As cyber security evolves physical and facilities-based security needs have changed. Adversaries are now able to remotely gather intelligence using common mapping software from anywhere in the world. Conducting a modern physical security assessment as part of your overall security planning is now paramount.
Traditional physical security and facilities risk assessments need to change. Many organizations have measures in place to deter trespassing, vandalism, and theft; but this is not enough. Modern adversaries are looking to commit crimes like executive impersonation, customer account take-over, identity-theft, data extortion a ransom, stealing company secrets and intellectual property and much more.
Nexus uses industry-leading frameworks, including the American Society for Industrial Security's (ASIS) Facilities Physical Security Measures Guideline, and the Department of Homeland Security's SAFETY Act - Best Practices for Anti-Terrorism Security (BPATS) to provide the following services:
- Collecting and analyzing information that may assist an adversary attempt a breach of physical security.
- Open Source Intelligence (OSINT) - Collecting useful publicly available information
such as: print media, public government sources, social media, professional/trade
publications, client’s website, public filings, tax information, customer data, maps and
- Facility Surveillance - Observing employee parking lots, facility entry points. Checking
delivery locations, dumpster diving. Employee eaves-dropping, phoning under false
pretense, equipment theft.
- Determine facility risk (impact and likelihood) to physical security vulnerabilities & threats
- Assessments – Interviews and observation. Conduct walk-arounds of the facility to
observe all aspects of the physical security systems. Review policies and procedures.
- Test physical security controls
- Penetration Tests - Attempt to gain entry to the facility using false pretenses such as:
food delivery, package delivery, fake appointment/meeting attendance. Documentation
of observations, activities and client responses.
- The following themes are able to be assessed:
- Crime prevention through environmental design
- Physical barriers and site hardening
- Physical entry and access controls
- Security lighting
- Intrusion detection systems
- Video surveillance
- Security personnel
- Security policies and procedures
- Data Center
- Network/Security Operations Center (NOC/SOC)