If your company policy requires it, hardware components such as wireless features and microphones can be physically disabled (but only by an Apple Certified Technician). Physically disabling hardware may not be practical in all circumstances. You can also disable hardware by removing the software driver, because the operating system interfaces with hardware via kernel extensions (.kext files).
Removing kernel extensions does not permanently disable the components, and you will need administrative access to restore and reload them. Disabling hardware by removing the software driver is not as secure as physically disabling the hardware, but is more secure than disabling it through system preferences.
Kernel extensions are stored in /System/Library/Extensions. You can disable the following hardware by removing or stubbing the listed extensions:
External iSight camera:
External mass storage devices:
Simply dragging these files to the Trash will suffice to remove the extension. Even more secure is to provide stubs for these files (empty files with the same name as the folder being replaced) and to lock them, which will prevent future updates from adding newer versions back. If you have trashed a file, remember to trash it again after applying any system update. In either case, you should also remove the contents of the Cache directory and immediately restart the system.
Xserve hardware also has the ability to lock FireWire and USB ports. The physical key on the front panel engages and disengages this lock. However, keyboard and mouse devices can be excepted in software, using the toggle in the Security Preference pane of the Xserve.