Physical information security is concerned with physically protecting data and means to access that data (apart from protecting it electronically). Many individuals and companies place importance in protecting their information from a software and/or network perspective, but fewer devote resources to protecting data physically. However, physical attacks to acquire sensitive information do frequently occur. Sometimes these attacks are considered a type of social engineering.
Many individuals and companies consider it important to protect their information for a variety of reasons, including financial, competitive, and privacy-related purposes. People who wish to obtain this information may be computer crackers, corporate spies, or other malicious individuals. This information may be directly beneficial to them, such as industrial secrets or credit card numbers. It may also be indirectly beneficial to them. For example, computer passwords do not have inherent value. However, they provide computer system access that may be used to get other information or to disable a person/company electronically. Sometimes these malicious individuals use electronic means or social engineering to gain information. However, sometimes they use direct physical attacks.
Common Physical Information Security Practices
There are many practices commonly used to decrease the possibility of success for these kind of attacks. Document shredding has become common, and the practice is still growing. Also electronic storage media are often prepared for disposal by purging, which erases files which may have been "deleted" by an operating system but never overwritten with other data.
Many choose to restrict access to areas where information is kept to those possessing a proper identification badge and/or other form of authorization. This attempts both to decrease the ease with which someone could access documents and to decrease the possibility of someone physically tampering with computer equipment. Along the same lines, many companies train their employees to physically protect documents and other sources of sensitive information on an individual level by locking the information in a file cabinet or by some other means. Also, companies request that employees memorize their passwords rather than writing them down as the paper with the password could be seen or stolen.