← → navigate · ESC index · Back to quit
SCIA 120 · Week 02
cover · 01/30
Introduction to Secure Computing and Information Assurance

Physical Security

Author: Dr. Zhijiang Chen (Frostburg State University)

Tech darkAI line artReading-based content
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where physical security affects users, data, or operations.
InstructorHow would you recognize physical security in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: The principle is straightforward: physical access to a system is, for…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 01PROTECT - DETECT - RESPONDPhysical...The principle...ControlEvidence
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
agenda · 02/30
Overall Page

Overall roadmap

The week moves from core definitions to practical security decisions.

Why Physical Security Is the Foundation

Core reading concept for Week 02.

Physical Security Threats

Core reading concept for Week 02.

Theft

Core reading concept for Week 02.

Vandalism and Sabotage

Core reading concept for Week 02.

Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where overall roadmap affects users, data, or operations.
InstructorHow would you recognize overall roadmap in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Why Physical Security Is the Foundation
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 02PROTECT - DETECT - RESPONDOverall roadmapWhy Physical...Physical...Theft
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
objectives · 03/30
03 objectives

Learning objectives

Students should explain, apply, and evaluate the week’s main security ideas.

Explain Why Physical Security Is the Foundation.
Explain Physical Security Threats.
Explain Theft.
Explain Vandalism and Sabotage.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where learning objectives affects users, data, or operations.
InstructorHow would you recognize learning objectives in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Explain Why Physical Security Is the Foundation.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 03POLICY - TOOL - TEST - EVIDENCELearning...Explain Why...Explain...Explain Theft
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
application · 04/30
04 application

Opening scenario

Use a realistic scenario to anchor Physical Security in operational decision-making.

The principle is straightforward: physical access to a system is, for most practical purposes, equivalent to total control over that system.
An attacker with physical access to a running computer can extract data from memory, bypass operating system access controls with a bootable USB drive, install hardware…
Data centers can be targeted for theft of physical media or servers.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where opening scenario affects users, data, or operations.
InstructorIf this issue appeared in a campus or business system, what evidence would you collect first?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: The principle is straightforward: physical access to a system is, for…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 04POLICY - TOOL - TEST - EVIDENCEOpening scenarioThe principle...An attacker...Data centers...
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
definition · 05/30
05 definition

Why Physical Security Is the Foundation

The principle is straightforward: physical access to a system is, for most practical purposes, equivalent to total control over that system.

The principle is straightforward: physical access to a system is, for most practical purposes, equivalent to total control over that system.
An attacker with physical access to a running computer can extract data from memory, bypass operating system access controls with a bootable USB drive, install hardware…
Data centers can be targeted for theft of physical media or servers.
Backup tapes removed from secure facilities have been lost in transit, exposing enormous volumes of sensitive data.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where why physical security is the foundation affects users, data, or operations.
InstructorWhat problem does why physical security is the foundation help us understand?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: The principle is straightforward: physical access to a system is, for…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 05POLICY - TOOL - TEST - EVIDENCEWhy Physical...The principle...An attacker...Data centers...
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
concept · 06/30
06 concept

Physical Security Threats

Physical security threats can be categorized into several types.

Physical security threats can be categorized into several types.
Understanding each type is necessary to design proportionate controls.
Physical Security Threats connects to risk, controls, and evidence.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where physical security threats affects users, data, or operations.
InstructorHow would you recognize physical security threats in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Physical security threats can be categorized into several types.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 06POLICY - TOOL - TEST - EVIDENCEPhysical...Understanding...ControlEvidence
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
application · 07/30
07 application

Theft

Device theft is one of the most common physical security incidents.

