Resources for physical security questions

Check out The Core Group http://enterthecore.net/

They offer training sessions at the Black Hat conference (and other conferences):
"PHYSICAL PENETRATION TESTING"
https://www.blackhat.com/html/bh-us-11/training/core-pentest-intro.html
https://www.blackhat.com/html/bh-us-11/training/core-pentest-advanced.html

Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access, as well as how to compromise most existing physical security in order to gain access themselves. Attendees will not only learn how to distinguish good locks and access control from poor ones, but will also become well-versed in picking and bypassing many of the most common locks used in North America in order to assess their own company's security posture or to augment their career as a penetration tester

Videos by Deviant Ollam: http://deviating.net/lockpicking/videos.html
(and his book: http://www.amazon.com/Practical-Lock-Picking-Physical-Penetration/dp/1597496111/)


The german BSI has got some resources too. The download is a whooping 24MB in size, but has got a fairly good overview re best practices, also for physical security.


A lot of the holistic security work I have done does try to work out where organisations are relative to peers in industry across all security disciplines. Physical security is often a finger in the air, do we look better than the building next door, kind of thing.

Documented best practice does not appear to be as common as in other areas of security. I think it is because people feel like they understand physical security better than some of the more esoteric branches.

Social engineering / breaking and entering are my two tools to try and persuade organisations to improve here.

I hadn't seen the German BSI docs before, though - worth adding to the list.