Presentation is loading. Please wait.

Presentation is loading. Please wait.

Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.

Similar presentations

Presentation on theme: "Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456."— Presentation transcript:

1 Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456

2 Physical Security Theft Vandalism Environmental threats – Floods, earthquakes, tornadoes, fires Power outages

3 Physical Security Most people in information security do not think about physical security Many facilities are built with functionality or aesthetics in mind with not as much concern for physical security A security professional needs to regard security as a holistic process

4 Physical Security Need to evaluate physical security from the standpoint of a potential criminal to remedy vulnerabilities Recognize potential for civil suits for not practicing due diligence and due care regarding physical security

5 Physical Security Both safety and security Safety – Protection of life and assets against fire, natural disasters, and accidents Security – Vandalism, theft Protection of life is primary

6 Layered Defense Fences, walls, security guard, locked rooms Deterrence – Fences, security guards Delaying – Locks

7 Layered Defense Detection – Smoke detectors, motion detectors Response procedure – File suppression mechanism, law enforcement notification Incident Assessment – Determine the damage level

8 Good Security Enables employees to do their jobs Encourages attackers to move on to easier targets

9 Planning Laws and Regulations Risk Analysis – Vulnerabilities, Threats, Business Impact Acceptable level of risk by management Implement countermeasures Performance based approach – Metrics of effectiveness (page 433)

10 CPTED Crime Prevention Through Environmental Design Different from target hardening – Make it a pleasant place Hedges and planters should be no more than 2.5 feet high so they cannot be used to gain access to windows.

11 CTPED Data center in center of building Natural access control – Guidance for people enter and leaving the building – Figure 5-2 on page 438 Natural Surveillance – Clear lines of sight to discourage criminals – Figure 5.3 on page 441

12 CTPED Natural Territorial Reinforcement – Physical design to create a sense of community that must be protected – Illegal activities will not be ignored

13 Designing a Physical Security Program Assess the protection levels of existing facilities Regulations (e.g. OSHA, EPA) Legal issues Should have Facility Safety Officer

14 Facility Site Selecting a site (Page 445) Example: – Telecommunication facility containing critical infrastructure No sign Hard to see from the road

15 Facility Construction Major items that need to be addressed from a physical security point of view. – Pages 446-448 – Identify the threats – Fire code

16 Entry Points Weakest points are doors and windows Also, door hinges Doors – Hollow-core = kicked-in or cut – Solid-core Mantraps

17 Entry Points Windows – Where security and aesthetics comes to blows – Standard glass Common in residences Easily broken – Window Types on page 452 Internal Partitions – Figure 5-4 on page 453

18 Computer Room Most computer equipment can be controlled remotely. Do not need personnel in data center. Only one entry and exit. In the core of the building. Not in the basement. Flooding. Restricted area. Not directly accessible from public areas.

19 Computer Room Away from water pipes. Emergency OFF. Allow employees to leave before gas fire suppression is released.

Download ppt "Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456."

Similar presentations

Ads by Google