Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Caveon, 2006 Under Lock and Key: Conducting a Physical Security Audit John Fremer, Ph.D – President, Caveon Jamie Mulkey, Ed.D. – Sr. Director Caveon.

Published byBrianna Williams Modified over 10 years ago

Similar presentations

Presentation on theme: "© Caveon, 2006 Under Lock and Key: Conducting a Physical Security Audit John Fremer, Ph.D – President, Caveon Jamie Mulkey, Ed.D. – Sr. Director Caveon."— Presentation transcript:

1 © Caveon, 2006 Under Lock and Key: Conducting a Physical Security Audit John Fremer, Ph.D – President, Caveon Jamie Mulkey, Ed.D. – Sr. Director Caveon July 19, 2006

2 © Caveon, 2006 Got questions? Get the Card.

3 © Caveon, 2006 Are your tests out partying when you leave the office at night? Lets get out the #2 and change the answer key Yeah, then can see whats happening up the block. I hear they are having a party at the testing house tonight

4 © Caveon, 2006 Webinar focus: Understand the types of materials that need to be put under lock and key Determine who should have access rights to rooms, systems, & paper materials Describe policies to put in place to protect secure information Understand the cultural & attitudinal effects of maintaining physical security

5 © Caveon, 2006 Defining physical security Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution. This includes protection from fire, natural disasters, burglary, theft, vandalism, and terrorism. www.searchsecurity.com

6 © Caveon, 2006 Three main components of physical security Obstacles Methods Surveillance

7 © Caveon, 2006 Like the Shoemakers children…

8 © Caveon, 2006 The problem with most testing programs Security is penetrable Materials too easily accessible Lack of formal process

9 © Caveon, 2006 Got Questions?

10 © Caveon, 2006 Putting materials under lock & key Test files Candidate records Candidate agreements Vendor agreements Discarded product Putting most secure content in most secure areas

11 © Caveon, 2006 Who has access? Determine a chain of responsibility Maintaining a list of who needs access to what materials Rules for sending confidential material to others Vendor physical security agreements Visitor access Training of staff Access is limited to need to know

12 © Caveon, 2006 Policy management Procedures appropriate to the context Policies for access to test items, test publication, test administration Processes for employees who leave the company Escalation plan when a breach does occur Back up and disaster recovery plans Use score card to evaluate how you are doing

13 © Caveon, 2006 Culture & attitude Higher success when individuals recognize the value of policies Employees and vendors more likely to comply, not get around Ongoing security training and awareness activities help

14 © Caveon, 2006 Conducting a physical security audit Objective, third-party auditors Explicit written standards, carefully developed, using available models: Transmission of secure materials Access to items banks Password change frequency Materials reviewed in advance

15 © Caveon, 2006 Conducting a physical security audit Individual and group interviews Physical examination of work area and procedures Distinguishing between formal policy and actual practice Written report with recommendations for improvement Follow-up after defined time interval

16 © Caveon, 2006 Sample recommendations Enhance building access controls: Require visitors to present ID before being admitted to the building Scan and post-incident records on internal system with limited, secure access to the files Secure files with combination locks for the file cabinets Maintain an entry/exit log for use of materials in the secure storage vault Make secure files difficult to get to

17 © Caveon, 2006 Got Questions?

18 © Caveon, 2006 Results of physical security audits Increased awareness and training among staff Installation of locks and locked access areas Reduced number of access points into the building Issuance of system password policies Move from physical to electronic files Moving most vulnerable stuff into most secure area

19 © Caveon, 2006 Points we hope you will take away What needs to be put under lock and key? Who needs access? What policies need to be put in place? What culture and behaviors need to be reinforced? Who can I bring in to evaluate my physical environment?

20 © Caveon, 2006 Thanks for attending! John Fremer, Ph.D. john.fremer@caveon.com (215) 805-3007 Jamie Mulkey, Ed.D. jamie.mulkey@caveon.com 916 652-4017 phone 916 765-8838 mobile www.caveon.com Please contact us:

Download ppt "© Caveon, 2006 Under Lock and Key: Conducting a Physical Security Audit John Fremer, Ph.D – President, Caveon Jamie Mulkey, Ed.D. – Sr. Director Caveon."

Similar presentations

Pennsylvania BANNER Users Group 2007 Disaster Recover For The Financial Aid Environment.

Pennsylvania BANNER Users Group 2007 Disaster Recover For The Financial Aid Environment.
HIPAA Security.

HIPAA Security.
Chapter 7: Physical & Environmental Security

Chapter 7: Physical & Environmental Security
Internal Controls What Are They And Why Should I Care? 1.

Internal Controls What Are They And Why Should I Care? 1.
Test Security Company Perspective Presented by: John Fremer, President, Caveon Consulting Services NCSA – June 2014.

Test Security Company Perspective Presented by: John Fremer, President, Caveon Consulting Services NCSA – June 2014.
BUS VIDEO RECORDINGS COLLECTION – PROCESSING - REDACTION - SHARING WHAT IS RIGHT FOR YOUR DISTRICT?

BUS VIDEO RECORDINGS COLLECTION – PROCESSING - REDACTION - SHARING WHAT IS RIGHT FOR YOUR DISTRICT?
Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.

Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.
Securing NPI Mary Schuster Mike Murphy.  Gramm-Leach-Bliley Act Enacted to control the ways that financial institutions deal with the private information.

Securing NPI Mary Schuster Mike Murphy.  Gramm-Leach-Bliley Act Enacted to control the ways that financial institutions deal with the private information.
Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.

Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.
Security Awareness Lloyd Guyot – Steelcase Ed Jaros – Tenundra Inc. July 17, 2003.

Security Awareness Lloyd Guyot – Steelcase Ed Jaros – Tenundra Inc. July 17, 2003.
Security Controls – What Works

Security Controls – What Works
IT Retreat 2009 IT Security Controls and Initiatives.

IT Retreat 2009 IT Security Controls and Initiatives.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Steps to Compliance: Risk Assessment PRESENTED BY.

Steps to Compliance: Risk Assessment PRESENTED BY.
Wisconsin Knowledge & Concepts Examination (WKCE) Test Security Wisconsin Department of Public Instruction Office of Educational Accountability 06/26/2013.

Wisconsin Knowledge & Concepts Examination (WKCE) Test Security Wisconsin Department of Public Instruction Office of Educational Accountability 06/26/2013.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA HIPAA Basic.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
General Awareness Training

General Awareness Training

Similar presentations

Ads by Google