  • Security guards and patrol schedules
  • Bollards and barriers
  • Visitor management systems

3. Environmental Security

  • HVAC management (temperature/humidity control)
  • Water leak detection systems
  • Dust prevention measures
  • Power redundancy
  • Seismic and earthquake-resistant structures

Sub-keywords:

  • Hot aisle/cold aisle containment
  • Environmental monitoring sensors
  • Raised floor systems

4. Disaster Preparedness

  • Fire suppression systems (gas suppression, sprinklers)
  • Fire alarms and smoke detectors
  • Fire compartmentalization
  • Emergency lighting
  • Evacuation route planning
  • BCP (Business Continuity Plan) physical measures

Sub-keywords:

  • Fire drills and evacuation procedures
  • Emergency response teams (ERT)
  • Disaster recovery site (hot/cold/warm site)

5. Device & Media Management

  • Locked storage (cabinets, safes)
  • Media checkout/check-in procedures
  • Data destruction (physical destruction, degaussing)
  • Shredding procedures
  • Cable locks and theft prevention

Sub-keywords:

  • Asset tracking and inventory
  • Chain of custody documentation
  • Secure disposal certification

6. Eavesdropping & Visual Hacking Prevention

  • TEMPEST (electromagnetic emanation protection)
  • Privacy filters/screen protectors
  • Soundproofing for conference rooms
  • Shoulder surfing prevention

Sub-keywords:

  • White noise generators
  • Faraday cage implementation
  • Visual privacy zones

7. Standards & Guidelines

  • ISO/IEC 27001/27002 (physical security controls)
  • Data center facility standards
  • Tier classification (data center reliability levels)

Sub-keywords:

  • NIST SP 800-53 physical controls
  • TIA-942 data center standards
  • ANSI/TIA standards for physical security

Key study points: Understand the purpose, implementation methods, and relationship to risk mitigation for each measure.