SlideShare a Scribd company logo

Chapter 7: Physical & Environmental Security

Download as PPTX, PDF
Nada G.Youssef
Nada G.Youssef

Security Program and Policies, Principles and Practices

Education
1 of 15
Security Program and Policies Principles and Practices by Sari Stern Greene Chapter 7: Physical & Environmental Security
Copyright 2014 Pearson Education, Inc. 2 Objectives ❑ Define the concept of physical security and how it relates to information security ❑ Evaluate the security requirements of facilities, offices, and equipment ❑ Understand the environmental risks posed to physical structures, areas within those structures, and equipment ❑ Enumerate the vulnerabilities related to reusing and disposing of equipment ❑ Recognize the risk posed by the loss or theft of mobile devices and media ❑ Develop policies designed to ensure the physical environmental security of information, information systems, and information processing and storage facilities
Understanding the Secure Facility Layered Defense Model ■ If an intruder bypasses one layer of controls, the next layer should provide additional defense and detection capabilities ■ Both physical and psychological ❑ The appearance of security is deterrent Copyright 2014 Pearson Education, Inc. 3
Copyright 2014 Pearson Education, Inc. 4 How to Secure the Site ■ All implemented controls to physically protect information are dictated first by a thorough analysis of the company’s risks and vulnerabilities, along with the value of the information that requires protection ■ From what are we protecting information assets? ❑ Theft ❑ Malicious destruction ❑ Accidental damage ❑ Damage that results from natural disasters
How to Secure the Site cont. ■ The design of a secure site starts with the location ■ Location-based threats ❑ Political stability ❑ Susceptibility to terrorism ❑ Crime rate in the area ❑ Roadways and flight paths ❑ Utility stability ❑ Vulnerability to natural disasters ■ Critical information processing facilities should be inconspicuous and unremarkable Copyright 2014 Pearson Education, Inc. 5
Copyright 2014 Pearson Education, Inc. 6 How to Secure the Site Cont. ❑ The physical perimeter can be protected using: ■ Berms ■ Fences ■ Gates ■ Bollards ■ Man traps ■ Illuminated entrances, exits, pathways, and parking areas ■ Manned reception desk ■ Cameras, closed-circuit TV, alarms, motion sensors ■ Security guards
Copyright 2014 Pearson Education, Inc. 7 How Is Physical Access Controlled? ❑ Physical entry controls: ■ Access control rules should be designed for: ❑ Employees ❑ Third-party contractors/partners/vendors ❑ Visitors ■ Visitors should be required to wear identification that can be evaluated from a distance, such as a badge ■ Identification should start as soon as a person attempts to gain entry
Copyright 2014 Pearson Education, Inc. 8 How Is Physical Access Controlled? Cont. ❑ Physical entry controls: ■ Authorized users should be authorized prior to gaining access to protected area ■ Visitors should be identified, labeled, and authorized prior to gaining access to protected area ■ An audit trail should be created
Copyright 2014 Pearson Education, Inc. 9 Securing Offices, Rooms, and Facilities ❑ The outer physical perimeter is not the only focus of the physical security policy ❑ Workspaces should be classified based on the level of protection required ❑ Some internal rooms and offices must be protected differently ❑ Parts of individual rooms may also require different levels of protection, such as cabinets and closets
Copyright 2014 Pearson Education, Inc. 10 Working in Secure Areas ❑ Goal: Define behavioral and physical controls for the most sensitive workspaces within information processing facilities ❑ Policy controls are in addition to – and not in place of – existing physical controls, unless they supersede them ❑ Policy should include devices not allowed on premises, such as cameras, smartphones, tablets, and USB drives ❑ Sensitive documents should be secured from viewing by unauthorized personnel while not in use ❑ Copiers, scanners, and fax machines should be located in nonpublic areas and require use codes
Copyright 2014 Pearson Education, Inc. 11 Protecting Equipment ❑ Both company and employee-owned equipment should be protected ❑ Hardware assets must be protected from: ■ Theft ■ Power spikes ■ Power loss ❑ One way to reduce power consumption is to purchase Energy Star certified devices
Copyright 2014 Pearson Education, Inc. 12 Protecting Equipment Cont. ❑ Potential power problems include: ■ Brownout: Period of low voltage ■ Power surge: Increase in voltage ■ Blackout: Interruption or loss of power ❑ Power equipment that can be used: ■ Uninterruptible Power Supply ■ Back-up power supplies ■ Power conditioners ■ Voltage regulators ■ Isolation transformers ■ Line filters ■ Surge protection equipment
How Dangerous Is Fire? ■ Three elements to fire protection ❑ Fire prevention controls ■ Active ■ Passive ❑ Fire detection ❑ Fire containment and suppression ■ Involves responding to the fire ■ Specific to file classification ❑ Class A ❑ Class B ❑ Class C ❑ Class D Copyright 2014 Pearson Education, Inc. 13
Copyright 2014 Pearson Education, Inc. 14 What About Disposal? ❑ Formatting a hard drive or deleting files does not mean that the data located on that drive cannot be retrieved ❑ All computers that are discarded must be sanitized prior to being disposed of ❑ Policy should be crafted to disallow access to information through improper disposal or reuse of equipment ■ Disk wiping ■ Degaussing ■ Destruction
Copyright 2014 Pearson Education, Inc. 15 Summary ■ The physical perimeter of the company must be secured. ■ Some internal rooms and offices must be identified as needing more security controls than others. These controls must be deployed. ■ Environment threats such as power loss must be taken into account and the proper hardware must be deployed. ■ A clean screen and desk policy is important to protect the confidentiality of company-owned data.

