What is a defense-in-depth control for physical security and how does it support cyber security?

• A. Physical controls are primarily cosmetic.
• B. Physical security controls are irrelevant to cyber.
• C. Digital encryption alone provides physical protection.
• D. Physical controls (fences, cameras, access badges) prevent tampering and ensure secure environments. They reduce insider threats and tampering that could lead to cyber breaches.

Answer: (D)

Defense-in-depth in physical security uses multiple layered controls to protect facilities and equipment, so one failed layer doesn’t expose critical assets. This approach directly supports cyber security because physical access to servers, networking gear, or credentials can enable cyber breaches even if digital protections are strong.

Fences, cameras, and access badges are practical examples of this layering. They deter unauthorized entry, monitor who enters secure areas, and enforce who can access critical infrastructure. By reducing insider threats and the chance of tampering, these controls help prevent scenarios where malware is installed, devices are removed or replaced, or credentials are stolen—events that could bypass or undermine digital defenses.

Physical controls are not cosmetic or irrelevant to cyber security, and digital encryption alone cannot stop someone from gaining access to hardware or tampering with it. Together, layered physical measures and digital protections create a more robust, resilient security posture.