Physical Security Ch9 Part I Security Methods and Practice CET4884 Principles of Information Security, Fourth Edition.

Slides:



Advertisements
Similar presentations
Physical Security.
Advertisements

WELCOME Keyscans Access Control KIMA SECURITY INC.
“Why do we need Security”  Each business has unique security and safety needs, e.g. Inventory Shrinkage and Theft Personal Safety Break Ins Moving Your.
Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.
Chapter 5 Enhancing Security Through Physical Controls
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Copyright © Center for Systems Security and Information Assurance Lesson Seven Physical Security.
Principles of Information Security, 3rd Edition 2 Introduction  Physical security addresses the design, implementation, and maintenance of countermeasures.
Introduction to ubiquitous security Kevin Wang. Scenario Take photos Ask position Position voice Time More information.
Information Security Principles and Practices
Microsoft Technology Associate
Computer Security: Principles and Practice
Physical Security Chapter 9.
Security Devices A modern security system, with its array of electronic components, is designed to sense, decide, and act. The security system senses events.
BUILDING SECURITY ALARM SYSTEM. BUILDING SECURITY ALARM SYSTEM Any electrical or mechanical device which is designed or used for the detection of an unauthorized.
Physical Security EECS710 Fall 2006 Professor Saiedian Presenter:
Physical Security SAND No C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Introduction Physical security addresses design, implementation, and maintenance of countermeasures that protect physical resources of an organization.
每时每刻 可信安全 1 What category of water sprinkler system is currently the most recommended water system for a computer room? A Dry Pipe sprinkler system B Wet.
Principles of Information Security, Fourth Edition
Principles of Information Security, Fifth Edition
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Module 02: 1 Introduction to Computer Security and Information Assurance Objectives Recognize that physical security and cyber security are related Recognize.
Understanding Security Layers
Physical Security By: Christian Hudson. Overview Definition and importance Components Layers Physical Security Briefs Zones Implementation.
What does “secure” mean? Protecting Valuables
Principles of Information Security, 2nd Edition 2 Learning Objectives Upon completion of this material, you should be able to:  Understand the conceptual.
Wireless Network Security. What is a Wireless Network Wireless networks serve as the transport mechanism between devices and among devices and the traditional.
1 Security Integration and Esgraf sales presentation 01/2015.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.
John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.
Physical (Environmental) Security
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Viewing Information Systems Security. The basic objectives of Information Security are the same as the basic objectives of EDP auditing. They are: 1.To.
Chap1: Is there a Security Problem in Computing?.
Site Security Policy Case 01/19/ : Information Assurance Policy Douglas Hines, Jr.
Physical Security Chapter 9 If someone really wants to get at the information, it is not difficult if they can gain physical access to the computer or.
Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.
The Need for Access Control & Perimeter Protection
Department of Computer Science Chapter 4 Physical and Environment Security Semester 1.
Physical Security Concerns for LAN Management By: Derek McQuillen.
Access Control Jeff Wicklund Computer Security Fall 2013.
10. Security and Physical Protection Basic Concepts
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Physical Security Ch9 Part II Security Methods and Practice CET4884 Principles of Information Security, Fourth Edition.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.
Security Methods and Practice CET4884
Criminal Justice Intro to Security, Instructor Name Date, Semester Chapter 4: PHYSICAL SECURITY: STRUCTURAL, ELECTRONIC, AND HUMAN PROTECTION SYSTEMS.
Unit 1: Protecting the Facility (Virtual Machines)
2 Review: Information and data are the most important assets. Watch for insiders, social engineering, distributed attacks using software exploits.
Physical and Technological Security
CS457 Introduction to Information Security Systems
Principles of Information Security, Fifth Edition
Risk management.
Security Methods and Practice CET4884
Understanding Security Layers
Objectives Telecommunications and Network Physical and Personnel
Physical Security.
Managing the IT Function
Cyber Security For Civil Engineering
Presentation transcript:

Physical Security Ch9 Part I Security Methods and Practice CET4884 Principles of Information Security, Fourth Edition

