SlideShare una empresa de Scribd logo

7. physical sec

Descargar como PPT, PDF
7
7wounders
Empresariales
1 de 40
Physical Security
Objective To address the threats, vulnerabilities, and countermeasures which can be utilized to physically protect an enterprise’s resources and sensitive information to include people, facilities, data, equipment, support systems, media, and supplies. To discuss considerations for choosing a secure site, its design and configuration, and the methods for securing the facility against unauthorized access, theft of equipment and information, and the environmental and safety measures needed to protect people, the facility, and its resources.
Physical Security  Physical Security Threats  Site Design and Configuration  Physical Security Requirements – For Centralized Computing Facilities – For Distributed Processing Facilities – For Extended Processing
The Layered Approach
Information Protection Environment  Crime Prevention through Environmental Design (CPTED) • Concept that, as its basic premise, states that the physical environment of a building can be changed or managed to produce behavioral effects that will reduce the incidence and fear of crime • Territoriality • Surveillance • Access control
Information Protection Environment Cont…  Site Location • Specific physical security concerns • Vulnerable to crime, riots, demonstrations, or terrorism attacks • Neighborhood crime rates and types • Vulnerable to natural disasters  Construction Impacts  Facility Impacts • Entry points • Infrastructure support systems • Electrical power • Heating, ventilation, air conditioning (and refrigeration) • Internal sensitive or compartmentalized areas • Portable computing
Information Protection Environment Cont…  Electrical Power – Vulnerabilities include total power loss of short or long duration or degradation in power quality, such as brownouts, spikes, or sags • Blackout - complete loss of commercial power • Fault - momentary power outage • Brownout - an intentional reduction of voltage by a utility company • Sag/dip - a short period of low voltage • Surge - a sudden rise in voltage in the power supply • Transient - line noise or disturbance is superimposed on the supply circuit and can cause fluctuations in electrical power • In-rush current - the initial surge of current required by a load before it reaches normal operation • Electrostatic discharge - another type of electrical surge can occur when two non-conducting materials rub together, causing electrons to transfer from one material to another
The Layered Defense  Perimeter and building grounds – Landscaping, Fences, Gates, Bollards, Walls, and Doors • 1 meter/3–4 feet - Deters casual trespassers • 2 meters/6–7 feet - Too high to climb easily • 2.4 meters/8 feet with top guard - Deters determined intruder  Building entry points  Inside the building - building floors, office suites, and offices
Fire Protection  Fire Prevention – Fireproof Construction materials – False ceiling should not be flammable – Magnetic tapes, if ignited, produce poisonous gases – fire-prevention training  Fire Detection – Ionization-type smoke detectors – Photoelectric detectors – Heat detectors “The first rule is to get the people out”
Fire Protection Cont…  Fire Suppression
Fire Protection Cont…  Portable Extinguishers  At Exits  Mark Locations and Type  Types A, B & C  Need to Inspect  Water Sprinkler Systems  Works to Lower Temperature  Most Damaging to Equipment  Conventional Systems  “Dry Pipe” Systems: Less Risk of Leakage  Employ in Throughout Building and in all Spaces
Fire Protection Cont…  Carbon Dioxide (CO2)  Colorless/Odorless  Potentially Lethal  Removes Oxygen  Best for Unattended Facilities  Delayed-Activation in Manned Facilities  Halon  Best Protection for Equipment  Concentrations <10% are Safe  Becomes Toxic at 900o  Depletes Ozone (CFCs)  Montreal Protocol (1987)  Halon 1301: Requires Pressurization  Halon 1211: Self-Pressurization (Portable Extinguishers)
Physical Security Threats  Threat Components  Agents  Motives  Results  External Threats  Wind/Tornado  Flooding  Lightning  Earthquake  Cold and Ice  Fire  Chemical
Physical Security Threats Cont…  Internal Physical Threats  Fire  Environmental Failure  Liquid Leakage  Electrical Interruption  Human Threats  Theft  Vandalism  Sabotage  Espionage  Errors
Site Design Considerations  Location and Access  Local Crime  Visibility  Emergency Access  Natural Hazards  Air and Surface Traffic  Joint Tenants  Stable Power Supply  Existing Boundary Protection (Barriers/Fencing/Gates)
Boundary Protection  Area Designation: Facilitates Enforcement  Vehicular Access  Personnel Access  Occupants  Visitors (Escort & Logging)  Fences  Deter Casual Trespassing  Compliments Other Access Controls  Aesthetics  Won’t Stop Determined Intruder
