Domain 4: Physical (Environmental) Security

About This Presentation

Title:

Domain 4: Physical (Environmental) Security

Description:

... Zoom Pan & Tilt Transmission Media Coax Cable Fiber Cable Wireless Monitor CCTV Added Components Camera Tube Pan and Tilt Units Panning Device Mountings ... – PowerPoint PPT presentation

Number of Views:419

Avg rating:3.0/5.0

Slides: 99

Provided by: ErnieH1

Category:

more less

Transcript and Presenter's Notes

Title: Domain 4: Physical (Environmental) Security

1
Domain 4Physical (Environmental) Security

CISSP Study Group
April 15, 2007

2
References

Official (ISC) Guide to the CISSP CBK
US Army Field Manual 3-19.30, Physical Security
CISSP Prep Guide Krutz Vines
Fighting Computer Crime Parker
CISSP Certification Shon Harris
CISSP for Dummies (Rev 0) Miller Gregory
Physical Security for Mission-Critical
Facilities and Data Centers, by Gerald Bowman,
Information Security Management Handbook, 5th
Edition, Vol 3
Mike Meyers Passport Security
Uptime Institute www.uptimeinstitute.com
Status Of Industry Efforts To Replace Halon Fire
Extinguishing Agents, Robert T. Wickham,
http//www.periphman.com/fire/statusofindustry.pdf

3
IMPORTANT TIP!

Many CISSP candidates underestimate the physical
security domain. As a result, exam scores are
often the lowest in this domain.
CISSP For Dummies
Page 301

4
Objectives

Upon completion of this discussion, you should be
able to
Describe the threats, vulnerabilities, and
countermeasures related to physically protecting
the enterprises sensitive information assets
Identify the risk to facilities, data, media,
equipment, support systems, and supplies as they
relate to physical security.

5
5 Functional Areas

Information Protection Requirements
Information Protection Environment
Security Technology and Tools
Assurance, Trust and Confidence Mechanisms
Information Protection and Management Services

6
Risks to CIA

Interruptions in providing computer services
Availability
Physical Damage Availability
Unauthorized Disclosure of Information
Confidentiality
Loss of Control Over Information Integrity
Physical Theft Confidentiality, Integrity, and
Availability

7
Definition Physical Security

The physical measures and their associated
procedures to safeguard and protect against
Damage
Loss
Theft

8
Required Physical Controls

Perimeter and Building Grounds
Building Entry Points
Inside the Building Building Floors / Offices
Data Centers or Server Room Security
Computer Equipment Protection
Object Protection

9
5 Functional Areas

Information Protection Requirements
Information Protection Environment
Security Technology and Tools
Assurance, Trust and Confidence Mechanisms
Information Protection and Management Services

10
Definition Threat

Any indication, circumstance or event with the
potential to cause
Loss of or Damage to an Asset
Personal Injury
Loss of Live

11
Threat Types

Natural / Environmental
Earthquakes, floods, storms, hurricanes, fires,
smoke, snow, ice
Consequence of Natural Phenomenon
Pandemic Flu
Normally not preventable
Human Made / Political Events
Explosions, vandalism, theft, terrorist attacks,
riots
Result of a state of mind, attitude, weakness or
character trait
Acts of commission or omission
Overt or covert
Disrupt or destroy

12
Examples of Threats

Emergencies
Fire and Smoke Contaminants
Building Collapse or Explosion
Utility Loss (Power, AC, Heat)
Water Damage (Broken Pipes)
Toxic Materials Release

13
Examples of Threats (2)

Natural Disasters
Earth Movement (Earthquakes or Mudslides)
Storm Damage (Snow, Ice, Floods, Hurricanes)
Human Intervention
Sabotage
Vandalism
War
Strikes

14
Examples of Physical Loss

Seven Major Sources of Physical Loss
Temperature Extreme Variations in Heat and Cold
Gasses Sarin, Nerve Gas, PCP from Transformers,
Cleaning Fluids, Smog, Fuel Vapors, Paper
Particles from Printers
Liquids Water and Chemicals (flood, plumbing
failures, spilled drinks, fuel leaks, computer
printer fluids)
Organisms Viruses, Bacteria, People, Animals
and Insects, Molds, Mildews, Cobwebs

