Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Need for Access Control & Perimeter Protection

Published byReginald Ferguson Modified over 9 years ago

Similar presentations

Presentation on theme: "The Need for Access Control & Perimeter Protection"— Presentation transcript:

1 The Need for Access Control & Perimeter Protection
Assoc Prof Dr Zuraini Ismail/ Hafiza Abas

2 What is Security? Security is “ the quality or state of being secure ---- to be free from danger” Act of understanding the threats to and vulnerabilities of computer operations in order to routinely support operational activities that enable computer systems to function correctly. Krutz and Vines (2007)

3 What is….. Access Control Perimeter Protection
Relates to permitting or denying access. Access control can be achieved by human or through technological means. The ability to control, monitor and restrict movement of people & assets. Perimeter Protection First stage of Intrusion security, detects a breach & triggers an alarm or alert. Used to prevent access – deter, detect and delay intruders. Keeping unauthorized people out of protected areas.

4 Examples of….. Access Control Perimeter Protection
Tends to focus on building access control solutions such as ID Cards and biometrics. Perimeter Protection Includes fencing, bollards, barriers, PIDS (perimeter intrusion detection systems), fiber optic fence sensors, infrared or microwave intrusion devices.

5 Some Examples Wireless Intrusion Detection RADIOBARRIER can be used as a stand-alone and self-contained solution for long perimeters as well as an integrated part of multi-layer complex perimeter systems. Deployment of RADIOBARRIER as an early warning detection system provides security personal with time needed to safely react to potential threats.

6 Perimeter Protection Defined
Requires the design, implementation and maintenance of countermeasures that protect the physical resources of an organization. Identification of physical threat important in identifying method of physical control.

7 Objectives of perimeter protection
To provide a safe environment for all assets and interests of the organization, including information system security To protect valuable information assets of the business enterprise. To provide protection techniques for the entire facility from outside parameter to the inside office space (including data center and server room) Provide protection for building, other building structures or vehicle housing system and/or network component.

8 Information Security Performs Four Important Functions for Organization
Protects the organization ‘s ability to function. Enables the safe operation of applications implemented on organization’s IT systems. Protects the data the organization collects and uses. Safeguards the technology assets in use at the organization.

9 Domain concerned Threats to operation security can be defined as the presence of any potential event that could cause harm by violating security. Example: Operator’s abuse of privileges that violates confidentiality. Vulnerabilities (weakness) Weakness in a system that enables security to be violated. Example : Weak implementation of separations of duties Attack is a deliberate act that take advantages of vulnerability to compromise a controlled system.

10 Perimeter Protection Physical security domain examines how elements that surrounding physical environment and supporting infrastructure affect CIA (confidentiality, integrity --- accuracy & authenticity, availability) of information system Physical security often refers to the measures taken to protect building, systems and the related supporting infrastructure against threats that are associated with physical environment

11 Planning Perimeter Protection
Why have a physical security plan? Planned logically to protect assets A definite road map to be designed to accomplish an effective security solution. Home security systems Burglar alarms, detectors, sensors Monitoring via phone lines Large company systems Security survey used to assess needs

12 Planning Perimeter Security
Assess the situation Security surveys Review existing systems Establish budget Assess threat level Design new systems Can involve engineers, fire professionals, architects, accountants, and security professionals

13 Planning Perimeter Protection
Much like the design and construction of a building itself The security plan is accomplished At different levels In layers or concentric layers

14 Levels of Perimeter Protection
Good security is provided in layers More stringent security should be provided at the very inner layer. Eg possibly access control augmented with biometrics, pixel velocity, CCTV coverage with motion detectors for after-hours, or with alarm systems. A formal security plan in place to account for responses to most types of security breaches.

