Assess security posture of physical locations
Physical access may be required for certain types of adversarial actions.  
Tactic: Organizational Weakness Identification
DetectionDetectable by Common Defenses (Yes/No/Partial): Yes
Explanation: Physical security is often unaware of implications of physical access to network. However, some organizations have thorough physical security measures that would log and report attempted incursions, perimeter breaches, unusual RF at a site, etc.
Difficulty for the AdversaryEasy for the Adversary (Yes/No): Yes
Explanation: Social engineering and OSINT are still generally successful. Physical locations of offices/sites are easily determined. Monitoring for other sites of interest, such as backup storage vendors, is also easy to accomplish.
- Doug MacDonald, Samuel L Clements, Scott W Patrick, Casey Perkins, George Muller, Mary J Lancaster, Will Hutton. (2013, February). Cyber/physical security vulnerability assessment integration. Retrieved March 6, 2017.
- J. Depoy, J. Phelan, P. Sholander, B. Smith, G.B. Varnado and G. Wyss. (2015). RISK ASSESSMENT for PHYSICAL AND CYBER ATTACKS on CRITICAL INFRASTRUCTURES. Retrieved March 6, 2017.