Evaluate the Features and Functionality of Various Physical Security Models

calendar Oct 23, 2025 / · 5 min read · physical security information security vulnerability study access control security layers risk assessment security management  ·
Share on: linkedin copy

Evaluating the Features and Functionality of Various Physical Security Models

Three Levels of Information Security

Logical security, physical security, and premise security are the three levels of information security as described by Vacca (2013). Logical security protects data stored on computers from software and network threats. The physical safety or infrastructure security protects the information systems that store the data. Physical security must also protect the people who operate and maintain systems and those who use the data. Premises security normally entails protecting facilities security. Premise security protects the people and property within the facility or building(s) that make up the organization.

Concentric Rings Defense Model

The nature of physical security is thought to be like concentric rings or layers of defense with requirements for access that gets more difficult the closer one get to the center of the rings as described by Peltier (2013). The reason for the rings of security implementation is because a security team has taken precautions, such as a risk mitigation, to protect the organization. With a new or existing security team of in an organization, a vulnerability study can be conducted by the security team to understand what the physical security requirements are and what gaps or weaknesses exists as described by Fennelly (2012). The vulnerability study is a comprehensive evaluation of all existing physical security measures, access controls and operational characteristics that affect the facility's capacity to detect, deter, delay or respond to a threat. The study also includes physical systems, policy, procedures, and success and failure statistics to the response to threats. A vulnerability study makes an easy way for the security team to identify common points of failure and strategies to mitigate any deficiencies found during the study.

Outer Layer Security Controls

Physical security is the fundamental aspect of protection as described by Fennelly (2012). The use of physical controls is used to protect a premise, site facility or building. The application of physical security model is the process of using layers of physical protective measures to prevent unauthorized access. The first is the outer layer. Depending on the protection needed for the building the outer layer may be a fence or even a wall at the edge of the property line. This outer layer could be a natural barrier such as a lake or river as Fennelly (2012) points out. Fences and ponds are examples of the first layer of security in the physical security model. The grounds of a building can allow a clear zone or an unobstructed observation area that can be a monitor for disruptions or risks before they get to the building. Roads in the building complex allow employees and customers to arrive but also have a risk of allowing unauthorized personnel access to the facility. Private roads on the facility as described by Fennelly (2012), allow much more control than a public road. Other examples of the outer layer of including the parking area, the type of lighting implemented outside on the grounds along with surveillance tools and alarms. All these make up the outer layer of the physical security model that may be in place when moving into a facility or needs to be planned when working with the architects on a new building. The vulnerability study assists security teams to understand what is required when moving into a new premise.

Inner Layer Security Controls

Inner layers of security are another part of the information security model that needs to be secured. The obvious begging of the building is windows and doors but is known to be any opening larger than 96 square inches as Fennelly (2012) points out. Locks are essential to physical security protection. Windows and doors should be locked and alarmed when not in use as Fennelly (2012) points out. Keys should never be issued permanently, and keys, locks, and combinations should be provided directly to an individual, not a group or team. The inner layer includes the work areas inside the building. The level of protection from area or room to room depends on the nature of work done in each space. For example, a secure area where sensitive information and materials are handled might need additional controls in place compared to normal space.

Integrated Security Model Implementation

As discussed earlier, the physical security model is normally built in layers. Each layer of security control functions with a specific purpose in providing a certain protection as described by Fennelly (2012). Having more than one control in use along with another allows the other to assist in creating a secure setting. Conducting a site vulnerability study or physical security survey enables the security team and organization in collecting the information needed to create a smart and educated risk assessment of the location(s) producing a physical security profile. Once the study is complete, additional controls may need to be developed and put in place that provides the most economical security profile or model designed for the specific requirements of an enterprise.

References

Posts in this series