Physical / Environmental Security Flashcards
Threat Mitigation Technique
Internal
Address insider threats, from those who already have access
i.e. A door lock on server room is designed to keep out those already in the building
Threat Mitigation Technique
External
Addresses perimeter security, or access to building or room from outsiders
i.e.
Electric fence surrounding the facility designed to keep out those who don’t have access
Geographical Threats
Hurricane / Tropical Storm
Location of facility should dictate how much is spent in mitigating possible damages
Tornadoes
Rate and severity of tornadoes in an area from historical perspective help determine protective measures
Earthquakes
Treated same way as hurricanes
Floods
Can occur anywhere. Keep computing systems off the floor, Build server rooms and wiring closets on raised floors
Electrical threats
all mission critical systems should be on a UPS
use onsite generators for longer term
maintain 40-60% relative humidity around equipment
use line conditioners to maintain clean, steady power
Communications
Maintain fault-tolerant connections to internet
know contact phone numbers for employee notifications
Establish radio communications over entire compass with repeater antennas to provide comms during emergencies
Man-made threats
explosions
fire
vandalism
Explosions
prevent access to areas where explosions could cause serious damage
Fire
all walls should have 2 hour minimum fire rating
deploy auxiliary station alarm
use proper extinguisher / suppression system
Vandalism
ensure critical components are inaccessible
Man-made threats
Fraud
Theft
Collusion
Fraud
prevent physical access to critical systems
Theft
Prevent physical access to facility
Collusion
can be caused by separation of duties. Consider the tradeoff
Politically Motivated Threats
Strikes Riots Civil disobedience Terrorist acts Bombing
Strikes
can cost productivity and hurt image of company
Riots
Enterprise is seen as willing participant in some perceived slight
Civil Disobedience
physical security of facility becomes important in case action is taken against facility
Terrorist acts
includes emergency planning to address terrorism
reactions should be rehearsed
Bombing
evacuation plans should address terrorist threats and bombings
Site and Facility Design
Layered Defense Model
Reliance should not be based on any single physical security concept but on the use of multiple approaches that support one another
Permiter-Network-Host-Application-Data
CPTED
Crime Prevention Through Environmental Design
3 main strategies
Design facility from ground up to support security
Natural Access Control
place doors, lights, fences, landscaping to satisfy security goals in least obtrusive and appealing way possible
Natural Surveillance
Promotes visibility of all areas to discourage crime
Natural Territorials Reinforcement
Promotes feeling of community, tries to extend sense of ownership to employees
Physical Security Plan Goals
Deter criminal activity
delay intruders
detect intruders
asses situation - id specific personnel, actions to take when event occurs
respond to intrusions and disruptions - anticipate and develop responses to intruders and disruptions
Facility Selection Issues
Visibility - amount depends on organization and processes being done by facility
surrounding areas and external entities - consider nature and operations of surrounding businesses, and people they attract
accessibility - how easily can employees access facility
construction - what are support systems built into the building
internal compartments - are there drop ceilings in rooms that need to be secured?
Computer and Equipment rooms
should be locked and secured
should be in center of building
have single point of entry
avoid top floors of buildings and the basement
install and test fire detection and suppressions systems
install raised flooring
install separate power supplies
use only solid doors
Perimeter Security
Concentric Circle Approach
Perimeter fence
Exterior door
Office door
Locked cabinet
Perimeter Security
Protection from vehicles
Bollards in front of doorways
Perimeter Security
Fences and Gates
Fences
3-4 foot tall fences - casual intruders
6-7 foot fences - too tall to climb easily
8 foot and taller - deter more determined people
Gates Class 1 - Residential Class 2 - Commercial Class 3 - Industrial Class 4 - Restricted