Recommended

It Policies
It PoliciesIt Policies
It PoliciesJames Sutter
 
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental ControlsPACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental ControlsPace IT at Edmonds Community College
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
Network Security
Network SecurityNetwork Security
Network Securityforpalmigho
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 

Recommended

It Policies
It PoliciesIt Policies
It PoliciesJames Sutter
 
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental ControlsPACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental ControlsPace IT at Edmonds Community College
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
Network Security
Network SecurityNetwork Security
Network Securityforpalmigho
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Dr. Ahmed Al Zaidy
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 PresentationAmy McMullin
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Network management and security
Network management and securityNetwork management and security
Network management and securityAnkit Bhandari
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
Chapter 10: Information Systems Acquisition, Development, and Maintenance
Chapter 10: Information Systems Acquisition, Development, and Maintenance Chapter 10: Information Systems Acquisition, Development, and Maintenance
Chapter 10: Information Systems Acquisition, Development, and MaintenanceNada G.Youssef
 
The information security audit
The information security auditThe information security audit
The information security auditDhani Ahmad
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Chapter 5: Asset Management
Chapter 5: Asset ManagementChapter 5: Asset Management
Chapter 5: Asset ManagementNada G.Youssef
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3MLG College of Learning, Inc
 
Chapter 13: Regulatory Compliance for Financial Institutions
Chapter 13: Regulatory Compliance for Financial InstitutionsChapter 13: Regulatory Compliance for Financial Institutions
Chapter 13: Regulatory Compliance for Financial InstitutionsNada G.Youssef
 
Chapter 14: Regulatory Compliance for the Healthcare Sector
Chapter 14: Regulatory Compliance for the Healthcare SectorChapter 14: Regulatory Compliance for the Healthcare Sector
Chapter 14: Regulatory Compliance for the Healthcare SectorNada G.Youssef
 

More Related Content

What's hot

Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Dr. Ahmed Al Zaidy
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 PresentationAmy McMullin
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Network management and security
Network management and securityNetwork management and security
Network management and securityAnkit Bhandari
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
Chapter 10: Information Systems Acquisition, Development, and Maintenance
Chapter 10: Information Systems Acquisition, Development, and Maintenance Chapter 10: Information Systems Acquisition, Development, and Maintenance
Chapter 10: Information Systems Acquisition, Development, and MaintenanceNada G.Youssef
 
The information security audit
The information security auditThe information security audit
The information security auditDhani Ahmad
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Chapter 5: Asset Management
Chapter 5: Asset ManagementChapter 5: Asset Management
Chapter 5: Asset ManagementNada G.Youssef
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3MLG College of Learning, Inc
 

What's hot (20)

Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
 
Cyber security
Cyber securityCyber security
Cyber security
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
Network management and security
Network management and securityNetwork management and security
Network management and security
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
8 Access Control
8 Access Control8 Access Control
8 Access Control
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
 
Chapter 10: Information Systems Acquisition, Development, and Maintenance
Chapter 10: Information Systems Acquisition, Development, and Maintenance Chapter 10: Information Systems Acquisition, Development, and Maintenance
Chapter 10: Information Systems Acquisition, Development, and Maintenance
 
The information security audit
The information security auditThe information security audit
The information security audit
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Chapter 5: Asset Management
Chapter 5: Asset ManagementChapter 5: Asset Management
Chapter 5: Asset Management
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3
 

