Physical Security Assessment

What is a physical security assessment?

A physical security assessment is a controlled attempt to gain unauthorised access to your buildings, server rooms or offices. We use the same techniques as real intruders: tailgating, badge cloning with a Proxmark, lockpicking, social engineering at reception and exploiting unattended entrances.

The goal is not just getting in. The goal is demonstrating what a malicious actor can achieve next: entering the server room, connecting a rogue device to the network, stealing documents or placing a keylogger.

What do we test?

• Perimeter - fences, barriers, camera positions, lighting, blind spots.
• Access control - badge systems (HID, MIFARE), biometrics, intercom procedures, tailgating.
• Reception & security - does reception respond to unknown visitors? Are visitor procedures effective?
• Internal zones - server rooms, archives, executive floors - adequately secured?
• Clean desk - sensitive documents, passwords on post-its, unlocked laptops.
• Mystery visits - we enter your premises undercover as technicians, delivery personnel or job applicants.

Why should you get a physical security assessment?

The best firewall is useless if someone can place a Raspberry Pi in your server room:

• Chain is as strong as weakest link: digital security is pointless if physical access is not right.
• Compliance: NIS2, ISO 27001 (Annex A.11) and sector-specific standards require assessment of physical security.
• Wake-up call: a successful physical intrusion is the most convincing evidence for management to invest in security.
• Insider threat: what can a dismissed employee, a malicious cleaner or a social engineer achieve?

Our approach

Discreet, professional, with a clear mandate from your management. Short lines: if we get in, you hear about it immediately.

• Reconnaissance - OSINT on your location: Google Maps, StreetView, employee LinkedIn, public floor plans, supplier information.
• Passive observation - employee entry/exit patterns, security routines, supplier traffic, camera positions.
• Pretext development - credible scenario: technician, delivery service, new employee, IT support.
• Physical intrusion - entry via tailgating, badge cloning (Proxmark), lockpicking, social engineering or unattended entrances.
• Objectives - once inside: entering server room, placing rogue device, photographing sensitive documents.
• Reporting - detailed report with photos, timeline, techniques used and concrete recommendations. Including presentation for management.

What does a physical security assessment cost?

Our hourly rate is €175 per hour. Costs depend on:

• Number of locations: one office versus multiple sites.
• Depth: perimeter only or full mystery visit with social engineering.
• Scenarios: one attempt or multiple (technician, delivery, applicant).
• Preparation: OSINT research and pretext preparation.

A physical security assessment of an office location costs €5,000 - €12,000 including preparation, execution and reporting. No surprises in the quote.