SlideShare a Scribd company logo

Physical Security Fundamentals & Best Practices Webinar

S
shamburg

This document discusses the importance of physical security for critical infrastructure. It outlines objectives of learning why physical security is key and roles in implementing related policies. It describes threats like violence, vandalism and terrorism that physical security aims to deter, detect, assess, delay, communicate, respond to and audit. The document presents scenarios involving piggybacking, confronting volatile people, suspicious packages, unescorted visitors, discarded sensitive materials and diagrams/photos outside security perimeters. It stresses employee security awareness and following best practices.

1 of 22
Download to read offline
www.encari.com CIP-004, R1 Security y Awareness Webinar Series Series Physical Security Fundamentals & Best Practices Steven Hamburg Mark Simon
www.encari.com Objectives Obj ti • Learn why physical security is a key component of critical infrastructure protection. • Learn about your role in implementing physical security-related policies and controls to mitigate risks of unauthorized access to li i d l ii i k f h i d critical equipment, systems, material, and information at or pertaining to critical facilities. 2
www.encari.com Role f Physical Security R l of Ph i l S it • Violence, vandalism, theft, and terrorism are prevalent in the world today. 3
www.encari.com Role f Physical Security R l of Ph i l S it • A Bonneville Power Administration crew working near the Mountain Avenue Substation discovered a suspicious device that law enforcement officials later determined was a pipe bomb. Law enforcement officials safely dismantled the device. While the bomb was near the substation, it is not clear that the BPA facility was the target. Source: BPA News July 22, 2009 4
www.encari.com Role f Physical Security R l of Ph i l S it 5
www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Deter • Don’t be too helpful. Some places are not meant to be easy to find. 6
www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Detect • Identify and report any suspicious acts on or around the premises without putting yourself in harm’s way. 7
www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Assess • An effective assessment system provides two types of information associated with detection: (1) information regarding whether the alarm is a valid alarm or a nuisance alarm, and (2) details regarding the cause of the alarm; i.e., what, who, where, and how many. 8
www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Delay • Physical barriers are designed to delay an intruder. 9
www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Communicate • Some organizations establish code words to alert co-workers and supervisors that immediate help is needed. Employees should know what steps to perform if a threatening or violent incident occurs. 10
www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Respond • Leave it to the professionals to respond to a potential physical security breach. • The primary concern in any security incident is the protection of f human life. If force is threatened, system operators / control center / all personnel should follow the intruder's instructions to the letter. 11
www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Intelligence • Employees benefit from a comprehensive security awareness program and an understanding of the threats involved. 12
www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Audit • Checking physical security system controls: I have my badge The door is secure The alarm is set I know the policies and procedures t f ll k th li i d d to follow 13
www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #1 • Piggybacking A social engineer appears as a legitimate employee and walks into a secure building by following behind someone who has authorized access. 14
www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #2 • Observing a supervisor or co-worker being confronted by a person who appears volatile. 15
www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #3 • Finding a suspicious package or device. 16
www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #4 • You observe a visitor, who should be escorted within a physical security perimeter, wandering within the physical security perimeter without his or her escort. 17
www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #5 • It’s the end of the day and you rush to leave work to pick-up the kids, and in your haste you forget to secure confidential documents clearly visible on your desk. 18
www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #6 • You discard printed materials and a CD containing the most sensitive type of information, as defined in your information protection program. 19
www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #7 • You observe a person outside of a security perimeter drawing a diagram and taking photographs. 20
www.encari.com Conclusion C l i 21
www.encari.com Q&A • Contact Information Steven Hamburg – Co-Founder, Encari g , Mark Simon – Sr. NERC CIP Compliance Specialist • Visit our blog at Control Engineering magazine’s website: www controleng com www.controleng.com 22

Recommended

Skyscraper security and life safety
Skyscraper security and life safetySkyscraper security and life safety
Skyscraper security and life safetyEnterprise Security Risk Management
 