15 Levels of Perimeter Protection
Level used depends on type of facility Residence, business, government agency Hours of operation, location, and number of personnel Anticipate problems and threats from inside and outside Assess need for guards

16 Levels of Perimeter Protection
Minimum Level (e.g. museum) Designed to impede Displays with a type of ‘fence’ as barrier Addition of systems such as Closed Circuit Television Burglar and fire alarm system Keypad allows special programming for authorized employee Cardkey systems with automatic locking doors Outside a minimum security facility

17 Levels of Perimeter Protection
Low Level (e.g., medium-sized hotel) Designed to impede and detect Addition of systems such as Closed Circuit Television and motion detectors Alarm systems set up to arm and disarm zones independently Silent alarms monitored by outside company Cardkey systems with automatic locking doors

18 Levels of Perimeter Protection
Medium Level (e.g., Shopping malls, large manufacturing facilities, warehouses) Designed to impede, detect, and assess Alarm system monitored by phone line Use of physical barrier (fence, locked gate, guard facility) Assessing through use of video recorders or digital hard drives

19 Levels of Perimeter Protection
High Level (e.g., large casinos, pharmceutical companies, contractors dealing with highly classified government projects) Designed to impede, detect, assess both external and internal activity Has layers of security, each with their own sets of alarms and access-control methods (use of biometric devices) Very elaborate security division staffed by highly experienced personnel High degree of coordination with law enforcement

20 Levels of Perimeter Protection
Maximum Level (e.g., nuclear power plant, prisons) Designed to impede, detect, assess, and neutralize unauthorized activity Has layers of security, each with their own sets of alarms and access-control methods Highly trained, investigated, and often armed, personnel Mantrap technology used

21 Security Layers Questions to answer in determining where to locate layers What must be kept secure Where is it located When should it be protected How much protection is needed

22 Planning for Terrorism Threats
The Concentric Rings Theory What is being protected is surrounded by many unique circles of protection The hope is that the layers of obstacles will deter the criminal Security system, like a chain, is only as good as its weakest link “defense in depth”

23 Planning for Terrorism Threats
11 ways addressing terrorist threats Examine Operational Measures: An incident management plan Create a Good Security Plan Conduct Employee Background Checks & who in the building Maintain a clear, written security policy Awareness is paramount ---employees should remain “security conscious” Increase physical security measures Do not forget the Parking Lots Turn up the Lights Use CPTED (Crime Prevention Through Environment Design) Principles Be aware of your building’s surrounding

24 The Weakest Link Theory
Essence of an alarm system is: detect, communicate, act With this approach you need to survey systems to determine where the system will fail and if it is an acceptable or unacceptable level of risk Overall security is dependent on the weakest link.

25 Economy of Force Security professional must provide the right amount of security for just the right place When making decisions that affect operations, consider ethics, as well as laws and regulations that you must comply with

26 Phases of Security Process
The implementation of physical security must be constantly: Documented Evaluated Tested

27 Examining cause and effect
Summary Examining cause and effect Look back at what went wrong in major disaster and critical events in history in developing strategies to prevent reoccurences of such events

Download ppt "The Need for Access Control & Perimeter Protection"

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
How Electronic Security Solutions can Help the Government in Securing its Assets and Reduce Energy expenditure Presented By- Nimish Vishnoi Manager-Product.

How Electronic Security Solutions can Help the Government in Securing its Assets and Reduce Energy expenditure Presented By- Nimish Vishnoi Manager-Product.
Control and Accounting Information Systems

Control and Accounting Information Systems
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
UNIT PHYSICAL SECURITY PLAN

UNIT PHYSICAL SECURITY PLAN
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.

Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
The Islamic University of Gaza

The Islamic University of Gaza
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Information Security Policies and Standards

Information Security Policies and Standards
Building a Successful Security Infrastructure

Building a Successful Security Infrastructure
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
General Security Principles and Practices Chapter 3.

General Security Principles and Practices Chapter 3.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Microsoft Technology Associate

Microsoft Technology Associate
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Chapter 3.  Security Framework  Operational Security Lifecycle  Security Perimeter  Access Control  Social Engineering  Environmental Issues.

Chapter 3.  Security Framework  Operational Security Lifecycle  Security Perimeter  Access Control  Social Engineering  Environmental Issues.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Similar presentations

Ads by Google