Ref Fighting Computer Crime Donn B. Parker
Wiley 1998
15
Examples of Physical Loss

Seven Major Sources of Physical Loss (2)
Projectiles Tangible Objects in Motion (Cars,
Trucks, Falling Objects, Meteorites, Bullets,
Rockets)
Movement Collapse, Shearing, Shaking,
Vibration, Liquefaction, Flows, Waves,
Separations and Slides (Lava Flows, Earthquakes,
Adhesive Failures, Dropping or Shaking Equipment)
Energy Anomalies Electrical Surges or Failures,
Magnetism, Static Electricity, Radiation, Sound,
Light, Radio and Magnetic Waves

16
Site Location

Security Should include WHERE the building is and
HOW it should be built
Choosing a Secure Site
Visibility Usually low visibility is the rule
to follow. What types of neighbors and markings
on the building?
Local Considerations Near hazardous waste dump?
In flood control plain? Local crime rate,
riots, strike-prone area?
Natural Disasters Weather-related problems,
tornados, flooding, heavy snow, earthquake zone

17
Site Location (2)

Choosing a Secure Site
Transportation Excessive highway, air or road
traffic in area, failed bridges will cause
building access problems?
Joint Tenancy Are access to HVAC and
environmental controls shared in building?
Adjacent Buildings
External Services Proximity to local Fire,
Police, Hospital/Medical Facilities?

18
Key Concept Layered Defense Model
19
Key Concept Layered Defense Model
Ref http//rphrm.curtin.edu.au
20
Designing a Secure Site

WALLS
All walls MUST have an acceptable Fire Rating.
Be Floor to Ceiling
Any Closets or Rooms that Store Media must also
have Fire Rating
CEILINGS
Be aware if they are WEIGHT BEARING and their
Fire Rating

21
Designing a Secure Site (2)

FLOORS
Slab or Raised?
SLAB
If concrete then concerns are Weight Bearing (aka
Loading) Usually 150 pounds per square foot.
RAISED
Concerned with Fire Rating, Electrical
Conductivity (Grounding against static
electricity)
Must employ non-conducting surface material in
data center

22
Designing a Secure Site (3)

DOORS
Must resist Forced Entry
Solid or Hollow
Hinges Hidden, Internal or Fixed
Fire Rating Equal to Walls
Emergency Exits Must Be Clearly Marked,
Monitored, or Alarmed
Electrical Doors on Emergency Exits Should Revert
to Disabled State if Power Outage Occurs For Safe
Evacuation
TIP!! Personnel Safety ALWAYS Takes Precedence!
Doors Can Be Guarded During an Emergency

23
Designing a Secure Site (4)

SPRINKLER SYSTEM
Location and Type of Suppression System Must
Always Be Known
LIQUID or GAS LINES
Know Where the Shut Off Valves Are
Water, Steam and Gas Lines Should Have POSITIVE
Drains
i.e., Flow Outward and Away from Building

24
Designing a Secure Site (5)

AIR CONDITIONING
AC Units Should Have Dedicated Power Circuits
Know Where the Emergency Power Off (EPO) Switch
is Located
Provide Outward, Positive Air Pressure to
Building
Protected Intake Vents to Prevent Inflow of
Potential Toxins Into a Facility

25
Designing a Secure Site (6)

WINDOWS
Located to Prevent Viewing Monitors or Desks
Standard Plate Glass (Brittle, Breaks Easily)
Tempered Glass (Stronger, Breaks into Small
Shards)
Acrylic Materials
Polycarbonate Windows
Glass and Polycarbonate Combinations Combine Best
of Glass and Acrylics
Wire Mesh Layers
Lexan (General Electric)
Bomb Blast Film (Prevent Viewing In and Reinforce
Window)
Bullet Resistant Windows
Glass Breakage Sensors
Usually Not Accepted in Data Center
If Installed, Should Be Translucent and
Shatterproof
Frames Secured to Walls, Windows Can Be Locked,
Glass Cant be Removed

