Professional Documents
Culture Documents
Discuss The Implementation of The Physical Security Control (PE3) As It Relates To Your System or Product/component
Discuss The Implementation of The Physical Security Control (PE3) As It Relates To Your System or Product/component
product/component:
How are they different, how are they the same?
• What is the cost to physically protect your physical location versus a temporary location?
• Is it worth going through the trouble of protecting your device in physical location versus a
temporary location (address both locations)?
There are three approaches to implementing controls (1) common or inheritable control
(2) system-specific control or (3) hybrid control (NIST, 2020). A common control is a control
that is inheritable from one control to another. An example of an inheritable control is security
guards. The security guards protect against entry and exit points, but they also could be
responsible for registering guests or in the case of the laptop, watching for them leaving the
building. A system-specific control is a control that is deployed and monitored by the group
who is responsible for protecting the asset. As an example, the IT team deploys encryption
software on the laptop, to lock the computer if the decryption password is not supplied. Hybrid
controls are controls that combine inherited controls and system specific controls.
The costs to protect a permanent location and a temporary location are both high, but
in most cases permanent location contain more assets than temporary location, therefore in
most cases the permanent locations would have more expenses related to physical security.
References
National Institute of Standards and Technology. (2020, September). Security and Privacy
Controls for Federal Information System Organizations (NIST SP 800-53 Revision 5
ed.). National Institute of Standards and Technology.
https://doi.org/10.6028/NIST.SP.800-53r5