The Need for Access Control & Perimeter Protection

Slides:



Advertisements
Similar presentations
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Advertisements

How Electronic Security Solutions can Help the Government in Securing its Assets and Reduce Energy expenditure Presented By- Nimish Vishnoi Manager-Product.
Control and Accounting Information Systems
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
UNIT PHYSICAL SECURITY PLAN
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
The Islamic University of Gaza
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Information Security Policies and Standards
Building a Successful Security Infrastructure
1 An Overview of Computer Security computer security.
General Security Principles and Practices Chapter 3.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Microsoft Technology Associate
Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies
Chapter 3.  Security Framework  Operational Security Lifecycle  Security Perimeter  Access Control  Social Engineering  Environmental Issues.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Introduction to Network Defense
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SEC835 Database and Web application security Information Security Architecture.
Module 02: 1 Introduction to Computer Security and Information Assurance Objectives Recognize that physical security and cyber security are related Recognize.
A Secure Frontline September 25, 2003
Understanding Security Layers
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Physical Security By: Christian Hudson. Overview Definition and importance Components Layers Physical Security Briefs Zones Implementation.
HOMELAND SECURITY ADVISORY SYSTEM. Established after the terrorist attacks on America September 11, 2001.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Security Architecture
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Information Security What is Information Security?
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
Physical (Environmental) Security
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
PARTNERING for your INTERESTS Companies invest in security to protect their people, property and information. In doing so, they are also protecting the.
Chap1: Is there a Security Problem in Computing?.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
1 GSA Public Buildings Service GSA Western Regions Client Enrichment Series Welcome to today’s presentation on: Security Charges the presentation will.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
10. Security and Physical Protection Basic Concepts
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Physical Security Ch9 Part I Security Methods and Practice CET4884 Principles of Information Security, Fourth Edition.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
1. Internal control system
The Physical Security in UTM NAWAF OMAR MAN Prof Hafiza Abas.
Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.
Criminal Justice Intro to Security, Instructor Name Date, Semester Chapter 4: PHYSICAL SECURITY: STRUCTURAL, ELECTRONIC, AND HUMAN PROTECTION SYSTEMS.
Unit 1: Protecting the Facility (Virtual Machines)
Module 5: Designing Physical Security for Network Resources
CS457 Introduction to Information Security Systems
Understanding Security Layers
INFORMATION SYSTEMS SECURITY and CONTROL
Objectives Telecommunications and Network Physical and Personnel
How to Mitigate the Consequences What are the Countermeasures?
Physical Security.
Managing the IT Function
PLANNING A SECURE BASELINE INSTALLATION
Presentation transcript:

The Need for Access Control & Perimeter Protection Assoc Prof Dr Zuraini Ismail/ Hafiza Abas

What is Security? Security is “ the quality or state of being secure ---- to be free from danger” Act of understanding the threats to and vulnerabilities of computer operations in order to routinely support operational activities that enable computer systems to function correctly. Krutz and Vines (2007)

What is….. Access Control Perimeter Protection Relates to permitting or denying access. Access control can be achieved by human or through technological means. The ability to control, monitor and restrict movement of people & assets. Perimeter Protection First stage of Intrusion security, detects a breach & triggers an alarm or alert. Used to prevent access – deter, detect and delay intruders. Keeping unauthorized people out of protected areas.

Examples of….. Access Control Perimeter Protection Tends to focus on building access control solutions such as ID Cards and biometrics. Perimeter Protection Includes fencing, bollards, barriers, PIDS (perimeter intrusion detection systems), fiber optic fence sensors, infrared or microwave intrusion devices.

Some Examples Wireless Intrusion Detection RADIOBARRIER can be used as a stand-alone and self-contained solution for long perimeters as well as an integrated part of multi-layer complex perimeter systems. Deployment of RADIOBARRIER as an early warning detection system provides security personal with time needed to safely react to potential threats.

Perimeter Protection Defined Requires the design, implementation and maintenance of countermeasures that protect the physical resources of an organization. Identification of physical threat important in identifying method of physical control.

Objectives of perimeter protection To provide a safe environment for all assets and interests of the organization, including information system security To protect valuable information assets of the business enterprise. To provide protection techniques for the entire facility from outside parameter to the inside office space (including data center and server room) Provide protection for building, other building structures or vehicle housing system and/or network component.

Information Security Performs Four Important Functions for Organization Protects the organization ‘s ability to function. Enables the safe operation of applications implemented on organization’s IT systems. Protects the data the organization collects and uses. Safeguards the technology assets in use at the organization.

