Download presentation
Presentation is loading. Please wait.
Published byFlorence Grant Modified over 9 years ago
1
Site Security Policy Case 01/19/2007 95-841: Information Assurance Policy Douglas Hines, Jr.
2
Overview Goals What do we need to protect What are the risks and threats Develop Policy
3
Goals Site Selection Handling of visitors How buildings or facilities are accessed Review physical access points to the network Review what hardware and media can enter or exit the facility How communication will occur
4
What do we need to protect Access to secure areas Private meetings Voting stations The building itself Critical personnel Communications
5
Control Volume of Facility IN OUT Employees Local Organizers Contractors Venue owners National Organization Sponsors Media Cameras Law enforcement Malicious people Information (CD, network, memory sticks) Vehicles Weather (snow, sleet, ice) Sensitive information from meetings, Equipment, People, Buildings, Hardware, Information- on paper, Network, Servers Employees Local Organizers Contractors Venue owners National Organization Sponsors Media Cameras Law enforcement Malicious people Information (CD, network, memory sticks) Vehicles
6
Risks Information Leaks Loss of privacy to key people Violent Protestors Extreme Weather (Fire, Floods, Earthquakes)
7
Site Selection Needs a committee that should consist of Event Planners City officials Security Professionals Site must meet certain standards The external threats should be limited
8
Site Selection “To ensure that the site used for the Event fits the functionality and needed security criteria, the Selection Committee decides on an appropriate location for the Event.” “Members of the Selection Committee must include a member of the Event planning committee, a city official, and a security professional.”
9
Access to facility People must be registered with the Event’s system The access should be authenticated by keycard without any way for people to tailgate Attempts should be logged
10
Access to individual rooms Rooms that need to be private - Private meeting rooms - Voting rooms - Computer rooms - Data Center
11
Access to individual rooms “Upon registering with the Event, you will receive a badge and a note showing which rooms you have access to. The badge will grant access to those rooms listed only. All entry attempts will be logged.” - Real World Example - “At a minimum, computer facilities should be designated as a controlled area. A computer facility shall be designated as a restricted area in which access into the facility is limited to personnel who are assigned there or who are authorized access by the facility manager.” (US Department of Commerce)
12
ID Badges Identifies people who should have access to facilities and rooms Distinguishes between the types of parties involved Allows guards to remove those who don’t have certain privileges Another layer in site security What happens when a badge is lost
13
ID Badges “The ID Badge allows access to the main entrance of the site. Any employer, contractor, or associate of The Event with access into the site, with the exception of law enforcement, must wear the appropriate Event badge around the neck while on the site. People not wearing the badge won’t be allowed on the site or removed if on the site previously. This is to spot and remove people who have entered the facility without having the necessary privileges. The badge also provides access into the facility and designated rooms.” “The badges are color coded based on the type of party the user is identified with. Red represents media. Blue represents the contractors and vendors. Yellow represents the National Organization...” “Each person within a departmental facility, regardless of position, shall be subject to challenge by another employee, security guard or any law enforcement officer, and shall display appropriate identification when challenged. Failure to do so may result in removal from the facility or other administrative action.”
14
Missing Badge? “Personnel should immediately report missing badges to the issuing office. The servicing security officer should conduct a security evaluation to determine if it is necessary to disable or activate certain badges.”
15
Devices allowed/denied In the case of private meetings, we don’t want people to have the ability to record what is going on. Will cause loss of privacy. People checked before entering these certain private meetings. “To maintain the privacy of the meetings in the Event, no recording device shall be allowed to enter the private meeting rooms. Security guards at the entrance of these rooms will conduct a screening with a metal detector for any person seeking entry. If any recording device is found, the person may not enter the room.”
16
Visitors There should be no need for visitors through the duration of The Event All parties that use the facility should fall under a certain category and should be in the system “No visitors in the facility are permitted”
17
Communication - Security staff or law enforcement needs to be updated of known threats - Minimize circulation of information regarding activities - Critical information secured inside facility
18
Communication Uncertainty “Personnel should report to security guards if any staff witnesses suspicious activity in the facility ” Security breach “In the event of a security breach, managers must notify top-level management.”
19
Conclusion Site Policy compliments physical security 1 st layer of protection Questions?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.