Technical vs Physical

semehsemeh Member Posts: 18 ■□□□□□□□□□
Hello All,

This is technical and physical controls definitions for Sybex 7th Edition:

Technical or logical access involves the hardware or software mechanisms used to manage access
and to provide protection for resources and systems. As the name implies, it uses technology.
Examples of logical or technical access controls include authentication methods (such as usernames,
passwords, smartcards, and biometrics)
, encryption, constrained interfaces, access
control lists, protocols, fi rewalls, routers, intrusion detection systems (IDSs), and clipping levels

Physical access controls are items you can physically touch. They include physical mechanisms
deployed to prevent, monitor, or detect direct contact with systems or areas within
a facility. Examples of physical access controls include guards, fences, motion detectors,
locked doors, sealed windows, lights, cable protection, laptop locks, badges, swipe cards,
guard dogs, video cameras, mantraps, and alarms

I'm a little bit confused about Biometrics, smartcard, swipe card and Badges , they are Technical or Physical controls ?


  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    Overlap exists everywhere in security, so there's no good answer. For me personally, I consider "physical" controls to be dumb things that a 30k/year security guard is in charge of - door locks, lights, fences, etc. Once you start hitting swipe cards, video cameras, etc. I can see where it starts to get confusing.
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Think about the specific method and the context. Generally physical controls are measures like guards, fences, dogs...and technical controls would be passwords, biometrics, etc. There can be overlap so you really have to identify what the question or scenario is referring to.
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,927 Mod
    Aha, the magic word: CONTEXT!. What type of control are security cameras? They could be detective because they help identify security violations. They could be deterrent if implemented for that reason. So on and so forth. Do not make the mistake of trying to make controls fit in one bucket. Intent and purpose must always be considered.
Sign In or Register to comment.