What is typically included in physical controls?

Physical controls are tangible measures put in place to protect physical assets and ensure secure environments. The inclusion of locks, fences, and access gates directly relates to the core purpose of physical controls: to safeguard facilities and sensitive areas from unauthorized access. These tangible barriers are essential in securing equipment, data centers, and other critical locations, thereby preventing theft, vandalism, or unauthorized entry.

Locks secure doors and cabinets where sensitive information or equipment might be stored, fences create a physical boundary around premises to deter intruders, and access gates regulate who can enter specific areas. Each of these components play a pivotal role in establishing a secure physical footprint for an organization.

In contrast, other options pertain to different categories of security measures. For instance, software application training relates to user awareness and operational security but does not fall within physical controls. Data encryption and firewalls are related to digital and network security, while organizational policies deal with the governance of security practices rather than physical security measures. Therefore, the choice encompassing tangible security mechanisms is accurately identified as the correct answer.