We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byFernanda Fellows
Modified over 2 years ago
© 2006 Carnegie Mellon University :1 Physical Security
© 2006 Carnegie Mellon University :2 Three Security Disciplines Physical –Most common security discipline –Protect facilities and contents Plants, labs, stores, parking areas, loading areas, warehouses, offices, equipment, machines, tools, vehicles, products, materials Personnel –Protect employees, customers, guests Information –The rest of this course
© 2006 Carnegie Mellon University :3 Information Revolution Information Revolution as pervasive at the Industrial Revolution Impact is Political, Economic, and Social as well as Technical Information has an increasing intrinsic value Protection of critical information now a critical concern in Government, Business, Academia
© 2006 Carnegie Mellon University :4 Politics and Technology The end of the Cold War resulted in a greater political complexity Information critical to all aspects of government Military Commerce Politics –Information is Power –Protection of information more important than ever
© 2006 Carnegie Mellon University :5 Business and Technology Information has become a product on its own Information technologies critical Protection of information essential Business now dependent on the Net Who controls the ON/OFF Switch?
© 2006 Carnegie Mellon University :6 The New World The Internet allows global connectivity Cyber-space has no borders Anonymity easy to accomplish New breed of threat Technically smart Determined, knowledgeable Physical Security often overlooked in the new threat environment
© 2006 Carnegie Mellon University :7 Nature of the Threat Threat environment changes Nation-state threat – Countries see computers as equalizers – New balance of power through information control Non-state actors – New levels of potential threat –“Strategic Guns for Hire” –Terrorism remains physical act Physical attacks against information sources requires minimal effort for maximum effect - Gums up the Gears!!!!
© 2006 Carnegie Mellon University :8 How Has It Changed? Physical Events Have Cyber Consequences Cyber Events Have Physical Consequences
© 2006 Carnegie Mellon University :9 Physical Attacks require little resources Insider threat very real Disgruntled employee Agent for hire Tactics well known and hard to stop World Trade Center Aldrich Aimes Financial network facilities viable target Target information readily available Threat and Physical Security
© 2006 Carnegie Mellon University :10 Why Physical Security? Not all threats are “cyber threats” Information one commodity that can be stolen without being “taken” Physically barring access is first line of defense Forces those concerned to prioritize! Physical Security can be a deterrent Security reviews force insights into value of what is being protected
© 2006 Carnegie Mellon University :11 Layered Security Physical Barriers Fences Alarms Restricted Access Technology Physical Restrictions Air Gapping Removable Media Remote Storage Personnel Security Practices Limited Access Training Consequences/Deterrence
© 2006 Carnegie Mellon University :12 Physical Barriers Hardened Facilities Fences Guards Alarms Locks Restricted Access Technologies –Biometrics –Coded Entry –Badging Signal Blocking (Faraday Cages)
© 2006 Carnegie Mellon University :13 Outer Protective Layers Structure –Fencing, gates, other barriers Environment –Lighting, signs, alarms Purpose –Define property line and discourage trespassing –Provide distance from threats
© 2006 Carnegie Mellon University :14 Middle Protective Layers Structure –Door controls, window controls –Ceiling penetration –Ventilation ducts –Elevator Penthouses Environment –Within defined perimeter, positive controls Purpose –Alert threat, segment protection zones
© 2006 Carnegie Mellon University :15 Inner Protective Layers Several layers Structure –Door controls, biometrics –Signs, alarms, cctv –Safes, vaults Environment –Authorized personnel only Purpose –Establish controlled areas and rooms
© 2006 Carnegie Mellon University :16 Example System: SEI Building Structure: –6 exterior doors –Windows secured –Exterior Lit Middle Layers: –Guard desk –Proximity card system –CCTV Inner Layers: Intellectual Property Protection
© 2006 Carnegie Mellon University :17 Other Barrier Issues Handling of trash or scrap Fire: –Temperature –Smoke Pollution: –CO –Radon Flood Earthquake
© 2006 Carnegie Mellon University :18 Physical Restrictions Air Gapping Data Limits access to various security levels Requires conscious effort to violate Protects against inadvertent transmission Removable Media Removable Hard Drives Floppy Disks/CDs/ZIP Disks Remote Storage of Data Physically separate storage facility Use of Storage Media or Stand Alone computers Updating of Stored Data and regular inventory
© 2006 Carnegie Mellon University :19 Personnel Security Practices Insider Threat the most serious Disgruntled employee Former employee Agent for hire Personnel Training Critical Element Most often overlooked Background checks Critical when access to information required Must be updated CIA/FBI embarrassed
© 2006 Carnegie Mellon University :20 People Disgruntled employee / former employee Moonlighter Marketing, sales representatives, etc. Purchasing agents, buyers, subcontract administrators Consultants Vendor/Subcontractor Clerical Applicants, Visitors, Customers
© 2006 Carnegie Mellon University :21 Activities or Events Publications, public releases, etc. Seminars, conventions or trade shows Survey or questionnaire Plant tours, “open house”, family visits Governmental actions: certification, investigation Construction and Repair
© 2006 Carnegie Mellon University :22 Technical Security Alarms Loud and Noisy Silent Integrated into barrier methods Video/Audio Deterrent factor Difficult to archive Bio-Metrics Identification Reliability questions
© 2006 Carnegie Mellon University :23 NISPOM National Industrial Security Operating Manual Prescribes requirements, restrictions and other safeguards that are necessary to prevent unauthorized disclosure of information Protections for special classes of information: Restricted Information, Special Access Program Information, Sensitive Compartmented Information National Security Council provides overall policy direction Governs oversight and compliance for 20 government agencies
© 2006 Carnegie Mellon University :24 The Place of Physical Security Physical Security is part of integrated security plan Often overlooked when considering Information Security No information security plan is complete without it!