Domain concerned Threats to operation security can be defined as the presence of any potential event that could cause harm by violating security. Example: Operator’s abuse of privileges that violates confidentiality. Vulnerabilities (weakness) Weakness in a system that enables security to be violated. Example : Weak implementation of separations of duties Attack is a deliberate act that take advantages of vulnerability to compromise a controlled system.

Perimeter Protection Physical security domain examines how elements that surrounding physical environment and supporting infrastructure affect CIA (confidentiality, integrity --- accuracy & authenticity, availability) of information system Physical security often refers to the measures taken to protect building, systems and the related supporting infrastructure against threats that are associated with physical environment

Planning Perimeter Protection Why have a physical security plan? Planned logically to protect assets A definite road map to be designed to accomplish an effective security solution. Home security systems Burglar alarms, detectors, sensors Monitoring via phone lines Large company systems Security survey used to assess needs

Planning Perimeter Security Assess the situation Security surveys Review existing systems Establish budget Assess threat level Design new systems Can involve engineers, fire professionals, architects, accountants, and security professionals

Planning Perimeter Protection Much like the design and construction of a building itself The security plan is accomplished At different levels In layers or concentric layers

Levels of Perimeter Protection Good security is provided in layers More stringent security should be provided at the very inner layer. Eg possibly access control augmented with biometrics, pixel velocity, CCTV coverage with motion detectors for after-hours, or with alarm systems. A formal security plan in place to account for responses to most types of security breaches.

Levels of Perimeter Protection Level used depends on type of facility Residence, business, government agency Hours of operation, location, and number of personnel Anticipate problems and threats from inside and outside Assess need for guards

Levels of Perimeter Protection Minimum Level (e.g. museum) Designed to impede Displays with a type of ‘fence’ as barrier Addition of systems such as Closed Circuit Television Burglar and fire alarm system Keypad allows special programming for authorized employee Cardkey systems with automatic locking doors Outside a minimum security facility

Levels of Perimeter Protection Low Level (e.g., medium-sized hotel) Designed to impede and detect Addition of systems such as Closed Circuit Television and motion detectors Alarm systems set up to arm and disarm zones independently Silent alarms monitored by outside company Cardkey systems with automatic locking doors

Levels of Perimeter Protection Medium Level (e.g., Shopping malls, large manufacturing facilities, warehouses) Designed to impede, detect, and assess Alarm system monitored by phone line Use of physical barrier (fence, locked gate, guard facility) Assessing through use of video recorders or digital hard drives

Levels of Perimeter Protection High Level (e.g., large casinos, pharmceutical companies, contractors dealing with highly classified government projects) Designed to impede, detect, assess both external and internal activity Has layers of security, each with their own sets of alarms and access-control methods (use of biometric devices) Very elaborate security division staffed by highly experienced personnel High degree of coordination with law enforcement

Levels of Perimeter Protection Maximum Level (e.g., nuclear power plant, prisons) Designed to impede, detect, assess, and neutralize unauthorized activity Has layers of security, each with their own sets of alarms and access-control methods Highly trained, investigated, and often armed, personnel Mantrap technology used

Security Layers Questions to answer in determining where to locate layers What must be kept secure Where is it located When should it be protected How much protection is needed

Planning for Terrorism Threats The Concentric Rings Theory What is being protected is surrounded by many unique circles of protection The hope is that the layers of obstacles will deter the criminal Security system, like a chain, is only as good as its weakest link “defense in depth”

Planning for Terrorism Threats 11 ways addressing terrorist threats Examine Operational Measures: An incident management plan Create a Good Security Plan Conduct Employee Background Checks & who in the building Maintain a clear, written security policy Awareness is paramount ---employees should remain “security conscious” Increase physical security measures Do not forget the Parking Lots Turn up the Lights Use CPTED (Crime Prevention Through Environment Design) Principles Be aware of your building’s surrounding

The Weakest Link Theory Essence of an alarm system is: detect, communicate, act With this approach you need to survey systems to determine where the system will fail and if it is an acceptable or unacceptable level of risk Overall security is dependent on the weakest link.

Economy of Force Security professional must provide the right amount of security for just the right place When making decisions that affect operations, consider ethics, as well as laws and regulations that you must comply with

Phases of Security Process The implementation of physical security must be constantly: Documented Evaluated Tested

Examining cause and effect Summary Examining cause and effect Look back at what went wrong in major disaster and critical events in history in developing strategies to prevent reoccurences of such events

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.