Presentation is loading. Please wait.

Presentation is loading. Please wait.

Physical and Environmental Security CISSP Guide to Security Essentials Chapter 8.

Published byClementine Richard Modified over 8 years ago

Similar presentations

Presentation on theme: "Physical and Environmental Security CISSP Guide to Security Essentials Chapter 8."— Presentation transcript:

1 Physical and Environmental Security CISSP Guide to Security Essentials Chapter 8

2 CISSP Guide to Security Essentials2 Objectives Site access controls including key card access systems, biometrics, video surveillance, fences and walls, notices, and exterior lighting Secure siting: identifying and avoiding threats and risks associated with a building site

3 CISSP Guide to Security Essentials3 Objectives (cont.) Equipment protection from theft and damage Environmental controls including HVAC and backup power

4 CISSP Guide to Security Essentials4 Site Access Controls Key cards –Centralized access control consists of card readers, central computer, and electronic door latches Photo by IEI Inc.

5 CISSP Guide to Security Essentials5 Site Access Controls (cont.) Key cards (cont.) –Pros: easy to use, provides an audit record, easy to change access permissions –Cons: can be used by others if lost Photo by IEI Inc.

6 CISSP Guide to Security Essentials6 Biometric Access Controls Based upon a specific biometric measurement Greater confidence of claimed identity –Fingerprint, iris scan, retina scan, hand scan, voice, facial recognition, others Photo by Ingersoll-Rand Corporation

7 CISSP Guide to Security Essentials7 Biometric Access Controls (cont.) More costly than key card alone Photo by Ingersoll-Rand Corporation

8 CISSP Guide to Security Essentials8 Metal Keys Pros: suitable backup when a key card system fails Uses in limited areas such as cabinets –Best to use within keycard access areas

9 CISSP Guide to Security Essentials9 Metal Keys (cont.) Cons –Easily copied, cannot tell who used a key to enter

10 CISSP Guide to Security Essentials10 Man Trap Double doors, where only one can be opened at a time Used to control personnel access Manually operated or automatic Only room for one person

11 CISSP Guide to Security Essentials11 Guards Trained personnel with a variety of duties: –Checking employee identification, handling visitors, checking parcels and incoming/outgoing equipment, manage deliveries, apprehend suspicious persons, call additional security personnel or law enforcement, assist persons as needed –Advantages: flexible, employ judgment, mobile

12 CISSP Guide to Security Essentials12 Guard Dogs Serve as detective, preventive, and deterrent controls Apprehend suspects Detect substances

13 CISSP Guide to Security Essentials13 Access Logs Record of events –Personnel entrance and exit –Visitors –Vehicles –Packages –Equipment

14 CISSP Guide to Security Essentials14 Fences and Walls Effective preventive and deterrent control Keep unwanted persons from accessing specific areas HeightEffectiveness 3-4 ftDeters casual trespassers 6-7 ftToo difficult to climb easily 8 ft plus 3 strands of barbed or razor wire Deters determined trespassers

15 CISSP Guide to Security Essentials15 Video Surveillance Supplements security guards Provide points of view not easily achieved with guards

16 CISSP Guide to Security Essentials16 Video Surveillance (cont.) Locations –Entrances –Exits –Loading bays –Stairwells –Refuse collection areas

17 CISSP Guide to Security Essentials17 Video Surveillance (cont.) Camera types –CCTV, IP wired, IP wireless –Night vision –Fixed, Pan / tilt / zoom –Hidden / disguised

18 CISSP Guide to Security Essentials18 Video Surveillance (cont.) Recording capabilities –None; motion-activated; periodic still images; continuous

19 CISSP Guide to Security Essentials19 Intrusion, Motion, and Alarm Systems Automatic detection of intruders Central controller and remote sensors –Door and window sensors –Motion sensors –Glass break sensors

20 CISSP Guide to Security Essentials20 Intrusion, Motion, and Alarm Systems (cont.) Alarming and alerting –Audible alarms –Alert to central monitoring center or law enforcement

