Physical

(Environmental)

Security

2

Domain Objectives

•Define key concepts of physical security

• Goals and Purpose of Layered Defenses

• Principles in Site Location

• Building Entry Points

• Physical Security Principles for Information System’s Security within a Building

3

Information Security TRIAD

Availability

ConfidentialityIntegrity

Information Security

4

Domain Agenda

• Introduction

• Layered Defense Model

• Crime Prevention Through Environmental Design

• Facility and Infrastructure Criteria

5

Primary Physical Security Goal

WARNING

The protection of life is our PRIMARY goal

6

Goals of Physical Security

• Deter

• Delay

• Detect

• Assess

• Respond

7

Threats to Physical Security

• Natural/Environmental

• Utility Systems

• Human-Made/Political Events

8

Malicious Threat Sources and Countermeasures

• Theft

• Espionage

• Dumpster Diving

• Social Engineering and Shoulder Surfing

• HVAC Access

9

Domain Agenda

• Introduction

• Layered Defense Model

• Crime Prevention Through Environmental Design

• Facility and Infrastructure Criteria

10

Layered Defense Model

• Security through ‘layers’ of controls

• Multi-layered

• Starts with the perimeter, then building grounds, then building entry points, etc.

11

Layered Defense Model

Perimeter

Building

Entrance

Building Floors/

Office Suites

Offices/Data

Centers/Equipment,Supplies,

Media

Building Grounds

12

Perimeter and Building Boundary Protection

• Perimeter security controls are the first line of defense

• Protective barriers can be either natural or structural

13

Landscaping

• Ponds, Hedges

• Small Spiny Shrubs

14

Fences

• Federal, state, or local codes may apply

• No parking should be allowed near fences

15

Controlled Access Points

• Gates - minimum necessary

• Bollards

16

Perimeter Intrusion Detection Systems

• Detects unauthorized access into an area

17

Closed Circuit Television (CCTV)

• CCTV Capability Requirements

• Mixing Capabilities

• Virtual systems

18

CCTV Main Components

• CCTV - 3 Main Components

• Camera Lens

• Transmission Media

• Display Monitor

• Components must function together

19

Additional CCTV System Equipment

• Pan and Tilt Units

• Panning Device

• Mountings

• Switchers / Multiplexers

• Remote Camera Controls

• Infrared Illuminators

• Time/Date Generators

• Videotape or Digital Recorders

• Motion Detectors

• Computer Controls

20

CCTV Concerns

• Total Surveillance

• Size Depth, Height, and Width

• Lighting

• Contrast

21

Lighting

• Should be used with other controls

• Supports crime prevention

22

Types of Lighting

• Continuous Lighting

• Trip Lighting

• Standby Lighting

• Emergency Lighting

23

Building Entry Point Protection

• Locks

• Lock Components

24

Types of Locks

• Combination Locks

• Deadbolt Locks

• Keyless Locks

• Smart Locks

25

Lock Picking

• Lock Picking

• Locks are “pick-resistant,” not “pickproof”

26

Lock Security Measures

• Lock and Key Control System

• Key Control Procedures

• Combinations must be changed

• Fail-soft vs. Fail-secure

27

Guards and Guard Stations

• Guards

• Can provide a deterrent

• Guard Stations

28

Other Electronic Physical Controls

• Card Access

• Biometric Access Methods

29

Compartmentalized Areas

• Extremely Sensitive Location

• Most Stringent Security Controls

• Multi-layered Physical Access Controls

30

Data Center or Server Room Security

• Walls

• Multi-factor Access Controls

31

Computer Equipment Protections

• Computer equipment security

• Portable device security

• Objects placed inside security containers

32

Domain Agenda

• Introduction

• Layered Defense Model

• Crime Prevention Through Environmental Design

• Facility and Infrastructure Criteria

33

Crime Prevention Through Environmental Design

• Managing the physical environment to reduce crime

• Relationships between People and Environments

• Three Key Strategies of CPTED

34

Domain Agenda

• Introduction

• Layered Defense Model

• Crime Prevention Through Environmental Design

• Facility and Infrastructure Criteria

35

Site Location Considerations

• Site Security Considerations

• CPTED part of this Process

36

Facility Construction Considerations

• Doors

• Windows

• Entry Points

37

Infrastructure Support Systems

• Infrastructure Support Systems

• Key Threats to Support Systems

38

Fire Concerns

• Best Practices

• Abiding by the Fire Codes

• Fire Containment System (floors, vents, HVAC)

• Fire Extinguishing System (permanent & mobile)

• Fire Prevention Training and Drills

39

Fire Protection

• Fire Prevention

• Fire Detection

• Fire Suppression

40

Fire Types and Suppression

Class Type Suppression Agents

Common combustibles

Water, foam, dry chemicals

LiquidGas, CO2, foam, dry chemicals

ElectricalGas, CO2, dry chemicals

Combustible metals

Dry powders

KCooking Media (fats)

Wet chemicals

41

Halon Gas

• Restricted by1987 Montreal Protocol

• Many jurisdictions require removal of Halon

• Replacement alternatives for Halon

42

Other Infrastructure Threats

• Gas Leakage

• Water Threats

• Loss of Electrical Power

• Loss of HVAC

43

Types of Electrical Power Faults

• Complete Loss of Power

• Power Degradation

• Interference (noise)

44

Domain Summary

• Define key concepts of physical security

• Goals and purpose of layered defenses

• Principles in site location

• Building entry points

• Physical security principles for information system’s security within a building

“SecurityTranscendsTechnology”