Effective Physical Security

This book was suggested to me by another CISSP and I found it useful. The book, which is really a set of essays by multiple authors, including Fennelly, is split into three sections: Design, Equipment, and Operations. It includes lengthy discussions of building construction, lighting and fencing, and far more about locks than I ever wanted to know. Many checklists on several different subject areas are included, although not all of the checklist items are necessarily explained somewhere in the book. Several very detailed glossaries are included, although they are unfortunately not listed in the table of contents or index.

The chapter "Electronic Access Control and System Integration" is good, but is lifted right out of another book I recommend, "The Book on Access Control," by Konicek and Little. The chapter "Physical Access Control for Computer Areas," taken from John M. Carroll's computer security text is excellent. I highly recommend the chapter "Approaches to Physical Security" by Gigliotti and Jason. Infosec professionals will feel at home with the discussion of threat analysis, planning, cost justification, and layering. Besides being a useful essay on physical security, there is a lot of value to the Infosec professional in learning how related disciplines approach similar problems.

Chapter 2, the author's 11-page essay on conducting security surveys, is not only a useful guide to that subject, but it also contains wise advice that should be helpful for a professional in any discipline: "Only when you have developed the ability to visualize the potential for criminal activity will you become an effective crime scene surveyor." Overall, the book seems pretty solid, so I'm putting it on my must-buy list for security practitioners.

Rating:
Summary: Good introduction and reference to the subject
Review: I'm not an expert in physical security--I like to think of myself in an expert in information security. An understanding of physical security topics is essential for an Infosec consultant, but consultants and CISSP test candidates looking for information on this subject don't really know where to turn.

This book was suggested to me by another CISSP and I found it useful. The book, which is really a set of essays by multiple authors, including Fennelly, is split into three sections: Design, Equipment, and Operations. It includes lengthy discussions of building construction, lighting and fencing, and far more about locks than I ever wanted to know. Many checklists on several different subject areas are included, although not all of the checklist items are necessarily explained somewhere in the book. Several very detailed glossaries are included, although they are unfortunately not listed in the table of contents or index.

The chapter "Electronic Access Control and System Integration" is good, but is lifted right out of another book I recommend, "The Book on Access Control," by Konicek and Little. The chapter "Physical Access Control for Computer Areas," taken from John M. Carroll's computer security text is excellent. I highly recommend the chapter "Approaches to Physical Security" by Gigliotti and Jason. Infosec professionals will feel at home with the discussion of threat analysis, planning, cost justification, and layering. Besides being a useful essay on physical security, there is a lot of value to the Infosec professional in learning how related disciplines approach similar problems.

Chapter 2, the author's 11-page essay on conducting security surveys, is not only a useful guide to that subject, but it also contains wise advice that should be helpful for a professional in any discipline: "Only when you have developed the ability to visualize the potential for criminal activity will you become an effective crime scene surveyor." Overall, the book seems pretty solid, so I'm putting it on my must-buy list for security practitioners.