I would say "requires" rather than "reduces to". Just like all security requires vetting personnel. There are just a lot of checkboxes that need to be ticked as table stakes in the security game.
I would state that physical security is both necessary and sufficient to protect information.
Vetting personnel isn’t necessary, nor is it sufficient, to protect information.
Protecting more than just the information, is a different argument.
If we’re talking about securing personal information that has a physical footprint of a cell phone, vetting personnel is irrelevant. Never let your phone leave your person, on pain of death, so to speak.
If we’re talking about securing a building, vetting personnel is just an extension of physical security, anyways.
All of those checkboxes will ultimately reduce to being an extension of physical security.
Vetting personnel isn’t necessary, nor is it sufficient, to protect information.
Protecting more than just the information, is a different argument.
If we’re talking about securing personal information that has a physical footprint of a cell phone, vetting personnel is irrelevant. Never let your phone leave your person, on pain of death, so to speak.
If we’re talking about securing a building, vetting personnel is just an extension of physical security, anyways.
All of those checkboxes will ultimately reduce to being an extension of physical security.