21 CISSP Guide to Security Essentials21 Visible Notices No Trespassing signs Surveillance notices –Sometimes required by law Surveillance monitors

22 CISSP Guide to Security Essentials22 Exterior Lighting Discourage intruders during nighttime hours, by lighting intruders’ actions so that others will call authorities NIST standards require 2 foot-candles of power to a height of 8 ft

23 CISSP Guide to Security Essentials23 Other Physical Controls Bollards Crash gates –Prevent vehicle entry –Retractable

24 CISSP Guide to Security Essentials24 Secure Siting Locating a business at a site that is reasonably free from hazards that could threaten ongoing operations

25 CISSP Guide to Security Essentials25 Secure Siting (cont.) Identify threats –Natural: flooding, landslides, earthquakes, volcanoes, waves, high tides, severe weather –Man-made: chemical spills, transportation accidents, utilities, military base, social unrest

26 CISSP Guide to Security Essentials26 Secure Siting (cont.) Other siting factors –Building construction techniques and materials –Building marking –Loading and unloading areas –Shared-tenant facilities –Nearby neighbors

27 CISSP Guide to Security Essentials27 Asset Protection Laptop computers –Anti-theft cables –Defensive software (firewalls, anti-virus, location tracking, destruct-if-stolen) –Strong authentication such as fingerprint –Full encryption –Training

28 CISSP Guide to Security Essentials28 Asset Protection (cont.) Servers and backup media –Keep behind locked doors –Locking cabinets –Video surveillance –Off-site storage for backup media Secure transportation Secure storage

29 CISSP Guide to Security Essentials29 Asset Protection (cont.) Protection of sensitive documents –Locked rooms –Locking, fire-resistant cabinets

30 CISSP Guide to Security Essentials30 Asset Protection (cont.) Protection (cont.) –“Clean desk” policy Reduced chance that a passer-by will see and remove a document containing sensitive information –Secure destruction of unneeded documents

31 CISSP Guide to Security Essentials31 Asset Protection (cont.) Equipment check-in / check-out –Keep records of company owned equipment that leaves business premises –Improves accountability –Recovery of assets upon termination of employment

32 CISSP Guide to Security Essentials32 Asset Protection (cont.) Damage protection –Earthquake bracing Required in some locales Equipment racks, storage racks, cabinets –Water detection and drainage Alarms

33 CISSP Guide to Security Essentials33 Asset Protection (cont.) Fire protection –Fire detection: smoke alarms, pull stations –Fire extinguishment Fire sprinklers Inert gas systems Fire extinguishers

34 CISSP Guide to Security Essentials34 Asset Protection (cont.) Cabling security – on-premises –Place cabling in conduits or away from exposed areas

35 CISSP Guide to Security Essentials35 Asset Protection (cont.) Cabling security – off-premises (e.g. telco) –Select a different carrier –Utilize diverse / redundant network routing –Utilize encryption

36 CISSP Guide to Security Essentials36 Environmental Controls Heating, ventilation, and air conditioning (HVAC) –Vital, yet relatively fragile –Backup units (“N+1”) recommended –Ratings BTU/hr Tonns

37 CISSP Guide to Security Essentials37 Environmental Controls (cont.) Heating, ventilation, and air conditioning (HVAC) (cont.) –Also regulates humidity Should be 30% - 50%

38 CISSP Guide to Security Essentials38 Environmental Controls (cont.) Electric power Anomalies –Blackout. A total loss of power. –Brownout. A prolonged reduction in voltage below the normal minimum specification.

39 CISSP Guide to Security Essentials39 Environmental Controls (cont.) Anomalies (cont.) –Dropout. A total loss of power for a very short period of time (milliseconds to a few seconds). –Inrush. The instantaneous draw of current by a device when it is first switched on.

40 CISSP Guide to Security Essentials40 Environmental Controls (cont.) Anomalies (cont.) –Noise. Random bursts of small changes in voltage. –Sag. A short drop in voltage. –Surge. A prolonged increase in voltage. –Transient. A brief oscillation in voltage.