26
Procedural Controls

Guard Post / Dogs
Checking and Escorting Visitors on Site
Managing Deliveries to the Site
Building-Specific

27
Facility Security Management

Administrative Security Controls NOT Related to
Initial Planning Process
Audit Trails or Access Logs
Vital to Know Where Attempts to Enter Existed and
Who Attempted Them
Emergency Procedures
Should be Clearly Documented and Readily
Accessible
Copies Stored Offsite in the Event of a Disaster
Updated Periodically

28
Audit Trails

These are known as DETECTIVE rather than
PREVENTIVE
Date and Time of Access Attempt
Whether the Attempt was Successful or Not
Where the Access was Granted (i.e., which door)
Who Attempted the Access
Who Modified the Access Privileges at the
Supervisor Level
Can Send Alarms or Alerts if Required

29
Emergency Procedures

Should Include the Following
Emergency System Shutdown Procedures
Evacuation Procedures
Employee Training, Awareness Programs, and
Periodic Drills
Periodic Equipment and Systems Tests

30
Administrative Personnel Controls

Pre-Employment Screening
Employment, References and Educational History
Checks
Background Investigation and/or Credit Rating
Checks for Sensitive Positions
On-Going Employee Checks
Security Clearances
Ongoing Employee Ratings or Reviews by
Supervisors
Post-Employment Procedures
Exit Interview, Removal of Network Access, Return
of Computers, etc.

31
Environmental and Life Safety Controls

Three Areas of Environmental Control
Electrical Power
Fire Detection and Suppression
Heating, Ventilation and Air Conditioning (HVAC)

32
Electrical Power

Disruptions in Electrical Power Can Have a
Serious Business Impact
Goals
Clean and Steady Power
Excellent Power Quality
Design Considerations
Dedicated Feeders
Alternate Power Source
Access Controls
Secure Breaker and Transformer Rooms

33
Electrical Power Threat Elements

NOISE
Electromagnetic Interference (EMI)
Radio Frequency Interference (RFI)
ANOMOLIES
Brownout, Blackout, Fault, etc.
ELECTROSTATIC DISCHARGE (ESD)
Affected by Low Humidity

34
Electrical Noise

Def Random Disturbance Interfering With Devices
Electromagnetic Interference (EMI)
Caused by Motors, Lightning, etc.
Spark Noise
Radio Frequency Interference (RFI)
Caused by Components of Electrical System
Caused by Electrical Cables, Fluorescent
Lighting, Truck Ignitions, etc.
Can Cause Permanent Damage to Sensitive
Components in a System

35
Electrical Noise (2)

Common Types of EMI
Common Mode Noise Noise from Radiation
Generated by the Difference Between the Hot and
Ground Wires
Traverse Mode Noise Noise from Radiation
Generated by the Difference Between the Hot and
Neutral Wires

36
Protective Measures for NOISE

Proper Line Conditioning
Proper Grounding of the System to Earth
Cable Shielding
Limited Exposure to Magnets, Electrical Motors,
Space Heaters and Fluorescent Lights

37
Electrical Anomalies
Electrical Event Definition
Blackout Total loss of power
Fault Momentary loss of power
Brownout Prolonged drop in voltage (up to 10)
Sag Short drop in voltage
Inrush Initial power rush
Spike Momentary rush of power, Momentary high voltage
Surge Prolonged rush of power, prolonged high voltage
Mnemonic Bob Frequently Buys Shoes in Shoe
Stores
38
Electrical Anomalies (2)

Transients
Line Noise that is Superimposed On the Supply
Circuit Can Cause Fluctuation in Power
Inrush Current
The Initial Surge of Current Required When There
is an Increase in Power Demand (e.g., starting a
large motor)

39
Electrostatic Discharge (ESD)

Power Surge Generated by a Person or Device
Contacting Another Device and Transferring a High
Voltage Shock
Affected by Low Humidity

