physical security

[rudeboy]

Has anyone here had data or systems compromised due to a breach in physical security (dumpsters, doors, s.e.'d guards) and what did you do as a measure of incident response because of it?

[vokx]

I had this problem at the last corporate job i had...dumpster pilfering, server room break ins, stolen laptops, etc.
Unfortunately there is no easy answer...
start with EVERYTHING being shredded on the way out to the bins. you'd be surprised what people just toss in the bins.
if you have any idea who has keys, recall them and reissue on a tighter basis. everyone doesn't need a friggin master key - if they insist, give them a bathroom key with "001" stamped on it and they probably will never even know. (best to change all the locks at this point too)
laptops may not be left in the office, they must be either removed from prem or put in a lock box - we had three boxes installed for this in small closets - something that bolts down and locks up.
video surveillance - all major entrances and sensitive areas, we used netbotz in our server room. we actually caught a VP trying to delete mail from the server.
its kinda like the racecar analogy - speed costs money, how fast do you want to go? its all proportionate to the $ you can spend.
and if you think your janitorial staff or security guards are to blame...fire everyone (be sure you have documentation of the kind of shit that has been goin on) and rehire an entirely new crew - and make sure they are bonded - also national.
change passwords regularly - that way when someone writes it down it only works for a little while - not the length of their emplyment.
don't want to bore so i'll knock off here.

[rudeboy]

Thanks for the reply. We are actually not too bad on the physical security part. I have been tasked with writing some incident response procedures (forensics included) and was wondering what are good templates to use concerning IR for a physical breach. We have cameras, shredders, bonded clean crew, etc. at all sites.