Viewers also liked

Chapter 13: Regulatory Compliance for Financial Institutions
Chapter 13: Regulatory Compliance for Financial InstitutionsChapter 13: Regulatory Compliance for Financial Institutions
Chapter 13: Regulatory Compliance for Financial InstitutionsNada G.Youssef
 
Chapter 14: Regulatory Compliance for the Healthcare Sector
Chapter 14: Regulatory Compliance for the Healthcare SectorChapter 14: Regulatory Compliance for the Healthcare Sector
Chapter 14: Regulatory Compliance for the Healthcare SectorNada G.Youssef
 
Chapter 15: PCI Compliance for Merchants
Chapter 15: PCI Compliance for Merchants Chapter 15: PCI Compliance for Merchants
Chapter 15: PCI Compliance for Merchants Nada G.Youssef
 
Chapter 8: Communications and Operations Security
Chapter 8: Communications and Operations SecurityChapter 8: Communications and Operations Security
Chapter 8: Communications and Operations SecurityNada G.Youssef
 
Chapter 6: Human Resources Security
Chapter 6: Human Resources SecurityChapter 6: Human Resources Security
Chapter 6: Human Resources SecurityNada G.Youssef
 
Chapter 1: Understanding Policy
Chapter 1: Understanding Policy Chapter 1: Understanding Policy
Chapter 1: Understanding Policy Nada G.Youssef
 
Chapter 2: Policy Elements and style
Chapter 2: Policy Elements and style Chapter 2: Policy Elements and style
Chapter 2: Policy Elements and style Nada G.Youssef
 
Chapter 12: Business Continuity Management
Chapter 12: Business Continuity ManagementChapter 12: Business Continuity Management
Chapter 12: Business Continuity ManagementNada G.Youssef
 
Chapter 9: Access Control Management
Chapter 9: Access Control ManagementChapter 9: Access Control Management
Chapter 9: Access Control ManagementNada G.Youssef
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementNada G.Youssef
 
Chapter 4: Governance and Risk Management
Chapter 4: Governance and Risk ManagementChapter 4: Governance and Risk Management
Chapter 4: Governance and Risk ManagementNada G.Youssef
 

Viewers also liked (20)

Chapter 13: Regulatory Compliance for Financial Institutions
Chapter 13: Regulatory Compliance for Financial InstitutionsChapter 13: Regulatory Compliance for Financial Institutions
Chapter 13: Regulatory Compliance for Financial Institutions
 
Chapter 14: Regulatory Compliance for the Healthcare Sector
Chapter 14: Regulatory Compliance for the Healthcare SectorChapter 14: Regulatory Compliance for the Healthcare Sector
Chapter 14: Regulatory Compliance for the Healthcare Sector
 
Chapter 15: PCI Compliance for Merchants
Chapter 15: PCI Compliance for Merchants Chapter 15: PCI Compliance for Merchants
Chapter 15: PCI Compliance for Merchants
 
Chapter 8: Communications and Operations Security
Chapter 8: Communications and Operations SecurityChapter 8: Communications and Operations Security
Chapter 8: Communications and Operations Security
 
Chapter 6: Human Resources Security
Chapter 6: Human Resources SecurityChapter 6: Human Resources Security
Chapter 6: Human Resources Security
 
Chapter 1: Understanding Policy
Chapter 1: Understanding Policy Chapter 1: Understanding Policy
Chapter 1: Understanding Policy
 
Chapter 2: Policy Elements and style
Chapter 2: Policy Elements and style Chapter 2: Policy Elements and style
Chapter 2: Policy Elements and style
 
Chapter 12: Business Continuity Management
Chapter 12: Business Continuity ManagementChapter 12: Business Continuity Management
Chapter 12: Business Continuity Management
 
Chapter 9: Access Control Management
Chapter 9: Access Control ManagementChapter 9: Access Control Management
Chapter 9: Access Control Management
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident Management
 
Chapter 4: Governance and Risk Management
Chapter 4: Governance and Risk ManagementChapter 4: Governance and Risk Management
Chapter 4: Governance and Risk Management
 
