SlideShare a Scribd company logo

Lesson 2

Download as PPT, PDF
M
MLG College of Learning, Inc

This document discusses physical security considerations for information systems. It covers fire detection and response systems, ensuring proper heating, ventilation and air conditioning, managing power supplies and utilities, preventing water damage, avoiding structural collapse, monitoring for data interception, securing mobile devices and remote access, and inventory management. The goal is to identify and address physical threats to information security facilities and systems.

Education
1 of 28
Principles of Information Security, Fifth Edition Chapter 9 Physical Security Lesson 2 – File Detection and Response
Learning Objectives • Upon completion of this material, you should be able to: – Discuss the relationship between information security and physical security – Describe key physical security considerations, including fire control and surveillance systems – Identify critical physical environment considerations for computing facilities, including uninterruptible power supplies Principles of Information Security, Fifth Edition 2
Fire Detection and Response • Fire suppression systems: devices installed and maintained to detect and respond to a fire, potential fire, or combustion danger • Flame point: temperature of ignition • Deny an environment of temperature, fuel, or oxygen – Water and water mist systems – Carbon dioxide systems – Soda acid systems – Gas-based systems Principles of Information Security, Fifth Edition 3
Fire Detection and Response (cont’d) • Fire detection – Fire detection systems fall into two general categories: manual and automatic – To prevent an attacker slipping into offices during an evacuation, programs often designate a person from each office area to serve as a floor monitor. – There are three basic types of fire detection systems: thermal detection, smoke detection, flame detection Principles of Information Security, Fifth Edition 4
Fire Detection and Response (cont’d) • Fire suppression – Systems can consist of portable, manual, or automatic apparatus. – Portable extinguishers are rated by the type of fire: Class A, Class B, Class C, Class D, Class K. – Installed systems apply suppressive agents, usually either sprinkler or gaseous systems. Principles of Information Security, Fifth Edition 5
Principles of Information Security, Fifth Edition 6
Fire Detection and Response (cont’d) • Gaseous emission systems – Until recently, two types of systems: carbon dioxide and Halon – Carbon dioxide removes fire’s oxygen supply. – Halon is clean but has been classified as an ozone- depleting substance; new installations are prohibited. – Alternative clean agents presented in Table 9-1 (found on pages 484-485 in the text) are reported to be less effective than Halon. Principles of Information Security, Fifth Edition 7
Principles of Information Security, Fifth Edition 8
Failure of Supporting Utilities and Structural Collapse • Supporting utilities (heating, ventilation, and air conditioning; power; water) have significant impact on continued safe operation of a facility. • Each utility must be properly managed to prevent potential damage to information and information systems. Principles of Information Security, Fifth Edition 9
Heating, Ventilation, and Air Conditioning • Areas within heating, ventilation, and air conditioning (HVAC) systems that can cause damage to information systems include: – Temperature – Filtration – Humidity – Static electricity Principles of Information Security, Fifth Edition 10
Principles of Information Security, Fifth Edition 11
Heating, Ventilation, and Air Conditioning (cont’d) • Ventilation shafts – While ductwork is small in residential buildings, in large commercial buildings it can be large enough for an individual to climb through. – If ducts are large, security can install wire mesh grids at various points to compartmentalize the runs. Principles of Information Security, Fifth Edition 12
Heating, Ventilation, and Air Conditioning (cont’d) • Power management and conditioning – Power systems used by information-processing equipment must be properly installed and correctly grounded. – Noise that interferes with the normal 60 Hertz cycle can result in inaccurate time clocks or unreliable internal clocks inside CPU. Principles of Information Security, Fifth Edition 13
Heating, Ventilation, and Air Conditioning (cont’d) • Grounding and amperage – Grounding ensures that returning flow of current is properly discharged to ground – GFCI: capable of quickly identifying and interrupting a ground fault – Overloading a circuit can create a load exceeding electrical cable’s rating, increasing the risk of overheating and fire. Principles of Information Security, Fifth Edition 14