People Committed to Solving our Information Security Language Problem
People Committed to Solving our Information Security Language ProblemPeople Committed to Solving our Information Security Language Problem
People Committed to Solving our Information Security Language ProblemSecurityStudio
 
ISSA-OC and Webster University Cybersecurity Seminar Series Presentation
ISSA-OC and Webster University Cybersecurity Seminar Series PresentationISSA-OC and Webster University Cybersecurity Seminar Series Presentation
ISSA-OC and Webster University Cybersecurity Seminar Series PresentationSecurityStudio
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Prevention and response shared copy
Prevention and response shared copyPrevention and response shared copy
Prevention and response shared copyBrandon Williams
 
Antiterrorism Point of Instruction
Antiterrorism Point of InstructionAntiterrorism Point of Instruction
Antiterrorism Point of InstructionCaleb Lin, MBA
 
Facebook Friend Or Foe
Facebook Friend Or FoeFacebook Friend Or Foe
Facebook Friend Or Foeshamburg
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesKellep Charles
 

Recommended

Skyscraper security and life safety
Skyscraper security and life safetySkyscraper security and life safety
Skyscraper security and life safetyEnterprise Security Risk Management
 
People Committed to Solving our Information Security Language Problem
People Committed to Solving our Information Security Language ProblemPeople Committed to Solving our Information Security Language Problem
People Committed to Solving our Information Security Language ProblemSecurityStudio
 
ISSA-OC and Webster University Cybersecurity Seminar Series Presentation
ISSA-OC and Webster University Cybersecurity Seminar Series PresentationISSA-OC and Webster University Cybersecurity Seminar Series Presentation
ISSA-OC and Webster University Cybersecurity Seminar Series PresentationSecurityStudio
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Prevention and response shared copy
Prevention and response shared copyPrevention and response shared copy
Prevention and response shared copyBrandon Williams
 
Antiterrorism Point of Instruction
Antiterrorism Point of InstructionAntiterrorism Point of Instruction
Antiterrorism Point of InstructionCaleb Lin, MBA
 
Facebook Friend Or Foe
Facebook Friend Or FoeFacebook Friend Or Foe
Facebook Friend Or Foeshamburg
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesKellep Charles
 
Security For Free
Security For FreeSecurity For Free
Security For Freegwarden
 
Insider Threat Mitigation
Insider Threat Mitigation Insider Threat Mitigation
Insider Threat MitigationRoger Johnston
 
A6704d01
A6704d01A6704d01
A6704d01mudigonda
 
Leveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementLeveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementTripwire
 
Women in Cybersecurity_InfraGard Cybersecurity Symposium_11.17.2015
Women in Cybersecurity_InfraGard Cybersecurity Symposium_11.17.2015Women in Cybersecurity_InfraGard Cybersecurity Symposium_11.17.2015
Women in Cybersecurity_InfraGard Cybersecurity Symposium_11.17.2015Connie Vaughn
 
Preparing for a Security Breach
Preparing for a Security BreachPreparing for a Security Breach
Preparing for a Security BreachAlienVault
 
Harvard.dean
Harvard.deanHarvard.dean
Harvard.deanAndrey Smirnov
 
The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesMajor Hayden
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumOWASP Khartoum
 
Assets Protection Course_I_BR_1109
Assets Protection Course_I_BR_1109Assets Protection Course_I_BR_1109
Assets Protection Course_I_BR_1109Shannon Gregg, MBA
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
lecture 1A
lecture 1Alecture 1A
lecture 1ACMDLMS
 
Lessons learnt from the 2012 cyber security audit of Western Australian State...
Lessons learnt from the 2012 cyber security audit of Western Australian State...Lessons learnt from the 2012 cyber security audit of Western Australian State...
Lessons learnt from the 2012 cyber security audit of Western Australian State...Edith Cowan University
 
