Physical security
The last component of the human element of security we will cover is physical security. It can be stated with a high degree of confidence that the most important facet of security is physical security; there is no security if access to systems is not limited or controlled. Another way to look at this is, if the system can be physically removed from the data center with nothing to prevent the action, then network access controls provide no benefit; therefore all other security is irrelevant. A scenario covered in the Social engineering section was the attacker attempting physical access to enterprise systems in order to gain access to enterprise data. This section will briefly cover the need for physical security controls, primarily the human interaction control.
In order for enterprise associates to protect the enterprise from well-trained social engineers who show up in person, they must know what to look for in behaviors and know how to react according to policy and training...
