1. CISSP Luncheon Series: Physical (Environmental) Security
ITNS and CERIAS
CISSP Luncheon Series:
Physical (Environmental) Security
Presented by Scott L. Ksander

2. From (ISC)2 Candidate Information Bulletin:
Physical Security
From (ISC)2 Candidate Information Bulletin:
The Physical (Environmental) Security domain addresses the threats, vulnerabilities, and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information. These resources include people, the facility in which they work, and the data, equipment, support systems, media, and supplies they utilize.

3. From (ISC)2 Candidate Information Bulletin:
Physical Security
From (ISC)2 Candidate Information Bulletin:
The candidate will be expected to know the elements involved in choosing a secure site, its design and configuration, and the methods for securing the facility against unauthorized access, theft of equipment and information, and the environmental and safety measures needed to protect people, the facility, and its resources.

4. Threats to physical security include:
Introduction
Threats to physical security include:
Interruption of services
Theft
Physical damage
Unauthorized disclosure
Loss of system integrity

5. Threats fall into many categories:
Introduction
Threats fall into many categories:
Natural environmental threats (e.g., floods, fire)
Supply system threats (e.g., power outages, communication interruptions)
Manmade threats (e.g., explosions, disgruntled employees, fraud)
Politically motivated threats (e.g., strikes, riots, civil disobedience)

6. “Security:” Addresses vandalism, theft, and attacks by individuals.
Introduction
Primary consideration in physical security is that nothing should impede “life safety goals.”
Ex.: Don’t lock the only fire exit door from the outside.
“Safety:” Deals with the protection of life and assets against fire, natural disasters, and devastating accidents.
“Security:” Addresses vandalism, theft, and attacks by individuals.

7. Physical Security Planning
Physical security, like general information security, should be based on a layered defense model.
Layers are implemented at the perimeter and moving toward an asset.
Layers include: Deterrence, Delaying, Detection, Assessment, Response

8. Physical Security Planning
A physical security program must address:
Crime and disruption protection through deterrence (fences, security guards, warning signs, etc.).
Reduction of damages through the use of delaying mechanisms (e.g., locks, security personnel, etc.).
Crime or disruption detection (e.g., smoke detectors, motion detectors, CCTV, etc.).
Incident assessment through response to incidents and determination of damage levels.
Response procedures (fire suppression mechanisms, emergency response processes, etc.).

9. Physical Security Planning
Crime Prevention Through Environmental Design (CPTED)
Is a discipline that outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior.
Concepts developed in 1960’s.
Think: Social Engineering

10. Physical Security Planning
CPTED has three main strategies:
Natural Access Control
Natural Surveillance
Territorial Reinforcement

11. Physical Security Planning
Natural Access Control
The guidance of people entering and leaving a space by the placement of doors, fences, lighting, and landscaping
Be familiar with: bollards, use of security zones, access barriers, use of natural access controls
References are from: All in One Book (Shon Harris, 2005)
Bollards: Short posts that are commonly used to prevent vehicular access and to protect a building or people walking on a sidewalk from vehicles. They can also be used to direct foot traffic. (346)
Security Zones (CPTED model): Division of an environment’s space into zones with different security levels depending upon who needs to be in the zone and the associated risk. (347)
Zones are labeled as controlled, restricted, public, or sensitive. (347)
Each zone should have a specific protection level that is required of it, which will help dictates the types of controls that should be put into place. (347)
Following controls are commonly used for access controls within different organizations: (347)
Limit the number of entry points
Force all guests to go to a front desk and sign in before entering the environment
Reduce the number of entry points even further after hours or during the weekend when not as many employees are around.
Have a security guard validate a picture ID before allowing entrance
Require guests to sign in and be escorted
Encourage employees to question strangers
Access barriers can be naturally created (cliffs, rivers, hills), existing manmade elements (railroad tracks, highways) or artificial forms designed specifically to impede movement (fences, closing streets). (347)

12. Physical Security Planning
Natural Surveillance
Is the use and placement of physical environmental features, personnel walkways, and activity areas in ways that maximize visibility.
The goal is to make criminals feel uncomfortable and make all other people feel safe and comfortable, through the use of observation.