Sexy defense
Sexy defenseSexy defense
Sexy defenseIftach Ian Amit
 
Your Data Center's Security Guards
Your Data Center's Security GuardsYour Data Center's Security Guards
Your Data Center's Security GuardsMichael Marotta
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering OWASP Foundation
 
What Does a Security Guard Do?
What Does a Security Guard Do?What Does a Security Guard Do?
What Does a Security Guard Do?NcProtectionGroup
 

More Related Content

Similar to Physical Security Fundamentals & Best Practices Webinar

Security For Free
Security For FreeSecurity For Free
Security For Freegwarden
 
Insider Threat Mitigation
Insider Threat Mitigation Insider Threat Mitigation
Insider Threat MitigationRoger Johnston
 
Leveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementLeveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementTripwire
 
Women in Cybersecurity_InfraGard Cybersecurity Symposium_11.17.2015
Women in Cybersecurity_InfraGard Cybersecurity Symposium_11.17.2015Women in Cybersecurity_InfraGard Cybersecurity Symposium_11.17.2015
Women in Cybersecurity_InfraGard Cybersecurity Symposium_11.17.2015Connie Vaughn
 
Preparing for a Security Breach
Preparing for a Security BreachPreparing for a Security Breach
Preparing for a Security BreachAlienVault
 
The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesMajor Hayden
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumOWASP Khartoum
 
Assets Protection Course_I_BR_1109
Assets Protection Course_I_BR_1109Assets Protection Course_I_BR_1109
Assets Protection Course_I_BR_1109Shannon Gregg, MBA
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
lecture 1A
lecture 1Alecture 1A
lecture 1ACMDLMS
 
Lessons learnt from the 2012 cyber security audit of Western Australian State...
Lessons learnt from the 2012 cyber security audit of Western Australian State...Lessons learnt from the 2012 cyber security audit of Western Australian State...
Lessons learnt from the 2012 cyber security audit of Western Australian State...Edith Cowan University
 
Your Data Center's Security Guards
Your Data Center's Security GuardsYour Data Center's Security Guards
Your Data Center's Security GuardsMichael Marotta
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering OWASP Foundation
 
What Does a Security Guard Do?
What Does a Security Guard Do?What Does a Security Guard Do?
What Does a Security Guard Do?NcProtectionGroup
 

Similar to Physical Security Fundamentals & Best Practices Webinar (20)

Security For Free
Security For FreeSecurity For Free
Security For Free
 
Insider Threat Mitigation
Insider Threat Mitigation Insider Threat Mitigation
Insider Threat Mitigation
 
A6704d01
A6704d01A6704d01
A6704d01
 
Leveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementLeveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log Management
 
Women in Cybersecurity_InfraGard Cybersecurity Symposium_11.17.2015
Women in Cybersecurity_InfraGard Cybersecurity Symposium_11.17.2015Women in Cybersecurity_InfraGard Cybersecurity Symposium_11.17.2015
Women in Cybersecurity_InfraGard Cybersecurity Symposium_11.17.2015
 
Preparing for a Security Breach
Preparing for a Security BreachPreparing for a Security Breach
Preparing for a Security Breach
 
Harvard.dean
Harvard.deanHarvard.dean
Harvard.dean
 
The New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilitiesThe New Normal: Managing the constant stream of new vulnerabilities
The New Normal: Managing the constant stream of new vulnerabilities
 
Computer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP KhartoumComputer forensic 101 - OWASP Khartoum
Computer forensic 101 - OWASP Khartoum
 
Assets Protection Course_I_BR_1109
Assets Protection Course_I_BR_1109Assets Protection Course_I_BR_1109
Assets Protection Course_I_BR_1109
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
 
lecture 1A
lecture 1Alecture 1A
lecture 1A
 
Lessons learnt from the 2012 cyber security audit of Western Australian State...
Lessons learnt from the 2012 cyber security audit of Western Australian State...Lessons learnt from the 2012 cyber security audit of Western Australian State...
Lessons learnt from the 2012 cyber security audit of Western Australian State...
 