Heating, Ventilation, and Air Conditioning (cont’d) • Uninterruptible power supply (UPS) – In case of power outage, UPS is the backup power source for major computing systems. – Basic UPS configurations: • Standby • Line-interactive • Standby online hybrid • Standby ferroresonant • Double conversion online • Data conversion online Principles of Information Security, Fifth Edition 15
Principles of Information Security, Fifth Edition 16
Heating, Ventilation, and Air Conditioning (cont’d) • Emergency shutoff – Important aspect of power management is the ability to stop power immediately if the current represents a risk to human or machine safety. – Most computer rooms and wiring closets are equipped with an emergency power shutoff. Principles of Information Security, Fifth Edition 17
Water Problems • Lack of water poses problem to systems, including fire suppression and air-conditioning systems. • Surplus of water, or water pressure, poses a real threat (flooding, leaks). • Very important to integrate water detection systems into alarm systems that regulate overall facility operations Principles of Information Security, Fifth Edition 18
Structural Collapse • Unavoidable environmental factors/forces can cause failures in structures that house an organization. • Structures are designed and constructed with specific load limits; overloading these limits results in structural failure and potential injury or loss of life. • Periodic inspections by qualified civil engineers assist in identifying potentially dangerous structural conditions. Principles of Information Security, Fifth Edition 19
Maintenance of Facility Systems • Physical security must be constantly documented, evaluated, and tested. • Documentation of facility’s configuration, operation, and function should be integrated into disaster recovery plans and standard operating procedures. • Testing helps improve the facility’s physical security and identify weak points. Principles of Information Security, Fifth Edition 20
Interception of Data • Three methods of data interception: – Direct observation – Interception of data transmission – Electromagnetic interception • U.S. government developed TEMPEST program to reduce the risk of electromagnetic radiation (EMR) monitoring. Principles of Information Security, Fifth Edition 21
Securing Mobile and Portable Systems • Mobile computing requires more security than typical computing infrastructures on the organization’s premises. • Many mobile computing systems – Have corporate information stored within them – Some are configured to facilitate user’s access into organization’s secure computing facilities. Principles of Information Security, Fifth Edition 22
Securing Mobile and Portable Systems (cont’d) • Controls support security and retrieval of lost or stolen laptops – CompuTrace software, stored on laptop; reports to a central monitoring center – Burglar alarms are made up of a PC card that contains a motion detector. Principles of Information Security, Fifth Edition 23
Principles of Information Security, Fifth Edition 24
Remote Computing Security • Remote site computing involves variety of computing sites outside the organization’s main facility. • Telecommuting: off-site computing using Internet, dial-up, or leased point-to-point links • Employees may need to access networks on business trips; telecommuters need access from home systems or satellite offices. • Telecommuter’s computers must be made more secure than organization’s systems. Principles of Information Security, Fifth Edition 25
Special Considerations for Physical Security Threats • Develop physical security in-house or outsource? – Many qualified and professional agencies – Benefit of outsourcing includes gaining experience and knowledge of agencies. – Downside includes high expense, loss of control over individual components, and level of trust that must be placed in another company. • Social engineering: use of people skills to obtain information from employees that should not be released Principles of Information Security, Fifth Edition 26
Inventory Management • Computing equipment should be inventoried and inspected on a regular basis. • Classified information should also be inventoried and managed. • Physical security of computing equipment, data storage media, and classified documents varies for each organization. Principles of Information Security, Fifth Edition 27
Summary • Threats to information security that are unique to physical security • Key physical security considerations in a facility site • Physical security monitoring components • Essential elements of access control • Fire safety, fire detection, and response • Importance of supporting utilities, especially use of uninterruptible power supplies • Countermeasures to physical theft of computing devices Principles of Information Security, Fifth Edition 28

