Physical information security describes procedures and principles related to the protection of data that can be physically breached. Experts often contrast this concept with network or computer security. Many organizations digitally store their data in databases, requiring the need for computer security professionals who use firewalls and passwords to restrict access. Physical information, on the other hand, may appear in the form of printed documents or verbal communication. Professionals who practice physical information security often focus on protecting information from perpetrators who use techniques such as social engineering, digging through garbage for disposed documents, and stealing documents.
A common focus of physical information security is protection against social engineering. Social engineering is the practice of manipulating individuals in order to access privileged information. A common example of social engineering is when an attacker pretends to be an authority in order to fool an individual into divulging information, such as passwords or credit card numbers. Some of the most effective physical information security methods for battling social engineering techniques might include implementing policies regarding to whom and when a professional can speak about privileged information. Another common security method is to restrict who can have access to sensitive data.
Physical information security tactics also can be used to protect printed documents. A common method of attackers is to dig through an organization's garbage in order to obtain sensitive information. Security professionals suggest shredding all documents before disposing of them. In some cases, shredded documents might even be removed from the premises of an organization.
Theft is another attack method with which physical information security professionals are concerned. Attackers might break into an area where documents are stored. Alarms and cameras can be installed to prevent this kind of attack. Individuals who wish to retrieve documents also might use a social engineering technique in which they pose as employees or officials. Name, voice, and face recognition software can be used to deter this from happening.
Digital data often is stored in hardware, such as drives and discs. Another common focus of physical security is to deter attackers from accessing hardware that might contain sensitive data. Tracking devices and alarms are effective devices for protecting hardware.
Many security professionals believe that many organizations focus on the protection of digitally stored data while ignoring physical information security. For this reason, many scholars and professionals write about developing security strategies that utilize aspects from both security fields. Some physical information security professionals join computer security firms so that they can provide clients with even greater levels of protection.