Episode 48 — A.7.3–7.4 — Securing offices/rooms/facilities; Physical security monitoring
A.7.3 requires implementing protective measures for offices, rooms, and facilities proportionate to the assets they house. For the exam, emphasize practical safeguards: controlled keys and badge zones, tamper-evident cabinets for network gear, secure window and door hardware, and policies that prevent unattended exposure of displays and documents. Sensitive areas must be clearly identified, with visitor escorts and maintenance personnel vetted and logged. Asset location and cable management should minimize casual access, and signage should balance deterrence with privacy obligations. Candidates should relate this control to asset inventory and classification, explaining how physical safeguards are selected to match information value and operational criticality.
A.7.4 mandates physical security monitoring to detect and respond to unauthorized access attempts or anomalous conditions. Capabilities typically include CCTV coverage of entry points and critical corridors, door access logs, alarmed enclosures, and environmental sensors for motion, tamper, smoke, water, or temperature. Monitoring must be lawful and respectful of worker privacy while providing sufficient visibility and retention for investigations. Pitfalls include blind spots, poor time synchronization, overwritten footage due to short retention, and alarms that are not triaged promptly, leading to alert fatigue. Strong programs define monitoring zones, maintain camera health checks, test alarm paths, and correlate physical logs with cybersecurity events to spot converged threats such as badge misuse tied to suspicious login patterns. Candidates should be prepared to describe evidence packages—camera maps, retention settings, alert runbooks, and periodic drill results—that demonstrate not only detection but effective response coordination with security personnel and facility management. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.