13. Physical Security Planning
Territorial Reinforcement
Creates physical designs that highlight the company’s area of influence to give legitimate owners a sense of ownership.
Accomplished through the use of walls, lighting, landscaping, etc.

14. Physical Security Planning
CPTED is not the same as “target hardening”
Target hardening focuses on denying access through physical and artificial barriers (can lead to restrictions on use, enjoyment, and aesthetics of the environment).

15. Physical Security Planning
Issues with selecting a facility site:
Visibility (terrain, neighbors, population of area, building markings)
Surrounding area and external factors (crime rate, riots, terrorism, first responder locations)
Accessibility (road access, traffic, proximity to transportation services)
Natural Disasters (floods, tornados, earthquakes)

16. Physical Security Planning
Other facility considerations:
Physical construction materials and structure composition
Be familiar with: load, light frame construction material, heavy timber construction material, incombustible material, dire resistant material (know the fire ratings and construction properties).

17. Physical Security Planning
“Mantrap:” A small room with two doors. The first door is locked; a person is identified and authenticated. Once the person is authenticated and access is authorized, the first door opens and allows the person into the mantrap. The person has to be authenticated again in order to open the second door and access a critical area. The mantrap area could have a weight sensing floor as an additional control to prevent literal piggybacking.
References are from: All in One Book (Shon Harris, 2005)
Can prevent literal piggybacking as well.
Piggybacking: When an individual gains unauthorized access by using someone else’s legitimate credentials or access rights. The best preventative measures against this are to have security guards at access points and to educate employees about good security practices. (387)

18. Physical Security Planning
Automatic door lock configuration:
“Fail safe:” If a power disruption occurs, the door defaults to being unlocked.
“Fail secure:” If a power disruption occurs, the door defaults to being locked.
Note that “fail safe” and “fail secure” terminology can be applied to other types of access control defaults, not merely terms for doors.

19. Physical Security Planning
Windows can also be used to promote physical security.
Know the different types of glass:
Standard
Tempered
Acrylic
Wired
Laminated
Solar Window Film
Security Film
References are from: All in One Book (Shon Harris, 2005) pg. 358
Standard: No extra protection. Cheapest and lowest level of protection.
Tempered: Glass is heated and then cooled suddenly to increase its integrity and strength. 5-7x stronger than regular glass.
Acrylic: Type of plastic instead of glass. Polycarbonate acrylics are stronger than regular acrylics.
Produces toxic fumes if burned, may be prohibited by fire codes.
Very expensive.
Wired: mesh of wire is embedded between two sheets of glass. This wire helps to prevent the glass from shattering.
Laminated: Plastic layer between two outer glass layers. Plastic layer helps to increate the strength against breakage.
The greater the depth, the more difficult to break.
Solar window film: Provides extra security by being tinted and extra strength through the film’s material.
Security film: Transparent film is applied to the glass to increase its strength.

20. Physical Security Planning
Consider use of internal partitions carefully:
True floor to true ceiling to counter security issues
Should never be used in areas that house sensitive systems and devices

21. Internal Support Systems
Power issues:
A continuous supply of electricity assures the availability of company resources.
Data centers should be on a different power supply from the rest of the building
Redundant power supplies: two or more feeds coming from two or more electrical substations

22. Internal Support Systems
Power protection:
UPS Systems
Online UPS systems
Standby UPS System
Power line conditioners
Backup Sources
References are from: All in One Book (Shon Harris, 2005) pg. 358
Power protection (365)
There are three main methods of protecting against power problems: (365)
UPS
Online UPS systems: Use AC line voltage to charge a bank of batteries. When in use the UPS has an inverter that changes the DC output from the batteries into the required AC form and regulates the voltage as it powers computer devices. (365)
Have the normal primary power passing though them day in and day out. The constantly provide power from their own inverters, even when the electric power is in proper use. This UPS device is able to quickly detect when power failure takes place and can provide the necessary electricity and pick up the load after a power failure much more quickly then a standby UPS. (366)
Standby UPS: Devices stay inactive until the power fails. The system has sensors that detect a power failure, and the load is then switched to the battery pack. (366)
UPS factors that should be reviewed are the size of the electrical load the UPS can support, the speed with which it can assume the load when the primary source fails, and the amount of time it can support the load. (403)
Power Line Conditioners
Backup Sources
Are necessary when there is a power failure and the outage will last longer than a UPS can last. Backup supplies can be a redundant line from another electrical substation, or from a motor generator, and can be used to supply main power or charge the batteries in a UPS system. (366)

