Physical Security Assessment

Align physical security of facilities with overall risk management

Next Steps:

Overview

In today’s environment, analysis of the physical security of facilities and properties is a critical aspect of an organization’s information security and business continuity planning. Foundstone addresses this requirement with a team of skilled experts who are able to blend their experience and expertise to focus on the critical aspects of physical security that impact an organization’s computing environment.

Foundstone’s physical security reviews are performed and analyzed in the context of your organization’s overall risk management strategy. The criticality of assets within the environment and the perceived threat environment directly affect the level of exposure classified as acceptable. By analyzing the combined factors of assets, threats, and exposure, Foundstone’s physical security review provides much more than a list of actionable security recommendations. We prioritize exposures and make recommendations that align physical security with your overall risk management strategy. This holistic view enables you to protect the right assets with the right level of security.

Key Benefits

  • Uncover the most critical vulnerabilities
    Foundstone focuses on the highest-risk aspects of physical security that impact an organization’s computing environment.
  • Get complete analysis
    Foundstone analyzes assets, threats, and exposures to provide a list of actionable security recommendations.
  • Secure next step recommendations
    Our deliverables include a Physical Security Assessment Technical Report, an Executive Summary, and a half-day workshop with a Physical Security Assessment Presentation.

Methodology

During an onsite assessment, our consultants perform physical inspections of facilities and operations. Foundstone begins each physical security review by gaining an understanding of the resources being protected and the perceived threat environment. Through interviews and limited reviews of local policies and procedures covering physical security operations, Foundstone gains an understanding of the level of protection desired and needed in a given location. Armed with this understanding, Foundstone conducts the review of the facility. Key areas assessed include:

  • Facility security
    • Entry points
    • Data center
    • User and sensitive environments
    • Access control and monitoring devices
    • Guard personnel
    • Wiring closets
  • Internal company personnel
    • Control and accountability
    • Use of equipment
    • Security procedure compliance
    • Awareness
    • Use of break areas and entry points
  • External visitor and contractor personnel
    • Control and accountability
    • Use of equipment
    • Security procedure compliance
    • Use of break areas and entry points
  • Computer systems and equipment
    • Workstations
    • Servers
    • Backup media
    • PDAs
    • Modems and physical access points (visual ID only)
  • Sensitive information and data
    • Control
    • Storage
    • Destruction

Foundstone does not conduct sweeps of the electronic spectrum to identify and isolate covert listening or transmission devices. We have relationships with several highly-reputable firms that can provide this specialized service, if requested.

We can expand on our overt assessment process through the use of covert red-team assessment techniques. These efforts include tactics such as social engineering, pretext entry, security systems bypass, device or Trojan planting, long-range surveillance, and other methods.