CISSP考试指南笔记：3.22 站点规划过程

The objectives of the site and facility security program depend upon the level of protection required for the various assets and the company as a whole. And this required level of protection, in turn, depends upon the organization’s acceptable risk level. This acceptable risk level should be derived from the laws and regulations with which the organization must comply and from the threat profile of the organization overall.

Physical security is a combination of people, processes, procedures, technology, and equipment to protect resources. The design of a solid physical security program should be methodical and should weigh the objectives of the program and the available resources.

Threats can be grouped into categories such as internal and external threats. It is critical for a company to carry out a background investigation, or to pay a company to perform this service, before hiring a security guard.

A threat that is even trickier to protect against is collusion, in which two or more people work together to carry out fraudulent activity.

An organization’s physical security program should address the following goals:

• Crime and disruption prevention through deterrence
• Reduction of damage through the use of delaying mechanisms
• Crime or disruption detection
• Incident assessment
• Response procedures

As with all security programs, it is possible to determine how beneficial and effective your physical security program is only if it is monitored through a performance-based approach.

剩余内容请看本人公众号debugeeker, 链接为CISSP考试指南笔记：3.22 站点规划过程