83341 ch14 jacobsen
83341 ch14 jacobsen83341 ch14 jacobsen
83341 ch14 jacobsen
 
83341 ch09 jacobsen
83341 ch09 jacobsen83341 ch09 jacobsen
83341 ch09 jacobsen
 
83341 ch06 jacobsen
83341 ch06 jacobsen83341 ch06 jacobsen
83341 ch06 jacobsen
 
83341 ch13 jacobsen
83341 ch13 jacobsen83341 ch13 jacobsen
83341 ch13 jacobsen
 
83341 ch11 jacobsen
83341 ch11 jacobsen83341 ch11 jacobsen
83341 ch11 jacobsen
 
83341 ch10 jacobsen
83341 ch10 jacobsen83341 ch10 jacobsen
83341 ch10 jacobsen
 
83341 ch07 jacobsen
83341 ch07 jacobsen83341 ch07 jacobsen
83341 ch07 jacobsen
 
83341 ch08 jacobsen
83341 ch08 jacobsen83341 ch08 jacobsen
83341 ch08 jacobsen
 
83341 ch12 jacobsen
83341 ch12 jacobsen83341 ch12 jacobsen
83341 ch12 jacobsen
 

Similar to Chapter 7: Physical & Environmental Security

Information Security Incident Management.pdf
Information Security Incident Management.pdfInformation Security Incident Management.pdf
Information Security Incident Management.pdfGoldenMIT
 
Security Program and PoliciesPrinciples and Practicesby Sari.docx
Security Program and PoliciesPrinciples and Practicesby Sari.docxSecurity Program and PoliciesPrinciples and Practicesby Sari.docx
Security Program and PoliciesPrinciples and Practicesby Sari.docxbagotjesusa
 
Paper review: Information Security; Physical and Environmental Security Proce...
Paper review: Information Security; Physical and Environmental Security Proce...Paper review: Information Security; Physical and Environmental Security Proce...
Paper review: Information Security; Physical and Environmental Security Proce...Israa_alnami
 
Secure physical infrastructure
Secure physical infrastructureSecure physical infrastructure
Secure physical infrastructurePallavi Agarwal
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4MLG College of Learning, Inc
 
Jupiter physical security ppt 2016 new
Jupiter physical security ppt 2016 newJupiter physical security ppt 2016 new
Jupiter physical security ppt 2016 newMaxpromotion
 
Jupiter physical security ppt 2016 new
Jupiter physical security ppt 2016 newJupiter physical security ppt 2016 new
Jupiter physical security ppt 2016 newMaxpromotion
 
Jupiter physical security ppt 2016 new
Jupiter physical security ppt 2016 newJupiter physical security ppt 2016 new
Jupiter physical security ppt 2016 newMaxpromotion
 
Jupiter physical security ppt 2016 new
Jupiter physical security ppt 2016 newJupiter physical security ppt 2016 new
Jupiter physical security ppt 2016 newMaxpromotion
 
Importance of workplace Security.pptx
Importance of workplace Security.pptxImportance of workplace Security.pptx
Importance of workplace Security.pptxSecurity Guards
 
What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...
What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...
What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...Accellis Technology Group
 
Security Policy
Security PolicySecurity Policy
Security PolicyHuda Seyam
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
 
STRAND 1 FOUNDATION OF PRETECHNICALSTUDIE.pptx
STRAND 1 FOUNDATION OF PRETECHNICALSTUDIE.pptxSTRAND 1 FOUNDATION OF PRETECHNICALSTUDIE.pptx
STRAND 1 FOUNDATION OF PRETECHNICALSTUDIE.pptxkimdan468
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Asad Zaman
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointbradleyl2
 
My_notes_part1.pdf
My_notes_part1.pdfMy_notes_part1.pdf
My_notes_part1.pdfPhilLopez4
 
Panic and run or plan and respond
Panic and run or plan and respondPanic and run or plan and respond
Panic and run or plan and respondMatt Stein
 

Similar to Chapter 7: Physical & Environmental Security (20)

Information Security Incident Management.pdf
Information Security Incident Management.pdfInformation Security Incident Management.pdf
Information Security Incident Management.pdf
 
Security Program and PoliciesPrinciples and Practicesby Sari.docx
Security Program and PoliciesPrinciples and Practicesby Sari.docxSecurity Program and PoliciesPrinciples and Practicesby Sari.docx
Security Program and PoliciesPrinciples and Practicesby Sari.docx
 
Paper review: Information Security; Physical and Environmental Security Proce...
Paper review: Information Security; Physical and Environmental Security Proce...Paper review: Information Security; Physical and Environmental Security Proce...
Paper review: Information Security; Physical and Environmental Security Proce...
 