Boundary Protection Cont…  Lighting  Entrances  Parking Areas  Critical Areas  Perimeter Detection Systems  Does Not Prevent Penetration  Alerts Response Force  Requires Response  Nuisance Alarms  Costly
Boundary Protection Cont…  CCTV  Efficiency  Requires Human Response  Limitations  Staffing  Access Control Points  Patrols  Employees
Computing Facility Requirements  Walls  True Floor to Ceiling  Fire Rating (at least 1 hour)  Penetrations  Adjacent Areas  Doors  Interior/Exterior  Hinges  Fire Rating  Alarms  Monitoring
Computing Facility Requirements Cont…  Windows/Openings  Interior/Exterior  Fixed  Shatterproof  Computer and Equipment Room Lay Out  Equipment Access  Storage  Occupied Areas  Water Sources  Cable Routing
Computing Facility Requirements Cont…  Dedicated Circuits  Controlled Access to  Power Distribution Panels  Master Circuit Breakers  Transformers  Feeder Cables  Emergency Power Off Controls  Voltage Monitoring/Recording  Surge Protection
Computing Facility Requirements Cont…  Backup Power Alternate Feeders Uninterruptible Power Supply Hydrogen Gas Hazard Maintenance/Testing Emergency Power Generator Fuel Consideration Maintenance/Testing Costs  HVAC  Telecom
Computing Facility Requirements Cont…  Humidity Controls  Risk of Static Electricity  Risk to Electric Connections  Air Quality (Dust)  Water Protection  Falling Water  Rising Water  Drains  Protective Coverings  Moisture Detection Systems
Securing Storage Areas  Forms Storage Rooms  Increased Threat of Fire  Combustibles  Access Controls  Media Storage Rooms  Media Sensitivity  Segregation  Access Controls  Environmental Controls
Media Protection  Storage  Media Libraries/Special Rooms  Cabinets  Vaults  Location  Operational  Off-Site  Transportation
Cable Protection  Optical Fiber  Copper Wire  Certifying the Wiring and Cabling  Controlling Access to Closets and Riser Rooms
Other Considerations  Dealing with Existing Facilities  Planning  Upgrade/Renovation  Incremental New Construction  Protecting the Protection  Implement Physical and Environmental Controls for Security Systems  Protect against both Intentional and Inadvertent Threats
Personnel Access Controls  Position Sensitivity Designation  Management Review of Access Lists  Background Screening/Re-Screening  Termination/Transfer Controls  Disgruntled Employees
Access Controls – Locks  Preset Locks and Keys  Programmable Locks  Mechanical (Cipher Locks)  Electronic (Keypad Systems): Digital Keyboard  Number of Combinations  Number of Digits in Code  Frequency of Code Change  Error Lock-Out  Error Alarms
Access Controls - Tokens  Security Card Systems  Dumb Cards Photo Identification Badges Manual Visual Verification Can be Combined with Smart Technology  Digital Coded (Smart) Cards Often Require Use of PIN Number with Card Readers: Card Insertion, Card Swipe & Proximity
Types of Access Cards  Photo ID Cards  Optical Coded Cards (Magnetic Dot)  Electric Circuit Cards (Embedded Wire)  Magnetic Cards (Magnetic Particles)  Metallic Stripe Card (Copper Strips)
Access Controls - Biometrics  Fingerprint/Thumbprint Scan  Blood Vein Pattern Scan  Retina  Wrist  Hand  Hand Geometry  Facial Recognition  Voice Verification  Keystroke Recorders  Problems  Cost  Speed  Accuracy
Physical Security in Distributed Processing  Threats To Confidentiality Sharing Computers Sharing Diskettes To Availability  User Errors To Data Integrity Malicious Code Version Control
Physical Security Controls Distributed Processing  Office Area Controls  Entry Controls  Office Lay-Out  Personnel Controls  Hard-Copy Document Controls  Electronic Media Controls  Clean-Desk Policy
Physical Security Controls - Office Area  Printer/Output Controls  Property Controls  Space Protection Devices  Equipment Lock-Down
Physical Security Controls - Distributed Processing Cont… Cable Locks Disk Locks Port Controls Power Switch Locks Keyboard Locks Cover Locks
Physical Security Controls - Distributed Processing Cont…  Isolated Power Source  Noise  Voltage Fluctuations  Power Outages  Heat/Humidity Considerations  Fire/Water  Magnetic Media Controls
Physical Security Controls Extended Processing  User Responsibilities Paramount  Protection against Disclosure  Shoulder Surfing  Access to Sensitive Media and Written Material  Integrity Protection  Protection against Loss or Theft  Locks  Practices  Management Responsibilities  Approval  Monitoring
Physical Security - Other Terms  Tailgate  Passive Ultrasonic  Piggy-Back  Fail Safe/Fail Soft  Stay Behind  IDS   Shoulder Surfing Degauss  Electronic Emanation  Remanence  Tsunami  Mantrap  RFI  Pass-Back  Defense in Depth  Dumpster Diving  EMI  False Positive/Negative  Top Guard  Montreal Protocol  Duress Alarm  Tamper Alarm
?

