Chapter 9 Flashcards
Where to focus for Physical Security (4 factors)?
- Physical security controls
- Protecting people
- Protecting data
- Protecting equipment
Physical security: What to protect?
- People
- Data
- Equipment
Physical threats
oExtreme temperature oGases oLiquids oLiving organisms oProjectiles oMovement oEnergy anomalies oPeople oToxins oSmoke and fire
Physical security controls are…
The devices, systems, people, and other methods we put in place to ensure our security in a physical sense.
The 3 types of Physical security controls are…
- Deterrent
- Detective
- Preventive
Deterrent Physical security controls:
Designed to discourage those who might seek to violate security controls from doing so
Examples of Deterrent Physical security controls
Signs in public places that indicate that video monitoring is in place
oSigns with alarm company logos that we might find in residential areas
oPolicies and regulations
oSecurity measures: guards, dogs, or fences
Detective physical security controls:
Serve to detect and report undesirable events that are taking place
What Detective physical security controls monitor:
oUnauthorized activity: doors or windows opening, glass being broken
oUndesirable environmental conditions: flooding, smoke and fire
Examples of Detective Physical security controls
Burglar alarms
oPhysical intrusion detection system
oHuman or animal guards
Preventive physical security controls:
Used to physically prevent unauthorized entities from breaching our physical security
Examples of Preventive Physical security controls
oLocks
oHigh fences
oBollards (prevent vehicles from driving into building)
oGuards and dogs
How we use physical access controls in the real world:
Residences: locks
oCommercial facilities: locks, alarm systems, and signs
An important consideration of physical access controls is :
What to protect?
The primary concern of physical security is…
protecting people
Why is protecting people most important?
oRecovering data: backup system
oRecovering equipment: buy new equipment
oRecovering experienced people: ?
The _____ __ _____ is the first and foremost concern on physical security
safety of people
When an emergency is taking place, our priority should be the ________
evacuation
Evacuation:
Where:
How:
Who:
Where: where we will be evacuating too
How: the route we will follow to reach the evacuation meeting place
Who: everyone
Second only to the safety of our personnel is the safety of our ____.
data
Second only to the safety of our personnel is the safety of our ____.
data
One of our primary solutions for protecting data:
Encryption
Problem with Encryption: Attacks may render it useless by…
oBreaking encryption algorithm itself
oObtaining the encryption keys
Based on the concept of defense in depth:
oAnother layer: ______ ______
physical element
Physical concerns for data include…
Depending on the type of physical media on which our data is stored.
Such media are often sensitive to temperature, humidity, magnetic fields, electricity
Magnetic media:
- hard drives, tapes, or floppy disks
- Strong magnetic fields can harm the integrity of data
- Jolting such media while it is in motion
Flash media:
- memory chips
- Electrical shocks
- Humidity or liquid
Optical media:
- CDs and DVDs
- Small scratches on the surface may render it unusable
- Very temperature sensitive
The availability often depends on both _____ and ______ remaining in functioning condition
equipment and facilities
Not only can we have issues in reading the data, but we may also have problems in…
… getting to where the data is stored.
Outage: network, power, computer systems, or other components
Backup:
ensure the availability of data
oRedundant arrays of inexpensive disks (RAID)
oReplicate data to another machine
Are examples of:
Backing up data
Residual data:
Not only have data available, but also render data inaccessible when it is no longer required
Media that stored sensitive data:
oComputing-related devices: CD, DVD, flash drives, computers
•Media or device might contain some sensitive data
oOffice equipment: copiers, printers, fax machines
•Copies of the documents that have been processed by drive
Last on the list of concerns for physical security is protecting…
equipment
It is the easiest and cheapest segment of assets to replace
Even in the case of a major disaster, as long as we sill have the _____ needed to operate and restore or access ___, we can be back in working order shortly.
people
data
Physical security in the real world:
Physical controls: oLocks oFences oCameras oSecurity guards
•Protecting people:
oEvacuation maps
oBackground checks
•Protecting data:
oKeeping backups for data
•Protecting equipment:
oSite selection
oAccess control
Protecting people: foremost concern
Best step: remove people from dangerous situation (evacuation)
Protecting data: second only to protecting people
oEnsure availability when it is needed
oEnsure that we can completely delete it when we no longer need it
Protecting equipment: the lowest
oSite selection
oAccess control
oEnvironmental conditions
Which one is not a major concern for physical security
a. Protecting people
b. Protecting equipment
c. Protecting property
d. Protecting data
c.Protecting property
________ controls are used to physically prevent unauthorized entities from breaching our physical security.
a. Deterrent
b. Detective
c. Preventive
d. None of the above
c.Preventive
Which one is not an example of detective control
a. Locks
b. Guards or dogs
c. Burglar alarms
d. Physical intrusion detection system
a.Locks
Give three examples of a physical control that constitutes a deterrent
Answer: The signs that indicate that video monitoring; The yard sings with alarm company logos; Policies and regulations; guards and dogs; fences
Give three examples that constitute a threat to people
Answer: Extreme temperature; Gases; Liquids; Living organisms; Movement; Energy anomalies; People; Toxins; Smoke and fire
Which one is not a type of physical media that we introduced in lecture
a. Magnetic media
b. Paper media
c. Flash media
d. Optical media
b.Paper media
Give three examples that constitute a threat to equipment
Answer:Extreme temperature; Liquids; Living organisms
Which category of physical control might include a lock
a. Deterrent
b. Detective
c. Preventive
d. None of the above
c.Preventive
Describe how you design a securing access to an equipment or facility
Answer: Consider the concept of defense in depth. We must provide security measures on multiple areas: inside and outside. We can see measures for securing access outside facility. For example, tress, large boulders, and fences that prevent vehicle entry. We can also see the measures at facility itself, like locks. Once inside the facility, we might use access control
Name the three major concerns for physical security, in order of importance
Answer:Protecting people, Protecting data, Protecting equipment