Secure physical infrastructure
Secure physical infrastructureSecure physical infrastructure
Secure physical infrastructure
 
Operations Security
Operations SecurityOperations Security
Operations Security
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
 
Jupiter physical security ppt 2016 new
Jupiter physical security ppt 2016 newJupiter physical security ppt 2016 new
Jupiter physical security ppt 2016 new
 
Jupiter physical security ppt 2016 new
Jupiter physical security ppt 2016 newJupiter physical security ppt 2016 new
Jupiter physical security ppt 2016 new
 
Jupiter physical security ppt 2016 new
Jupiter physical security ppt 2016 newJupiter physical security ppt 2016 new
Jupiter physical security ppt 2016 new
 
Jupiter physical security ppt 2016 new
Jupiter physical security ppt 2016 newJupiter physical security ppt 2016 new
Jupiter physical security ppt 2016 new
 
Importance of workplace Security.pptx
Importance of workplace Security.pptxImportance of workplace Security.pptx
Importance of workplace Security.pptx
 
What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...
What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...
What to Do After a Cyberattack: A Cybersecurity Incident Response Plan presen...
 
Security Policy
Security PolicySecurity Policy
Security Policy
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
 
STRAND 1 FOUNDATION OF PRETECHNICALSTUDIE.pptx
STRAND 1 FOUNDATION OF PRETECHNICALSTUDIE.pptxSTRAND 1 FOUNDATION OF PRETECHNICALSTUDIE.pptx
STRAND 1 FOUNDATION OF PRETECHNICALSTUDIE.pptx
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power point
 
My_notes_part1.pdf
My_notes_part1.pdfMy_notes_part1.pdf
My_notes_part1.pdf
 
Panic and run or plan and respond
Panic and run or plan and respondPanic and run or plan and respond
Panic and run or plan and respond
 
css 1.pptx
css 1.pptxcss 1.pptx
css 1.pptx
 

More from Nada G.Youssef

Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security FrameworkNada G.Youssef
 
Preparatory Year of Saudi Electronic University
Preparatory Year of Saudi Electronic University Preparatory Year of Saudi Electronic University
Preparatory Year of Saudi Electronic University Nada G.Youssef
 

More from Nada G.Youssef (17)

مجلة 1
مجلة 1مجلة 1
مجلة 1
 
Chapter Tewlve
Chapter TewlveChapter Tewlve
Chapter Tewlve
 
Chapter Eleven
Chapter ElevenChapter Eleven
Chapter Eleven
 
Chapter Ten
Chapter TenChapter Ten
Chapter Ten
 
Chapter Nine
Chapter NineChapter Nine
Chapter Nine
 
Chapter Eight
Chapter Eight Chapter Eight
Chapter Eight
 
Chapter Seven
Chapter SevenChapter Seven
Chapter Seven
 
Chapter Six
Chapter SixChapter Six
Chapter Six
 
Chapter Five
Chapter FiveChapter Five
Chapter Five
 
Chapter Four
Chapter FourChapter Four
Chapter Four
 
Chapter Three
Chapter ThreeChapter Three
Chapter Three
 
Chapter Two
Chapter TwoChapter Two
Chapter Two
 
Chapter one
Chapter oneChapter one
Chapter one
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
Preparatory Year of Saudi Electronic University
Preparatory Year of Saudi Electronic University Preparatory Year of Saudi Electronic University
Preparatory Year of Saudi Electronic University
 
Chapter 12
Chapter 12Chapter 12
Chapter 12
 
Chapter 11
Chapter 11Chapter 11
Chapter 11
 

Recently uploaded

How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 

Recently uploaded (20)