Introduction Physical security addresses design, implementation, and maintenance of countermeasures that protect physical resources of an organization Most controls can be circumvented if an attacker gains physical access Physical security is as important as logical security Principles of Information Security, Fourth Edition 2

Introduction (cont’d.) Seven major sources of physical loss: –Extreme temperature –Gases –Liquids –Living organisms –Projectiles –Movement –Energy anomalies Principles of Information Security, Fourth Edition 3

Introduction (cont’d.) Community roles –General management: responsible for facility security –IT management and professionals: responsible for environmental and access security –Information security management and professionals: perform risk assessments and implementation reviews Principles of Information Security, Fourth Edition 4

Physical Access Controls Secure facility: physical location engineered with controls designed to minimize risk of attacks from physical threats Secure facility can take advantage of natural terrain, traffic flow, and degree of urban development; can complement these with protection mechanisms (fences, gates, walls, guards, alarms) Principles of Information Security, Fourth Edition 5

Physical Security Controls Walls, fencing, and gates Guards Dogs ID cards and badges Locks and keys Mantraps Electronic monitoring Alarms and alarm systems Computer rooms and wiring closets Interior walls and doors Principles of Information Security, Fourth Edition 6

Physical Security Controls (cont’d.) ID Cards and Badges –Ties physical security with information access control ID card is typically concealed Name badge is visible –Serve as simple form of biometrics (facial recognition) –Should not be only means of control as cards can be easily duplicated, stolen, and modified –Tailgating occurs when unauthorized individual follows authorized user through the control Principles of Information Security, Fourth Edition 7

Physical Security Controls (cont’d.) Locks and keys –Two types of locks: mechanical and electromechanical –Locks can also be divided into four categories: manual, programmable, electronic, biometric –Locks fail and alternative procedures for controlling access must be put in place –Locks fail in one of two ways: Fail-safe lock Fail-secure lock Principles of Information Security, Fourth Edition 8

9 Figure 9-1 Locks

Physical Security Controls (cont’d.) Mantrap –Small enclosure that has entry point and different exit point –Individual enters mantrap, requests access, and if verified, is allowed to exit mantrap into facility –Individual denied entry is not allowed to exit until security official overrides automatic locks of the enclosure Principles of Information Security, Fourth Edition 10

Principles of Information Security, Fourth Edition 11 Figure 9-2 Mantraps

Physical Security Controls (cont’d.) Electronic Monitoring –Records events where other types of physical controls are impractical or incomplete –May use cameras with video recorders; includes closed-circuit television (CCT) systems –Drawbacks Reactive; does not prevent access or prohibited activity Recordings often are not monitored in real time; must be reviewed to have any value Principles of Information Security, Fourth Edition 12

Physical Security Controls (cont’d.) Alarms and alarm systems –Alarm systems notify when an event occurs –Detect fire, intrusion, environmental disturbance, or an interruption in services –Rely on sensors that detect event; e.g., motion detectors, smoke detectors, thermal detectors, glass breakage detectors, weight sensors, contact sensors, vibration sensors Principles of Information Security, Fourth Edition 13

Physical Security Controls (cont’d.) Computer rooms and wiring closets –Require special attention to ensure confidentiality, integrity, and availability of information –Logical controls easily defeated if attacker gains physical access to computing equipment –Custodial staff often the least scrutinized persons who have access to offices; are given greatest degree of unsupervised access Principles of Information Security, Fourth Edition 14

Physical Security Controls (cont’d.) Interior walls and doors –Information asset security sometimes compromised by construction of facility walls and doors –Facility walls typically either standard interior or firewall –High-security areas must have firewall-grade walls to provide physical security from potential intruders and improve resistance to fires –Doors allowing access to high security rooms should be evaluated –Recommended that push or crash bars be installed on computer rooms and closets Principles of Information Security, Fourth Edition 15

, phone, skype, or face to face Questions? Principals of Information Security, Fourth Edition 16

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.