Device theft is one of the most common physical security incidents.
Laptops, smartphones, and external drives are stolen both opportunistically (a laptop left unattended in a coffee shop) and deliberately (targeted theft of devices from executives…
The 2006 theft of a Veterans Affairs laptop containing unencrypted data on 26.5 million veterans remains one of the most widely cited examples of the consequences of inadequate…
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where theft affects users, data, or operations.
InstructorIf this issue appeared in a campus or business system, what evidence would you collect first?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Device theft is one of the most common physical security incidents.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 07POLICY - TOOL - TEST - EVIDENCETheftDevice theft is...Laptops...The 2006 theft...
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
evidence · 08/30
08 evidence

Vandalism and Sabotage

Physical damage to equipment — whether by disgruntled insiders, activists, or adversaries — can cause significant disruption.

Physical damage to equipment — whether by disgruntled insiders, activists, or adversaries — can cause significant disruption.
Cutting network cables, damaging server equipment, or destroying backup media can take systems offline and cause data loss.
In high-stakes environments, sabotage may be deliberate and targeted.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where vandalism and sabotage affects users, data, or operations.
InstructorHow would you recognize vandalism and sabotage in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Physical damage to equipment — whether by disgruntled insiders,…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 08POLICY - TOOL - TEST - EVIDENCEVandalism and...Physical damage...Cutting network...In high-stakes...
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
definition · 09/30
09 definition

Unauthorized Access

Unauthorized entry to secure areas — data centers, server rooms, offices — can enable attackers to install rogue hardware (such as network taps or hardware keyloggers), access…

Unauthorized entry to secure areas — data centers, server rooms, offices — can enable attackers to install rogue hardware (such as network taps or hardware keyloggers), access…
Unauthorized access is often achieved through social engineering techniques such as tailgating (discussed in Chapter 3) or by exploiting weaknesses in access control systems.
Unauthorized Access connects to risk, controls, and evidence.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where unauthorized access affects users, data, or operations.
InstructorWhat problem does unauthorized access help us understand?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Unauthorized entry to secure areas — data centers, server rooms,…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 09CONFIDENTIALITYINTEGRITYAVAILABILITYCIAUnauthorized...RiskControlEvidence
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
concept · 10/30
10 concept

Natural Disasters and Environmental Threats

Floods, fires, earthquakes, hurricanes, and power outages are not attackers, but they present very real threats to availability.

Floods, fires, earthquakes, hurricanes, and power outages are not attackers, but they present very real threats to availability.
Data centers must be designed with these threats in mind.
The 2011 flooding in Thailand disrupted global hard drive supply chains for over a year, illustrating how physical environmental threats can have far-reaching consequences for…
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where natural disasters and environmental threats affects users, data, or operations.
InstructorHow would you recognize natural disasters and environmental threats in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Floods, fires, earthquakes, hurricanes, and power outages are not…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 10POLICY - TOOL - TEST - EVIDENCENatural...Floods fires...Data centers...The 2011...
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
application · 11/30
11 application

Espionage and Surveillance

In certain threat environments — government, defense, financial services, research — physical surveillance may be used to collect intelligence.

In certain threat environments — government, defense, financial services, research — physical surveillance may be used to collect intelligence.
Attackers may install covert cameras, audio recorders, or network monitoring hardware.
State-sponsored adversaries have been known to compromise hotel rooms, conference facilities, and offices used by targets during business travel.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where espionage and surveillance affects users, data, or operations.
InstructorIf this issue appeared in a campus or business system, what evidence would you collect first?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: In certain threat environments — government, defense, financial…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 11CONFIDENTIALITYINTEGRITYAVAILABILITYCIAEspionage and...In certain...Attackers may...State-sponsored...
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
evidence · 12/30
12 evidence

Building and Perimeter Security

The first line of physical defense is the perimeter — the boundary between public and controlled space.

The first line of physical defense is the perimeter — the boundary between public and controlled space.
Perimeter security is designed to deter, delay, and detect unauthorized entry.
Building and Perimeter Security connects to risk, controls, and evidence.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where building and perimeter security affects users, data, or operations.
InstructorHow would you recognize building and perimeter security in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: The first line of physical defense is the perimeter — the boundary…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 12POLICY - TOOL - TEST - EVIDENCEBuilding and...The first line...Perimeter...Evidence
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
definition · 13/30
13 definition

Fencing and Barriers

Physical barriers define the perimeter and force potential intruders to spend time and effort attempting to breach it.

