Security is critical for enterprises and organizations of all sizes and in all industries. Weak security can result in compromised systems or data, either by a malicious threat actor or an unintentional internal threat. Not meeting security standards that are regulated by a separate organization or law, such as PCI DSS 3.0 or HIPAA compliance, can also result in financial penalties.
Physical security is the protection of personnel, hardware, software, networks and data from physical actions, intrusions and other events that could damage an organization. This includes natural disasters, fire, theft and terrorism, among others. Physical security for enterprises often includes employee access control to the office buildings as well as specific locations, such as data centers. An example of a common physical security threat is an attacker gaining entry to an organization and using a USB storage drive to either copy and remove sensitive data or physically deliver malware directly to systems. Threats to physical security may require less technical savvy on the part of the attacker, but physical security is just as important as information security.
Information security, also called infosec, encompasses a broad set of strategies for managing the process, tools and policies that aim to prevent, detect and respond to threats to both digital and nondigital information assets.