Biometric locks are a form of physical access control that uses unique biological characteristics (e.g., fingerprints, iris scans) for authentication. Placing these locks on doors to server rooms or on individual server racks is a preventative security measure. It ensures that only authorized personnel can gain physical proximity to the hardware, thereby being the most effective method listed for directly preventing unauthorized physical access and subsequent tampering. This control addresses the threat at the point of physical entry, which is the prerequisite for hardware tampering.

B. Strong password policy: This is a logical access control measure that protects against unauthorized access to software and data, not the physical hardware itself.

C. Network firewall: This is a network security control that filters traffic. It provides no protection against an individual physically accessing and tampering with a server.

D. Surveillance cameras: This is a detective and deterrent control, not a preventative one. While cameras can record an incident and may deter some actors, they do not physically stop someone from tampering.

1. National Institute of Standards and Technology (NIST). (2020). Security and Privacy Controls for Information Systems and Organizations (NIST Special Publication 800-53

Revision 5).

Reference: Section on Control Family: Physical and Environmental Protection (PE)

Control: PE-3 Physical Access Control.

Details: This control specifies the need to "Control all physical access points... and manage physical access to the system to permit only authorized individuals." The discussion elaborates on using physical access devices

including biometric-based authentication mechanisms

as a primary method to enforce these controls and prevent unauthorized physical access.

2. Purdue University. (n.d.). Information Security and Privacy (POL-IX.A.1). Physical Security Standard.

Reference: Section 3.1

"Physical Access Controls."

Details: The standard outlines that "Physical access to University IT Resources must be controlled." It lists various controls

including electronic access control systems like card readers and biometrics

to secure areas housing critical infrastructure

explicitly to prevent "tampering

theft

or unauthorized access."

3. Von Solms

R.

& van Niekerk

J. (2013). From information security to cyber security. Computers & Security

38

97-102.

Reference: Page 100

Section 4

"The different layers of cyber security."

DOI: https://doi.org/10.1016/j.cose.2013.04.004

Details: The paper discusses the layered approach to security

clearly distinguishing between technical/logical security (like passwords and firewalls) and physical security. It identifies physical security controls as the foundational layer necessary to protect hardware from theft or tampering.