Recomendados

Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security Presentation
Wajahat Rajab
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security Assessments
Tom Eston
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security Assessment
Gary Bahadur
 
Physical Security
Physical SecurityPhysical Security
Physical Security
Kriscila Yumul
 
Module 10 Physical Security
Module 10 Physical SecurityModule 10 Physical Security
Module 10 Physical Security
leminhvuong
 
Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplace
dougfarre
 
Physical security
Physical securityPhysical security
Physical security
Tariq Mahmood
 
Physical security
Physical securityPhysical security
Physical security
Dhani Ahmad
 

Recomendados

Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security Presentation
Wajahat Rajab
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security Assessments
Tom Eston
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security Assessment
Gary Bahadur
 
Physical Security
Physical SecurityPhysical Security
Physical Security
Kriscila Yumul
 
Module 10 Physical Security
Module 10 Physical SecurityModule 10 Physical Security
Module 10 Physical Security
leminhvuong
 
Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplace
dougfarre
 
Physical security
Physical securityPhysical security
Physical security
Tariq Mahmood
 
Physical security
Physical securityPhysical security
Physical security
Dhani Ahmad
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security Assessment
Faheem Ul Hasan
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
Faheem Ul Hasan
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
SBWebinars
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Eng Hasan Shamroukh CISCO Exams Author
 
8 Access Control
8 Access Control8 Access Control
8 Access Control
Alfred Ouyang
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
SECURITY AWARENESS
SECURITY AWARENESSSECURITY AWARENESS
SECURITY AWARENESS
Felix Jumamoy
 
information security
information securityinformation security
information security
university of karachi
 
Physical Security Management System
Physical Security Management SystemPhysical Security Management System
Physical Security Management System
Daniel Suchy, CPP, MSyI
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
amiable_indian
 
Incident Response
Incident Response Incident Response
Incident Response
InnoTech
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
k33a
 
Physical access control
Physical access controlPhysical access control
Physical access control
Ahsin Yousaf
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Daniel P Wallace
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 
Beginner talk physical security - manasdeep
Beginner talk physical security - manasdeepBeginner talk physical security - manasdeep
Beginner talk physical security - manasdeep
Manas Deep
 
Transmission modes & medias networking
Transmission modes & medias networkingTransmission modes & medias networking
Transmission modes & medias networking
VINOTHINI DURAIRAJ
 

Más contenido relacionado

La actualidad más candente

Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
SBWebinars
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
Wajahat Rajab
 

La actualidad más candente (20)

Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security Assessment
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
8 Access Control
8 Access Control8 Access Control
8 Access Control
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Information security
Information securityInformation security
Information security
 
Information security
Information securityInformation security
Information security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
SECURITY AWARENESS
SECURITY AWARENESSSECURITY AWARENESS
SECURITY AWARENESS
 
information security
information securityinformation security
information security
 
Physical Security Management System
Physical Security Management SystemPhysical Security Management System
Physical Security Management System
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
Incident Response
Incident Response Incident Response
Incident Response
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Physical access control
Physical access controlPhysical access control
Physical access control
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 