40
Now, About Humidity

Ideal Humidity Range 40 to 60
High Humidity gt 60
Causes Problems with Condensation on Computer
Equipment
Cause Corrosion of Electrical Connections sort
of like Electroplating and Impedes Electrical
Efficiency
Low Humidity lt 40
Can Cause Increase in Electrostatic Discharge
Up to 4000 Volts Under Normal Humidity
Up to 25,000 Volts Under Very Low Humidity

41
Static Charge and Damage
Static Charge in Volts Will Damage
40 Sensitive Circuits and Transistors
1,000 Scramble Monitor Display
1,500 Disk Drive Data Loss
2,000 System Shutdown
4,000 Printer Jam
17,000 Permanent Chip Damage
42
Precautions for Static Electricity

Use Anti-Static Sprays Where Possible
Operations or Computer Centers Should Have
Anti-Static Flooring
Zinc Whiskers Problem
Building and Computer Rooms Should be Grounded
Properly
Anti-Static Table or Floor Mats
HVAC Should Maintain Proper Level of Humidity in
Computer Rooms

43
Electrical Support Systems

Surge Suppressors
Uninterruptible Power Supplies
Only for Duration Needed to Safely Shutdown
Systems
Emergency Shutoff (EPO Switch)
Have Monitored by Camera
Alternate Power Supply
Generator, Fuel Cell, etc.

44
FIRE PROTECTION

Fire Prevention
Fire Detection
Fire Suppression

45
Fire Triangle
Heat
Oxygen
A FIRE Needs These Three Elements to Burn
Fire Fighting Removes One of These Three Elements
OR By Temporarily Breaking Up the
Chemical Reaction
Fuel
46
Types of Fires
Class Description (Fuel)
A Common combustibles such as paper, wood, furniture, clothing
B Burnable fuels such as gasoline or oil
C Electrical fires such as computers and electronics
D Special fires, such as chemical, metal
K Commercial Kitchens
47
Fire Prevention

Use Fire Resistant Materials for Walls, Doors,
Furnishings, etc.
Reduce the Amount of Combustible Papers Around
Electrical Equipment
Provide Fire Prevention Training to Employees
REMEMBER Life Safety is the Most Important
Issue!
Conduct Fire Drills on All Shifts So that
Personnel Know How to Exit A Building

48
Fire Detection

Ionization-type Smoke Detectors
Detect Charged Particles in Smoke
Optical (Photoelectric) Detectors
React to Light Blockage Caused by Smoke
Fixed or Rate-of-Rise Temperature Sensors
Heat Detectors That React to the Heat of a Fire
Fixed Sensors Have Lower False Positives
Flame Actuated
Senses Infrared Energy of Flame or Pulsating of
the Flame
Very FAST Response Time, Expensive

49
Fire Detection (2)

Automatic Dial-Up Fire Alarm
System Dials the Local Fire or Police Department
and Plays a Prerecorded Message When a Fire is
Detected
Usually Used in Conjunction with One of the Other
Type of Fire Detectors
This Type of System Can Be Easily/Intentionally
Subverted
Combinations are Usually Used for The Best
Effectiveness in Detecting a Fire

50
Fire Classes and Suppression/Extinguishing Methods
Class Description (Fuel) Extinguishing Method
A Common combustibles such as paper, wood, furniture, clothing Water, Foam
B Burnable fuels such as gasoline or oil Inert Gas, CO2
C Electrical fires such as computers and electronics Inert Gas, CO2(Note Most important step Turn off electricity first!)
D Special fires, such as chemical, metal Dry Powder (May require total immersion or other special techniques)
K Commercial Kitchens Wet Chemicals
51
Fire Suppression

Carbon Dioxide (CO2), Foam, Inert Gas and Dry
Power Extinguishers DISPLACE Oxygen to Suppress a
Fire
CO2 Is a Risk to Humans (Because of Oxygen
Displacement)
Water Suppresses the Temperature Required to
Sustain a Fire

