Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.

Slides:

Advertisements

Similar presentations

Security and Stockpile

Advertisements

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

UNIT PHYSICAL SECURITY PLAN

Presentation Retail Security Key Holding Mobile Patrols Access Control Systems Manned Security Receptionist CCTV Monitoring.

“Why do we need Security”  Each business has unique security and safety needs, e.g. Inventory Shrinkage and Theft Personal Safety Break Ins Moving Your.

Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.

SECURITY HARDWARE & TECHNOLOGY CCPOA REGION 3 TRAINING CLASS MAY 11, 2011.

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.

1 Telstra in Confidence Managing Security for our Mobile Technology.

Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.

Microsoft Technology Associate

Computer Security: Principles and Practice

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Didzis Balodis, CISSP, Head of IT Security and Infrastructure at SQUALIO Using the Cloud - practical security implications.

Chapter 3.  Security Framework  Operational Security Lifecycle  Security Perimeter  Access Control  Social Engineering  Environmental Issues.

Three Lines of Defense Presented by the Arapahoe County Sheriff’s Office.

Introduction to Network Defense

Physical Security SAND No C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

SEC835 Database and Web application security Information Security Architecture.

Module 02: 1 Introduction to Computer Security and Information Assurance Objectives Recognize that physical security and cyber security are related Recognize.

Understanding Security Layers

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Physical Security By: Christian Hudson. Overview Definition and importance Components Layers Physical Security Briefs Zones Implementation.

HOMELAND SECURITY ADVISORY SYSTEM. Established after the terrorist attacks on America September 11, 2001.

Lowe’s Certification and Accreditation.  Systems Boundaries and Functions  Vulnerabilities, Threats, and Threat Sources  Annual Loss Expectancy  Identification.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

April 09, 2008 The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 1 The Demilitarized Zone as an Information Protection.

Physical (Environmental) Security

Viewing Information Systems Security. The basic objectives of Information Security are the same as the basic objectives of EDP auditing. They are: 1.To.

Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.

Site Security Policy Case 01/19/ : Information Assurance Policy Douglas Hines, Jr.

ORGANIZING IT SERVICES AND PERSONNEL (PART 1) Lecture 7.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

The Need for Access Control & Perimeter Protection

Course of Study 6. Security Management  Security and its Importance  Security of the Guest and their Property  Security Needs for the Staff and the.

Unit 32 – Networked Systems Security

SEC 410 Entire Course (UOP) SEC 410 Week 1 DQ 1 (UOP)  SEC 410 Week 1 Individual Physical Security Paper   SEC 410 Week 1 DQ 1   SEC 410 Week 1 DQ.

10. Security and Physical Protection Basic Concepts

Physical Security Ch9 Part I Security Methods and Practice CET4884 Principles of Information Security, Fourth Edition.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

Vehicle Management System Adopted successfully with I.D., wireless Vehicle Management Systems (VMS) for Parking, Residential Societies.

SEC 410 cart Expect Success/sec410cartdotcom FOR MORE CLASSES VISIT

MANA1543: ACCESS CONTROL AND PERIMETER PROTECTION RESEARCH PROPOSAL : PHYSICAL SECURITY PLAN PHYSICAL SECURITY ENHANCEMENT IN UTM KL SITI RINIY FARIZA.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

The Physical Security in UTM NAWAF OMAR MAN Prof Hafiza Abas.

Criminal Justice Intro to Security, Instructor Name Date, Semester Chapter 4: PHYSICAL SECURITY: STRUCTURAL, ELECTRONIC, AND HUMAN PROTECTION SYSTEMS.

Unit 1: Protecting the Facility (Virtual Machines)

Module 5: Designing Physical Security for Network Resources

SEC 410 Help Bcome Exceptional / sec410.com

Physical and Technological Security

OIT Security Operations

Risk management.

