Presentation is loading. Please wait.

Presentation is loading. Please wait.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Published byPhilomena Cunningham Modified over 8 years ago

Similar presentations

Presentation on theme: "Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,"— Presentation transcript:

1 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Operational and Organizational Security Chapter 3

2 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionObjectives Identify various operational aspects to security in your organization. Describe the physical security components that can protect your computers and network. Identify environmental factors that can affect security. Identify factors that affect the security of the growing number of wireless cellular technologies used for data transmission. Prevent disclosure through electronic emanations.

3 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms Biometrics Bluetooth Guidelines Heating, Ventilation, and Air Conditioning (HVAC) IEEE 802.11 Physical security Policies Procedures Standards TEMPEST Uninterruptible power supply (UPS)

4 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Security Operations in Your Organization The operational model of security –Protection = Prevention + (Detection + Response) No matter how secure we attempt to make our systems, some way will always be found to circumvent the safeguards we have in place. Prevention technologies are static. Detection and response technologies are dynamic.

5 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Policies –High-level, broad statements of what the organization wants to accomplish Procedures –Step-by-step instructions on how to implement policies in the organization Standards –Mandatory elements regarding the implementation of a policy Guidelines –Recommendations relating to a policy Security Operations in Your Organization (continued)

6 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Plan for security Implement the plans Monitor the implementation Evaluate the effectiveness The Operational Process and Policy Lifecycle

7 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Is This the Security Perimeter?

8 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition A More Complete Diagram

9 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Physical Security Physical security consists of all mechanisms used to ensure that physical access to the computer systems and networks is restricted to only authorized users. No matter how good your computer and network security is, if a person has physical access, then can compromise the CIA of your information in some way.

10 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Physical Security (continued) Access from all six sides should be considered –Is there a false ceiling with tiles that can be removed? –Is there a raised floor? –Do the monitors face away from windows? –Who has access to the facility? –What type of access control is there to the area? –Are there any guards? –Who is allowed unsupervised access to the facility? –Is there an alarm system or security camera set up?

11 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Access Controls Authentication via –Something you have – key or card –Something you know – combination –Something you are – biometrics Biometrics –More sophisticated and expensive –Not yet 100 percent foolproof Two factor authentication –Using two of the methods for authentication Other controls –Video surveillance, sign-in logs, security guards

12 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Physical Barriers Principle of layered security –Fences –Guard at the gate –Open space –Walls –Signs denoting public and private areas –Man trap

13 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Environmental Issues Heating, ventilation and air conditioning (HVAC) –Used to maintain the comfort of an office environment –Also maintained environment for computers Heat and humidity sensitive devices and network components Uninterruptable Power Supply (UPS) –Used for critical systems so that a loss of power will not halt processing –The larger the battery, the longer the equipment can operate during a loss of power

14 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Fire Suppression Fire is a common disaster. Fire detectors –Smoke detection –Heat detection Fire suppression –Sprinkler-based Standard, but will further damage equipment –Gas-based Halon was used and may still exist in some areas. Halon displaces oxygen and can asphyxiate people in the area when it is dispersed. Halon is being replaced with other gases such as argon, nitrogen, and carbon dioxide. Note that the same danger exists.

15 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Wireless By wireless we mean cellular telephones (“cell phones”) Cell phone network –Phones –Cells with accompanying base stations –Base stations – antennas, receivers, transmitters, and amplifiers –As a person travels, they enter and exit multiple cells. Also used for networking –Bluetooth – for short range personal area network (PAN) –IEEE 802.11 – used for local area networks (LAN)

16 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Electromagnetic Eavesdropping The van Eck phenomenon –Eavesdropping on what is being displayed on monitors by picking up and decoding the electromagnetic interference (EMI) produced by monitors. This phenomenon also applies to printers and computers.

17 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition TEMPEST Transient Electromagnetic Pulse Emanation STandard –The process for controlling emanations Term also refers to a military program to control emanations Three basic ways to protect emanations –Keep equipment at a safe distance. –Provide shielding for equipment. –Provide shielded enclosure, such as a room.

18 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Location Where equipment is situated can increase or decrease its exposure to risk. –Where will you place access points? –How deep in the building can you place sensitive equipment? –What is the proximity of the building to roads? –Where are the monitors? –Where are your printers?

19 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Chapter Summary Identify various operational aspects to security in your organization. Describe the physical security components that can protect your computers and network. Identify environmental factors that can affect security. Identify factors that affect the security of the growing number of wireless cellular technologies used for data transmission. Prevent disclosure through electronic emanations.

Download ppt "Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,"

Similar presentations

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.
PowerPoint ® Presentation Chapter 14 Homeland Security Homeland Security Building Layout Specific CBR Attack Prevention Recommendations Securing Outdoor-

PowerPoint ® Presentation Chapter 14 Homeland Security Homeland Security Building Layout Specific CBR Attack Prevention Recommendations Securing Outdoor-
Chapter 7: Physical & Environmental Security

Chapter 7: Physical & Environmental Security
Objectives: Chapter 9: Data Centre Architecture VLAN definition and benefits * VLANs and broadcast domains * Routers role in VLANs * Types of VLANs * VLANs.

Objectives: Chapter 9: Data Centre Architecture VLAN definition and benefits * VLANs and broadcast domains * Routers role in VLANs * Types of VLANs * VLANs.
Computer Security Computer Security is defined as:

Computer Security Computer Security is defined as:
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
“Why do we need Security”  Each business has unique security and safety needs, e.g. Inventory Shrinkage and Theft Personal Safety Break Ins Moving Your.

“Why do we need Security”  Each business has unique security and safety needs, e.g. Inventory Shrinkage and Theft Personal Safety Break Ins Moving Your.
Chapter 5 Enhancing Security Through Physical Controls

Chapter 5 Enhancing Security Through Physical Controls
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.

Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Copyright © Center for Systems Security and Information Assurance Lesson Seven Physical Security.

Copyright © Center for Systems Security and Information Assurance Lesson Seven Physical Security.
Principles of Information Security, 3rd Edition 2 Introduction  Physical security addresses the design, implementation, and maintenance of countermeasures.

Principles of Information Security, 3rd Edition 2 Introduction  Physical security addresses the design, implementation, and maintenance of countermeasures.
General Security Principles and Practices Chapter 3.

General Security Principles and Practices Chapter 3.
Information Security Principles and Practices

Information Security Principles and Practices
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.
Information Systems Security Physical Security Domain #4.

Information Systems Security Physical Security Domain #4.
Physical Security Chapter 9.

Physical Security Chapter 9.
1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

Similar presentations

Ads by Google