Chapter 3 mod 2

Question 1

Define physical access controls and provide examples.

Answer 1

Physical access controls are tangible mechanisms deployed to prevent, monitor, or detect direct contact with systems or areas within a facility. Examples include security guards, fences, motion detectors, locked doors/gates, sealed windows, lights, cable protection, laptop locks, badges, swipe cards, guard dogs, cameras, mantraps/turnstiles, and alarms.

Question 2

What is the primary purpose of physical access controls in the context of security?

Answer 2

The primary purpose of physical access controls is to protect assets, with a priority on the security of personnel, followed by securing other physical assets within a company.

Question 3

How do physical access controls contribute to preventing unauthorized access?

Answer 3

Physical access controls prevent unauthorized access by deploying mechanisms such as locked doors, fences, mantraps/turnstiles, and motion detectors to monitor and restrict contact with systems or areas.

Question 4

In the hierarchy of protection, what is prioritized first when considering physical access controls?

Answer 4

When considering physical access controls, the security of personnel is prioritized first, followed by securing other physical assets of the company.

Question 5

Why are physical access controls considered necessary for a company’s assets?

Answer 5

Physical access controls are necessary to protect a company’s assets, including its most important asset, people. They are deployed to safeguard against unauthorized access and potential threats.

Question 6

Provide an example of a physical access control that monitors movement within a facility.

Answer 6

An example of a physical access control that monitors movement within a facility is a motion detector, which can trigger alarms or alerts when unauthorized movement is detected.

Question 7

How do physical access controls contribute to the protection of personnel in a company?

Answer 7

Physical access controls contribute to the protection of personnel by implementing measures like security guards, locked doors, badges, and mantraps/turnstiles to ensure the safety of individuals within a facility.

Question 8

Explain the role of badges and swipe cards as physical access controls.

Answer 8

Badges and swipe cards act as physical access controls by providing authorized personnel with tangible means to gain entry to secure areas, helping to prevent unauthorized access.

Question 9

What tangible elements fall under the category of physical access controls?

Answer 9

Tangible elements that fall under physical access controls include security guards, fences, motion detectors, locked doors/gates, sealed windows, lights, cable protection, laptop locks, badges, swipe cards, guard dogs, cameras, mantraps/turnstiles, and alarms.

Question 10

In the context of physical security controls, what is considered the top priority?

Answer 10

In the context of physical security controls, the top priority is the security of personnel, emphasizing their safety and well-being within a company’s facilities.

Question 11

What are some technologies used for physical security controls for human traffic, and how do they operate?

Answer 11

Technologies such as turnstiles, mantraps, and remotely or system-controlled door locks are employed for physical security controls. Access control systems use badge systems, where badges are produced and issued to authorized employees, granting access to specific areas.

Question 12

Describe the enrollment process in an access control system with badge systems.

Answer 12

During the enrollment process in an access control system with badge systems, an authorized employee’s identifiers are assigned and activated using an enrollment station. A badge is produced, providing access to specific areas, and in high-security environments, enrollment may include biometric characteristics.

Question 13

What card types are commonly used in access control systems for badge systems and gate entry?

Answer 13

Various card types are used in access control systems, including bar code, magnetic stripe, proximity, smart, and hybrid cards. These cards enable access to controlled areas based on the individual’s authorization.

Question 14

How does an access control system authenticate an individual using a badge in gate entry?

Answer 14

An access control system authenticates an individual by comparing the information on their badge against a verified database. If authenticated, the system sends output signals, allowing authorized personnel to pass through a gate or door to a controlled area.

Question 15

What role does Crime Prevention through Environmental Design (CPTED) play in physical security controls?

Answer 15

CPTED focuses on creating safer workspaces through passive design elements, influencing the flow of people, signaling who should be in a space, and providing visibility to reduce the likelihood of criminal activities. Security professionals use CPTED in the design, operation, and assessment of organizational security environments.

Question 16

How does CPTED address the challenges of crime through design methods?

Answer 16

CPTED addresses the challenges of crime by directing the flow of people, using passive techniques to signal appropriate access to spaces, and enhancing visibility to deter criminal activities in specific areas.

