Enterprise Infrastructure Security Threats


Many organizations give physical security a second thought when analyzing their information security. Physical security consists of both technical and administrative elements, and since organizations rely on countermeasures that are technology-oriented to prevent attacks, they tend to overlook physical security (Rao & Nayak, 2014). Organizations find it hard to protect data, network, and system because of the increased vulnerability of technology and computer environments. Smartphones, USB hard drives, tablets and laptops are portable and allow mobile access hence information can easily be stolen or lost. The organization must implement physical security correctly since it will help prevent attackers from gaining physical access to computers and take the information they wanted. Physical security measures aim to protect personnel, IT infrastructure, information, facilities, company’s assets and equipment from physical actions that might cause severe damages. The paper will examine the physical security measures appropriate for the Department of Defense and threats the controls are mitigating.

Administrative Control

First, the Department of Defense needs to secure data centers and server rooms by making them off-limit to unauthorized individuals. Locking down the rooms and ensuring limited access to employees who would like to use them for job duties would help prevent attacks (Khadraoui & Herrmann, 2007). Besides, the Department of Defense should make the rooms more human-incompatible. For instance, the rooms should have extremely dim lights, limited oxygen, cold temperatures and little space. Data centers are vital places in an organization since they store critical equipment; therefore, they should be located in the middle of the facility. The threats this control mitigates against include burglary and theft. When an unauthorized person accesses the data center, they might cause damage and steal vital information.

Second, with the facility design, the methods and construction materials should meet or exceed the building codes and safety measures. According to Khadraoui and Herrmann (2007), the wall design of the facility should adhere to the minimum fire ratings required in that particular area. The type of combustible materials used to protect server rooms must meet code standards. The water and gas design will help mitigate water and gas leakages by ensuring positive flow, appropriate location of shutoff valves and the placement of water and gas pipes (Rao & Nayak, 2014). Window design ensures that the windows in the facility are alarmed, shatterproof thus preventing individuals from vandalizing the server room or the facility.

Physical Control

First, the Department of Defense should use badges as a proof of identity. This will help verify whether the person is an employee or a visitor. We need to include pictures, computer chips and radio frequency identification tags in the smart card to validate the employee. Second, facilities in the Department of Defense should have motion detectors and alarm system to detect intrusion. For instance, the function of heat-based motion detectors is to sense the level of heat in the facility while passive audio motion detectors provide information on unusual sounds in the facility (Rao & Nayak, 2014). Moreover, the use of intrusion alarms as water sensors, door and window contacts and motion detectors makes it hard for attackers to access primary resources since changes in the status of the devices will trigger the alarm.

Third, the Department of Defense should have a secured perimeter. For instance, the facility should have gates, turnstiles, mantraps and fences that will create an additional layer of security. Setting up the fence creates a boundary between the public and protected area (Rao & Nayak, 2014). The level of protection the gates offer should be equal to the fence, and this will prevent malicious people from intruding.  The facility should use mantraps to lock unauthorized individuals until the security team confirms their identity.

Technical Controls

First, the Department of Defense should advocate the use of token cards to allow authorized personnel to have physical access to the facility or secured rooms. The integrated circuits and microchips in the token cards function through a two-factor authentication mode (Rao & Nayak, 2014). The card has employee information, and after the confirmation, the person can access the room. Therefore, I would be difficult for intruders to access the facility by possessing the cards alone since the card requires one to enter biometric information.

Second, with proximity readers and radio frequency identification, access control system scans the card and determines if the individual has authorized access to the facility. When the Department of Defense uses proximity readers and access control cards, they can control unauthorized person from accessing the facility by not verifying the signal sent to the reader. Third, the facility needs to set up surveillance. The surveillance should include guards who may be fixed in one location or patrol around the facility. Guards are significant due to their adaptability (Rao & Nayak, 2014). By patrolling, guards can make sure window and doors are locked.



Factor, A. (2002). Analyzing application service providers: [ASP business models, designs, architectures, methodologies, enabling technologies, economics, and more]. Palo Alto, Calif: Sun Microsystems Press.

Khadraoui, D., & Herrmann, F. (2007). Advances in enterprise information technology security. Hershey [Pa.]: Information Science Reference.

Rao, U. H., & Nayak, U. (2014). The InfoSec handbook: An introduction to information security. Berkeley, CA: Apress.





Do you need an Original High Quality Academic Custom Essay?