1. Unit 7 - Organisational Systems Security
Lesson 4 – Information security
Unit 7 - Organisational Systems Security

2. Last Session Counterfeit Goods Information security: confidentiality
integrity and completeness of data
availability of data as needed

3. This Session Complete assignment 1 Physical security Lock and key CCTV
Intrusion detection
Port lockdown
Biometrics

4. Physical Security Lock and Key Equipment identification CCTV
Intrusion detection systems
Staff and visitor identification
Access control [sign in/sign out] systems
Security personnel
Shielding network cables and wireless communication systems
Port Lockdown

5. Lock and Key Secure mobile devices Master keys for whole building
Submaster for group of rooms eg server rooms
Log of who keys are issued to
Uncuttable keys
Digital keypads/ card entry
Observation of code
Tail-gating
Passing code on to others
Building weaknesses: plasterboard partitions, ceiling spaces, unsecured doors.

6. Equipment identification
Deterrent
Aids recovery
Assists prosecution of offenders
Indelible ink
Ultra-violet sensitive ink
Marking with ‘DNA’ compound created for your organisation.

7. CCTV
‘no official (or even unofficial) statistics on how many CCTV cameras there are. The information commissioner doesn't know, the government has repeatedly told parliament that figures are not collected’ Channel 4 Factcheck, 2008
Estimates vary: 4.2 million (2002, Michael McCahill and Clive Norris), 1.2 million Edexcel
One camera for every 14 people (David Davies, 2008)
invasion of privacy?

8. CCTV Monitor remote locations Comprehensive record 24/7 of events
Visible cameras modify behaviour and can be a deterrent
Admissible as evidence
Technology and image quality continually improving, most can tilt, zoom and pan
Can include directional microphone
Covert surveillance

9. Intrusion detection systems
Detect human presence
Passive infrared detects body heat
Microphones detect movement and enable listening
Circuit breakers for doors, windows, hatches
Pressure sensitive pads for floors
Low-power lasers

10. Staff and visitor identification
Identity badges for staff and visitors
Used in combination with automated access
Personnel database
Can signify role, department, level of access etc
Visitor cards will have an ’expiry’ date

11. Access control [sign in/sign out] systems
Swipe cards
Dongles
System logs entry and exit
Can be programmed to allow access door by door or at certain times only
Keys can be disabled if not returned when employee leaves
Can be reprogrammed when roles change
May not contain info other than identifier can be used by wrong person

12. Security personnel Know most people in organisation (if not all)
Can identify suspicious or unusual behaviour
Monitor buildings out-of-hours

13. Shielding network cables and wireless communication systems
Signal travelling along copper cable emits electromagnetic field, can be analysed to discover the data
Fibre optics requires considerable effort and possible damage
Shielded cables – dampen ‘noise’ from the cable and prevent external magnetic interference from power sources etc.
Wireless systems less secure; WEP encryption.
Total trust – preconfigure devices so that not just any device can join.

14. Port Lockdown
Eg wall socket which ethernet cable plugged into; if port is inactive should be ‘locked down’ in central communications room.
Achieved by remote access to switch and disabling port, or unplug the cable.
Prevents additional devices joining system

15. Biometrics Fingerprint recognition Retinal scans Iris scans
Voice recognition
Other biometric technologies

16. Fingerprint recognition
Used for over 100 years, 1 in 75 million identical
Can be reproduced using super-glue and Vaseline
Fine watery solution allows detection and scanners to operate.
Some scanners may use rapid laser to detect ridges.
Or electro-static sensitive pad detects current in the small quantities of water
Often used with another system e.g. International travel combines fingerprints with passport/visa in some countries

17. Retinal scans Retina is the back of the eye
Biologically unique configuration
Very difficult to change without considerable damage –
Fingerprints can be cut or burnt
Remains same from birth
Takes about two seconds to complete
Requires close proximity of subject

18. Iris scans Which film? Minority report
Another unique feature of the eye
Remember Madeline McCann?
Can be carried out while subject wearing glasses or contact lenses (unlike retinal scan)
Unlikely to change at all during lifetime
A public iris scanning device has been proposed in a patent from Samoff Labs in New Jersey. The device is able to scan the iris of the eye without the knowledge or consent of the person being scanned.
"false match" less than one time per one hundred billion.

19. Voice recognition Considerable limitations
Voices change according to circumstance:
Stress, excitement, tiredness, illness, age!
Use of other devices to circumvent eg mobile phones
Used together with other systems eg CCTV
Recent improvements used in games consoles, important for people with disability e.g. For speech to text systems

20. Other biometric technologies
Facial recognition systems (with CCTV)
Identifying suspicious behaviour through analysing posture/behaviour
What could be next?

21. Automated Human Body Odor Recognition System

22. Assignment 1 Know your threats
P1 - Explain the impact of different types of threat on an organisation.
M1 - Discuss information security.