[2] Michael Meyers notes that "the best network software security measures can be rendered useless if you fail to physically protect your systems," since an intruder could simply walk off with a server and crack the password at his leisure.
An intruder may be able to boot from a CD or other external media and then read unencrypted data on the hard drive.
One could also use a rogue device to access a poorly secured wireless network; if the signal were sufficiently strong, one might not even need to breach the perimeter.
[5] IT security standards in the United States typically call for physical access to be limited by locked server rooms, sign-in sheets, etc.
[6] An IT department could, for instance, check security log entries for suspicious logons occurring after business hours, and then use keycard swipe records from a building access control system to narrow down the list of suspects to those who were in the building at that time.