Recommended

Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information Policy
MLG College of Learning, Inc
 
Lesson 4
Lesson 4Lesson 4
Lesson 4
MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
MLG College of Learning, Inc
 
Lesson 1 - Introduction
Lesson 1 - Introduction Lesson 1 - Introduction
Lesson 1 - Introduction
MLG College of Learning, Inc
 
Lesson 3- Fair Approach
Lesson 3- Fair ApproachLesson 3- Fair Approach
Lesson 3- Fair Approach
MLG College of Learning, Inc
 
Lesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationLesson 2- Information Asset Valuation
Lesson 2- Information Asset Valuation
MLG College of Learning, Inc
 

Recommended

Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information Policy
MLG College of Learning, Inc
 
Lesson 4
Lesson 4Lesson 4
Lesson 4
MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
MLG College of Learning, Inc
 
Lesson 1 - Introduction
Lesson 1 - Introduction Lesson 1 - Introduction
Lesson 1 - Introduction
MLG College of Learning, Inc
 
Lesson 3- Fair Approach
Lesson 3- Fair ApproachLesson 3- Fair Approach
Lesson 3- Fair Approach
MLG College of Learning, Inc
 
Lesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationLesson 2- Information Asset Valuation
Lesson 2- Information Asset Valuation
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3
MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
MLG College of Learning, Inc
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk Managment
MLG College of Learning, Inc
 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion Detection
MLG College of Learning, Inc
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security Blueprint
Zefren Edior
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
sivadnolram
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
Anne Starr
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solution
Vivek Maurya
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1
Maxpromotion
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and procedures
CAS
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Comp8 unit6b lecture_slides
Comp8 unit6b lecture_slidesComp8 unit6b lecture_slides
Comp8 unit6b lecture_slides
CMDLMS
 
1.ppt
1.ppt1.ppt
1.ppt
prakash581021
 

More Related Content

What's hot

Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1
Maxpromotion
 

What's hot (20)

Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk Managment
 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion Detection
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security Blueprint
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solution
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and procedures
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 

Similar to Lesson 2

Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
Malachi Jones
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
misecho
 
Company profile miguns Group
Company profile miguns GroupCompany profile miguns Group
Company profile miguns Group
Akankha Ahmed
 

Similar to Lesson 2 (20)

Comp8 unit6b lecture_slides
Comp8 unit6b lecture_slidesComp8 unit6b lecture_slides
Comp8 unit6b lecture_slides
 
1.ppt
1.ppt1.ppt
1.ppt
 
III SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoTIII SEM MCA-Module 4 -Ch2.pdf- Securing IoT
III SEM MCA-Module 4 -Ch2.pdf- Securing IoT
 
What Do Energy Management Systems Really Cost?
What Do Energy Management Systems Really Cost?What Do Energy Management Systems Really Cost?
What Do Energy Management Systems Really Cost?
 
Automated Thermal Imaging for Remote Substation Monitoring
Automated Thermal Imaging for Remote Substation MonitoringAutomated Thermal Imaging for Remote Substation Monitoring
Automated Thermal Imaging for Remote Substation Monitoring
 
Systemcare in computer
Systemcare in computer Systemcare in computer
Systemcare in computer
 
IO-Summary-for-IBMS-Service.pdf
IO-Summary-for-IBMS-Service.pdfIO-Summary-for-IBMS-Service.pdf
IO-Summary-for-IBMS-Service.pdf
 
Panduit EMEA SI Webinar 8
Panduit EMEA SI Webinar 8Panduit EMEA SI Webinar 8
Panduit EMEA SI Webinar 8
 
T063500000200201 ppte
T063500000200201 ppteT063500000200201 ppte
T063500000200201 ppte
 
Data center
Data centerData center
Data center
 
10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond
 
It security for libraries part 3 - disaster recovery
It security for libraries part 3 - disaster recovery It security for libraries part 3 - disaster recovery
It security for libraries part 3 - disaster recovery
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...
 
Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...Health apps regulation and quality control case studies and session 2 present...
Health apps regulation and quality control case studies and session 2 present...
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
 
Mis
MisMis
Mis
 
Safety and security in distributed systems
Safety and security in distributed systemsSafety and security in distributed systems
Safety and security in distributed systems
 
Safety and security in distributed systems
Safety and security in distributed systems Safety and security in distributed systems
Safety and security in distributed systems
 
Company profile miguns Group
Company profile miguns GroupCompany profile miguns Group
Company profile miguns Group
 

More from MLG College of Learning, Inc

More from MLG College of Learning, Inc (20)

PC111.Lesson2
PC111.Lesson2PC111.Lesson2
PC111.Lesson2
 
PC111.Lesson1
PC111.Lesson1PC111.Lesson1
PC111.Lesson1
 
PC111-lesson1.pptx
PC111-lesson1.pptxPC111-lesson1.pptx
PC111-lesson1.pptx
 
PC LEESOON 6.pptx
PC LEESOON 6.pptxPC LEESOON 6.pptx
PC LEESOON 6.pptx
 
PC 106 PPT-09.pptx
PC 106 PPT-09.pptxPC 106 PPT-09.pptx
PC 106 PPT-09.pptx
 
PC 106 PPT-07
PC 106 PPT-07PC 106 PPT-07
PC 106 PPT-07
 
PC 106 PPT-01
PC 106 PPT-01PC 106 PPT-01
PC 106 PPT-01
 
PC 106 PPT-06
PC 106 PPT-06PC 106 PPT-06
PC 106 PPT-06
 
PC 106 PPT-05
PC 106 PPT-05PC 106 PPT-05
PC 106 PPT-05
 
PC 106 Slide 04
PC 106 Slide 04PC 106 Slide 04
PC 106 Slide 04
 
PC 106 Slide no.02
PC 106 Slide no.02PC 106 Slide no.02
PC 106 Slide no.02
 
pc-106-slide-3
pc-106-slide-3pc-106-slide-3
pc-106-slide-3
 
PC 106 Slide 2
PC 106 Slide 2PC 106 Slide 2
PC 106 Slide 2
 
PC 106 Slide 1.pptx
PC 106 Slide 1.pptxPC 106 Slide 1.pptx
PC 106 Slide 1.pptx
 
Db2 characteristics of db ms
Db2 characteristics of db msDb2 characteristics of db ms
Db2 characteristics of db ms
 