Sexy defense
Sexy defenseSexy defense
Sexy defense
 
Your Data Center's Security Guards
Your Data Center's Security GuardsYour Data Center's Security Guards
Your Data Center's Security Guards
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise Security
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
 
What Does a Security Guard Do?
What Does a Security Guard Do?What Does a Security Guard Do?
What Does a Security Guard Do?
 

Physical Security Fundamentals & Best Practices Webinar

  • 1. www.encari.com CIP-004, R1 Security y Awareness Webinar Series Series Physical Security Fundamentals & Best Practices Steven Hamburg Mark Simon
  • 2. www.encari.com Objectives Obj ti • Learn why physical security is a key component of critical infrastructure protection. • Learn about your role in implementing physical security-related policies and controls to mitigate risks of unauthorized access to li i d l ii i k f h i d critical equipment, systems, material, and information at or pertaining to critical facilities. 2
  • 3. www.encari.com Role f Physical Security R l of Ph i l S it • Violence, vandalism, theft, and terrorism are prevalent in the world today. 3
  • 4. www.encari.com Role f Physical Security R l of Ph i l S it • A Bonneville Power Administration crew working near the Mountain Avenue Substation discovered a suspicious device that law enforcement officials later determined was a pipe bomb. Law enforcement officials safely dismantled the device. While the bomb was near the substation, it is not clear that the BPA facility was the target. Source: BPA News July 22, 2009 4
  • 5. www.encari.com Role f Physical Security R l of Ph i l S it 5
  • 6. www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Deter • Don’t be too helpful. Some places are not meant to be easy to find. 6
  • 7. www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Detect • Identify and report any suspicious acts on or around the premises without putting yourself in harm’s way. 7
  • 8. www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Assess • An effective assessment system provides two types of information associated with detection: (1) information regarding whether the alarm is a valid alarm or a nuisance alarm, and (2) details regarding the cause of the alarm; i.e., what, who, where, and how many. 8
  • 9. www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Delay • Physical barriers are designed to delay an intruder. 9
  • 10. www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Communicate • Some organizations establish code words to alert co-workers and supervisors that immediate help is needed. Employees should know what steps to perform if a threatening or violent incident occurs. 10
  • 11. www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Respond • Leave it to the professionals to respond to a potential physical security breach. • The primary concern in any security incident is the protection of f human life. If force is threatened, system operators / control center / all personnel should follow the intruder's instructions to the letter. 11
  • 12. www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Intelligence • Employees benefit from a comprehensive security awareness program and an understanding of the threats involved. 12
  • 13. www.encari.com Foundational Ph i l S F d ti l Physical Security it Controls: Audit • Checking physical security system controls: I have my badge The door is secure The alarm is set I know the policies and procedures t f ll k th li i d d to follow 13
  • 14. www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #1 • Piggybacking A social engineer appears as a legitimate employee and walks into a secure building by following behind someone who has authorized access. 14
  • 15. www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #2 • Observing a supervisor or co-worker being confronted by a person who appears volatile. 15
  • 16. www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #3 • Finding a suspicious package or device. 16
  • 17. www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #4 • You observe a visitor, who should be escorted within a physical security perimeter, wandering within the physical security perimeter without his or her escort. 17
  • 18. www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #5 • It’s the end of the day and you rush to leave work to pick-up the kids, and in your haste you forget to secure confidential documents clearly visible on your desk. 18
  • 19. www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #6 • You discard printed materials and a CD containing the most sensitive type of information, as defined in your information protection program. 19
  • 20. www.encari.com Physical Security B t P ti Ph i l S it Best Practices: Scenario #7 • You observe a person outside of a security perimeter drawing a diagram and taking photographs. 20
  • 22. www.encari.com Q&A • Contact Information Steven Hamburg – Co-Founder, Encari g , Mark Simon – Sr. NERC CIP Compliance Specialist • Visit our blog at Control Engineering magazine’s website: www controleng com www.controleng.com 22