The EC-Council Incident Handler (ECIH) curriculum emphasizes that incident response includes both logical and physical security controls. Physical breaches can directly lead to data compromise, hardware tampering, or insider-enabled attacks. In this case, the breach occurred due to badge sharing, a common weakness in physical access control systems that rely solely on single-factor authentication.
Dual authentication (two-factor authentication) in physical security typically combines something the user has (access card or badge) with something the user is (biometric verification such as fingerprint or iris scan). The absence of biometric validation allowed the contract worker to misuse another employee’s badge without detection.
ECIH highlights that effective forensic readiness includes strong access controls, surveillance integration, and identity verification mechanisms to prevent unauthorized facility access. Multi-factor authentication (MFA) for physical entry ensures accountability, prevents impersonation, and strengthens audit trails.
Option A (patch management) addresses system vulnerabilities, not physical access misuse. Option C (firewall segmentation) is a network control unrelated to physical facility entry. Option D (encrypted file systems) protects stored data but does not prevent unauthorized physical presence in restricted areas.
By implementing dual authentication with biometric verification, the organization would have significantly reduced the likelihood of badge misuse and improved accountability, aligning with ECIH’s layered security and preventive control principles.