Db1 introduction
Db1 introductionDb1 introduction
Db1 introduction
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 
Lesson 3.1
Lesson 3.1Lesson 3.1
Lesson 3.1
 
Lesson 1.6
Lesson 1.6Lesson 1.6
Lesson 1.6
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 

Recently uploaded

Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
AnaAcapella
 
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonQUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
httgc7rh9c
 

Recently uploaded (20)

Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsTatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf arts
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
Play hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of PlayPlay hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of Play
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & Systems
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
What is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptxWhat is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptx
 
Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
AIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.pptAIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.ppt
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonQUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
 
PANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptxPANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Economic Importance Of Fungi In Food Additives
Economic Importance Of Fungi In Food AdditivesEconomic Importance Of Fungi In Food Additives
Economic Importance Of Fungi In Food Additives
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 

Lesson 2

  • 1. Principles of Information Security, Fifth Edition Chapter 9 Physical Security Lesson 2 – File Detection and Response
  • 2. Learning Objectives • Upon completion of this material, you should be able to: – Discuss the relationship between information security and physical security – Describe key physical security considerations, including fire control and surveillance systems – Identify critical physical environment considerations for computing facilities, including uninterruptible power supplies Principles of Information Security, Fifth Edition 2
  • 3. Fire Detection and Response • Fire suppression systems: devices installed and maintained to detect and respond to a fire, potential fire, or combustion danger • Flame point: temperature of ignition • Deny an environment of temperature, fuel, or oxygen – Water and water mist systems – Carbon dioxide systems – Soda acid systems – Gas-based systems Principles of Information Security, Fifth Edition 3
  • 4. Fire Detection and Response (cont’d) • Fire detection – Fire detection systems fall into two general categories: manual and automatic – To prevent an attacker slipping into offices during an evacuation, programs often designate a person from each office area to serve as a floor monitor. – There are three basic types of fire detection systems: thermal detection, smoke detection, flame detection Principles of Information Security, Fifth Edition 4
  • 5. Fire Detection and Response (cont’d) • Fire suppression – Systems can consist of portable, manual, or automatic apparatus. – Portable extinguishers are rated by the type of fire: Class A, Class B, Class C, Class D, Class K. – Installed systems apply suppressive agents, usually either sprinkler or gaseous systems. Principles of Information Security, Fifth Edition 5
  • 6. Principles of Information Security, Fifth Edition 6
  • 7. Fire Detection and Response (cont’d) • Gaseous emission systems – Until recently, two types of systems: carbon dioxide and Halon – Carbon dioxide removes fire’s oxygen supply. – Halon is clean but has been classified as an ozone- depleting substance; new installations are prohibited. – Alternative clean agents presented in Table 9-1 (found on pages 484-485 in the text) are reported to be less effective than Halon. Principles of Information Security, Fifth Edition 7
  • 8. Principles of Information Security, Fifth Edition 8
  • 9. Failure of Supporting Utilities and Structural Collapse • Supporting utilities (heating, ventilation, and air conditioning; power; water) have significant impact on continued safe operation of a facility. • Each utility must be properly managed to prevent potential damage to information and information systems. Principles of Information Security, Fifth Edition 9
  • 10. Heating, Ventilation, and Air Conditioning • Areas within heating, ventilation, and air conditioning (HVAC) systems that can cause damage to information systems include: – Temperature – Filtration – Humidity – Static electricity Principles of Information Security, Fifth Edition 10
  • 11. Principles of Information Security, Fifth Edition 11
  • 12. Heating, Ventilation, and Air Conditioning (cont’d) • Ventilation shafts – While ductwork is small in residential buildings, in large commercial buildings it can be large enough for an individual to climb through. – If ducts are large, security can install wire mesh grids at various points to compartmentalize the runs. Principles of Information Security, Fifth Edition 12
  • 13. Heating, Ventilation, and Air Conditioning (cont’d) • Power management and conditioning – Power systems used by information-processing equipment must be properly installed and correctly grounded. – Noise that interferes with the normal 60 Hertz cycle can result in inaccurate time clocks or unreliable internal clocks inside CPU. Principles of Information Security, Fifth Edition 13
