ccccccc Flashcards
(53 cards)
Front
Back
What is physical security?
The practice of protecting organizational assets like people, property, and information through a combination of security measures including personnel, procedures, technology, and structures. [cite: 1]
What are the origins of physical security?
Its origins trace back to early human history, where simple tools like weapons and stones were used for protection against dangerous animals and outsiders. [cite: 2]
What forms the foundation of a robust physical security program?
Clearly defined objectives and meticulously chosen components. [cite: 3]
How do security professionals effectively safeguard organizational assets?
Through a well-coordinated, multi-faceted approach utilizing the right combination of personnel, procedures, technologies, and structures. [cite: 4]
Why is aligning physical security measures with an organization’s culture, mission, and cross-departmental objectives essential?
To avoid internal conflicts and enhance operational efficacy. [cite: 5]
What are the key activities of physical security professionals?
They assess security needs, identify internal and external threats to assets, and formulate plans, policies, procedures, and other security measures to mitigate those threats. [cite: 6]
What is the primary objective of protecting personnel in physical security?
Ensuring the protection of every staff member from any external or internal threats. [cite: 7]
Provide an example of personnel protection in physical security.
Office buildings with secured entrances accessible only through ID cards or biometric systems, which enables monitoring and control over who enters or exits, providing physical safety to employees. [cite: 8, 9] Many companies also employ security staff for patrolling during non-working hours to deter unauthorized intrusion. [cite: 10]
Why is the protection of physical assets important?
Physical assets like office spaces, equipment, and machinery are indispensable business resources that require protection against theft or damage. [cite: 11]
Provide an example of physical asset protection.
A manufacturing plant using CCTV cameras for round-the-clock surveillance of expensive machinery, allowing quick detection of abnormal activities to prevent significant damage. [cite: 12, 13]
Why is physical access restriction vital for information assets, even with cybersecurity?
It restricts unauthorized access to sensitive data stored physically, such as paper documents in locked areas or data centers. [cite: 14]
Provide an example of protecting information assets physically.
In banks, measures include strong safes, fireproof filing cabinets, and electromagnetic shielding to prevent wireless extraction from servers behind biometrically controlled doors, protecting data files against theft, arson, and industrial espionage by insiders. [cite: 15]
What is Business Continuity Management (BCM) in the context of physical security?
Drawing up plans during a crisis (e.g., natural disasters, fire, burglary) to allow the organization to continue functioning by minimizing disruption to normal business operations. [cite: 17]
Provide an example of BCM.
Businesses in geologically unstable regions should have clear evacuation routes and robust emergency response plans. Building retrofitting can also significantly reduce risk if an earthquake strikes. [cite: 18, 19]
What are the three key design concepts for an effective physical security program?
Four D, defense in depth, and balanced protection. [cite: 20]
Describe the “Deter” principle of the Four D design concept.
The primary goal is to discourage criminal activity before it begins, achieved through visible security measures and proactive strategies. [cite: 21, 22]
Describe the “Detect” principle of the Four D design concept.
If deterrence fails, the next step is to identify potential threats or breaches, involving monitoring systems and procedures to detect unusual activity. [cite: 23, 24]
Describe the “Delay” principle of the Four D design concept.
Once a threat is detected, actions are taken to slow down an attack or breach, giving time for a response force to intervene. [cite: 24]
Describe the “Deny” principle of the Four D design concept.
The final objective is to prevent unauthorized access to assets, thereby preventing the attacker from achieving their goals. [cite: 25]
How must the Four Ds be implemented to achieve comprehensive protection?
In sequence. If deterrence fails, detection and assessment become essential for initiating timely responses, and detection should always include assessment to fully understand the nature of events or breaches. [cite: 26, 27, 28]
What is Defense-in-Depth in physical security?
Also known as layered protection or protection-in-depth, it is a strategy used to create multiple layers of protection around a property or asset, so if one layer fails, others still provide protection, making it harder for an intruder to succeed. [cite: 29, 30]
Describe the “Outer Layer” in Defense-in-Depth.
This is the first line of defense, including barriers like fences, gates, and lighting, which help deter or detect potential intruders before they get close to the building. [cite: 31, 32]
Describe the “Middle Layer” in Defense-in-Depth.
This layer focuses on the building’s exterior, such as doors, windows, and walls, designed to prevent or delay unauthorized access once an intruder has bypassed the outer layer. [cite: 33, 34]