Destacado

Communication & network devices
Communication & network devicesCommunication & network devices
Communication & network devices
Harman Grewal
 
Memory organisation
Memory organisationMemory organisation
Memory organisation
ankush_kumar
 
Networking devices
Networking devicesNetworking devices
Networking devices
rupinderj
 

Destacado (20)

Beginner talk physical security - manasdeep
Beginner talk physical security - manasdeepBeginner talk physical security - manasdeep
Beginner talk physical security - manasdeep
 
Transmission modes & medias networking
Transmission modes & medias networkingTransmission modes & medias networking
Transmission modes & medias networking
 
Rafał Korszuń: Security in Design of Cloud Applications
Rafał Korszuń: Security in Design of Cloud ApplicationsRafał Korszuń: Security in Design of Cloud Applications
Rafał Korszuń: Security in Design of Cloud Applications
 
ITFT_Transmission modes
ITFT_Transmission modesITFT_Transmission modes
ITFT_Transmission modes
 
Network Security
Network SecurityNetwork Security
Network Security
 
Networking Devices and Networking Topologies
Networking Devices and Networking TopologiesNetworking Devices and Networking Topologies
Networking Devices and Networking Topologies
 
Networking devices
Networking devicesNetworking devices
Networking devices
 
Transmission modes
Transmission modesTransmission modes
Transmission modes
 
Communication & network devices
Communication & network devicesCommunication & network devices
Communication & network devices
 
Modem presentation
Modem presentationModem presentation
Modem presentation
 
Modem
ModemModem
Modem
 
Memory organisation
Memory organisationMemory organisation
Memory organisation
 
E governance
E governanceE governance
E governance
 
Memory organization
Memory organizationMemory organization
Memory organization
 
Network Security
Network SecurityNetwork Security
Network Security
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
TCP-IP Reference Model
TCP-IP Reference ModelTCP-IP Reference Model
TCP-IP Reference Model
 
OSI Model of Networking
OSI Model of NetworkingOSI Model of Networking
OSI Model of Networking
 
Networking devices
Networking devicesNetworking devices
Networking devices
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 

Similar a 7. physical sec

Client Server Server Room Risk
Client Server Server Room RiskClient Server Server Room Risk
Client Server Server Room Risk
colmbennett
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
devalnaik
 
Chapter 17 telecommunications and networkingConnections.docx
Chapter 17 telecommunications and networkingConnections.docxChapter 17 telecommunications and networkingConnections.docx
Chapter 17 telecommunications and networkingConnections.docx
walterl4
 
Chapter 18 vital records recoveryVital assetsIn.docx
Chapter 18 vital records recoveryVital assetsIn.docxChapter 18 vital records recoveryVital assetsIn.docx
Chapter 18 vital records recoveryVital assetsIn.docx
keturahhazelhurst
 
Presentation for power plant 2021 by link vue system
Presentation for power plant 2021 by link vue systemPresentation for power plant 2021 by link vue system
Presentation for power plant 2021 by link vue system
Mahesh Chandra Manav
 

Similar a 7. physical sec (20)

Physical Security Domain
Physical Security DomainPhysical Security Domain
Physical Security Domain
 
Physicalsecuritypresentation 130630193821-phpapp01
Physicalsecuritypresentation 130630193821-phpapp01Physicalsecuritypresentation 130630193821-phpapp01
Physicalsecuritypresentation 130630193821-phpapp01
 
Client Server Server Room Risk
Client Server Server Room RiskClient Server Server Room Risk
Client Server Server Room Risk
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
 
Highrise
HighriseHighrise
Highrise
 
Chapter 17 telecommunications and networkingConnections.docx
Chapter 17 telecommunications and networkingConnections.docxChapter 17 telecommunications and networkingConnections.docx
Chapter 17 telecommunications and networkingConnections.docx
 
ZKTeco-Smart Park Solution - Smart Cloud Building-20201224.pptx
ZKTeco-Smart Park Solution - Smart Cloud Building-20201224.pptxZKTeco-Smart Park Solution - Smart Cloud Building-20201224.pptx
ZKTeco-Smart Park Solution - Smart Cloud Building-20201224.pptx
 
Chapter 18 vital records recoveryVital assetsIn.docx
Chapter 18 vital records recoveryVital assetsIn.docxChapter 18 vital records recoveryVital assetsIn.docx
Chapter 18 vital records recoveryVital assetsIn.docx
 
