What describes the role of physical security within ISSAP and its integration with cyber security?

Physical security in ISSAP is about protecting the tangible assets that enable information systems—hardware, facilities, and the people who interact with them—and doing so in a way that integrates with cyber security to create a layered, coordinated defense. This integration ensures that threats like tampering, theft, and environmental risks are addressed across both physical and digital domains, strengthening overall resilience. The approach involves multiple controls working together: securing facilities and rooms, tamper-evident seals and secure enclosures for hardware, access control and authentication for personnel, surveillance such as cameras, and environmental protections like fire suppression and climate control. It also includes supply-chain safeguards and coordinated incident response with cyber monitoring so that a breach in one domain doesn’t automatically cascade into the other. This holistic view is why the option describing a combined, layered effort that protects hardware, facilities, and people—and prevents tampering, theft, and environmental threats through surveillance and integrated controls—is the best fit. Physical security being separate from cyber security isn’t accurate because ISSAP treats security as an integrated system. Limiting physical security to badge access is too narrow to capture the breadth of protections required. Saying physical security is irrelevant to ISSAP contradicts the core goal of safeguarding all elements that support information systems.