Physical barriers define the perimeter and force potential intruders to spend time and effort attempting to breach it.
High-security facilities use anti-climb fencing (often topped with razor wire or angled outward), concrete bollards to prevent vehicle-ramming attacks, and security gates with…
The choice of barrier depends heavily on the threat model: a corporate office campus faces different threats than a military installation.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where fencing and barriers affects users, data, or operations.
InstructorWhat problem does fencing and barriers help us understand?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Physical barriers define the perimeter and force potential intruders…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 13POLICY - TOOL - TEST - EVIDENCEFencing and...Physical...High-security...The choice of...
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
concept · 14/30
14 concept

Lighting

Adequate lighting is one of the most cost-effective physical security controls available.

Adequate lighting is one of the most cost-effective physical security controls available.
Well-lit areas deter opportunistic attackers (who prefer to operate undetected), improve the effectiveness of surveillance cameras, and help security personnel observe the…
Motion-activated lighting is particularly effective along perimeter areas and access points.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where lighting affects users, data, or operations.
InstructorHow would you recognize lighting in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Adequate lighting is one of the most cost-effective physical security…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 14POLICY - TOOL - TEST - EVIDENCELightingAdequate...Well-lit areas...Motion-activated...
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
application · 15/30
15 application

Closed-Circuit Television (CCTV) and Video Surveillance

Video surveillance serves both detective and deterrent purposes.

Video surveillance serves both detective and deterrent purposes.
Cameras record activity for later review and, when visible, discourage would-be attackers.
Modern IP camera systems can incorporate analytics for motion detection, object recognition, and anomaly detection.
For surveillance to be effective, footage must be stored securely, reviewed regularly, and retained for a sufficient period.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where closed-circuit television (cctv) and video surveillance affects users, data, or operations.
InstructorIf this issue appeared in a campus or business system, what evidence would you collect first?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Video surveillance serves both detective and deterrent purposes.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 15POLICY - TOOL - TEST - EVIDENCEClosed-Circuit...Video...Cameras record...Modern IP...
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
evidence · 16/30
16 evidence

Security Guards

Trained security personnel provide a level of response capability that no automated system can fully replicate.

Trained security personnel provide a level of response capability that no automated system can fully replicate.
Guards can exercise judgment, respond to incidents, challenge suspicious individuals, and conduct patrols.
However, guards are also subject to human limitations — fatigue, distraction, and susceptibility to social engineering.
Guard effectiveness is enhanced by clear procedures, good communication technology, and regular training.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where security guards affects users, data, or operations.
InstructorHow would you recognize security guards in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Trained security personnel provide a level of response capability…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 16POLICY - TOOL - TEST - EVIDENCESecurity GuardsTrained...Guards can...However guards...
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
definition · 17/30
17 definition

Signage and Security Markings

Visible signs — "Authorized Personnel Only," "CCTV in Operation," "Trespassers Will Be Prosecuted" — serve as both legal notice and psychological deterrence.

Visible signs — "Authorized Personnel Only," "CCTV in Operation," "Trespassers Will Be Prosecuted" — serve as both legal notice and psychological deterrence.
While not a barrier in themselves, they establish expectations and create legal clarity about the boundaries of authorized access.
Signage and Security Markings connects to risk, controls, and evidence.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where signage and security markings affects users, data, or operations.
InstructorWhat problem does signage and security markings help us understand?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Visible signs — "Authorized Personnel Only," "CCTV in Operation,"…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 17POLICY - TOOL - TEST - EVIDENCESignage and...Visible signs...While not a...Evidence
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
concept · 18/30
18 concept

Access Control Systems

Once the perimeter is established, access control systems regulate who can enter which areas and under what circumstances.

