Presentation is loading. Please wait.

Presentation is loading. Please wait.

Physical and Environmental Security

Published byKristina Kruse Modified over 6 years ago

Similar presentations

Presentation on theme: "Physical and Environmental Security"— Presentation transcript:

1 Physical and Environmental Security
CISSP Guide to Security Essentials Chapter 8

2 Objectives Site access controls including key card access systems, biometrics, video surveillance, fences and walls, notices, and exterior lighting Secure siting: identifying and avoiding threats and risks associated with a building site

3 Objectives (cont.) Equipment protection from theft and damage
Environmental controls including HVAC and backup power

4 Site Access Security

5 Site Access Controls Purpose Defense in Depth
To restrict the movement of people, so only authorized personnel enter secure areas To record movements of people Defense in Depth Layers

6 Categories of Controls
Detective Deterrent Preventive Corrective Recovery Compensating See chapter 2

7 Key Card System

8 Site Access Controls Key cards
Centralized access control consists of card readers, central computer, and electronic door latches Pros: easy to use, provides an audit record, easy to change access permissions Cons: can be used by others if lost, people may "tailgate" Better if combined with a PIN Photo by IEI Inc.

9 Biometric Access Controls
Based upon a specific biometric measurement Greater confidence of claimed identity Fingerprint, iris scan, retina scan, hand scan, voice, facial recognition, others More costly than key card alone Photo by Ingersoll-Rand Corporation

10 Metal Keys Pros: suitable backup when a key card system fails
Uses in limited areas such as cabinets Best to use within keycard access areas Cons Easily copied, cannot tell who used a key to enter, many locks can be opened with bump keys

11 Man Trap Double doors, where only one can be opened at a time
Used to control personnel access Manually operated or automatic Only room for one person

12 Guards Trained personnel with a variety of duties:
Checking employee identification, handling visitors, checking parcels and incoming/outgoing equipment, manage deliveries, apprehend suspicious persons, call additional security personnel or law enforcement, assist persons as needed Advantages: flexible, employ judgment, mobile

13 Guard Dogs Serve as detective, preventive, and deterrent controls
Apprehend suspects Detect substances

14 Access Logs Record of events Personnel entrance and exit Visitors
Vehicles Packages Equipment moved in or out

15 Fences and Walls Effective preventive and deterrent control
Keep unwanted persons from accessing specific areas Better when used with motion detectors, alarms, and/or surveillance cameras Height Effectiveness 3-4 ft Deters casual trespassers 6-7 ft Too difficult to climb easily 8 ft plus 3 strands of barbed or razor wire Deters determined trespassers

16 Video Surveillance Supplements security guards
Provide points of view not easily achieved with guards Locations Entrances Exits Loading bays Stairwells Refuse collection areas

17 Video Surveillance (cont.)
Camera types CCTV, IP wired, IP wireless Night vision Fixed, Pan / tilt / zoom Hidden / disguised Recording capabilities None; motion-activated; periodic still images; continuous

18 Intrusion, Motion, and Alarm Systems
Automatic detection of intruders Central controller and remote sensors Door and window sensors Motion sensors Glass break sensors Alarming and alerting Audible alarms Alert to central monitoring center or law enforcement

19 Visible Notices No Trespassing signs Surveillance notices
Sometimes required by law Surveillance monitors These are deterrent controls

20 Exterior Lighting Discourage intruders during nighttime hours, by lighting intruders’ actions so that others will call authorities NIST standards require 2 foot-candles of power to a height of 8 ft This is a deterrent control

21 Other Physical Controls
Bollards Crash gates Prevent vehicle entry Retractable

22 Crash Gates Some are so strong they can stop a truck at 50 mph
Link Ch 8b

23 iClicker Questions

24 What type of control do access logs provide?
Detective Compensating Preventive Corrective Recovery

25 What type of control do fences provide?
Detective Deterrent Compensating Corrective Recovery

26 What type of control do alarm systems provide?
Compensating Deterrent Preventive Corrective Recovery

27 What type of control do "No Trespassing" signs provide?
Detective Deterrent Preventive Corrective Recovery

28 Which access control system has a special ability to detect unusual substances, such as drugs or explosives? Key cards Biometrics Man trap Guards Guard dogs

29 Which access control system holds a suspect prisoner?
Biometics Alarm systems Man trap Bollards Crash gates

30 Secure Siting

31 Secure Siting Locating a business at a site that is reasonably free from hazards that could threaten ongoing operations Identify threats Natural: flooding, landslides, earthquakes, volcanoes, waves, high tides, severe weather Man-made: chemical spills, transportation accidents, utilities, military base, social unrest

32 Secure Siting (cont.) Other siting factors
Building construction techniques and materials Building marking Loading and unloading areas Shared-tenant facilities Nearby neighbors

33 Protection of Equipment

34 Asset Protection Laptop computers Anti-theft cables
Defensive software (firewalls, anti-virus, location tracking, destruct-if-stolen) Strong authentication such as fingerprint Full encryption Training

35 Asset Protection (cont.)
Servers and backup media Keep behind locked doors Locking cabinets Video surveillance Off-site storage for backup media Secure transportation Secure storage

