Which security control would provide the best protection for sensitive data in a physical environment?

The choice of physical security measures as the best protection for sensitive data in a physical environment is based on the unique characteristics and requirements of protecting data stored in physical locations. Physical security measures encompass a range of strategies and practices designed to safeguard physical assets, including sensitive data, from unauthorized access, theft, and damage.

These measures may include the use of locks, security guards, surveillance cameras, entry controls, and environmental controls (such as fire alarms and temperature monitoring). By ensuring that only authorized personnel can access areas where sensitive data is stored, physical security measures significantly reduce the likelihood of data breaches that can occur through unauthorized physical access.

In contrast, while encryption is a crucial component for protecting data at rest and in transit, it does not prevent physical access to data and does not address the risk of theft or damage to the physical media itself. Firewalls are primarily used to protect networks from external threats and do not apply directly to physical data protection. Access control lists help manage user permissions within systems but do not physically protect the data at the location itself.

Thus, in a physical environment where sensitive data resides, implementing robust physical security measures serves as a fundamental layer of defense, ensuring that the data is protected against unauthorized access and physical threats.