Fundamentals of Information Systems Security/Physical and Environmental Security
Physical Security Challenges
editPhysical Threat Types
editNatural Disasters
- Hurricanes, typhoons, and tropical cyclones—These products of Mother Nature are products of the tropical ocean and atmosphere. They are powered by heat from the sea. As they progress across the ocean, they grow in velocity. When they move ashore, they spawn tornadoes and cause high winds and floods.
- Tidal waves/tsunamis—The word tsunami is based on a Japanese word meaning “harbor wave.” This natural phenomenon consists of a series of widely dispersed waves that cause massive damage when they come ashore.
- Floods—Floods can result when the soil has poor retention properties or when the amount of rainfall exceeds the ground’s ability to absorb water. Floods are also caused when creeks and rivers overflow their banks.
- Earthquakes—These are caused from movement of the earth along the fault lines.
- Tornados—Tornados are violent storms that form from a thunderstorm. They descend to the ground as a violent rotating column of air. Tornados leave a path of destruction that can extend from the width of a football field to about a mile wide.
- Fire—This one leads the list in damage and potential for loss of life.
Man-Made Threats
- Terrorism—Terrorism is a deliberate use of violence against civilians for political or religious means.
- Vandalism—The willful destruction of another’s property.
- Theft—Theft of company assets can range from annoying to detrimental.
- Destruction—A former employee thought he would get even with the company by wiping out an important company database. What will it cost to recover? Did anyone implement that backup policy?
- Criminal activities
Emergency Situations
- Communication loss- Communication loss can be the outage of voice communication systems or data networks.
- Utility loss—Utilities include water, gas, communications systems, and electrical power. The loss of utilities can bring business to a standstill. Generators and backup can prevent these problems if they are used.
- Equipment failure—Equipment will fail over time. That is why maintenance is so important. A Fortune 1000 study found that 65% of all businesses that failed to become operational after 1 week never became operational.Service-level agreements (SLAs) are one good way to plan for equipment failure. With an SLA in place, the vendor agrees to repair or replace the covered equipment within a given period of time.
Site Location
edit
Key Requirements
editLocation
editConstruction
editDoors,Walls,Windows and Ceiling
editThe Layered Defense Model
editPhysical Considerations
Working with Others to Achieve Physical and Procedural Security
Physical and Procedural Security Methods, Tools, and Techniques
Procedural Controls
Infrastructure Support Systems
Fire Prevention, Detection, and Suppression
Boundary Protection
Building Entry Points
Keys and Locking Systems
Walls, Doors, and Windows
Access Controls
Closed-Circuit Television (CCTV)
Intrusion Detection Systems
Portable Device Security
Asset and Risk Registers
Information Protection and Management Services
editManaged Services
Audits, Drills, Exercises, and Testing
Vulnerability and Penetration Tests
Maintenance and Service Issues
Education, Training, and Awareness