52
Fire Suppression - Halon

Halon Banned for New Systems Under 1987 Montreal
Protocol on Substances that Deplete the Ozone
Layer
Began Implementation of Ban in 1992
Any New Installations of Fire Suppression systems
Must Use Alternate Options
EU Requires Removal of Halon for Most
Applications
Halon Replacements
FM200,

53
Halon Replacements
Ref http//www.periphman.com/fire/statusofindustr
y.pdf
54
Fire Suppression - Water

Wet Pipe
Always Contains Water
Most Popular and Reliable
165 Fuse Melts
Can Freeze in Winter
Pipe Breaks Can Cause Floods
Dry Pipe
No Water in Pipe
Preferred for Computer Installations
Water Held Back by Clapper
Air Blows Out of Pipe, Water Flows

Wet Pipe Dry Pipe
55
Fire Suppression Water (2)

Deluge
Type of Dry Pipe
Water Discharge is Large
Not Recommended for Computer Installations
Preaction
Most Recommended for Computer Room
Combines Both Dry and Wet Pipes
Water Released into Pipe First Then After Fuse
Melts in Nozzle the Water is Dispersed

56
Fire Contamination Damage

Smoke
Heat
Water
Suppression Medium Contamination

57
Heating Ventilation Air Conditioning (HVAC)

Usually the Focal Point for Environmental
Controls
You Need to Know Who is Responsible for HVAC in
Your Building
Clear Escalation Steps Need to Be Defined Well in
Advance of an Environmental-Threatening Incident

58
HVAC Issues

Are Computerized Components Involved?
Does It Maintain Appropriate Temperature and
Humidity Levels? Air Quality?
Ideal Temperature 70 to 74 F
Ideal Humidity 40 to 60
Maintenance Procedures Should Be Documented
Preventive Maintenance Performed and Documented

59
5 Functional Areas

Information Protection Requirements
Information Protection Environment
Security Technology and Tools
Assurance, Trust and Confidence Mechanisms
Information Protection and Management Services

60
Elements of Physical Security

Badges
Restricted Areas
Lights
Dogs
CCTV
Locks

Access Control
Barriers
Security Forces
Fences
Intrusion Detection Systems

61
Functions of Physical Security

Deter
Delay
Detect
Assess
Respond

62
Layered Defense

Security Breach Alarms
On-Premises Security Officers
Server Ops Monitoring
Early Warning Smoke Detectors
Redundant HVAC Equipment
UPS and Backup Generators
Seismically Braced Server Racks
Biometric Access Exit Sensors
Continuous Video Surveillance
Electronic Motion Sensors

63
Perimeter Protection

Perimeter Security Controls are the First Line of
Defense
Protective Barriers Natural or Structural
Natural Barriers
Terrains That are Difficult to Cross
Landscaping (Shrubs, Trees, Spiny Shrubs)
Structural Barriers
Fences, Gates, Bollards, Facility Walls

64
Fences

Know These Fencing Heights
3 ft 4 ft High Deters Casual Trespassers
6 ft 8 ft High Too Hard to Climb Easily
8 ft High with 3 Strands of Barbed Wire Deters
Intruders
3 Types of Fencing
Chain Link
Barbed Wire
Barbed Tape or Concertina Wire

65
Fences (2)

Chain Link
6 Feet Tall (Excluding Top Guard)
8 Feet Tall (with Top Guard)
2 inch Openings or Less
Reach within 2 Inches of Ground or On Soft Ground
It Is Below the Surface
Be Sure Vegetation or Adjacent Structures Do Not
Bridge Over the Fence

66
Gates, Bollards, Barriers
67
Intrusion Detection Surveillance

Perimeter Intrusion Detection Systems
Sensors That Detect Access Into the Area
Photoelectric (Usu. Infrared Light)
Ultrasonic
Microwave
Passive Infrared (PIR)
Pressure Sensitive (Dry Contact Switch)
Surveillance Devices
Closed-Circuit Television (CCTV)

