(4-Dec-09) Humans are the weakest link in any security scheme. Security professionals can do their best to protect systems with layers of anti-malware, personal and network firewalls, biometric login authentication, and even data encryption, but give a good hacker (or computer forensics expert) enough time with physical access to the hardware, and there’s a good chance they’ll break in. Thus, robust physical access controls and policies are critical elements of any comprehensive IT security strategy.
According to a report by the SANS Institute, “IT security and physical security are no longer security silos in the IT environment; they are and must be considered one and the same or, as it should be called, overall security.”
It is the innermost layer—physical entry to computer rooms—over which IT managers typically have responsibility, and the means to effective control over human access focuses on a set of policies, procedures, and enforcement mechanisms.