Digital information is at the heart of every Internet transaction. The confidentiality, integrity, and availability of that information depends on the security of the following physical constituents of any computing environment:
- hardware, in the broadest sense—machines, storage media, and transmission media;
- the physical expression of the zeroes and ones that represent digital information (data and programs);
- electricity, without which no digital information could change, move, or incite action; humans and the information they possess to run the system.
- Internet security can be divided into two distinct areas:
cybersecurity and physical security. - The former term pertains to threats and defenses mounted via the same channels as legitimate exchanges of digital information.
- Encryption of information falls into this category. The role of physical security is to guard the four physical ingredients just outlined in two ways.
- First, it must protect the integrity and availability of resources for legitimate use. Second, it must prevent the misuse of resources,for example, by breaches of confidentiality or theft of services.
- Physical security and cybersecurity complement one another. Where an organization’s control over the physical ingredients ends, encryption and the like must take over. When cyberdefenses are strengthened, physical vul-
nerabilities become more inviting targets. Physical security serves cybersecurity. A breach of physical security,such as a password in the trash, can give a cyberattacker a foothold.
The advent of biometrics and smart cards can be viewed either as an expansion of physical security into cybersecurity territory or as a blurring of the line between the two forms of security.
Physical security issues extend as far as an organization’s resources. Because human knowledge is one of those assets, physical security concerns can span as far as information can spread. For instance, sensitive information could be revealed by an indiscreet question posted on a newsgroup. Thus, physical security is not constrained by a geographical footprint.
Physical security is intractable in the sense that certain events cannot be prevented. We cannot stop someone from demanding an off-duty employee’s password at gunpoint, for instance. Redundancy is the last line of defense for the integrity and availability of resources. Confidentiality, on the other hand, cannot be “backed up”; some damage, such the as revelation of personal information,
can never be repaired.
Site Title 