The Styx Security ISO 27001 “Say It Like You Mean It!” Physical Security Toolkit is now available to all!

This guide uses the adversarial approach to physical security to help expose the gaps that you don’t see, but the criminals do. Those gaps are your risks.

The toolkit isn’t meant to hold your hand (it’s definitely not a guide to implementing the standard), but it’s meant to give experienced consultants a different perspective on identifying risks.

The guide is a resource to help plug some of the gaps that we see routinely. Or, at least, make people aware of the risks. It’ll be accompanied by an audio / video guide for each section so you can listen to them section by section in small chunks.

Whilst the toolkit is aimed mainly at experienced ISO 27001 consultants, it’s useable by anyone looking to implement the standard or take an adversarial look at their physical security.

Thanks to Gary Hibberd of Consultants Like Us for taking the time to review the guide and provide invaluable feedback.

We ask different questions:

Click thumbnails to read full sized samples.

When you installed CCTV, did you install a security or surveillance system?

How do you differentiate between an upset employee who didn’t get a promotion and a real insider threat?

Do you have building plans on display for the fire brigade? Do they have “server room” marked on it? Does this help criminals?

Are you keeping up to date on new risks? Are people bringing ebikes inside to charge them? Should they?

Is your paper confidential waste treated the same as sensitive, digital data stored in plain text? Is it in marked bags for easy identification? How does this help a criminal?

Audio / Video Guides

Over the next few weeks, the toolkit will be expanded upon with guides uploaded to YouTube. These will be 20-30 minute long, easy listening guides meant to lend some depth, context and experience to the main document. Direct links to each section will be added in version 1.2.

The list below will be hyperlinked as guides are released.

Perimeters
Controls
Offices, Rooms, Facilities
Monitoring
External / Environmental Threats
Secure Areas
Equipment Siting / Protection
Main Entry / Reception
Delivery / Loading
Mobile Assets
Maintenance
Cables
Security Awareness
Personnel Screening
Disposal / Recycling
PACS Credentials