Chapter 10 Physical Security

Slides:



Advertisements
Similar presentations
Physical Security.
Advertisements

Physical and Environmental Security
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Computer Security Computer Security is defined as:
Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
“Why do we need Security”  Each business has unique security and safety needs, e.g. Inventory Shrinkage and Theft Personal Safety Break Ins Moving Your.
Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.
Rafrex LLC - RFID Solutions
Chapter 5 Enhancing Security Through Physical Controls
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Copyright © Center for Systems Security and Information Assurance Lesson Seven Physical Security.
Principles of Information Security, 3rd Edition 2 Introduction  Physical security addresses the design, implementation, and maintenance of countermeasures.
Stephen S. Yau CSE 465 & CSE591, Fall Physical Security for Information Systems.
Information Security Principles and Practices
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.
Information Systems Security Physical Security Domain #4.
Chapter 7: Assuring Safety and Security in Healthcare Institutions
Physical Security Chapter 9.
Physical and Environmental Security CISSP Guide to Security Essentials Chapter 8.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Physical Security.
Card Access and Electronic Security Systems at SUNY Oneonta Installation, Commissioning and Implementation.
每时每刻 可信安全 1 What category of water sprinkler system is currently the most recommended water system for a computer room? A Dry Pipe sprinkler system B Wet.
Principles of Information Security, Fifth Edition
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Module 02: 1 Introduction to Computer Security and Information Assurance Objectives Recognize that physical security and cyber security are related Recognize.
Property Risks – The Surveyor’s Perspective Stuart Blackie UK Risk Engineering - Property Snakes & Ladders Managing Risk in Higher Education 23 April 2008.
Understanding Security Layers
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
Chapter 6.  Natural environmental threats  Supply system threats  Manmade threats  Politically motivated threats.
Physical Security By: Christian Hudson. Overview Definition and importance Components Layers Physical Security Briefs Zones Implementation.
Physical Security “Least sexy of the 10 domains but the best firewall in the world will not stand up to a well placed brick.”
Chapter 15 Industrial Security. Loss Specific to Industry  Industrial losses frequently include:  Tools.  Materials.  Supplies.  Products.  Pallets.
Principles of Information Security, 2nd Edition 2 Learning Objectives Upon completion of this material, you should be able to:  Understand the conceptual.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Physical Site Security.  Personnel  Hardware  Programs  Networks  Data  Protection from:  Fire  Natural disasters  Burglary / Theft  Vandalism.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 16 “Physical and Infrastructure.
Security Issues and Strategies Chapter 8 – Computers: Understanding Technology (Third edition)
Physical (Environmental) Security
PARTNERING for your INTERESTS Companies invest in security to protect their people, property and information. In doing so, they are also protecting the.
Site Security Policy Case 01/19/ : Information Assurance Policy Douglas Hines, Jr.
Security fundamentals Topic 11 Maintaining operational security.
Physical and Environmental Security Chapter 5 Part 2 Pages 457 to 499.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Bailey Ryan.
Privacy Act United States Army (Managerial Training)
Energy Huntsville Opportunity Report and Government Collaboration February 2016.
Copyright© 2005 Avaya Inc. All rights reserved Avaya UPS Training powerware.com/avaya.
Risk Assessment and Risk Management James Taylor COSC 316 Spring 2008.
Physical Security Ch9 Part I Security Methods and Practice CET4884 Principles of Information Security, Fourth Edition.
Physical Security Ch9 Part II Security Methods and Practice CET4884 Principles of Information Security, Fourth Edition.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 13 – Physical and.
Presented BY BEISecurity. Fiber-Optic Perimeter Intrusion Detection System.
Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.
Criminal Justice Intro to Security, Instructor Name Date, Semester Chapter 4: PHYSICAL SECURITY: STRUCTURAL, ELECTRONIC, AND HUMAN PROTECTION SYSTEMS.
Module 5: Designing Physical Security for Network Resources
Physical and Technological Security
Physical Security.
Domain 5 – Identity and Access Management
CompTIA Security+ Study Guide (SY0-401)
NETW4005 COMPUTER SECURITY A
Site Based Preconstruction – Site Set Up
CompTIA Security+ Study Guide (SY0-401)
Physical and Environmental Security
CompTIA Security+ Study Guide (SY0-501)
Army Physical Security Initiatives
Objectives Telecommunications and Network Physical and Personnel
Physical Security.
Managing the IT Function
Presentation transcript:

Chapter 10 Physical Security BIS 4113/6113 “Physical controls are your first line of defense, and people are your last.” (p.386)

Physical Security? How does it relate to our class? AMRC Server missing Dell Optiplex GX-620, used for backup Patient, financial information Noticed when queries were being ignored

Cause & Effect Anatomy of physical breach C I Host Inc. Unlocked entrances Guard not at post Physical attack on data center worker (!) $100,000 of equipment stolen

YouTube video CBS NEWS Investigation

How far does your responsibility go? Dept of Veterans’ Affairs, 2006 2009 Audit of VA contracts 6000 of 22K contracts did not include infosec clauses 578 contractors refused to sign 2010: Two laptops stolen from VA contractors 1500 veterans’ records exposed 2010: Blue Cross Blue Shield of TN Theft of hard drives from abandoned office building Up to 220,000 customers’ identities compromised Up to $7M spent in response

Common Physical Threats Fire/smoke Water (rising/falling) Earth movement Storms Sabotage/vandalism Explosions Building collapse Toxic materials Utility loss Equipment failure Personnel loss (strikes, illness, transport, etc.)

Planning Physical Security (p.390) Deterrence Denial Detection Delay

3 Levels of Security Controls Administrative Site selection Environmental dangers Proximity to resource/emergency facilities Facility Design Work areas Server rooms Appropriate partitioning Visitation

3 Levels of Security Controls Physical Fences, gates, turnstiles, mantraps Appropriate lighting Guards & dogs Motion detectors CCTV Intrusion alarms

3 Levels of Security Controls Technical Smart cards RFID readers Physical IDS Emanation security

Special Considerations Server Rooms (p.393) One hour minimum fire rating Halon suppression Data Centers (p.396) Means of access (smartcards, proximity readers) Two-factor authentication

Power Issues Fault (temporary loss) Blackout (complete loss) Undervoltage (sag, brownout) Overvoltage (spike, surge) Interference (noise) UPS Clean power

Equipment Failure (p.390) Costs Other metrics Storage, transportation, installation, restoration Other metrics MTTF (Mean Time to Failure) MTTR (Mean Time to Repair) Waiting for complete failure before replacement: Bad

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.