Once the perimeter is established, access control systems regulate who can enter which areas and under what circumstances.
Physical access control is analogous to logical access control in the digital realm — and the same principles apply: something you have , something you know , and something you…
Access Control Systems connects to risk, controls, and evidence.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where access control systems affects users, data, or operations.
InstructorHow would you recognize access control systems in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Once the perimeter is established, access control systems regulate…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 18POLICY - TOOL - TEST - EVIDENCEAccess Control...Once the...Physical access...Evidence
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
application · 19/30
19 application

Key Card and Badge Systems

Electronic key card systems (using RFID or magnetic stripe cards) are the most common form of corporate physical access control.

Electronic key card systems (using RFID or magnetic stripe cards) are the most common form of corporate physical access control.
Each card is linked to an identity, and access events are logged.
Cards can be quickly deactivated when employees leave or when a card is reported lost.
Proximity cards (which work without insertion — simply by being near the reader) are convenient but can be vulnerable to cloning if an attacker gets close enough to read the…
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where key card and badge systems affects users, data, or operations.
InstructorIf this issue appeared in a campus or business system, what evidence would you collect first?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Electronic key card systems (using RFID or magnetic stripe cards) are…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 19POLICY - TOOL - TEST - EVIDENCEKey Card and...Electronic key...Each card is...Cards can be...
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
evidence · 20/30
20 evidence

Biometric Access Controls

Biometrics use physical or behavioral characteristics to verify identity.

Biometrics use physical or behavioral characteristics to verify identity.
Biometric systems are most effective as part of multi-factor authentication combined with another credential type.
Biometric Access Controls connects to risk, controls, and evidence.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where biometric access controls affects users, data, or operations.
InstructorHow would you recognize biometric access controls in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Biometrics use physical or behavioral characteristics to verify…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 20POLICY - TOOL - TEST - EVIDENCEBiometric...Biometrics use...ControlEvidence
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
definition · 21/30
21 definition

Mantraps and Airlocks

A mantrap (also called an airlock or access control vestibule) is a small enclosed area with two sets of doors — the second door does not open until the first has closed and…

A mantrap (also called an airlock or access control vestibule) is a small enclosed area with two sets of doors — the second door does not open until the first has closed and…
This prevents tailgating (an unauthorized person following an authorized one through a door).
Mantraps are common at the entrances to data centers, bank vaults, and government facilities.
Some sophisticated mantraps include weight sensors or camera systems to detect if more than one person has entered the enclosed space.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where mantraps and airlocks affects users, data, or operations.
InstructorWhat problem does mantraps and airlocks help us understand?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: A mantrap (also called an airlock or access control vestibule) is a…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 21POLICY - TOOL - TEST - EVIDENCEMantraps and...A mantrap also...This prevents...Mantraps are...
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
concept · 22/30
22 concept

Visitor Management

Visitors to controlled facilities should be required to sign in, show identification, receive a visitor badge, and be escorted by authorized personnel.

Visitors to controlled facilities should be required to sign in, show identification, receive a visitor badge, and be escorted by authorized personnel.
Visitor logs serve as both a deterrent and a forensic record.
Badge designs should visually distinguish visitors from employees, making it easy for anyone in the facility to identify someone who should not be moving freely.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where visitor management affects users, data, or operations.
InstructorHow would you recognize visitor management in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Visitors to controlled facilities should be required to sign in, show…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 22POLICY - TOOL - TEST - EVIDENCEVisitor...Visitors to...Visitor logs...Badge designs...
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
application · 23/30
23 application

Data Center Physical Security Standards

Data centers — facilities that house the servers, storage, networking, and cooling equipment that support organizational IT — require especially rigorous physical security.

Data centers — facilities that house the servers, storage, networking, and cooling equipment that support organizational IT — require especially rigorous physical security.
They represent a single point of concentration for enormous volumes of critical data and systems.
For security specifically, organizations often follow guidance from NIST Special Publication 800-53, which includes physical and environmental protection controls.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where data center physical security standards affects users, data, or operations.
InstructorIf this issue appeared in a campus or business system, what evidence would you collect first?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Data centers — facilities that house the servers, storage,…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 23CONFIDENTIALITYINTEGRITYAVAILABILITYCIAData Center...Data centers...They represent...For security...
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
evidence · 24/30
24 evidence

Environmental Controls

The physical environment of a data center or server room must be carefully controlled to ensure availability.