23. Internal Support Systems
Other power terms to know:
Ground
Noise
Transient Noise
Inrush Current
Clean Power
EMI
RFI
References are from: All in One Book (Shon Harris, 2005) pg. 358
Ground: The pathway to the earth to enable excess voltage to dissipate. (367)
Noise: Electromagnetic or frequency interference that disrupts the power flow and can cause fluctuations. (367)
Transient Noise: Short duration of power line disruption. (367)
Inrush Current: The initial surge of current required when there is an increase in power demand. (367)
Clean power: Electrical current that does not fluctuate. (367)
Types of interference (line noise): (366)
EMI: Electromagnetic interference (367) Created by the difference between three wires: hot, neutral and ground and the magnetic field that they create. Lightning and electric motors can induce EMI. (366)
RFI: Radio frequency interference (367) Can be caused by anything that creates radio waves. Fluorescent lighting is one of the main causes of RFI within buildings today. (366)

24. Internal Support Systems
Types of Voltage Fluctuations
Power Excess
Spike
Surge
Power Loss
Fault
Blackout
Power Degradation
Sag/dip
Brownout
Inrush Current
References are from: All in One Book (Shon Harris, 2005) pg. 358
Power Excess
Spike: Momentary high voltage
Surge: Prolonged high voltage
Power Loss
Fault : Momentary power loss
Blackout: Sustained power loss
Power Degredation
Sag/dip: Momentary low voltage condition, from one cycle to a few seconds.
Brownout: Prolonged power supply that is below normal voltage.
Inrush Current: The initial surge of current required to start a load.

25. Internal Support Systems
Environmental Issues
Positive Drains
Static Electricity
Temperature

26. Internal Support Systems
Environmental Issues: Positive Drains
Contents flow out instead of in
Important for water, steam, gas lines

27. Internal Support Systems
Environmental Issues: Static Electricity
To prevent:
Use antistatic flooring in data processing areas
Ensure proper humidity
Proper grounding
No carpeting in data centers
Antistatic bands
References are from: All in One Book (Shon Harris, 2005)
Hygrometer: Used to monitor humidity. (372)
High humidity can cause corrosion and low humidity can cause static electricity

28. Internal Support Systems
Environmental Issues: Temperature
Computing components can be affected by temperature:
Magnetic Storage devices: 100 Deg. F.
Computer systems and peripherals: 175 Deg. F.
Paper products: 350 Deg. F.
References are from: All in One Book (Shon Harris, 2005)
Hygrometer: Used to monitor humidity. (372)

29. Internal Support Systems
Ventilation
Airborne materials and particle concentration must be monitored for inappropriate levels.
“Closed Loop”
“Positive Pressurization”
References are from: All in One Book (Shon Harris, 2005)
Closed Loop: means that the air within the building is reused after it has been properly filtered, instead of bringing outside air in. (373) Should be used to maintain air quality. (373)
Positive pressurization: Means that when an employee opens a door, the air goes out and outside area does not come in. (373) Positive pressurization and ventilation should be implemented to control contamination. (373)

30. Internal Support Systems
Fire prevention, detection, suppression
“Fire Prevention:” Includes training employees on how to react, supplying the right equipment, enabling fire suppression supply, proper storage of combustible elements
“Fire Detection:” Includes alarms, manual detection pull boxes, automatic detection response systems with sensors, etc.
“Fire Suppression:” Is the use of a suppression agent to put out a fire.

