Video Content Lesson 4

Question 2

Physical Security

Answer 2

Physical Security protects an organization’s assets from physical threats
Address a threat by implementing a control (anti-virus software)
Identify all threats and develop a plan to manage each threat

Question 3

Threats 1-5

Answer 3

1-Fire and Smoke
2-Water Damage (Fire, Floods, Fire Suppression)
3-Earth Movement (Earthquake, Mud Slide)
4-Storms (Electrical, Thunderstorms, Tornados, Hurricane)
5-Sabotage/vandalism

Question 4

Threats 6-9

Answer 4

6-Explosion
7-Building Collapse (explosion, earthquake, fire)
8-Toxic Materials (accidents can occur)
9-Utility Loss (Electrical outage, Water)

Question 5

Threats 10-12

Answer 5

10-Communications loss
11-Equipment Failure (Computer, Controls, each component)
12-Personnel Loss (Rapid Departure, injury, death) (Strike, Illness)

Question 6

Facility Requirements

Answer 6

Security Policy
Critical Path Analysis
Access Controls

Question 7

Security Policy

Answer 7

Facility Requirements (what is needed to stay in business)
(What controls do you need to stay in business?)
Administrative Control
Physical Access Control
Technical Control
Environmental and Life Safety

Question 8

Critical Path Analysis

Answer 8

A secure system requires sound physical security
Perform a Critical Path Analysis of the system
Defines relationships between mission critical applications
(What do I have to do to stay in business)
Ensure that each of the elements on the critical path have secure environments (and backup plans)
Physically secure
Proper Environment

Question 9

Access Control

Answer 9

Proper Physical security sues multiple controls from three basic groups
Administrative Controls
Physical Access Controls
Technical Controls

Question 10

Physical Security Controls

Answer 10

Administrative Controls
Fences-Gates
Lighting
Security Guards-Dogs
Keys-Badges
Detective Controls-CCTV
Restriction-Escorts
Technical Controls

Question 11

Administrative Controls

Answer 11

Site selection, design, and configuration of the facility

Make security a priority

Question 12

Fences-Gates

Answer 12

Fence (perimeter barrier) (height dictates level of security; 3-4 foot high deter casual trespassers, 5-7 deter more serious intruders, 8+ feet with 3-stranded barbed/razor wire)
Gate (controlled entry/exit point of fence) (can be point of weakness)
Turnstile (type of gate, 2-way, 1-way, control quickness of access)
Mantrap, double set of doors with small room in between, only 1 set of doors open at a time

Question 13

Lighting

Answer 13

Most basic physical control used for perimeter security
Best used in low-threat areas
other controls (guards, CCTV, dogs) should not be illuminated but left obscure)

Question 14

Security Guards-Dogs

Answer 14

Very effective physical access controls
Advantages (guards can adapt to changing environment, reason, solve problems)
Disadvantages (fatigue, eat, bathroom, dogs subject to recurrent training)

Question 15

Keys-Badges

Answer 15

keys/combination locks
locks doors, drawers, lids
Badges
Used for ID or authentication (electronic or standard (low-tech))
Biometric access controls (similar to badges but no need to carry)

Question 16

Detective Controls-CCTV

Answer 16

Motion detectors, sensors, and alarms
Sensor detects and activates alarms
water, gas, etc detectors with alarms
CCTV (common, monitor remotely, many cameras, with 4 - 8 monitors)

Question 17

Restriction-Escorts

Answer 17

Restricted areas and work areas
Security awareness training (one of best mechanisms for access)
make it harder for unauthorized individuals to gain access to sensitive computers
Escort requirements/visitor control (ensure visitors only go where they are supposed to)

Question 18

Technical Controls

Answer 18

Smart cards/dumb cards
Smart cards ID and Authentication (automates process)
Dumb cards (needs person to grant access, ID , and Authentication)
Intrusion detection (physical access control, automated systems recognize unusual activity, can use signature database or behavior detection)
Audit trails/access logs
Method of tracking the movement of a person is through tracking what resources they are using
Smart cards can log that a particular user has access a particular secure area

Question 19

Environmental Issues

Answer 19

Power
HVAC
Water Leakage-Flooding
Fire Detection-Suppression
Natural Disasters

Question 20

Power

Answer 20

Consider Power Requirements
What happens if power is interrupted?
UPS (uninterrupted Power Supply) (time needed) (brownout/blackout)

Question 21

HVAC

Answer 21

Temperature-sensitive hardware?

How protect it from HVAC failure? (backup plan?)

Question 22

Water Leakage-Flooding

Answer 22

Specific to area where you live
Dam/Dike/Lake nearby/River/Ground water
Check for flood probablity and get insurance
Plan to protect people first

Question 23

Fire Detection-Suppression

Answer 23

One of most common areas
Evaluate type and location of all fire and smoke detectors
Set policy to testing each device
Ensure that there are enough of the proper fire suppression devices of the right type
A - Common Combustibles - Water or Soda Acid
B - Liquids - CO2, Halon, Soda Acid
C- Electrical - CO2, Halon

Question 24

Natural Disasters

Answer 24

Different for different parts of the world
understand what threatens your area
Protect people first

Question 25

Physical Security

Answer 25

Fire Safety
Physical Access Control
Administrative Controls
Employee Training
Egress Safety
Detective Controls

Question 26

Fire Safety

Answer 26

Smoke Detectors

Fire Extenguishers

Question 27

Physical Access Control

Answer 27

Locked Door

Key

Question 28

Administrative Controls

Answer 28

Security Light if power failure/fire
Safety poster (admin control)
First-Aid Kit

Question 29

Employee Training

Answer 29

Challenge non-employees

Question 30

Egress Safety

Answer 30

Emergency Exit Map

Question 31

Detective Controls

Answer 31

Alarm

Alarm monitoring company