Fundamentals of Information Systems Security/Physical and Environmental Security

From Wikibooks, open books for an open world
Jump to navigation Jump to search

Physical Security Challenges[edit | edit source]

One of the hardest to prevent threats to Information Security is simple ignorance of policy. As an example, a well meaning employee may take sensitive information to work on while at home.

Physical Threat Types[edit | edit source]

Natural Disasters

  • Hurricanes, typhoons, and tropical cyclones—These products of Mother Nature are products of the tropical ocean and atmosphere. They are powered by heat from the sea. As they progress across the ocean, they grow in velocity. When they move ashore, they spawn tornadoes and cause high winds and floods.
  • Tidal waves/tsunamis—The word tsunami is based on a Japanese word meaning “harbor wave.” This natural phenomenon consists of a series of widely dispersed waves that cause massive damage when they come ashore.
  • Floods—Floods can result when the soil has poor retention properties or when the amount of rainfall exceeds the ground’s ability to absorb water. Floods are also caused when creeks and rivers overflow their banks.
  • Earthquakes—These are caused from movement of the earth along the fault lines.
  • Tornados—Tornados are violent storms that form from a thunderstorm. They descend to the ground as a violent rotating column of air. Tornados leave a path of destruction that can extend from the width of a football field to about a mile wide.
  • Fire—This one leads the list in damage and potential for loss of life.

Man-Made Threats

  • Terrorism—Terrorism is a deliberate use of violence against civilians for political or religious means.
  • Vandalism—The willful destruction of another’s property.
  • Theft—Theft of company assets can range from annoying to detrimental.
  • Destruction—A former employee thought he would get even with the company by wiping out an important company database. What will it cost to recover? Did anyone implement that backup policy?
  • Criminal activities

Emergency Situations

  • Communication loss- Communication loss can be the outage of voice communication systems or data networks.
  • Utility loss—Utilities include water, gas, communications systems, and electrical power. The loss of utilities can bring business to a standstill. Generators and backup can prevent these problems if they are used.
  • Equipment failure—Equipment will fail over time. That is why maintenance is so important. A Fortune 1000 study found that 65% of all businesses that failed to become operational after 1 week never became operational.Service-level agreements (SLAs) are one good way to plan for equipment failure. With an SLA in place, the vendor agrees to repair or replace the covered equipment within a given period of time.

Site Location
[edit | edit source]

Key Requirements[edit | edit source]

Location[edit | edit source]

Construction[edit | edit source]

Doors,Walls,Windows and Ceiling[edit | edit source]

The Layered Defense Model[edit | edit source]

Physical Considerations

Working with Others to Achieve Physical and Procedural Security

Physical and Procedural Security Methods, Tools, and Techniques

Procedural Controls

Infrastructure Support Systems

Fire Prevention, Detection, and Suppression

Boundary Protection

Building Entry Points

Keys and Locking Systems

Walls, Doors, and Windows

Access Controls

Closed-Circuit Television (CCTV)

Intrusion Detection Systems

Portable Device Security

Asset and Risk Registers

Information Protection and Management Services[edit | edit source]

Managed Services

Audits, Drills, Exercises, and Testing

Vulnerability and Penetration Tests

Maintenance and Service Issues

Education, Training, and Awareness