Physical security is an often an afterthought when it comes to data and system security in the technology world today. Physical security is just as critical as a timely patch management program, strong password policies and appropriate user permissions. You can take measures to harden your servers and network as much as possible, but it will not make any difference if someone is able to gain access to your facility and ultimately a keyboard, USB port or steal hardware right out from under you. The most effective approach to securing the physical business environment is to apply a defense-in-depth methodology, or “layered defense model.” Physical security can be compromised in a number of ways, the least of which can be done through social engineering.
- Sound physical security measures to protect critical assets
- Social engineering risks associated with deficiencies in physical security
- Attacker motivations, “big picture” threat landscape, and top trends
- Key areas of control your organization should have in place to improve the security posture, RFID access card cloning
About Laura Faulkner
Laura Faulkner is a Manager at CliftonLarsonAllen LLP in the Information Security & Advisory Services Group. Laura has over 4 years of information security consulting experience. Laura’s experience consists of IT Auditing including General Controls Review and Vulnerability Assessments, IT Risk Assessments and Controls Assessments. Prior to her manager role, Laura spent over 9 years working with CliftonLarsonAllen’s internal Information Technology Group. Laura graduated from Chestnut Hill College in Philadelphia, PA with a Bachelor of Business and Accounting degree.
About Peter Storm
Pete is a Senior Information Security Consultant in the CliftonLarsonAllen LLP (CliftonLarsonAllen) Information Security & Advisory Services Group. Pete’s experience includes Social Engineering, Incident Response and Computer Forensics, Penetration Testing and IT Security Consulting. Pete’s industry experience in professional services includes financial services, health care, manufacturing, government and non-profit. Pete graduated from the University of Wisconsin – Eau Claire with a bachelor’s degree in Business Administration, double majoring in Accounting and Information Systems. He is a Certified Public Accountant (CPA) and a member of the American Institute of Certified Public Accountants (AICPA). He also holds certifications for GIAC Certified Forensic Analyst (GCFA) and Certified Fraud Examiner (CFE) with membership in the Association of Certified Fraud Examiners. Pete is also a member of the High Technology Crime Investigation Association (HTCIA) and the InfraGard.