5.1 Physical Security Flashcards
What is physical security?
Security principals put in place to protect people, equipment and facilities.
What are business continuity planning?
Plans you put in place to ensure critical business functions can continue in place of an emergency.
What are disaster recovery plans?
Plans put in place to prepare for a potential disaster, including what to do during and after.
What are the three major concerns for physical security, in order of importance?
People, data, equipment
What are the three main kinds of physical security measures?
deterrent, detective, preventive
What are examples of Deterrent controls?
Signs outside a building - being recorded, beware dogs/ These will only help keep honest people honest.
What are examples of detective controls?
Burglar systems. systems that check for unauthorized activities. Includes humans and animal guards.
What are examples of preventive controls?
Physical means to protect - high walls, mechanical locks, bollards.
Why might you want to use RAID?
As a backup - since a RAID can store information and the infrastructure used to access it - important when data needs to be access remotely all the time incase primary system fails.
What is physical security’s most important concern?
Protecting people
What type of physical access control might you put in place to block access to a vehicle?
Bollards
Can you give three examples of physical controls that work as deterrents?
Signs - human guard - video recording
Can you give an example of how a living organism might constitute a threat to your equipment?
Small insects can chew wires causing shorts - interfere with cooling fans
Which category of physical control might include a lock?
preventive
What is residual data, and why is it a concern when protecting the security of your data?
data left in disposed hard drives, printers, fax machines that may have internal storage. These items need to be fully erased.
What is your primary tool for protecting people?
What are some physical concerns for protecting people?
extreme temps - water - living organisms, mold, Energy anomalies including microwaves, electrical faults by poor insulation. ** Other People are dangerouse
During an emergency (physical) what should you prioritize?
Evacuating
What are Administrative Controls?
Policies, procedures, and guidelines, regulations and laws.
Examples of administrative controls?
Background Checks, drug tests, NDA’s (non disclosure agreements
Whats the primary way to protect data?
Encrypt it
What physical concerns are there for the following?
-Magnetic
-Flash
-Optical
Magnetic - jolting while in motion, magnetic fields
Flash - Crushing the chip, electrical shocks
Optical - scratching the surface, CD, temp sensitive
What is RAID?
Redundant Arrays of Inexpensive Disks
What are three physical concerns for equipment damage?
Extreme temps (especially heat), liquids, living organisms.
Securing access to equipment and facilities involves implementing _____________________ both inside and outside the facility.
multiple layers of security measures
*
Site selection for facilities should consider potential_______ ________and the ability to mitigate them.
environmental threats
How do you avoid residual data?
Properly dispose of it
Ensuring data availability involves protecting both the _____________________ of storage media and the ___________ needed to access it.
physical integrity; infrastructure
The level of physical security implemented should be consistent with_______________________.
the value of the asset being protected.
Identify the 3 Layers of a Defense-in-Depth Strategy
- Physical Controls
- Logical Controls
- Administrative Controls
Identify the 3 Elements of Risk Management in Policies and Procedures
- Risk Identification *
Risk Analysis - Risk Mitigation
Identify 3 Cybersecurity Concepts that Protect IT Infrastructure
- Firewalls
- Intrusion Detection Systems
- Multi-Factor Authentication
Categorize Security Principles According to Asset Needing Protection
Data, Hardware, Software
- Data: Encryption, Backups
- Hardware: Locks, Surveillance
- Software: Patch Management
Classify Threats and Attacks According to CIA Triad
-Interception
Interception: Targets confidentiality
Classify Threats and Attacks According to CIA Triad, Interruption
Interruption: Targets availability
Classify Threats and Attacks According to CIA Triad, Modification
Modification: Targets integrity
Classify Threats and Attacks According to CIA Triad - Fabrication
- Fabrication: Targets integrity and authenticity
Categorize Control Mechanisms
Physical
Logical
Human Error
- Physical Controls: Tackle physical threats
- Logical Controls: Address data threats
- Administrative Controls: Human error mitigation
What are two advantages of flash media over traditional magnetic media?
Speed
Security
Storage
Cost
Speed
Cost