Managing the Delivery of Information Services

LAND RECORDS INFORMATION SYSTEMS DIVISION

A Thread Relevant to all Levels of the EA Cube

Understanding Security Layers

Security Management Measures

A Holistic Approach to School Security

Managing the Security Function

Objectives Telecommunications and Network Physical and Personnel

Physical Security.

Managing the IT Function

Data Centre Environment

PLANNING A SECURE BASELINE INSTALLATION

Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.

Presentation transcript:

Physical Security at Data Center: A survey

Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the effectiveness of the current physical security in data centre.  3.To propose an effective hardware system of physical security for data centre.

Problem Statement  To test and ensure on how far the current physical security can counter all the potential threats that the operation center will face such as a data breach and crime activity.  To patch any vulnerabilities that may occur through current physical security.

Introduction  This paper will present a survey to raise awareness of physical security issues in the data center environment of Cyber Defence Operation Center (CDOC), MINDEF.  Cyber Defense Operation Center is a facility where enterprise information systems such as web sites, applications, databases, data centers and servers, networks, desktops and other endpoints are monitored, assessed, and defended.  Cyber Defense Operation Center also is responsible for protecting networks, as well as web sites, applications, databases, servers and data centers, and other technologies.

 Therefore, Cyber Defense Operation Center and the physical security operations center should be coordinate and work together.  The physical system of Cyber Defense Operation Center is a facility in large organizations where security staff monitor and control security officers/guards, alarms, CCTV, physical access, lighting, vehicle barriers and other significant infrastructures.

Current Physical Security of Data Center Physical Strategy System Components Entrance & Exits Department Entrance Inside Data Center Stairs Corridors Outside Data Center Parking Lots Lightings Fencing Visible / Clear Pathway No Hidden Corner / Dead Areas Smoke Detector Fire Sprinkler Electronic Access Control Security Camera (CCTV) Fire Alarm Intrusion Detection Alarm Security Guard Patrolling

SURVEY: PARTICIPANTS OF SURVEY  All participant was selected among of the CDOC officers which is the total of them is 10 personnel and having an ICT education background. Among them, there are only one officer is a Data Center Administrator, three officers are IT Managers and the other six officers are Cyber Operation Officers and have a technical background and skill in Computer Science, Computer Engineering and Information Security.

SURVEY: SURVEY QUESTIONS  Section 1: Site Location  Section 2: Site Perimeter  Section 3: In Data Center Room  Section 4: User Awareness

DISCUSSION AND RESULTS  Man made risk is low and the data center buildings is located inside the military camp. Eventhough, the building is shared with other’s department office, they had maintain a well locked at all building’s entrance.  Most of the staff did not aware that the building doesn’t have any fence. They assumed other department fence is including to operation center building.  the current practice of duty officer task which is providing the security check between hrs every day. Thus, some of the employees may not aware that the right procedure of patrol and assuming that security check is one of the patrol activity. Patrol guard and duty officer have a different roles and responsibility and also different objectives.

DISCUSSION AND RESULTS  Data center room is very small and not suitable to support and locate a lot of rack. It needs more space and bigger room.  Most of the staff did not receive proper rules briefing  Most of responder did not know all sensors inside the data center

Recommendation  Due to sharing buildings issue, the organization should enhance enhance the security layout of restricted area to improve access control by using Access Control Barrier and Biometric Access Door  CCTV Control room must be separated with tight security monitoring for suspicious activities monitoring because of the space in data center is very small and limited.  Enforced Policy must be followed and understood by employee upon entry.  All staff must be conversant and understand the security plan and procedures.

CONCLUSION  Further enhancement on security should be performed to increase the security by upgrading the access control system and provide biometric access door.  To plan and provide an effective security, organization should always implement broad range solutions based on the identification principles of what you have, what you know, and who you are.  By combining an assessment of risk tolerance with an analysis of access requirements and available technologies, an effective security system can be designed to provide a realistic balance of protection and cost.