1C - Physical Security Controls

Question 1

Why are physical security controls put in place?

Answer 1

Stop unauthorised access to the company or access to data

Question 2

What are the 3 groups of physical controls?

Answer 2

Perimeter security, Building security, Device protection

Question 3

What are the 7 perimeter security solutions? (With examples if necessary)

Answer 3

1. Signage - highly visible warning signs
2. Fences / gates - fence controlled by gate, bollard
3. Access Control - armed guards checking identity
4. Lighting
5. Cameras - CCTV around perimeter and on doorways
6. Robot Sentries
7. Industrial Camouflage - disguising entrances, make buildings look like residential housing from above

Question 4

Why do you use signage at the perimeter?

Answer 4

As a deterrent

Question 5

What are the 2 reasons for using lighting at the perimeter?

Answer 5

1. Those trying to enter at night can be seen

2. Safety

Question 6

What do Robot Sentries do?

Answer 6

Robot Sentries parol the perimeter, shout out warnings and can be armed.

Question 7

Why do you use Industrial Camouflage?

Answer 7

So that it is difficult for surveillance operatives to spot it.

Question 8

What are the 14 Building Security solutions? (With examples if necessary)

Answer 8

1. (Armed) Security guards - one being a dog-handler
2. Two-person integrity / control
3. Badges
4. Key Management (when keys are signed out and in)
5. Mantraps (turnstile devices that only let 1 person in at a time)
6. Proximity cards
7. Tokens
8. Biometric locks
9. Electronic locks
10. Burglar alarms
11. Fire alarms / smoke detectors
12. Internal protection - toughened glass container with locks, sturdy mesh with locks), protected distribution cabling, screen filters.
13. Conduits / cable distribution
14. Environmental Controls - HVAC, fire suppression systems

Question 9

What are some requirements for badges

Answer 9

1. Visitors badges are only awarded after signing a visitor book and they are on an access control list.
2. Visitor badges must be a different colour to employee badges
3. Employee badges must have a name, signature and photograph of badge holder.
4. Badges should be visible at all times and if not the person should be challenged.

Question 10

What is the purpose of key management?

Answer 10

Prevents someone from taking the keys away and cutting a copy

Question 11

Types of biometric locks?

Answer 11

Fingerprint, retina, palm, voice, iris scanners, facial recognition

Question 12

What are the settings for electronic locks?

Answer 12

Fail open: door opens during a power cut

Fail safe: door shuts during a power cut

Question 13

What are conduits? Why are they used?

Answer 13

Cables placed inside. They protect cables from tampering and being chewed by rodents.

Question 14

What are the 6 device protection solutions? Explain each.

Answer 14

1. Cable Locks - secures laptops and tablets so that nobody can steal them
2. Air Gap - computer taken off network with no cable or wireless connection
3. Laptop Safe
4. USB Data Blocker - blocks data pins on USB device
5. Vault - where data can be encrypted and stored in the cloud.
6. Faraday Cage - metal mesh structure built into walls to prevent wireless / cellular phones working and from electronic emissions escaping.

Question 15

How do you extract data from an Air Gap device?

Answer 15

USB or CD Rom

Question 16

Why use a USB Data Blocker?

Answer 16

Prevent juice jacking - the stealing of data during the charging of USB devices.