Domain 5: Physical And Environmental Security Flashcards
List some controls that have been implemented for physical security.
Security guards, CCTV, surveillance, intrusion detction, system, requirement for employees to hqv a higher level of security awareness.
CCTV =
Closed circuit TV
Layered defense model
physical security controls should work together with tiered archicture. `if one fails, the other will protect it.
Thecompany’s most sensitive assets would be placed in the innermost contolled zone of the environment.
How does the AIC triad apply to physical security?
- Availability of company resources
- Integrity of the assets and environment
- Confidentiality of the data and business processes.
Examples of natural enivornmental threas
Flods, earthquakes, storms and tornadoes, fires, extreme termperature conditions
Examples of Supply system threats
power distributions outages, communications interruptions, interruption of other resources such as water, gas, air filtration, etc.
Examples of manmade threats
Unauthorized access, both external and internal, explosions, damage by disgruntled employees, employee errors and accidents, vandalism, fraud, themft and others
Examples of politically motivated threats
strikes, riots, civil disobedience, terrorist attacks, bombings and so forth
What is the priority in physical security
Life safety goals. Protecting human life.
Physical security is a combination of:
people, processes, procedures, technology, and equipment, all to protect resources.
First thing an organization must do in the planning process is
define the vulnerabilities, threats, threat agents, and targets
What is collusion? Is it an internal or external threat?
An internal and external threat, where two or more people work together to carry ut fraudulent activity. Many criminal cases have uncovered insiders working with outsiders to defraud or damage a company.
What are some controls for collusion?
procedural protection mechanisms, access contrl, like separation of duties, preemployment background checks, rotations of duties, supervision
Physical security goals: drime and disruption prevention through deterrence. Provide examples
fences
security guards
warning signs
Physical security program goals - reduction of damage through the use of delaying mechanisms. Provide examples
layers of defense that slow down the adversary
•locks
•security personnel
barriers
physical security program goals address: creme or disruption detection. Provide examples
- smoke detectors
- motion detectors
- CCTV
Physical security program goals should address: incident assessment
- Response of security guards to detected incidents
* Determination of damage level
Physical Security Program goals should address: Response Procedures. Provide examples:
- Fire suppression mechanisms
- Emergency response processes
- Law enforcement notification
- Consultation with outside security professionals
What is a performance based approach for physical security.
A method tto determine how beneficial and affective your physical security program is.
Devise measurements and metrics to gauge the effectiveness of your countermeasures.
Management can make informed decisions
Name some performance metrics that could be used in performance based approache
- # of successful crimes
- # of successful disruptions
- # of unsuccessful crimes
- time between detection, assessment, and recovery steps
- # false positive detection alerts
- financial loss of successful disruption or crime
Physical security design will contorporate controls required for these five categories:
1- deterrence 2 - delaying 3 - detection 4 - assessment 5 - response
CPTED
Crime Prevention through Environmental Design
A discipline that outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. Provides guidance in loss and crime prevention through proper facility construction and environmental components and procedures.
Physical security target hardening focuses on
denying access through physical and artificial barriers likes alarms, locks, fences
You want to protect a side door. Describe the target hardening approach and the CPTED approach.
Target hardening: locks, alarms, cameras on the door; access control mechanism like proximity reader; security guards to monitor
CPTED: no sidewalk leading to the door, no tall trees or bushes to offer seclusion.