How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 

Chapter 7: Physical & Environmental Security

  • 1. Security Program and Policies Principles and Practices by Sari Stern Greene Chapter 7: Physical & Environmental Security
  • 2. Copyright 2014 Pearson Education, Inc. 2 Objectives ❑ Define the concept of physical security and how it relates to information security ❑ Evaluate the security requirements of facilities, offices, and equipment ❑ Understand the environmental risks posed to physical structures, areas within those structures, and equipment ❑ Enumerate the vulnerabilities related to reusing and disposing of equipment ❑ Recognize the risk posed by the loss or theft of mobile devices and media ❑ Develop policies designed to ensure the physical environmental security of information, information systems, and information processing and storage facilities
  • 3. Understanding the Secure Facility Layered Defense Model ■ If an intruder bypasses one layer of controls, the next layer should provide additional defense and detection capabilities ■ Both physical and psychological ❑ The appearance of security is deterrent Copyright 2014 Pearson Education, Inc. 3
  • 4. Copyright 2014 Pearson Education, Inc. 4 How to Secure the Site ■ All implemented controls to physically protect information are dictated first by a thorough analysis of the company’s risks and vulnerabilities, along with the value of the information that requires protection ■ From what are we protecting information assets? ❑ Theft ❑ Malicious destruction ❑ Accidental damage ❑ Damage that results from natural disasters
  • 5. How to Secure the Site cont. ■ The design of a secure site starts with the location ■ Location-based threats ❑ Political stability ❑ Susceptibility to terrorism ❑ Crime rate in the area ❑ Roadways and flight paths ❑ Utility stability ❑ Vulnerability to natural disasters ■ Critical information processing facilities should be inconspicuous and unremarkable Copyright 2014 Pearson Education, Inc. 5
  • 6. Copyright 2014 Pearson Education, Inc. 6 How to Secure the Site Cont. ❑ The physical perimeter can be protected using: ■ Berms ■ Fences ■ Gates ■ Bollards ■ Man traps ■ Illuminated entrances, exits, pathways, and parking areas ■ Manned reception desk ■ Cameras, closed-circuit TV, alarms, motion sensors ■ Security guards
  • 7. Copyright 2014 Pearson Education, Inc. 7 How Is Physical Access Controlled? ❑ Physical entry controls: ■ Access control rules should be designed for: ❑ Employees ❑ Third-party contractors/partners/vendors ❑ Visitors ■ Visitors should be required to wear identification that can be evaluated from a distance, such as a badge ■ Identification should start as soon as a person attempts to gain entry
  • 8. Copyright 2014 Pearson Education, Inc. 8 How Is Physical Access Controlled? Cont. ❑ Physical entry controls: ■ Authorized users should be authorized prior to gaining access to protected area ■ Visitors should be identified, labeled, and authorized prior to gaining access to protected area ■ An audit trail should be created
  • 9. Copyright 2014 Pearson Education, Inc. 9 Securing Offices, Rooms, and Facilities ❑ The outer physical perimeter is not the only focus of the physical security policy ❑ Workspaces should be classified based on the level of protection required ❑ Some internal rooms and offices must be protected differently ❑ Parts of individual rooms may also require different levels of protection, such as cabinets and closets
  • 10. Copyright 2014 Pearson Education, Inc. 10 Working in Secure Areas ❑ Goal: Define behavioral and physical controls for the most sensitive workspaces within information processing facilities ❑ Policy controls are in addition to – and not in place of – existing physical controls, unless they supersede them ❑ Policy should include devices not allowed on premises, such as cameras, smartphones, tablets, and USB drives ❑ Sensitive documents should be secured from viewing by unauthorized personnel while not in use ❑ Copiers, scanners, and fax machines should be located in nonpublic areas and require use codes
  • 11. Copyright 2014 Pearson Education, Inc. 11 Protecting Equipment ❑ Both company and employee-owned equipment should be protected ❑ Hardware assets must be protected from: ■ Theft ■ Power spikes ■ Power loss ❑ One way to reduce power consumption is to purchase Energy Star certified devices
  • 12. Copyright 2014 Pearson Education, Inc. 12 Protecting Equipment Cont. ❑ Potential power problems include: ■ Brownout: Period of low voltage ■ Power surge: Increase in voltage ■ Blackout: Interruption or loss of power ❑ Power equipment that can be used: ■ Uninterruptible Power Supply ■ Back-up power supplies ■ Power conditioners ■ Voltage regulators ■ Isolation transformers ■ Line filters ■ Surge protection equipment
  • 13. How Dangerous Is Fire? ■ Three elements to fire protection ❑ Fire prevention controls ■ Active ■ Passive ❑ Fire detection ❑ Fire containment and suppression ■ Involves responding to the fire ■ Specific to file classification ❑ Class A ❑ Class B ❑ Class C ❑ Class D Copyright 2014 Pearson Education, Inc. 13
  • 14. Copyright 2014 Pearson Education, Inc. 14 What About Disposal? ❑ Formatting a hard drive or deleting files does not mean that the data located on that drive cannot be retrieved ❑ All computers that are discarded must be sanitized prior to being disposed of ❑ Policy should be crafted to disallow access to information through improper disposal or reuse of equipment ■ Disk wiping ■ Degaussing ■ Destruction
  • 15. Copyright 2014 Pearson Education, Inc. 15 Summary ■ The physical perimeter of the company must be secured. ■ Some internal rooms and offices must be identified as needing more security controls than others. These controls must be deployed. ■ Environment threats such as power loss must be taken into account and the proper hardware must be deployed. ■ A clean screen and desk policy is important to protect the confidentiality of company-owned data.