Server Rack Fire Protection
Server Rack Fire ProtectionServer Rack Fire Protection
Server Rack Fire Protection
 
Defending our datacenters (BICSI 2016 ASEAN conference)
Defending our datacenters (BICSI 2016 ASEAN conference)Defending our datacenters (BICSI 2016 ASEAN conference)
Defending our datacenters (BICSI 2016 ASEAN conference)
 
Chapter 9 (1).ppt
Chapter 9 (1).pptChapter 9 (1).ppt
Chapter 9 (1).ppt
 
德國TSI公司簡報-1
德國TSI公司簡報-1德國TSI公司簡報-1
德國TSI公司簡報-1
 
Photovoltaic Training Course - Module 3.4 - plant security
Photovoltaic Training Course - Module 3.4 - plant securityPhotovoltaic Training Course - Module 3.4 - plant security
Photovoltaic Training Course - Module 3.4 - plant security
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical security
 
Datwyler data center presentation info tech middle east
Datwyler data center presentation info tech middle eastDatwyler data center presentation info tech middle east
Datwyler data center presentation info tech middle east
 
Concept of physical protection and its principals
Concept of physical protection and its principalsConcept of physical protection and its principals
Concept of physical protection and its principals
 
Presentation for power plant 2021 by link vue system
Presentation for power plant 2021 by link vue systemPresentation for power plant 2021 by link vue system
Presentation for power plant 2021 by link vue system
 
Chapter 1.ppt
Chapter 1.pptChapter 1.ppt
Chapter 1.ppt
 
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)
 
chapter 1 security.ppt
chapter 1 security.pptchapter 1 security.ppt
chapter 1 security.ppt
 

Más de 7wounders

10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics
7wounders
 
8. operations security
8. operations security8. operations security
8. operations security
7wounders
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
7wounders
 
5. telecomm & network security
5. telecomm & network security5. telecomm & network security
5. telecomm & network security
7wounders
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
7wounders
 
2. access control
2. access control2. access control
2. access control
7wounders
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
7wounders
 

Más de 7wounders (8)

Cissp why
Cissp whyCissp why
Cissp why
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics
 
8. operations security
8. operations security8. operations security
8. operations security
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
 
5. telecomm & network security
5. telecomm & network security5. telecomm & network security
5. telecomm & network security
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 
2. access control
2. access control2. access control
2. access control
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
 

Último

Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Sheetaleventcompany
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
lizamodels9
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
dollysharma2066
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
Renandantas16
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
amitlee9823
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
lizamodels9
 

Último (20)

A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Phases of negotiation .pptx
Phases of negotiation .pptx Phases of negotiation .pptx
Phases of negotiation .pptx
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 