31. Internal Support Systems
American Society for Testing and Materials (ASTM) is the organization that creates the standards that dictate how fire resistant ratings tests should be carried out and how to properly interpret results.
References are from: All in One Book (Shon Harris, 2005)
**Need to know the fire resistant ratings that are used in the study guides.
E.g., 5/8 inch thick drywall sheet installed on each side of a wood stud provides a one hour rating. If the thickness of the drywall were doubled, it would be a two hour rating.
Fire resistance represents the ability of a laboratory constructed assembly to contain fire for a specific period of time.

32. Internal Support Systems
Fire needs oxygen and fuel to continue to grow.
Ignition sources can include the failure of an electrical device, improper storage of materials, malfunctioning heating devices, arson, etc.
Special note on “plenum areas:” The space above drop down ceilings, wall cavities, and under raised floors. Plenum areas should have fire detectors and should only use plenum area rated cabling.

33. Internal Support Systems
Types of Fire:
A: Common Combustibles
Elements: Wood products, paper, laminates
Suppression: Water, foam
B: Liquid
Elements: Petroleum products and coolants
Suppression: Gas, CO2, foam, dry powders
C: Electrical
Elements: Electrical equipment and wires
Suppression: Gas, CO2, dry powders
D: Combustible Metals
Elements: magnesium, sodium, potassium
Suppression: Dry powder
K: Commercial Kitchens
Elements: Cooking oil fires
Suppression: Wet chemicals such as potassium acetate.

34. Internal Support Systems
Types of Fire Detectors
Smoke Activated
Heat Activated
Know the types and properties of each general category.
References are from: All in One Book (Shon Harris, 2005)
Smoke activated detectors (375)
Good for early warning devices (375)
Can be used to sound a warning alarm before the suppression system activates (375)
Photoelectric Device (aka optical detector): Detects variation in light intensity. The detector produces a beam of light across a protected area, and if the beam is obstructed, the alarm sounds. (375)
Heat Activated (376)
Can be configured to sound an alarm either when a predefined temperature (fixed temperature) is reached or when the temperature increases over a period of time (rate of rise). (376)
Rate of rise temperature sensors usually provide a quicker warning that fixed temperature sensors because they are more sensitive (but they can also sound more false alarms). (376)

35. Internal Support Systems
Different types of suppression agents:
Water
Halon and halon substitutes
Foams
Dry Powders
CO2
Soda Acid
Know suppression agent properties and the types of fires that each suppression agent combats
Know the types of fire extinguishers (A,B,C, D) that combat different types of fires
References are from: All in One Book (Shon Harris, 2005)
Water: Works by reducing temperature. (378)
Halon and halon substitutes: Works by interfering with the chemical combustion of elements with a fire. (378)
Halon depletes the ozone and when used on extremely hot fires degrades into toxic chemicals. (378)
Was prohibited in Montreal Protocol in 1987 and has not been manufactured since 1992.
FM-200 is a halon substitute. (404)
Foams: Mainly water based and contain a foaming agent that allows them to float on top of a burning substance to exclude oxygen. (377)
Dry powders: Used mainly for class B and C fires.
Sodium or potassium bicarbonate, calcium carbonate: interrupts the chemical combustion of a fire. (377)
Monoammonium phosphate: Excludes oxygen from the fuel. (377)
CO2: Works by removing oxygen. (378)
Colorless, odorless (404)
Good for putting fires out, but bad for life forms because it removes oxygen from the air. A suppression system using this agent should have a delay mechanism. (377)
Best used in unattended areas or facilities. (377)
Soda Acid (378): Works by removing fuel. (378)
Class A extinguishers are for ordinary combustible materials such as paper, wood, cardboard, and most plastics. The numerical rating on these types of extinguishers indicates the amount of water it holds and the amount of fire it can extinguish.
Class B fires involve flammable or combustible liquids such as gasoline, kerosene, grease and oil. The numerical rating for class B extinguishers indicates the approximate number of square feet of fire it can extinguish.
Class C fires involve electrical equipment, such as appliances, wiring, circuit breakers and outlets. Never use water to extinguish class C fires - the risk of electrical shock is far too great! Class C extinguishers do not have a numerical rating. The C classification means the extinguishing agent is non-conductive.
Class D fire extinguishers are commonly found in a chemical laboratory. They are for fires that involve combustible metals, such as magnesium, titanium, potassium and sodium. These types of extinguishers also have no numerical rating, nor are they given a multi-purpose rating - they are designed for class D fires only.