Question 17

What are the two primary processes involved in a biometric authentication solution?

Answer 17

A biometric authentication solution involves two processes: Enrollment, where the user’s registered biometric code is stored, and Verification, where the user presents their biometric data to compare it with the stored biometric code.

Question 18

Provide examples of physiological biometric systems.

Answer 18

Physiological biometric systems measure characteristics such as fingerprints, iris scans, retinal scans, palm scans, and venous scans. Some devices combine processes, like checking for pulse and temperature on a fingerprint scanner.

Question 19

What does behavioral biometrics measure, and what are examples of behavioral biometric systems?

Answer 19

Behavioral biometrics measure how a person acts, including voiceprints, signature dynamics, and keystroke dynamics. Keystroke dynamics, for instance, measures behavior such as delay rate and transfer rate as a person types.

Question 20

What challenges and drawbacks are associated with the implementation and use of biometric systems?

Answer 20

Biometric systems are considered highly accurate but can be expensive to implement and maintain. Challenges include the cost of equipment, user discomfort with privacy invasion, and the risk of disclosing medical information. Device sanitization is also a challenge.

Question 21

What role do cameras play in maintaining organizational security, and what capabilities do they offer?

Answer 21

Cameras are integrated into the overall security program for surveillance and monitoring. They act as a deterrent, can detect activities when combined with other sensors, and provide forensic evidence if recorded. Cameras are effective in locations with difficult access or where a forensic record is needed.

Question 22

How can motion sensor technologies enhance the capabilities of cameras for exterior monitoring?

Answer 22

Motion sensor technologies, including infrared, microwave, and lasers trained on tuned receivers, can augment the detection capabilities of cameras for exterior monitoring. These sensors, integrated into doors, gates, and turnstiles, detect intruders attempting to breach the perimeter.

Question 23

What is the purpose of physical logs in the context of organizational security, and how are they used?

Answer 23

Physical logs, such as sign-in sheets or electronic system logs managing physical access, record events. They support business requirements, are essential for legal or business reasons, and may be needed for compliance, forensic investigations, and protecting sensitive data. Regular review and adherence to log retention guidelines are crucial.

Question 24

Why is it important to protect logs from manipulation, and what steps should be taken to ensure their security?

Answer 24

Logs must be protected from manipulation as they may be needed for compliance and forensic purposes. Organizations should establish policies for regular log review, set guidelines for log retention, and implement measures to safeguard logs from unauthorized access or tampering.

Question 25

What is a log anomaly, and why is identifying anomalies crucial in the context of security monitoring?

Answer 25

A log anomaly is anything out of the ordinary, and identifying them is vital for identifying security-related issues. Anomalies may include gaps in date/time stamps, account lockouts, or unusual activities. They are key indicators during audits and routine monitoring.

Question 26

How do business and legal requirements influence log retention policies, and what standards may mandate specific retention periods?

Answer 26

Business and legal requirements vary, influencing log retention policies. Standards like the Payment Card Industry Data Security Standard (PCI DSS) may mandate specific retention periods, and legal department guidelines often drive log retention policies.

Question 27

What is the primary purpose of alarm systems, and how do they operate in response to unexpected events?

Answer 27

Alarm systems, found on doors and windows, are designed to alert appropriate personnel when opened unexpectedly. They can be activated by unauthorized access, heat, or smoke. Different alarm types, such as fire alarms and panic buttons, serve specific purposes in alerting response personnel.

Question 28

How do alarm systems differentiate between authorized and unauthorized access to trigger alarms?

Answer 28

Alarm systems differentiate between authorized and unauthorized access based on input methods, such as entering a code or swiping a badge. Unauthorized access, without the correct authentication, triggers the alarm, serving as a security measure.

Question 29

What is the role of security guards as a physical security control, and how do they complement other access control measures?

Answer 29

Security guards serve as effective physical security controls, discouraging unauthorized access. They complement other access control measures by actively monitoring and deterring individuals from masquerading or attempting unauthorized access, preventing theft and abuse of equipment or information.