41 CISSP Guide to Security Essentials41 Environmental Controls (cont.) Electric power protection –Line conditioner – filters incoming power to make it cleaner and free of most anomalies –Uninterruptible Power Supply (UPS) – temporary supply of electric power via battery storage

42 CISSP Guide to Security Essentials42 Environmental Controls (cont.) Electric power protection (cont.) –Electric generator – long term supply of electric power via diesel (or other source) powered generator

43 CISSP Guide to Security Essentials43 Redundant Controls Assured availability of critical environmental controls –Dual electric power feeds –Redundant generators –Redundant UPS –Redundant HVAC –Redundant data communications feeds

44 CISSP Guide to Security Essentials44 Summary Site access control for personnel is usually achieved with key cards, PIN pads, biometrics, and metal keys A mantrap is an access control that consists of a set of two doors, one after the other, where only one door can be open at a time

45 CISSP Guide to Security Essentials45 Summary (cont.) Site security is also achieved with guards, guard dogs, access logs, fences and walls, video surveillance, alarm systems, visual notices, exterior lighting, bollards, and crash gates

46 CISSP Guide to Security Essentials46 Summary (cont.) A business should be located in an area that is reasonably free of hazards and threats Natural threats include floods, landslides, avalanches, earthquakes, volcanoes, tsunamis, and severe weather

47 CISSP Guide to Security Essentials47 Summary (cont.) Man-made threats include chemical spills, transportation corridors, utilities, social unrest, and nearby military bases Other siting issues include building construction techniques and materials, building marking, loading and unloading areas, and shared-tenancy

48 CISSP Guide to Security Essentials48 Summary (cont.) Business equipment should be physically secured to prevent theft, tampering, sabotage, and water damage Cabling should be protected from unauthorized access

49 CISSP Guide to Security Essentials49 Summary (cont.) Heating, Ventilation, and Air Conditioning (HVAC) systems control the temperature and humidity of air in buildings Electric power is protected with line conditioners, Uninterruptible Power Supplies (UPSs), and electric generators

50 CISSP Guide to Security Essentials50 Summary (cont.) Facilities that cannot tolerate downtime due to the failure of HVAC, UPS, or generators should consider redundant, or “N+1”, environmental controls

Download ppt "Physical and Environmental Security CISSP Guide to Security Essentials Chapter 8."

Similar presentations

Emergency Preparedness and Response

Emergency Preparedness and Response
Physical and Environmental Security

Physical and Environmental Security
Chapter 7: Physical & Environmental Security

Chapter 7: Physical & Environmental Security
Computer Security Computer Security is defined as:

Computer Security Computer Security is defined as:
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
“Why do we need Security”  Each business has unique security and safety needs, e.g. Inventory Shrinkage and Theft Personal Safety Break Ins Moving Your.

“Why do we need Security”  Each business has unique security and safety needs, e.g. Inventory Shrinkage and Theft Personal Safety Break Ins Moving Your.
Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.

Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.
Chapter 5 Enhancing Security Through Physical Controls

Chapter 5 Enhancing Security Through Physical Controls
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.

Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
Maintaining and Troubleshooting Computer Systems Computer Technology.

Maintaining and Troubleshooting Computer Systems Computer Technology.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Copyright © Center for Systems Security and Information Assurance Lesson Seven Physical Security.

Copyright © Center for Systems Security and Information Assurance Lesson Seven Physical Security.
Security Controls – What Works

Security Controls – What Works
Stephen S. Yau CSE 465 & CSE591, Fall 2006 1 Physical Security for Information Systems.

Stephen S. Yau CSE 465 & CSE591, Fall Physical Security for Information Systems.
Information Security Principles and Practices

Information Security Principles and Practices
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.
Information Systems Security Physical Security Domain #4.

Information Systems Security Physical Security Domain #4.
Www.convergencetechnologycenter.org DUE 402356 Security and Fire Alarm Systems LEARNING OUTCOME 7B Describe design overview and location considerations.

DUE Security and Fire Alarm Systems LEARNING OUTCOME 7B Describe design overview and location considerations.
Physical Security Chapter 9.

Physical Security Chapter 9.

Similar presentations

Ads by Google