In today’s environment, analysis of the physical security of facilities and properties is a critical aspect of an organization’s information security and business continuity planning. Foundstone addresses this requirement with a team of skilled experts who are able to blend their experience and expertise to focus on the critical aspects of physical security that impact an organization’s computing environment.
Foundstone’s physical security reviews are performed and analyzed in the context of your organization’s overall risk management strategy. The criticality of assets within the environment and the perceived threat environment directly affect the level of exposure classified as acceptable. By analyzing the combined factors of assets, threats, and exposure, Foundstone’s physical security review provides much more than a list of actionable security recommendations. We prioritize exposures and make recommendations that align physical security with your overall risk management strategy. This holistic view enables you to protect the right assets with the right level of security.
During an onsite assessment, our consultants perform physical inspections of facilities and operations. Foundstone begins each physical security review by gaining an understanding of the resources being protected and the perceived threat environment. Through interviews and limited reviews of local policies and procedures covering physical security operations, Foundstone gains an understanding of the level of protection desired and needed in a given location. Armed with this understanding, Foundstone conducts the review of the facility. Key areas assessed include:
Foundstone does not conduct sweeps of the electronic spectrum to identify and isolate covert listening or transmission devices. We have relationships with several highly-reputable firms that can provide this specialized service, if requested.
We can expand on our overt assessment process through the use of covert red-team assessment techniques. These efforts include tactics such as social engineering, pretext entry, security systems bypass, device or Trojan planting, long-range surveillance, and other methods.