36. Internal Support Systems
Types of Sprinklers
Wet Pipe Systems (aka Closed Head System)
Dry Pipe Systems
Preaction Systems
Deluge Systems
References are from: All in One Book (Shon Harris, 2005)
Wet Pipe Systems (aka Closed Head System): Always contain water in the pipes and are usually discharged by temperature control level sensors. One disadvantage is that the water in pipes may freeze in colder climates. Also, nozzle or pipe break could cause severe water damage. (379)
Dry Pipe Systems: Water is not actually held in pipes, it is contained in a holding tank until released. The pipes contain pressurized air, which is reduced when a fire or smoke alarm is activated, allowing the water value to be opened by the water pressure. Best used in colder climates because the pipes will not freeze. (379) Actual fire must be detected, usually by a heat or smoke senor being activated. (379)
Preaction Systems: Similar to dry pipe systems in that the water is not held in pipes but is released when the pressurized air within the pipes is reduced. In this system water is not released right away, but will be released when a thermal-fusible link on the sprinkler head melts. (380) This gives people more time to respond to small fires or false alarms that can be handled by other means. (380)
Deluge System: Has its sprinkler heads wide open to allow for a larger volume of water to be released in a shorter period. (380) Not usually used in data processing environments. (380)

37. Perimeter security has two modes:
The first line of defense is perimeter control at the site location, to prevent unauthorized access to the facility.
Perimeter security has two modes:
Normal facility operation
Facility closed operation

38. Perimeter Security
Proximity protection components put in place to provide the following services:
Control of pedestrian and vehicle traffic
Various levels of protection for different security zones
Buffers and delaying mechanisms to protect against forced entry
Limit and control entry points

39. Protection services can be provided by:
Perimeter Security
Protection services can be provided by:
Access Control Mechanisms
Physical Barriers
Intrusion Detection
Assessment
Response
Deterrents
References are from: All in One Book (Shon Harris, 2005)
Access control mechanisms: Locks and keys, electronic card access, personnel awareness.
Physical barriers: Fences, gates, walls, doors, windows, protected vents, vehicle barriers.
Intrusion Detection: Perimeter sensors, interior sensors, annunciation mechanisms
Assessment: guards, CCTV cameras.
Response: Guards, local law enforcement
Deterrents: Signs, lighting, environmental design

40. Fences are “first line of de’fence’” mechanisms. (Small Joke!)
Perimeter Security
Fences are “first line of de’fence’” mechanisms. (Small Joke!)
Varying heights, gauge, and mesh provides security features (know them).
Barbed wire direction makes a difference.
References are from: All in One Book (Shon Harris, 2005)
Fence posts should be buried deep in ground and secured with concrete to ensure that they cannot be dug up or pulled out with vehicles. (390)
3-4 ft high: Only deter casual trespassers
6-7 ft high: Considered too high to climb easily
8 ft high w/ strands of barbed or razor write at the top: serious property protection, may deter the more determined intruder.
Fencing gauge & mesh: (390) The lower the gauge number, the thicker the wire diameter:
11 gauge = .120 inch diameter
9 gauge = .148 inch diameter
6 gauge = .192 inch diameter
Mesh sizing
Typically are 2 inch, 1 inch, 3/8 inch.
It is more difficult to climb fences with smaller mesh sizes.
Strength levels of the most common gauge and mesh sizes used in fencing industry:
Extremely high security: 3/8 in. mesh, 11 gauge
Very high security: 1 inch mesh, 9 gauge
High security: 1 inch mesh, 11 gauge
Greater security: 2 inch mesh, 6 gauge
Normal industrial security: 2 inch mesh, 9 gauge
Barbed wire tilted in (e.g. prison): makes it harder for people to get out. (390)
Barbed wire tilted out (e.g. military base): makes it harder for people to get in. (390)

41. Perimeter Intrusion Detection and Assessment System (PIDAS):
Perimeter Security
Perimeter Intrusion Detection and Assessment System (PIDAS):
A type of fencing that has sensors on the wire mesh and base of the fence.
A passive cable vibration sensor sets off an alarm if an intrusion is detected.