7. physical sec

  • 2. Objective To address the threats, vulnerabilities, and countermeasures which can be utilized to physically protect an enterprise’s resources and sensitive information to include people, facilities, data, equipment, support systems, media, and supplies. To discuss considerations for choosing a secure site, its design and configuration, and the methods for securing the facility against unauthorized access, theft of equipment and information, and the environmental and safety measures needed to protect people, the facility, and its resources.
  • 3. Physical Security  Physical Security Threats  Site Design and Configuration  Physical Security Requirements – For Centralized Computing Facilities – For Distributed Processing Facilities – For Extended Processing
  • 5. Information Protection Environment  Crime Prevention through Environmental Design (CPTED) • Concept that, as its basic premise, states that the physical environment of a building can be changed or managed to produce behavioral effects that will reduce the incidence and fear of crime • Territoriality • Surveillance • Access control
  • 6. Information Protection Environment Cont…  Site Location • Specific physical security concerns • Vulnerable to crime, riots, demonstrations, or terrorism attacks • Neighborhood crime rates and types • Vulnerable to natural disasters  Construction Impacts  Facility Impacts • Entry points • Infrastructure support systems • Electrical power • Heating, ventilation, air conditioning (and refrigeration) • Internal sensitive or compartmentalized areas • Portable computing
  • 7. Information Protection Environment Cont…  Electrical Power – Vulnerabilities include total power loss of short or long duration or degradation in power quality, such as brownouts, spikes, or sags • Blackout - complete loss of commercial power • Fault - momentary power outage • Brownout - an intentional reduction of voltage by a utility company • Sag/dip - a short period of low voltage • Surge - a sudden rise in voltage in the power supply • Transient - line noise or disturbance is superimposed on the supply circuit and can cause fluctuations in electrical power • In-rush current - the initial surge of current required by a load before it reaches normal operation • Electrostatic discharge - another type of electrical surge can occur when two non-conducting materials rub together, causing electrons to transfer from one material to another
  • 8. The Layered Defense  Perimeter and building grounds – Landscaping, Fences, Gates, Bollards, Walls, and Doors • 1 meter/3–4 feet - Deters casual trespassers • 2 meters/6–7 feet - Too high to climb easily • 2.4 meters/8 feet with top guard - Deters determined intruder  Building entry points  Inside the building - building floors, office suites, and offices
  • 9. Fire Protection  Fire Prevention – Fireproof Construction materials – False ceiling should not be flammable – Magnetic tapes, if ignited, produce poisonous gases – fire-prevention training  Fire Detection – Ionization-type smoke detectors – Photoelectric detectors – Heat detectors “The first rule is to get the people out”
  • 10. Fire Protection Cont…  Fire Suppression
  • 11. Fire Protection Cont…  Portable Extinguishers  At Exits  Mark Locations and Type  Types A, B & C  Need to Inspect  Water Sprinkler Systems  Works to Lower Temperature  Most Damaging to Equipment  Conventional Systems  “Dry Pipe” Systems: Less Risk of Leakage  Employ in Throughout Building and in all Spaces
  • 12. Fire Protection Cont…  Carbon Dioxide (CO2)  Colorless/Odorless  Potentially Lethal  Removes Oxygen  Best for Unattended Facilities  Delayed-Activation in Manned Facilities  Halon  Best Protection for Equipment  Concentrations <10% are Safe  Becomes Toxic at 900o  Depletes Ozone (CFCs)  Montreal Protocol (1987)  Halon 1301: Requires Pressurization  Halon 1211: Self-Pressurization (Portable Extinguishers)
  • 13. Physical Security Threats  Threat Components  Agents  Motives  Results  External Threats  Wind/Tornado  Flooding  Lightning  Earthquake  Cold and Ice  Fire  Chemical
  • 14. Physical Security Threats Cont…  Internal Physical Threats  Fire  Environmental Failure  Liquid Leakage  Electrical Interruption  Human Threats  Theft  Vandalism  Sabotage  Espionage  Errors
  • 15. Site Design Considerations  Location and Access  Local Crime  Visibility  Emergency Access  Natural Hazards  Air and Surface Traffic  Joint Tenants  Stable Power Supply  Existing Boundary Protection (Barriers/Fencing/Gates)
  • 16. Boundary Protection  Area Designation: Facilitates Enforcement  Vehicular Access  Personnel Access  Occupants  Visitors (Escort & Logging)  Fences  Deter Casual Trespassing  Compliments Other Access Controls  Aesthetics  Won’t Stop Determined Intruder