  • 14. Heating, Ventilation, and Air Conditioning (cont’d) • Grounding and amperage – Grounding ensures that returning flow of current is properly discharged to ground – GFCI: capable of quickly identifying and interrupting a ground fault – Overloading a circuit can create a load exceeding electrical cable’s rating, increasing the risk of overheating and fire. Principles of Information Security, Fifth Edition 14
  • 15. Heating, Ventilation, and Air Conditioning (cont’d) • Uninterruptible power supply (UPS) – In case of power outage, UPS is the backup power source for major computing systems. – Basic UPS configurations: • Standby • Line-interactive • Standby online hybrid • Standby ferroresonant • Double conversion online • Data conversion online Principles of Information Security, Fifth Edition 15
  • 16. Principles of Information Security, Fifth Edition 16
  • 17. Heating, Ventilation, and Air Conditioning (cont’d) • Emergency shutoff – Important aspect of power management is the ability to stop power immediately if the current represents a risk to human or machine safety. – Most computer rooms and wiring closets are equipped with an emergency power shutoff. Principles of Information Security, Fifth Edition 17
  • 18. Water Problems • Lack of water poses problem to systems, including fire suppression and air-conditioning systems. • Surplus of water, or water pressure, poses a real threat (flooding, leaks). • Very important to integrate water detection systems into alarm systems that regulate overall facility operations Principles of Information Security, Fifth Edition 18
  • 19. Structural Collapse • Unavoidable environmental factors/forces can cause failures in structures that house an organization. • Structures are designed and constructed with specific load limits; overloading these limits results in structural failure and potential injury or loss of life. • Periodic inspections by qualified civil engineers assist in identifying potentially dangerous structural conditions. Principles of Information Security, Fifth Edition 19
  • 20. Maintenance of Facility Systems • Physical security must be constantly documented, evaluated, and tested. • Documentation of facility’s configuration, operation, and function should be integrated into disaster recovery plans and standard operating procedures. • Testing helps improve the facility’s physical security and identify weak points. Principles of Information Security, Fifth Edition 20
  • 21. Interception of Data • Three methods of data interception: – Direct observation – Interception of data transmission – Electromagnetic interception • U.S. government developed TEMPEST program to reduce the risk of electromagnetic radiation (EMR) monitoring. Principles of Information Security, Fifth Edition 21
  • 22. Securing Mobile and Portable Systems • Mobile computing requires more security than typical computing infrastructures on the organization’s premises. • Many mobile computing systems – Have corporate information stored within them – Some are configured to facilitate user’s access into organization’s secure computing facilities. Principles of Information Security, Fifth Edition 22
  • 23. Securing Mobile and Portable Systems (cont’d) • Controls support security and retrieval of lost or stolen laptops – CompuTrace software, stored on laptop; reports to a central monitoring center – Burglar alarms are made up of a PC card that contains a motion detector. Principles of Information Security, Fifth Edition 23
  • 24. Principles of Information Security, Fifth Edition 24
  • 25. Remote Computing Security • Remote site computing involves variety of computing sites outside the organization’s main facility. • Telecommuting: off-site computing using Internet, dial-up, or leased point-to-point links • Employees may need to access networks on business trips; telecommuters need access from home systems or satellite offices. • Telecommuter’s computers must be made more secure than organization’s systems. Principles of Information Security, Fifth Edition 25
  • 26. Special Considerations for Physical Security Threats • Develop physical security in-house or outsource? – Many qualified and professional agencies – Benefit of outsourcing includes gaining experience and knowledge of agencies. – Downside includes high expense, loss of control over individual components, and level of trust that must be placed in another company. • Social engineering: use of people skills to obtain information from employees that should not be released Principles of Information Security, Fifth Edition 26
  • 27. Inventory Management • Computing equipment should be inventoried and inspected on a regular basis. • Classified information should also be inventoried and managed. • Physical security of computing equipment, data storage media, and classified documents varies for each organization. Principles of Information Security, Fifth Edition 27
  • 28. Summary • Threats to information security that are unique to physical security • Key physical security considerations in a facility site • Physical security monitoring components • Essential elements of access control • Fire safety, fire detection, and response • Importance of supporting utilities, especially use of uninterruptible power supplies • Countermeasures to physical theft of computing devices Principles of Information Security, Fifth Edition 28