42. Perimeter Security Gates have 4 distinct types:
Class I: Residential usage
Class II: Commercial usage, where general public access is expected (e.g., public parking lot, gated community, self storage facility)
Class III: Industrial usage, where limited access is expected (e.g., warehouse property entrance not intended to serve public)
Class IV: Restricted access (e.g., a prison entrance that is monitored either in person or via CCTV)
References are from: All in One Book (Shon Harris, 2005)
Each gate classification has a long list of implementation and maintenance guidelines to ensure the necessary level of protection. Guidelines are developed by Underwriters Laboratory (UL) which is a nonprofit organization that tests, inspects and classified electronic devices, fire protection equipment, and specific construction materials. (391)
For physical security realm, we look to UL for best practices and industry standards. (391)
Bollards: small concrete pillars places next to sides of buildings that have the most immediate threat of someone driving a vehicle through an exterior wall. (391)

43. Locks are considered delaying devices.
Perimeter Security
Locks are inexpensive access control mechanisms that are widely accepted and used.
Locks are considered delaying devices.
Know your locks!

44. Perimeter Security Types of Locks Mechanical Locks Combination Locks
Warded & Tumbler
Combination Locks
Cipher Locks (aka programmable locks)
Smart locks
Device Locks
Cable locks, switch controls, slot locks, port controls, peripheral switch controls, cable traps
References are from: All in One Book (Shon Harris, 2005)
Two main types of mechanical locks: (382)
Warded Lock: Basic padlock. These are the cheapest locks, and because of their lack of sophistication, are the easiest to pick. (382) See diagram page 383.
Tumbler Lock: Has more pieces and parts than a warded lock.
Three types: (383)
Pin Tumbler
Most commonly used tumbler lock. (383)
Wafer Tumbler (aka disc tumbler locks)
Does not provide much protection because it can be easily circumvented. (383)
Often used as car or desk locks. (383)
Lever Tumbler
Combination Locks: Require the correct combination of numbers to unlock them. (384)
Cipher Locks (aka Programmable Locks): Keyless and use a keypad to control access into an area or facility. Compared to traditional locks, provide a much higher level of security and control of who can access a facility. (384)
Smart Locks: More sophisticated cipher locks that allow for specific codes to be assigned to unique individuals. Allows entry and exit activities to be logged by person. (385)
Functionalities available on many cipher combination locks that improve access controls and security: (384-85)
Door Delay: If a door is held open for a given time, an alarm will trigger to alert personnel of suspicious activity. (384)
Key Override: A specific combination can be programmed to be used in emergency situations to override normal procedures or for supervisory overrides. (384)
Master Keying: Enables supervisory personnel to change access codes and other features of the cipher lock. (385)
Hostage Alarm: If an individual is under duress and/or held hostage, a combination he enters can communicate this situation to the guard station or police station. (385)
Device Locks (385)
Cable Locks: consist of a vinyl coated steel cable that can secure a computer or peripheral to a desk or other stationary component. (385)
Switch Controls: Cover on/off power switches. (386)
Slot Locks: Secure the system to a stationary component by the use of steel cable that is connected to a bracket that is mounted in a spare expansion slot. (386)
Port Controls: Block Access to disk drives or unused serial or parallel ports. (386)
Peripheral Switch Controls: Secure a keyboard by inserting an on/off switch between the system unit and the keyboard input slot. (386)
Cable traps: prevent the removal of input/output devices by passing their cables through a lockable unit. (386)

45. Perimeter Security Lock Strengths: Cylinder Categories
Grade 1 (commercial and industrial use)
Grade 2 (heavy duty residential/light duty commercial)
Grade 3 (residential and consumer expendable)
Cylinder Categories
Low Security (no pick or drill resistance)
Medium Security (some pick resistance)
High Security (pick resistance through many different mechanisms—used only in Grade 1 & 2 locks)

46. Perimeter Security Lighting
Know lighting terms and types of lighting to use in different situations (inside v. outside, security posts, access doors, zones of illumination)
It is important to have the correct lighting when using various types of surveillance equipment.
Lighting controls and switches should be in protected, locked, and centralized areas.