36 Asset Protection (cont.)
Protection of sensitive documents Locked rooms Locking, fire-resistant cabinets “Clean desk” policy Reduced chance that a passer-by will see and remove a document containing sensitive information Secure destruction of unneeded documents

37 Asset Protection (cont.)
Equipment check-in / check-out Keep records of company owned equipment that leaves business premises Improves accountability Recovery of assets upon termination of employment

38 Asset Protection (cont.)
Damage protection Earthquake bracing Required in some locales Equipment racks, storage racks, cabinets Water detection and drainage Alarms

39 Asset Protection (cont.)
Fire protection Fire detection: smoke alarms, pull stations Fire extinguishment Fire sprinklers Inert gas systems Fire extinguishers

40 Sprinkler Systems Wet pipe - filled with pressurized water
Dry pipe - fills with water only when activated Deluge - discharges water from all sprinklers when activated Pre-Action - Dry pipe that converts to a wet pipe when an alarms is activated Foam water sprinkler - Uses water and fire-retardant foam Gaseous fire suppression - displaces oxygen

41 Asset Protection (cont.)
Cabling security – on-premises Place cabling in conduits or away from exposed areas Cabling security – off-premises (e.g. telco) Select a different carrier Utilize diverse / redundant network routing Utilize encryption

42 Environmental Controls

43 Environmental Controls
Heating, ventilation, and air conditioning (HVAC) Vital, yet relatively fragile Backup units (“N+1”) recommended Ratings BTU/hr Tons (link Ch 8c) Also regulates humidity Should be 30% - 50%

44 Environmental Controls (cont.)
Electric power Anomalies Blackout. A total loss of power. Brownout. A prolonged reduction in voltage below the normal minimum specification. Dropout. A total loss of power for a very short period of time (milliseconds to a few seconds). Inrush. The instantaneous draw of current by a device when it is first switched on.

45 Environmental Controls (cont.)
Anomalies (cont.) Noise. Random bursts of small changes in voltage. Sag. A short drop in voltage. Surge. A prolonged increase in voltage. Transient. A brief oscillation in voltage.

46 Environmental Controls (cont.)
Electric power protection Line conditioner – filters incoming power to make it cleaner and free of most anomalies Uninterruptible Power Supply (UPS) – temporary supply of electric power via battery storage Electric generator – long term supply of electric power via diesel (or other source) powered generator

47 Redundant Controls Assured availability of critical environmental controls Dual electric power feeds Redundant generators Redundant UPS Redundant HVAC Redundant data communications feeds

48 iClicker Questions

49 Which control aids recovery of assets upon termination of employment?
Clean desk policy Check-in/check-out policy Fireproof cabinets Cable locks Video surveillance

50 Which type of fire extinguisher should be used in a room containing running electrical equipment?
K

51 What system releases water into all rooms even when the fire is only detected in one room?
Wet pipe Dry pipe Deluge Pre-Action Foam water sprinkler

52 Which term describes a total loss of power for only one second?
Blackout Brownout Dropout Sag Surge

Download ppt "Physical and Environmental Security"

Similar presentations

Facilities Management and Design Chapter 4 Safety and Security systems.

Facilities Management and Design Chapter 4 Safety and Security systems.
Emergency Preparedness and Response

Emergency Preparedness and Response
Physical and Environmental Security

Physical and Environmental Security
Chapter 7: Physical & Environmental Security

Chapter 7: Physical & Environmental Security
Computer Security Computer Security is defined as:

Computer Security Computer Security is defined as:
“Why do we need Security”  Each business has unique security and safety needs, e.g. Inventory Shrinkage and Theft Personal Safety Break Ins Moving Your.

“Why do we need Security”  Each business has unique security and safety needs, e.g. Inventory Shrinkage and Theft Personal Safety Break Ins Moving Your.
Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.

Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.
Chapter 5 Enhancing Security Through Physical Controls

Chapter 5 Enhancing Security Through Physical Controls
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.

Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
Maintaining and Troubleshooting Computer Systems Computer Technology.

Maintaining and Troubleshooting Computer Systems Computer Technology.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Copyright © Center for Systems Security and Information Assurance Lesson Seven Physical Security.

Copyright © Center for Systems Security and Information Assurance Lesson Seven Physical Security.
Stephen S. Yau CSE 465 & CSE591, Fall 2006 1 Physical Security for Information Systems.

Stephen S. Yau CSE 465 & CSE591, Fall Physical Security for Information Systems.
Information Security Principles and Practices

Information Security Principles and Practices
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.
Information Systems Security Physical Security Domain #4.

Information Systems Security Physical Security Domain #4.
How to create... A Fire Evacuation Plan.

How to create... A Fire Evacuation Plan.
Www.convergencetechnologycenter.org DUE 402356 Security and Fire Alarm Systems LEARNING OUTCOME 7B Describe design overview and location considerations.

DUE Security and Fire Alarm Systems LEARNING OUTCOME 7B Describe design overview and location considerations.
Physical Security Chapter 9.

Physical Security Chapter 9.

Similar presentations

Ads by Google