Physical security encompasses measures that protect facilities, hardware, and personnel from physical threats including unauthorized entry, theft, vandalism, environmental hazards, and espionage. An attacker with physical access to a server can bypass most logical controls entirely.
Physical security is layered: perimeter controls establish the outer boundary, building controls determine who enters, interior controls protect high-value assets, and environmental controls guard against power failures, fire, flooding, and temperature extremes.
CISSP Relevance
Physical security is covered in Domain 3 (Security Architecture and Engineering) and Domain 7 (Security Operations). CISSP candidates must understand physical control types, facility design principles, environmental threat mitigation, and how physical security integrates with logical access controls.
External reference: CISA Physical Security Resources
Related terms: Security Control, Access Control