ABSTRACT
The above Webster’s definition can be restated for the security practitioner as controlled access. In fact, every aspect of an IT security practitioner’s job revolves around the process of defining, implementing, and monitoring access to information. This includes physical access. When to use it, how much, and the best way to integrate it with traditional IT security methods, are concepts the IT security professional must be familiar with. The IT security specialist need not be an expert, someone else will fill that role, but effective policies and strategies should take into account the benefits as well as limitations of physical protection. Success depends on close collaboration with the physical security office; they have more than just IT security on their minds and a mutual respect for each other’s duties goes a long way. Thus cross training can prove invaluable, particularly when an incident occurs. In essence, a layered, multidisciplined approach can provide a secure feeling; freedom from fear, doubt, etc. Controlled access is security.
