Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.

Slides:



Advertisements
Similar presentations
Chapter 7: Physical & Environmental Security
Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
4 Information Security.
Computer Security Computer Security is defined as:
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.
Social Engineering Networks Reid Chapman Ciaran Hannigan.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Protecting Your Identity. What is IA? Committee on National Security Systems definition: –Measures that protect and defend information and information.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Managing Risk Minimising Insurance Risks –Legal requirements –Premises –Equipment –Employees –Theft and fraud –Transport –Insuring the risks Risk Management.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
Physical Security Chapter 9.
1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Physical Security.
Physical Security. Types of Threats Human Intrusion ◦ Attackers looking to perform some sort of damage or obtain useful information “Natural” Disasters*
Data Security GCSE ICT.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Program Objective Security Basics
1 3 Computing System Fundamentals 3.4 Networked Computer Systems.
Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.
Social Engineering UTHSC Information Security Team.
Module 02: 1 Introduction to Computer Security and Information Assurance Objectives Recognize that physical security and cyber security are related Recognize.
Chapter 4.  Can technology alone provide the best security for your organization?
© 2008 Delmar, Cengage Learning Property Security, Emergency Response, and Fire Protection Systems Chapter 13.
RISK MANAGEMENT. RISK IS INEVITABLE  From your research of local businesses, what Risk was unavoidable and why?  Speculative Vs. Pure Risk  Speculative=
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Physical ways of keeping your system secure. Unit 7 – Assignment 2. (Task1) By, Rachel Fiveash.
Physical Site Security.  Personnel  Hardware  Programs  Networks  Data  Protection from:  Fire  Natural disasters  Burglary / Theft  Vandalism.
Physical Security and Contingency Planning CS432 - Security in Computing Copyright © 2008 by Scott Orr and the Trustees of Indiana University.
Physical (Environmental) Security
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
© 2006 eAgency, Inc. All Rights Reserved. How to Use Technology to Grow Your Small Business into Big Business… Can You Pass the Test? Presented by Robert.
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
Chap1: Is there a Security Problem in Computing?.
Security fundamentals Topic 11 Maintaining operational security.
Communication in Administration (Security)
Physical security By Ola Abd el-latif Abbass Hassan.
Physical Security Concerns for LAN Management By: Derek McQuillen.
Designed By: Jennifer Gohn.  “Getting people to do things they wouldn’t ordinarily do for a stranger” –Kevin Mitnick  There are several different.
1 Outline of this module By the end of this module, you will be able to: – Understand what is meant by “identity crime”; – Name the different types of.
Physical Security Ch9 Part I Security Methods and Practice CET4884 Principles of Information Security, Fourth Edition.
JANELL LAYSER Training Manual. AWARENESS! Social Engineers are out there, and everyone should be prepared to deal with them! They can contact you by phone,
Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.
Module 5: Designing Physical Security for Network Resources
CompTIA Security+ Study Guide (SY0-401)
Risk management.
Add video notes to lecture
Social Engineering Brock’s Cyber Security Awareness Committee
IT Security  .
CompTIA Security+ Study Guide (SY0-401)
Robert Leonard Information Security Manager Hamilton
CompTIA Security+ Study Guide (SY0-501)
Social Engineering No class today! Dr. X.
Level 2 Diploma Unit 11 IT Security
Understand mechanisms to control organisational IT security
Objectives Telecommunications and Network Physical and Personnel
Security of Data  
Managing the IT Function
Presentation transcript:

Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008

Physical Security Prevent attacks from accessing a facility, resource, or information stored on physical media Prevent attacks from accessing a facility, resource, or information stored on physical media

Two Main Things to Protect Against Human Attack Human Attack Natural Disasters

Human Attacks Attacks from outside Attacks from outside –Thieves/burglars –Hackers –Former employee Attacks from inside Attacks from inside –Current angry or disgruntled employee –Agent for hire

Five Layers of Physical Security Environmental deterrents Environmental deterrents Mechanical deterrents Mechanical deterrents Surveillance deterrents Surveillance deterrents Human deterrents Human deterrents Proper employee training Proper employee training

Environmental Deterrents Primarily for outside attacks Primarily for outside attacks High walls, fences High walls, fences Used to deter less motivated attackers Used to deter less motivated attackers

Mechanical Deterrents Can range from simple ID card to high- tech biometrics Can range from simple ID card to high- tech biometrics Locked gates, key cards Locked gates, key cards Access control Access control

Surveillance Deterrents Used to help prevent future attacks and provide information on past attacks Used to help prevent future attacks and provide information on past attacks Cameras, microphones, detection systems Cameras, microphones, detection systems CCTV/cameras can help deter “shoulder surfing” CCTV/cameras can help deter “shoulder surfing”

Human Deterrents Can be used to prevent both outside and inside attacks Can be used to prevent both outside and inside attacks Security guards and checkpoints – outside Security guards and checkpoints – outside Reception desks and the employees (when trained)- inside Reception desks and the employees (when trained)- inside One is not enough! One is not enough!

True Story 2 attackers obtained entry to data center 2 attackers obtained entry to data center Security guard wasn’t at post, one employee on duty Security guard wasn’t at post, one employee on duty Attackers beat employee and used employee to gain access to equipment Attackers beat employee and used employee to gain access to equipment

Employee Training Common problem is laziness Common problem is laziness Train employees to always: Train employees to always: –Lock all unattended workstations –Turn monitors away from common areas –Shred sensitive documents –Lock laptops  Stolen laptops are becoming a big security issue

Social Engineering Tricking people into giving confidential information or granting access Tricking people into giving confidential information or granting access Several different methods Several different methods –Pretexting –Baiting –Quid pro quo

Pretexting Using a invented scenario to convince the victim to give up personal information or do some action Using a invented scenario to convince the victim to give up personal information or do some action Justin Long’s character in Live Free or Die Hard; car Justin Long’s character in Live Free or Die Hard; car

Baiting Attacker puts harmful virus/malware on a device Attacker puts harmful virus/malware on a device Leave device in public place with legitimate title Leave device in public place with legitimate title Victim uses device and uploads the malware to system Victim uses device and uploads the malware to system

Quid Pro Quo “Something for something” “Something for something” Attacker offers help with problem, but while helping, hurts too Attacker offers help with problem, but while helping, hurts too The Italian Job- Becky the cablewoman The Italian Job- Becky the cablewoman

Dumpster diving Searching through the trash for valuable information that is still intact Searching through the trash for valuable information that is still intact Prevent by: Prevent by: –Thoroughly shredding all important data

Regular old theft Mission Impossible Mission Impossible Katie’s work application Katie’s work application

Natural Disasters Risk Assessment Risk Assessment –See what problems are the most likely for your location and guard against them –Example: in Tallahassee, don’t really need to worry about earthquakes, so don’t spend money protecting against them

Natural disasters Fire Fire Fire can destroy computer hardware Fire can destroy computer hardware Prevent with: Prevent with: –Smoke detectors –Fire alarms –Fire extinguishers

Other Natural Disasters Liquid damage Liquid damage –Keep sensitive equipment on 2 nd floor or higher –Don’t run water pipes through or near rooms with susceptible equipment Earthquakes Earthquakes –Support with gel padding and springs Lightning Lightning –Faraday cages –Generators

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.