Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stephen S. Yau CSE 465 & CSE591, Fall 2006 1 Physical Security for Information Systems.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Stephen S. Yau CSE 465 & CSE591, Fall 2006 1 Physical Security for Information Systems."— Presentation transcript:

1 Stephen S. Yau CSE 465 & CSE591, Fall 2006 1 Physical Security for Information Systems

2 Stephen S. Yau CSE 465 & CSE591, Fall 2006 2 Importance of Physical Security Most people focus on protecting logical systems (software that is running) If you cannot protect the physical systems (computer hardware), you cannot protect the program and data running on the hardware –Physical security deals with who has access to buildings, computer rooms, and the devices within them –Protect sites from natural and man-made physical threats

3 Stephen S. Yau CSE 465 & CSE591, Fall 2006 3 Physical Security Threats Weather –Tornadoes, hurricanes, floods, fire, snow, ice, heat, cold, humidity, etc. Fire/chemical –Explosions, toxic waste/gases, smoke, fire Earth movement –Earthquakes, mudslides Structural failure –Building collapse because of snow/ice or moving objects (cars, trucks, airplanes, etc.)

4 Stephen S. Yau CSE 465 & CSE591, Fall 2006 4 Physical Security Threats (cont.) Energy –Loss of power, radiation, magnetic wave interference, etc. Biological –Virus, bacteria, etc. Human –Strikes, theft, sabotage, terrorism and war

5 Stephen S. Yau CSE 465 & CSE591, Fall 2006 5 Physical Security Areas Educating personnel –An educated staff is best weapon a company can have against illegitimate and accidental acts by others Administrative controls –Address procedural and codified applications of physical controls Physical security controls –Enforce proper controls for physical contact of system facilities

6 Stephen S. Yau CSE 465 & CSE591, Fall 2006 6 Physical Security Areas (cont.) Technical controls –Use of computer hardware and software to protect facilities as opposed to some of traditional “pure physical” techniques Environmental/life-safety controls –Ensure infrastructure to maintain proper operating environment for both human and machine

7 Stephen S. Yau CSE 465 & CSE591, Fall 2006 7 Educating Personnel Security staff should be prepared for potential of unforeseen acts Other employees should be reminded periodically of importance of helping their surroundings secure –Being mindful of physical and environmental considerations required to protect information systems –Adhering to emergency and disaster plans –Monitoring unauthorized use of equipment and services, and reporting those activities to security personnel –Recognizing security objectives of organization –Accepting individual responsibilities associated with their jobs and that of their coworkers

8 Stephen S. Yau CSE 465 & CSE591, Fall 2006 8 Administrative Controls Restricting Work Areas –First identify access rights to the site in general –Then decide various access rights required by each location (rooms, elevators, buildings) within the site Escort Requirements and Visitor Control –In many government facilities or facilities with strong government ties, foreign nationals are not allowed unescorted access to any site within the facility. Escorted access requires background clearance and onsite identity check –For less secure sites, visitor must have a clear purpose for visit and a confirmed contact within the site. A temporary badge will be given after the visitor sign-in at the security desk

9 Stephen S. Yau9 Administrative Controls (cont.) Site Selection –Visibility Most data centers are not descriptive. They do not want to advertise what they are and attract undue attention –Locale considerations Neighborhood, local ordinances and variances, crime rate, hazardous sites nearby, such as landfills, waste dumps, or nuclear reactors, etc. –Natural disasters –Transportation Airport, highways, railroads, etc.

10 Stephen S. Yau CSE 465 & CSE591, Fall 2006 10 Physical Security Controls Perimeter Security Controls –Gates, fences, turnstiles, mantraps Badging –Photo identification that not only authenticates an individual, but also continues to identify the individual while inside the facility

11 Stephen S. Yau CSE 465 & CSE591, Fall 2006 11 Physical Security Controls (cont.) Keys and Combination Locks –Mechanical locks, password locks, electronic locks, etc. Security Dogs –Well-trained dogs are good at detecting intruders or sniffing out explosives Lighting –Proper lighting could serve as a deterrent

12 Stephen S. Yau CSE 465 & CSE591, Fall 2006 12 Technical Controls Smart card –It carries a semiconductor chip with logic and nonvolatile memory –It can store software that detects unauthorized tampering and intrusions to the chip itself and if detected, can lock or destroy the contents of the chip to prevent disclosure or unauthorized uses –Three major types: contact, contact-less and combinations of the two.

13 Stephen S. Yau CSE 465 & CSE591, Fall 2006 13 Technical Controls (cont.) Audit Trails/Access Logs Physical Intrusion Detection –Metallic foil tape, infrared light beams, motion sensors Alarm Systems –Systems like ADT that monitors and responds to intrusion alert from a central location

14 Stephen S. Yau14 Technical Controls (cont.) Biometrics –Use characteristics of a human, such as face, eyes (iris), voice, fingerprints, DNA, hands, signature, and even body temperature. –Using biometrics in conjunction with standard forms of authentication ( such as password, smart card, etc.), security can further be enhanced –Need to balance convenience with security [t1-ch11.4, t2-ch12.4]

15 Stephen S. Yau CSE 465 & CSE591, Fall 2006 15 Environmental/Life-safety Controls Power –When there is a power-outage, emergency lights and continuing functioning of those electronic gates are needed –Computers will not function without power –Uninterrupted: Uninterrupted Power Service (UPS) and emergency power-off switch –Constant voltage and current: regulator

16 Stephen S. Yau CSE 465 & CSE591, Fall 2006 16 Environmental/Life-safety Controls (cont.) Fire\Chemical Detection and Suppression –Targets: Explosions, toxic waste/gases, smoke, fire –Detectors: heat sensor, flame detector, smoke detector –Extinguish systems: water-sprinkler or gas-discharge system Heating, Ventilation and Air Conditioning –Computers require temperature and humidity control to function correctly –Human that operates systems need a reasonable working environment

Download ppt "Stephen S. Yau CSE 465 & CSE591, Fall 2006 1 Physical Security for Information Systems."

Similar presentations

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.
Chapter 7: Physical & Environmental Security

Chapter 7: Physical & Environmental Security
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Computer Security Computer Security is defined as:

Computer Security Computer Security is defined as:
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.

Copyright 2004 Foreman Architects Engineers School Security From Common Sense to High Tech.
Chapter 5 Enhancing Security Through Physical Controls

Chapter 5 Enhancing Security Through Physical Controls
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.

Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.

Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Information Security Principles and Practices

Information Security Principles and Practices
1010 CHAPTER PRIVACY AND SECURITY. © 2005 The McGraw-Hill Companies, Inc. All Rights Reserved. 10-2 Competencies Describe concerns associated with computer.

1010 CHAPTER PRIVACY AND SECURITY. © 2005 The McGraw-Hill Companies, Inc. All Rights Reserved Competencies Describe concerns associated with computer.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.
Microsoft Technology Associate

Microsoft Technology Associate
Information Systems Security Physical Security Domain #4.

Information Systems Security Physical Security Domain #4.
Chapter 7: Assuring Safety and Security in Healthcare Institutions

Chapter 7: Assuring Safety and Security in Healthcare Institutions
Physical Security Chapter 9.

Physical Security Chapter 9.
Chapter 3.  Security Framework  Operational Security Lifecycle  Security Perimeter  Access Control  Social Engineering  Environmental Issues.

Chapter 3.  Security Framework  Operational Security Lifecycle  Security Perimeter  Access Control  Social Engineering  Environmental Issues.
Chapter 8: Disaster Management

Chapter 8: Disaster Management

Similar presentations

Ads by Google