The physical environment of a data center or server room must be carefully controlled to ensure availability.
Environmental threats can cause hardware failures, data corruption, and fires.
Environmental Controls connects to risk, controls, and evidence.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where environmental controls affects users, data, or operations.
InstructorHow would you recognize environmental controls in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: The physical environment of a data center or server room must be…
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 24POLICY - TOOL - TEST - EVIDENCEEnvironmental...The physical...ControlEvidence
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
vocabulary · 25/30
25 vocabulary

Key terms to keep

Vocabulary becomes useful when students can connect terms to scenarios and evidence.

Why Physical Security Is the Foundation
Physical Security Threats
Theft
Vandalism and Sabotage
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where key terms to keep affects users, data, or operations.
InstructorHow would you recognize key terms to keep in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Why Physical Security Is the Foundation
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 25POLICY - TOOL - TEST - EVIDENCEKey terms to...Why Physical...Physical...Theft
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
comparison · 26/30
26 comparison

Compare: Why Physical Security Is the Foundation vs. Physical Security Threats

Comparing related ideas helps students avoid shallow memorization.

Where Why Physical Security Is the Foundation applies.
Where Physical Security Threats applies.
How the difference changes the security decision.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where compare: why physical security is the foundation vs. physical security threats affects users, data, or operations.
InstructorHow would you recognize compare: why physical security is the foundation vs. physical security threats in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Where Why Physical Security Is the Foundation applies.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 26POLICY - TOOL - TEST - EVIDENCECompare: Why...Where Why...Where Physical...How the...
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
application · 27/30
27 application

Applied decision checkpoint

Students should translate concepts into a defensible security decision.

Identify the asset or process at risk.
Choose a preventive, detective, or corrective control.
Explain what evidence would prove the control is working.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where applied decision checkpoint affects users, data, or operations.
InstructorIf this issue appeared in a campus or business system, what evidence would you collect first?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Identify the asset or process at risk.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 27RISK = ASSET x THREAT x IMPACTApplied...Identify the...Choose a...Explain what...
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
review · 28/30
28 review

Review questions

Retrieval practice should ask students to define, compare, apply, and evaluate.

Define one core concept in plain language.
Compare two controls or threats from the week.
Apply one idea to a campus or business system.
Evaluate why a solution might fail in practice.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where review questions affects users, data, or operations.
InstructorWhat is the one sentence takeaway for review questions?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Define one core concept in plain language.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 28POLICY - TOOL - TEST - EVIDENCEReview questionsDefine one core...Compare two...Apply one idea...
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
bridge · 29/30
29 bridge

Bridge to lab and assessment

The reading should transfer into evidence-based lab work and written explanations.

Collect evidence, not just screenshots.
Explain what the artifact proves.
Connect the proof back to risk and control selection.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where bridge to lab and assessment affects users, data, or operations.
InstructorHow would you recognize bridge to lab and assessment in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Collect evidence, not just screenshots.
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 29VERIFY - MONITOR - IMPROVEBridge to lab...Collect...Explain what...Connect the...
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck
SCIA 120 · Week 02
closing · 30/30
30 closing

Takeaway

The central takeaway from Week 2 is to reason from risk to evidence to action.

Physical Security
Security is a decision process, not just a tool list.
Use the reading to justify practical choices.
Classroom Dialog
ScenarioA campus technology team is reviewing a realistic Week 2 incident where takeaway affects users, data, or operations.
InstructorHow would you recognize takeaway in a real organization?
StudentThis concept helps us decide what is at risk, what evidence to check, and which control would reduce harm. For this slide, the key clue is: Physical Security
Teaching point: Push the answer beyond a definition: name the asset, identify the risk, choose evidence, and justify a practical control.
GAMMA-STYLE VISUAL - SLIDE 30POLICY - TOOL - TEST - EVIDENCETakeawayPhysical...Security is a...Use the reading...
Dr. Zhijiang Chen · Frostburg State University
Week 02 deck