  • 17. Boundary Protection Cont…  Lighting  Entrances  Parking Areas  Critical Areas  Perimeter Detection Systems  Does Not Prevent Penetration  Alerts Response Force  Requires Response  Nuisance Alarms  Costly
  • 18. Boundary Protection Cont…  CCTV  Efficiency  Requires Human Response  Limitations  Staffing  Access Control Points  Patrols  Employees
  • 19. Computing Facility Requirements  Walls  True Floor to Ceiling  Fire Rating (at least 1 hour)  Penetrations  Adjacent Areas  Doors  Interior/Exterior  Hinges  Fire Rating  Alarms  Monitoring
  • 20. Computing Facility Requirements Cont…  Windows/Openings  Interior/Exterior  Fixed  Shatterproof  Computer and Equipment Room Lay Out  Equipment Access  Storage  Occupied Areas  Water Sources  Cable Routing
  • 21. Computing Facility Requirements Cont…  Dedicated Circuits  Controlled Access to  Power Distribution Panels  Master Circuit Breakers  Transformers  Feeder Cables  Emergency Power Off Controls  Voltage Monitoring/Recording  Surge Protection
  • 22. Computing Facility Requirements Cont…  Backup Power Alternate Feeders Uninterruptible Power Supply Hydrogen Gas Hazard Maintenance/Testing Emergency Power Generator Fuel Consideration Maintenance/Testing Costs  HVAC  Telecom
  • 23. Computing Facility Requirements Cont…  Humidity Controls  Risk of Static Electricity  Risk to Electric Connections  Air Quality (Dust)  Water Protection  Falling Water  Rising Water  Drains  Protective Coverings  Moisture Detection Systems
  • 24. Securing Storage Areas  Forms Storage Rooms  Increased Threat of Fire  Combustibles  Access Controls  Media Storage Rooms  Media Sensitivity  Segregation  Access Controls  Environmental Controls
  • 25. Media Protection  Storage  Media Libraries/Special Rooms  Cabinets  Vaults  Location  Operational  Off-Site  Transportation
  • 26. Cable Protection  Optical Fiber  Copper Wire  Certifying the Wiring and Cabling  Controlling Access to Closets and Riser Rooms
  • 27. Other Considerations  Dealing with Existing Facilities  Planning  Upgrade/Renovation  Incremental New Construction  Protecting the Protection  Implement Physical and Environmental Controls for Security Systems  Protect against both Intentional and Inadvertent Threats
  • 28. Personnel Access Controls  Position Sensitivity Designation  Management Review of Access Lists  Background Screening/Re-Screening  Termination/Transfer Controls  Disgruntled Employees
  • 29. Access Controls – Locks  Preset Locks and Keys  Programmable Locks  Mechanical (Cipher Locks)  Electronic (Keypad Systems): Digital Keyboard  Number of Combinations  Number of Digits in Code  Frequency of Code Change  Error Lock-Out  Error Alarms
  • 30. Access Controls - Tokens  Security Card Systems  Dumb Cards Photo Identification Badges Manual Visual Verification Can be Combined with Smart Technology  Digital Coded (Smart) Cards Often Require Use of PIN Number with Card Readers: Card Insertion, Card Swipe & Proximity
  • 31. Types of Access Cards  Photo ID Cards  Optical Coded Cards (Magnetic Dot)  Electric Circuit Cards (Embedded Wire)  Magnetic Cards (Magnetic Particles)  Metallic Stripe Card (Copper Strips)
  • 32. Access Controls - Biometrics  Fingerprint/Thumbprint Scan  Blood Vein Pattern Scan  Retina  Wrist  Hand  Hand Geometry  Facial Recognition  Voice Verification  Keystroke Recorders  Problems  Cost  Speed  Accuracy
  • 33. Physical Security in Distributed Processing  Threats To Confidentiality Sharing Computers Sharing Diskettes To Availability  User Errors To Data Integrity Malicious Code Version Control
  • 34. Physical Security Controls Distributed Processing  Office Area Controls  Entry Controls  Office Lay-Out  Personnel Controls  Hard-Copy Document Controls  Electronic Media Controls  Clean-Desk Policy
  • 35. Physical Security Controls - Office Area  Printer/Output Controls  Property Controls  Space Protection Devices  Equipment Lock-Down
  • 36. Physical Security Controls - Distributed Processing Cont… Cable Locks Disk Locks Port Controls Power Switch Locks Keyboard Locks Cover Locks
  • 37. Physical Security Controls - Distributed Processing Cont…  Isolated Power Source  Noise  Voltage Fluctuations  Power Outages  Heat/Humidity Considerations  Fire/Water  Magnetic Media Controls
  • 38. Physical Security Controls Extended Processing  User Responsibilities Paramount  Protection against Disclosure  Shoulder Surfing  Access to Sensitive Media and Written Material  Integrity Protection  Protection against Loss or Theft  Locks  Practices  Management Responsibilities  Approval  Monitoring
  • 39. Physical Security - Other Terms  Tailgate  Passive Ultrasonic  Piggy-Back  Fail Safe/Fail Soft  Stay Behind  IDS   Shoulder Surfing Degauss  Electronic Emanation  Remanence  Tsunami  Mantrap  RFI  Pass-Back  Defense in Depth  Dumpster Diving  EMI  False Positive/Negative  Top Guard  Montreal Protocol  Duress Alarm  Tamper Alarm
  • 40. ?