Chapter 8: Physical Security Control

Question 1

Physical threat types

Answer 1

Weather: tornadoes, hurricanes, floods, fire, snow, ice, heat, cold, humidity, etc

Fire/chemical: Explosions, toxic waste and gases, smoke, and fire

Earth movement: earthquakes and mudslides

Structural failure: building collapse because of snow/ice or other moving objects (cars, trucks, airplanes, etc)

Energy: Loss of power, radiation, magnetic wave interference, etc

Biological: Virus, bacteria, infestations of animals or insects

Human: Strikes, sabotage, terrorism, war

Question 2

Physical security measures

Answer 2

Education of personnel

Administrative access controls such as work areas restrictions, visitor control, and site selection

Physical controls such as perimeter security, badging, keys and combination locks, security dogs, lighting, fencing, and guards

Technical controls, such as smart cards, audit trails, intrusion detection systems, and biometrics

Environmental/life safety controls

Question 3

Education for personnel

Answer 3

Being mindful of physical or environmental considerations to protect systems

Adhering to disaster or emergency plans

Monitoring unauthorized use of equipment or services and reporting it

Recognizing security objects for the organization

Accepting individual responsibility for their own security and that of their coworkers

Question 4

Administrative access controls

Answer 4

Restricting work areas via doors, badging, etc and enforcing least amount of access required

Visitor control such as a sign in log or preadmission paperwork requirements, and an onsite escort

Site selection, to account for things like visibility, surrounding neighborhood, local ordinances and protections, nearby hazards, etc. Also accounts for Natural disasters, ( things like tornadoes, earthquakes, etc), and transportation infrastructure

Question 5

Physical Security Controls

Answer 5

Perimeter controls, such as fences, timed gates, concertina wire, perimeter intrusion and detection assessment system (PIDAS), mantraps, etc.

Badging

Keys and combination locks (designed usually to delay, not completely stop since locks can be broken)

Security dogs

Lighting (in some cases required to be mounted 8 feet high and burn at 2 candelas)

Question 6

Technical controls

Answer 6

Smart cards (saving encryption keys, passwords, and other information on the card that moves with the person rather than sits on a workstation, and then is guarded with secondary security, such as biometrics

Audit trails and access logs:

Intrusion Detection: dry contact switches (like window alarms), photoelectric sensors, motion detectors

Alarm system: where intrusion detection is layered and repeated into a larger net

Biometrics: fingerprints is the norm now, other version are being developed

Question 7

Environmental Controls

Answer 7

Power: backup power sources such as generators

Fire detection and suppression
Fire types: common combustibles, liquids,
electrical, and combustible metal

 Fire detectors: heat, flame, smoke

 Fire extinguishing systems: 
      wet pipe: water lives in the pipes
      dry pipe: water held outside the pipes behind a 
                       valve
      deluge: dry pipe, but with crap tons more water
      preaction: combination of wet and dry pipe

HVAC: controls the temp around the operating equipment and is classed as an emergency in some situations