ABSTRACT
Whenmost information security practitioners hear the term
perimeter security, they usually think of firewalls, intru-
sion detection, and intrusion prevention systems. In larger
companies, the physical perimeter is the responsibility of
either a physical security department or facilities. Medium-
and smallsized companies may have someone such as a
facilities manager who is responsible for physical security,
but it is an additional duty and not a specialty. This should
be a concern for all information security practitioners
because physical security (or the lack of it) is one of the
biggest gaps in most information security programs.