Unit 7 - Organisational Systems Security Lesson 4 – Information security Unit 7 - Organisational Systems Security

Last Session Counterfeit Goods Information security: confidentiality integrity and completeness of data availability of data as needed

This Session Complete assignment 1 Physical security Lock and key CCTV Intrusion detection Port lockdown Biometrics

Physical Security Lock and Key Equipment identification CCTV Intrusion detection systems Staff and visitor identification Access control [sign in/sign out] systems Security personnel Shielding network cables and wireless communication systems Port Lockdown

Lock and Key Secure mobile devices Master keys for whole building Submaster for group of rooms eg server rooms Log of who keys are issued to Uncuttable keys Digital keypads/ card entry Observation of code Tail-gating Passing code on to others Building weaknesses: plasterboard partitions, ceiling spaces, unsecured doors.

Equipment identification Deterrent Aids recovery Assists prosecution of offenders Indelible ink Ultra-violet sensitive ink Marking with ‘DNA’ compound created for your organisation.

CCTV ‘no official (or even unofficial) statistics on how many CCTV cameras there are. The information commissioner doesn't know, the government has repeatedly told parliament that figures are not collected’ Channel 4 Factcheck, 2008 Estimates vary: 4.2 million (2002, Michael McCahill and Clive Norris), 1.2 million 2007 Edexcel One camera for every 14 people (David Davies, 2008) invasion of privacy?

CCTV Monitor remote locations Comprehensive record 24/7 of events Visible cameras modify behaviour and can be a deterrent Admissible as evidence Technology and image quality continually improving, most can tilt, zoom and pan Can include directional microphone Covert surveillance

Intrusion detection systems Detect human presence Passive infrared detects body heat Microphones detect movement and enable listening Circuit breakers for doors, windows, hatches Pressure sensitive pads for floors Low-power lasers

Staff and visitor identification Identity badges for staff and visitors Used in combination with automated access Personnel database Can signify role, department, level of access etc Visitor cards will have an ’expiry’ date

Access control [sign in/sign out] systems Swipe cards Dongles System logs entry and exit Can be programmed to allow access door by door or at certain times only Keys can be disabled if not returned when employee leaves Can be reprogrammed when roles change May not contain info other than identifier can be used by wrong person

Security personnel Know most people in organisation (if not all) Can identify suspicious or unusual behaviour Monitor buildings out-of-hours

Shielding network cables and wireless communication systems Signal travelling along copper cable emits electromagnetic field, can be analysed to discover the data Fibre optics requires considerable effort and possible damage Shielded cables – dampen ‘noise’ from the cable and prevent external magnetic interference from power sources etc. Wireless systems less secure; WEP encryption. Total trust – preconfigure devices so that not just any device can join.

Port Lockdown Eg wall socket which ethernet cable plugged into; if port is inactive should be ‘locked down’ in central communications room. Achieved by remote access to switch and disabling port, or unplug the cable. Prevents additional devices joining system

Biometrics Fingerprint recognition Retinal scans Iris scans Voice recognition Other biometric technologies

Fingerprint recognition Used for over 100 years, 1 in 75 million identical Can be reproduced using super-glue and Vaseline Fine watery solution allows detection and scanners to operate. Some scanners may use rapid laser to detect ridges. Or electro-static sensitive pad detects current in the small quantities of water Often used with another system e.g. International travel combines fingerprints with passport/visa in some countries

Retinal scans Retina is the back of the eye Biologically unique configuration Very difficult to change without considerable damage – Fingerprints can be cut or burnt Remains same from birth Takes about two seconds to complete Requires close proximity of subject

Iris scans Which film? Minority report Another unique feature of the eye Remember Madeline McCann? Can be carried out while subject wearing glasses or contact lenses (unlike retinal scan) Unlikely to change at all during lifetime A public iris scanning device has been proposed in a patent from Samoff Labs in New Jersey. The device is able to scan the iris of the eye without the knowledge or consent of the person being scanned. http://www.technovelgy.com/ct/Science-Fiction-News.asp?NewsNum=930 "false match" less than one time per one hundred billion.

Voice recognition Considerable limitations Voices change according to circumstance: Stress, excitement, tiredness, illness, age! Use of other devices to circumvent eg mobile phones Used together with other systems eg CCTV Recent improvements used in games consoles, important for people with disability e.g. For speech to text systems

Other biometric technologies Facial recognition systems (with CCTV) Identifying suspicious behaviour through analysing posture/behaviour What could be next?

Automated Human Body Odor Recognition System

Assignment 1 Know your threats P1 - Explain the impact of different types of threat on an organisation. M1 - Discuss information security.