Physical Security Flashcards
What is Business Continuity Planning (BCP)?
A plan to ensure that the critical functions continue during or after an emergency.
What is Disaster Recovery Planning (DRP)?
A plan to restore IT systems, data, and operations after a disaster.
How is BCP different from DRP?
BCP focuses on keeping the business running (preventing downtime).
DRP focuses on recovering systems after a disaster.
What are Donn Parker’s seven categories of physical threats?
Extreme Temperatures – Overheating or freezing damages equipment.
Gases – Toxic gases can corrode hardware or harm personnel.
Liquids – Water leaks, floods, or humidity damage equipment.
Living Organisms – Mold, insects, rodents disrupt operations.
Projectiles – Items thrown by wind or explosions damage systems.
Movement – Earthquakes, construction cause instability.
Energy Anomalies – Power surges, outages, and electromagnetic interference disrupt devices.
What are the three types of physical security controls?
Deterrent Controls – Discourage attacks (e.g., signs, guards, lighting).
Detective Controls – Identify security events (e.g., alarms, cameras).
Preventive Controls – Physically block threats (e.g., locks, fences).
Why is protecting people the top priority in physical security?
People are irreplaceable, while equipment and data can be restored or replaced.
What physical threats can harm people in a workplace?
Fire & Smoke – Can cause injuries, deaths, and business destruction.
Extreme Temperatures – Heatstroke, hypothermia.
Gases & Toxins – Carbon monoxide poisoning.
Movement Hazards – Earthquakes, structural collapse.
What are key components of an evacuation plan?
Where – Designate safe locations to evacuate to.
How – Plan routes to exit the building safely.
Who – Account for all personnel and assist those with disabilities.
Practice – Conduct regular drills so employees know what to do.
What are administrative security controls?
Policies, procedures, and regulations that help enforce security (e.g., evacuation policies, access rules).
What is the best way to protect data?
Encryption, to make data unreadable without the proper key.
Why is encryption alone not enough to protect data?
Encryption does not protect against physical threats like:
Magnetic Fields – Can erase magnetic media like hard drives.
Electric Shock – Can damage flash memory (USBs, SSDs).
Scratches & Heat – Destroy optical discs (CDs, DVDs).
What is residual data, and why is it a security concern?
Leftover data on storage devices that can be recovered if not properly wiped or destroyed.
What is RAID (Redundant Array of Independent Disks)?
A system that stores data across multiple drives to protect against hardware failure.
Does RAID replace backups?
No. RAID prevents data loss from hardware failure but does not protect against accidental deletion or cyberattacks.
What can affect data availability?
Power Outages – Cause downtime and system crashes.
Natural Disasters – Destroy data centers.
Ransomware Attacks – Encrypt critical files, making them inaccessible.
Why is protecting equipment a lower priority than protecting data?
Equipment is easier and cheaper to replace than lost data.
What are common threats to equipment?
Power Surges – Overloads circuits and destroys hardware.
Overheating – Causes system failures and data loss.
Physical Theft – Stolen equipment may contain sensitive data.
What are the three major concerns for physical security, in order of importance?
People, Data, Equipment.