68
Motion Detectors

3 Categories
Wave Pattern Generates a Frequency Wave
Pattern. If Pattern is Disturbed as it is
Reflected Back to its Receiver (low, ultrasonic
or microwave range)
Capacitance Monitor an Electrical Field Around
an Object. If Field is Disturbed the Alarm is
Triggered. Used for Spot Protection.
Audio Detectors Monitor for any Abnormal Sound
Wave Generation. (Lots of False Alarms)

69
Intrusion Detection Systems

Can Be Installed On
Windows, Doors, Ceilings, Walls
Any Other Entry Points Such as HVAC, Roof Access
Openings, Ducts, etc.
They Detect Change In
Electrical Circuits, Light Beams
Sounds, Vibrations, Motion
Capacitance Due to Penetration of An
Electrostatic Field
Biometrics

70
CCTV

Def A Television Transmission System That Uses
Cameras to Transmit Pictures To Connected
Monitors
CCTV Levels
Detection The Ability to Detect the Presence of
an Object
Recognition The Ability to Determine the Type
of Object (animal, blowing debris, crawling
human)
Identification The Ability to Determine the
Object Details (person, large rabbit, small deer,
tumbleweed)
Remember Monitoring Live Events is Preventive
and Recording of Events is Detective

71
CCTV Components

Camera
Fixed, Zoom
Pan Tilt
Transmission Media
Coax Cable
Fiber Cable
Wireless
Monitor

72
CCTV Added Components

Camera Tube
Pan and Tilt Units
Panning Device
Mountings
Switchers/Multiplexers
Remote Camera Controls

Infrared Illuminators
Time/Date Generators
Videotape or Digital Recorders
Motion Detectors
Computer Controls
Video Loss Detectors

73
CCTV Deployment Features

Cameras High Enough to Avoid Physical Attack
Cameras Distributed to Exclude Blind Areas
Appropriate Lenses
Pan, Tilt, Zoom (PTZ) as Required
Ability to be Recorded

Camera System Tied to Alarm System
Number and Quality of Video Frames Increased
During Alarm Event
Regular Service of Moving Parts
Cleaning Lenses
Human Intervention

74
CCTV Application Guidelines

Understand the Facilitys Total Surveillance
Requirements
Determine the Size of the Area to be Monitored
Depth, Height, and Width
Ensures Proper Camera Lens Specifications
Lighting is Important Different Lamps and
Lighting Provide Various Levels of Effectiveness
Contrast Between the Object and Background
For Outdoor Use, the US Army Specifies the
Automatically Adjusted Iris Feature

75
CCTV Design Guidelines

System Familiarity is Important Understand
Camera Placement and Detection Field Shape
Exterior Camera Concerns
Weather
Illumination Range
Field of View Alignment
Balanced Lighting
Environmental Housings
Mounting Heights
In All Cases, Place Camera High Enough to Avoid
Tampering or Collision

76
CCTV Legal and Practical Implications

Storage Implications of Recorded Data
Video Tapes Must Be Stored to Prevent
Deterioration
Digital Records Must Be Maintained to Assert
Integrity
Human Rights and Privacy Implications in
Recording People
Requirements to Blurr/Pixelate Individuals Other
than Accused

77
Lighting

Provides a Deterrent to Intruders
Makes Detection Likely if Entry Attempted
Should be Used With Other Controls Such as
Fences, Patrols, Alarm Systems, CCTV
Critical Protected Buildings Should Be
Illuminated Up to 8 Feet High, with 2 Foot-Candle
Power

78
Types of Lighting

Continuous Lighting (Most Common)
Glare Projection
Flood Lighting
Trip Lighting
Standby Lighting
Movable (Portable)
Emergency Lighting

79
Access Control
Advisory Magnetic Access Cards Should Have
No Company ID On Them

Card Access
Smart Cards
Mag Stripe Cards
Proximity Cards
Biometrics
Fingerprint
Retina or Iris Scans
Hand Geometry
Signature Dynamics

80
Locks

Tip Locks are Considered DELAY Devices Only
All Locks Can Be Defeated By Force and/or the
Proper Tools
Locks Must Never Be Considered a Stand-Alone
Method of Security