95752: Introduction to Information Security Management Tim Shimeall, Ph.D Office Hours by Appointment Course website:
Chapter 7: Physical & Environmental Security. 2 Objectives Define the concept of physical security and how it relates to information security Evaluate.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,
LESSON 11 PHYSICAL SECURITY Prepared by: Camo, Christian Leo O. BS Criminology LEA 2.
1 Site Safety Plans PFN ME 35B. 2 TERMINAL LEARNING OBJECTIVES ACTION: Identify the requirements for implementing a Safety and Health Program for operation.
25 seconds left….. 24 seconds left….. 23 seconds left…..
Systems Security Engineering An Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski.
Unit 1: Protecting the Facility (Virtual Machines)
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Physical Security By: Christian Hudson. Overview Definition and importance Components Layers Physical Security Briefs Zones Implementation.
EMS Checklist (ISO model) EPA Regions 9 & 10 and The Federal Network for Sustainability 2005.
1 SAF AMMUNITION COMMAND The Heart of SAF s Firepower Security and Stockpile Management of MANPADS (Man-Portable Air Defence Systems)
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
Module 02: 1 Introduction to Computer Security and Information Assurance Objectives Recognize that physical security and cyber security are related Recognize.
Physical Security at Data Center: A survey. Objective of the Survey 1. To identify the current physical security in data centre. 2.To analyse the.
Access Control Jeff Wicklund Computer Security Fall 2013.
Jeopardy Topic 1Topic Q 1Q 6Q 11Q 16Q 21 Q 2Q 7Q 12Q 17Q 22 Q 3Q 8Q 13Q 18Q 23 Q 4Q 9Q 14Q 19Q 24 Q 5Q 10Q 15Q 20Q 25 Final Jeopardy.
Understanding Security Layers Lesson 1. Objectives.
Physical Security Concerns for LAN Management By: Derek McQuillen.
1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.
AMARI AIR BASE AT/FP EVAL 9 JUNE (No photos taken due to tight security)
Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.
We will resume in: 25 Minutes We will resume in: 24 Minutes.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Module N° 4ICAO State Safety Programme (SSP) Implementation Course 1 Module N° 4 – ICAO SSP framework Revision N° 5ICAO State Safety Programme (SSP) Implementation.
WEEK 1 You have 10 seconds to name…
California Access Controls Inc Exciting features that are extremely easy to use Exciting features that are extremely easy to use Access Control.
C-TPAT SECURITY AWARENESS TRAINING Presented at: XXXXX As a Basis for Individual Facility Training.
Addition 1’s to
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 8: Physical Security Control.
© UNCTAD ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer.
Revision N° 13ICAO Safety Management Systems (SMS) Course06/05/09 Module N° 7 – Introduction to SMS.
Physical (Environmental) Security. 2 Domain Objectives Define key concepts of physical security Goals and Purpose of Layered Defenses Principles in Site.
1 Maritime Law Enforcement. 2 INTRODUCTION Naval Forces as economic & effective law enforcement units Risk of Excessive Use of Force Avoided by –law enforcement.
1 Confined Space Module 9. 2Objectives After this module you should be able to – identify the most common confined space hazards – take the necessary.
Site Security Policy Case 01/19/ : Information Assurance Policy Douglas Hines, Jr.
Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Addition Facts = = =
Physical security By Ola Abd el-latif Abbass Hassan.
Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
9-2 DVD 9-3 Additional Content Floors, walls, and ceilings: Materials must be smooth and durable for easier cleaning Must be regularly maintained 9-4.
Chuck Barry (702)
There are three types of emergencies: Internal External Natural disasters.
Initial Site Investigation Lesson 7 1. Initial Site Investigation 2.
© 2009 South-Western, Cengage LearningMARKETING 1 Chapter 5 MARKETING INFORMATION AND RESEARCH 5-1Understanding the Need for Market Information 5-2Finding.
International business, 5 th edition chapter 9 formulation of national trade policies.
1 Writing and Implementing a School Food Safety Program Based on HACCP Principles.
© 2017 SlidePlayer.com Inc. All rights reserved.