Design By King Faisal University Student: Lama Al-Banyan & Israa Al-Nami

1. P A P E R R E V I E W : I N F O R M A T I O N
S E C U R I T Y ; P H Y S I C A L A N D
E N V I R O N M E N T A L S E C U R I T Y
P R O C E D U R E
B y : L a m a A l - B a n y a n & I s r a a A l - N a m i
I D : 2 1 6 0 0 9 7 8 0 I D : 2 1 6 0 1 5 3 7 1
King Faisal University
School of Business
Administration Management of
Information System
Department
Information Systems
Security course. Fall 2019.

2. INTRODUCTION
• The paper that we reviewed listed the needed procedures to
be made to secure The Newcastle university’s information
system physically and environmentally. Through this
presentation we summarized the most important points for
you to know and follow to secure your own information
systems.

3. PHYSICAL AND ENVIRONMENTAL
SECURITY PROCEDURES
• Secure Areas
Objective: To prevent
unauthorized physical access,
damage and interference to the
university’s information and
assets.
• Equipment
Objective: To prevent loss,
damage, theft of compromise of
assets and interruption to the
university’s operations.

4. SECURE AREAS
• Physical Security Perimeter -
University information processing facilities must be protected by a physical security
perimeter. Intruder detection system must be installed.
• Physical Entry Controls -
Manned reception and appropriate entry and authentication controls are needed to
ensure only authorized personnel are allowed. While visitors must be escorted by
authorized personnel.
• Securing Offices, Rooms and Facilities -
Controls to ensure security of information and information systems located in
University offices, rooms and other facilities must be designed, applied and
documented.

5. SECURE AREAS
• Protecting Against External and Environmental Threats –
Information owners, managers, staff must incorporate physical security controls that
protect against damage from fire, flood, earthquake, explosion, civil unrest and other
forms of natural and man-made disasters.
• Physical protection against malicious attacks or accidents must be designed
and applied.
• Working in secure areas–
Information owners must inform the authorized personnel that:
- Sensitive information cannot be discussed in non-secure area.
- Sensitive information cannot be disclosed to unauthorized personnel.
- Any recording device of any type is not allowed inside the secure area.

6. SECURE AREAS
• Delivery and loading areas –
Access points such as reception, delivery and loading areas and other points where
unauthorized persons may enter the premises must be controlled and, if possible,
isolated from secure areas or offices to avoid unauthorized access.

7. EQUIPMENT
• Equipment siting and protection -
Equipment must be protected to reduce the risks from unauthorized access,
environmental threats and hazards.
• Supporting utilities -
Equipment must be protected from power supply interruption and other disruptions
caused by failures in supporting utilities. They should be regularly inspected and
to ensure their proper functioning and reduce the risk of malfunctioning or failure.
• Cabling security -
Power and telecommunications cabling carrying data or supporting information
services must be protected from interception or damage. Cables and equipment
be clearly marked to reduce handling errors.

8. EQUIPMENT
• Equipment maintenance -
Equipment must be correctly maintained to help ensure availability and integrity of
sensitive information and assets. Records must be kept of all suspected faults and all
preventive and corrective maintenance.
• Removal of assets -
Information owners must establish a formal authorization process for the removal of
assets for re-location, maintenance, disposal or any other purpose.

9. EQUIPMENT
• Security of equipment and assets off-premises –
Information Owners must ensure that equipment used or stored off-site is safeguarded
in accordance with the sensitivity of the information and the value of the assets. By
encrypting sensitive data or using a logical or physical control mechanisms to protect
against unauthorized access.
• Secure disposal or re-use of equipment –
Information owners must consider the sensitivity of information and the value of the
assets when determining whether or not hardware or media will be re- used or
destroyed.
1) Prior to re-use; The integrity of University records must be maintained by adhering to
the Records Management policy.
2) In case of disposal; Storage media that will no longer be used in the University must
be wiped by a method approved by the IT Security team, in compliance with the Asset
Management Procedure.

10. EQUIPMENT
• Unattended user equipment -
Users must ensure unattended equipment has appropriate protection by terminating
the active session when finished and locking it with a password or other approved
mechanism.
• Clear desk and clear screen policy -
Users must safeguard sensitive information from unauthorized access, loss, or
By locking hard copy sensitive information or portable storage devices in a locked
cabinet.

11. THANK YOU