Chapter 9

Question 1

Where to focus for Physical Security (4 factors)?

Answer 1

• Physical security controls
• Protecting people
• Protecting data
• Protecting equipment

Question 2

Physical security: What to protect?

Answer 2

1. People
2. Data
3. Equipment

Question 3

Physical threats

Answer 3

oExtreme temperature
oGases
oLiquids
oLiving organisms
oProjectiles
oMovement
oEnergy anomalies
oPeople
oToxins
oSmoke and fire

Question 4

Physical security controls are…

Answer 4

The devices, systems, people, and other methods we put in place to ensure our security in a physical sense.

Question 5

The 3 types of Physical security controls are…

Answer 5

1. Deterrent
2. Detective
3. Preventive

Question 6

Deterrent Physical security controls:

Answer 6

Designed to discourage those who might seek to violate security controls from doing so

Question 7

Examples of Deterrent Physical security controls

Answer 7

Signs in public places that indicate that video monitoring is in place
oSigns with alarm company logos that we might find in residential areas
oPolicies and regulations
oSecurity measures: guards, dogs, or fences

Question 8

Detective physical security controls:

Answer 8

Serve to detect and report undesirable events that are taking place

Question 9

What Detective physical security controls monitor:

Answer 9

oUnauthorized activity: doors or windows opening, glass being broken
oUndesirable environmental conditions: flooding, smoke and fire

Question 10

Examples of Detective Physical security controls

Answer 10

Burglar alarms
oPhysical intrusion detection system
oHuman or animal guards

Question 11

Preventive physical security controls:

Answer 11

Used to physically prevent unauthorized entities from breaching our physical security

Question 12

Examples of Preventive Physical security controls

Answer 12

oLocks
oHigh fences
oBollards (prevent vehicles from driving into building)
oGuards and dogs

Question 13

How we use physical access controls in the real world:

Answer 13

Residences: locks

oCommercial facilities: locks, alarm systems, and signs

Question 14

An important consideration of physical access controls is :

Answer 14

What to protect?

Question 15

The primary concern of physical security is…

Answer 15

protecting people

Question 16

Why is protecting people most important?

Answer 16

oRecovering data: backup system
oRecovering equipment: buy new equipment
oRecovering experienced people: ?

Question 17

The _____ __ _____ is the first and foremost concern on physical security

Answer 17

safety of people

Question 18

When an emergency is taking place, our priority should be the ________

Answer 18

evacuation

Question 19

Evacuation:

Where:

How:

Who:

Answer 19

Where: where we will be evacuating too

How: the route we will follow to reach the evacuation meeting place

Who: everyone

Question 20

Second only to the safety of our personnel is the safety of our ____.

Answer 20

data

Question 21

Second only to the safety of our personnel is the safety of our ____.

Answer 21

data

Question 22

One of our primary solutions for protecting data:

Answer 22

Encryption

Question 23

Problem with Encryption: Attacks may render it useless by…

Answer 23

oBreaking encryption algorithm itself

oObtaining the encryption keys

Question 24

Based on the concept of defense in depth:

oAnother layer: ______ ______

Answer 24

physical element

Question 25

Physical concerns for data include…

Answer 25

Depending on the type of physical media on which our data is stored.

Such media are often sensitive to temperature, humidity, magnetic fields, electricity

Question 26

Magnetic media:

Answer 26

• hard drives, tapes, or floppy disks
• Strong magnetic fields can harm the integrity of data
• Jolting such media while it is in motion

Question 27

Flash media:

Answer 27

• memory chips
• Electrical shocks
• Humidity or liquid

Question 28

Optical media:

Answer 28

• CDs and DVDs
• Small scratches on the surface may render it unusable
• Very temperature sensitive

Question 29

The availability often depends on both _____ and ______ remaining in functioning condition

Answer 29

equipment and facilities

Question 30

Not only can we have issues in reading the data, but we may also have problems in…

Answer 30

… getting to where the data is stored.

Outage: network, power, computer systems, or other components

Question 31

Backup:

Answer 31

ensure the availability of data

Question 32

oRedundant arrays of inexpensive disks (RAID)
oReplicate data to another machine

Are examples of:

Answer 32

Backing up data

Question 33

Residual data:

Answer 33

Not only have data available, but also render data inaccessible when it is no longer required

Question 34

Media that stored sensitive data:

Answer 34

oComputing-related devices: CD, DVD, flash drives, computers
•Media or device might contain some sensitive data

oOffice equipment: copiers, printers, fax machines
•Copies of the documents that have been processed by drive

Question 35

Last on the list of concerns for physical security is protecting…

Answer 35

equipment

It is the easiest and cheapest segment of assets to replace

Question 36

Even in the case of a major disaster, as long as we sill have the _____ needed to operate and restore or access ___, we can be back in working order shortly.

Answer 36

people

data

Question 37

Physical security in the real world:

Answer 37

Physical controls:
oLocks
oFences
oCameras
oSecurity guards

•Protecting people:
oEvacuation maps
oBackground checks

•Protecting data:
oKeeping backups for data

•Protecting equipment:
oSite selection
oAccess control

Question 38

Protecting people: foremost concern

Answer 38

Best step: remove people from dangerous situation (evacuation)

Question 39

Protecting data: second only to protecting people

Answer 39

oEnsure availability when it is needed

oEnsure that we can completely delete it when we no longer need it

Question 40

Protecting equipment: the lowest

Answer 40

oSite selection
oAccess control
oEnvironmental conditions

Question 41

Which one is not a major concern for physical security

a. Protecting people
b. Protecting equipment
c. Protecting property
d. Protecting data

Answer 41

c.Protecting property

Question 42

________ controls are used to physically prevent unauthorized entities from breaching our physical security.

a. Deterrent
b. Detective
c. Preventive
d. None of the above

Answer 42

c.Preventive

Question 43

Which one is not an example of detective control

a. Locks
b. Guards or dogs
c. Burglar alarms
d. Physical intrusion detection system

Answer 43

a.Locks

Question 44

Give three examples of a physical control that constitutes a deterrent

Answer 44

Answer: The signs that indicate that video monitoring; The yard sings with alarm company logos; Policies and regulations; guards and dogs; fences

Question 45

Give three examples that constitute a threat to people

Answer 45

Answer: Extreme temperature; Gases; Liquids; Living organisms; Movement; Energy anomalies; People; Toxins; Smoke and fire

Question 46

Which one is not a type of physical media that we introduced in lecture

a. Magnetic media
b. Paper media
c. Flash media
d. Optical media

Answer 46

b.Paper media

Question 47

Give three examples that constitute a threat to equipment

Answer 47

Answer:Extreme temperature; Liquids; Living organisms

Question 48

Which category of physical control might include a lock

a. Deterrent
b. Detective
c. Preventive
d. None of the above

Answer 48

c.Preventive

Question 49

Describe how you design a securing access to an equipment or facility

Answer 49

Answer: Consider the concept of defense in depth. We must provide security measures on multiple areas: inside and outside. We can see measures for securing access outside facility. For example, tress, large boulders, and fences that prevent vehicle entry. We can also see the measures at facility itself, like locks. Once inside the facility, we might use access control

Question 50

Name the three major concerns for physical security, in order of importance

Answer 50

Answer:Protecting people, Protecting data, Protecting equipment