47. Perimeter Security
“Continuous lighting:” An array of lights that provide an even amount of illumination across an area.
“Controlled lighting:” An organization should erect lights and use illumination in such a way that does not blind its neighbors or any passing cars, trains, or planes.
“Standby Lighting:” Lighting that can be configured to turn on and off at different times so that potential intruders think that different areas of the facility are populated.
“Redundant” or “backup lighting:” Should be available in case of power failures or emergencies.
“Response Area Illumination:” Takes place when an IDS detects suspicious activities and turns on the lights within the specified area.
References are from: All in One Book (Shon Harris, 2005)
Continuous lighting: An array of lights that provides an even amount of illumination across an area. (393)
Controlled lighting: An organization should erect lights and use illumination in such a way that does not blind its neighbors or any passing cars, trains, or planes. (393)
Standby Lighting: Lighting that can be configured to turn on and off at different times so that potential intruders think that different areas of the facility are populated. (393)
Redundant or backup lighting should be available in case of power failures or emergencies.
Response Area Illumination: Takes place when an IDS detects suspicious activities and turns on the lights within the specified area. (393)

48. Surveillance Devices Perimeter Security
These devices usually work in conjunction with guards or other monitoring mechanisms to extend their capacity.
Know the factors in choosing CCTV, focal length, lens types (fixed v. zoom), iris, depth of field, illumination requirements
Annunciator system: An indicator that listens for noise and activates electrical devices. Will alert a security guard if movement is detected on a screen. (397)

49. Perimeter Security
“Focal length:” The focal length of a lens defines its effectiveness in viewing objects from a horizontal and vertical view.
The sizes of images that will be shown on a monitor along with the area that can be covered by one camera are defined by focal length.
Short focal length = wider angle views
Long focal length = narrower views

50. Perimeter Security
“Depth of field:” Refers to the portion of the environment that is in focus
“Shallow depth of focus:” Provides a softer backdrop and leads viewers to the foreground object
“Greater depth of focus:” Not much distinction between objects in the foreground and background.
Depth of field varies depending upon the size of the lens opening, the distance of the object being focused upon, and the focal length of the lens. (396)
Increases as the size of the lens opening decreases, the subject distance increases, or the focal length of the lens decreases.
So if you want to cover a large area and not focus on specific items use a: Wide angle lens (short focal length) with a Small lens opening

51. Perimeter Security
Intrusion Detection systems are used to detect unauthorized entries and to alert a responsible entity to respond.
Know the different types of IDS systems (electro-mechanical v. volumetric) and changes that can be detected by an IDS system.
IDS Characteristics:
Expensive and requires human intervention to respond to alarms
Redundant power supply and emergency backup power are necessary
Can be linked to a centralized security system
Should have a fail safe configuration, which should default to activated
Should detect and be resistant to tampering
IDSs can be used to detect changes in the following: (398)
Beams of light
Sounds and vibrations
Motion
Different types of fields (microwave, ultrasonic, and electrostatic)
Electrical Circuit

52. Patrol Force and Guards
Perimeter Security
Patrol Force and Guards
Use in areas where critical reasoning skills are required
Auditing Physical Access
Need to log and review:
Date & time of access attempt
Entry point
User ID
Unsuccessful access attempts

53. Final Concept to Guide in Assessing Physical Security Issues on Exam:
Deterrence
Delay
Detection
Assessment
Response

54. Resources Physical Security All in One Book (Shon Harris, 2005)
Official (ISC)² Guide to the CISSP CBK ((ISC)², 2006)