@Steve Keller
Well said sir, but please note that the "network administrator" is NOT, repeat NOT the company security officer!
"There are no standards for real security of data"
Of course there are. Lots. And Lots. And Lots. From high-level recommendations like ISO-17799 or those here: http://csrc.nist.gov/publications/PubsSPs.html down to detailed in-company program instructions.
"..because all they understand is computer security and not physical security and it takes an understanding of both to provide effective security."
I agree with the integration work at least. Said glibly, the problem is management who things that "they" are able to implement good company-wide security as "they" got rid of the worm that came in on the notebook last week. Wrong, wrong, wrong. Anyway, the point is - companies need personnel that is dedicated to the task of security while still being integrated in the day-to-day work to be able to make well-informed implementation decisions. They need to know about networking. They need to know about what's around networking. They need management support. And they need time.
But suddenly -- economics! It is very difficult to bill for such "additional" services - exploitation costs become too high, time for the project is too short, the learing curve too steep, management is either dismissive or becomes catatonic as security hoovers up a squalid percentage of the fixed-cost contract :-( At the end of the day, your identity information may not prove to be that important, really. :-((
"Perhaps that's why I'm on a computer security forum trying to learn but i rarely if ever see a computer security person on a physical security forum"
I don't know about that. One person hanging on a security forum does not a one-way knowledge transfer make.
And yeah, those guys goofed up when not encrypting the tapes. Maybe they wanted to do it "soon" and it's been on the to-do list for ages? I know the problem. (but I managed to encrypt our tapes with the underhand trick of 'unpaid sunday work')
Ok, I'm off, gotta check the servers.