81
Locks (2)

Types of Locks
Key Locks
Combination Locks
Key Locks
Key-in-Knob or Key-in-Lever (Cylindrical Lockset)
Only for Low Security Apps
Dead Bolt Locks or Tubular Dead Bolts Good for
Storerooms, Houses (Bolt is Thrown)
Mortise Locks (Lock Case is Recessed or Mortised
into the Edge of Door) Low Security Apps
Padlocks
Combination Locks
Combinations Must Be Changed at Specific Times
and Under Specific Circumstances

82
Keyless and Smart Locks

Keyless (Cipher) Locks
Push-button locks
Smart Locks
Permit Only Authorized People Into Certain Doors
at Certain Times
E.g., Magnetic Stripe Card that is Time Sensitive

83
Lock Security Measures

Key Control Procedures
Restrict Issue of Keys on a Long-Term Basis to
Outside Maintenance or Janitorial Personnel
Keep a Record of All Issued Keys
Investigate the Loss of All Keys
When in Doubt, Rekey the Affected Locks
Use as Few Master Keys as Possible
Issue Keys on a Need-to-Go Basis
Remember Keys are a Single-Factor
Authentication Mechanism That Can Be Lost,
Stolen, or Copied.
(Use 2-Factor Methods for More Secure Spaces)

84
Compartmentalized Area

Def Location Where Sensitive Equipment is
Stored and Where Sensitive Information is
Processed
Must Have a Higher Level of Security Controls

85
Data Center

Walls
Extend from True Floor to True Ceiling
Access Controls
Depending Upon Sensitivity of the Information and
Value of Equipment, Electronic Access Controls
May Need to be Installed

Ref CISSP Certification, Shon Harris
86
Portable Device Security

Laptops, PDAs, Etc.
Protect the Device
Protect the Data in the Device
Examples
Locking Cables for Docking Stations
Tracing Software
Audible Motion Alarm
Encryption Software
PIN Protection for PDAs
Inventory System

87
Alarm Systems

Local Alarm Systems Alarm Sounds Locally and
Must be Protected from Tampering and Audible for
at Least 400 Feet
Central Station Units Monitored 7x24 and
Signaled Over Leased Lines Usually within lt10
Minutes Travel Time (Private Security Firms)
Proprietary Systems Similar to Central but
Owned and Operated by Customer
Auxiliary Station Systems Systems that Ring at
Local Fire or Police Stations

88
Additional Alarm Systems

Line Supervision
Alarm Sounds When Alarm Transmission Medium
Detects Tampering.
Secure Detection and Alarm Systems Require Line
Supervision
Power Supplies
Require Separate Circuitry and Backup Power with
24 Hour Minimum Discharge Time

89
5 Functional Areas

Information Protection Requirements
Information Protection Environment
Security Technology and Tools
Assurance, Trust and Confidence Mechanisms
Information Protection and Management Services

90
Drills Testing

Drills/Exercises/Testing
Keeps Everyone Aware of Their Responsibilities
Building Evacuation Drills Are Important
Physical Vulnerability/Penetration Tests
Should Identify Weak Entry Points
Findings Should Be Documented
Ref Ira Winkler Stories

91
Checklist, Maintenance Service

Checklist
Identifies Those Elements of Physical Security
That Need to be Checked on a Regular Basis
Maintenance and Service
Needs to be Done
Need to Monitor Who Performs the Maintenance,
Especially if it is an Outside Contractor

92
5 Functional Areas

Information Protection Requirements
Information Protection Environment
Security Technology and Tools
Assurance, Trust and Confidence Mechanisms
Information Protection and Management Services

93
Managed Services

Be Sure To Address
Contractor Understands and is Contractually Bound
to Meet the Organizations Physical and
Procedural Security Requirements
The Contracting Organization Has Ability to Audit
or Test the Security Services Provided
There is a Channel of Communications Between the
Contracting Authority and the Contractor to
Affect Changes As Needed

94
Media Storage Requirements