ABSTRACT
When most information security practitioners hear the term perimeter security, they usually think of
firewalls, intrusion detection, and intrusion prevention systems. In larger companies, the physical
perimeter is the responsibility of either a physical security department or facilities. Medium-and small-
sized companies may have someone such as a facilities manager who is responsible for physical security,
but it is an additional duty and not a specialty. This should be a concern for all information security
practitioners because physical security (or the lack of it) is one of the biggest gaps in most information
security programs.