CHAPTER 5_Physical and Environmental Security Flashcards Preview

CISSP_TEST > CHAPTER 5_Physical and Environmental Security > Flashcards

Flashcards in CHAPTER 5_Physical and Environmental Security Deck (153):
1

Grade 2

Heavy-duty residential/light-duty commercial

2

Cross-sectional

A photoelectric system, or photometric system, detects the change in a light beam and thus can be used only in windowless rooms. These systems work like photoelectric smoke detectors, which emit a beam that hits the receiver. If this beam of light is interrupted, an alarm sounds. The beams emitted by the photoelectric cell can be cross-sectional and can be invisible or visible beams. Cross-sectional means that one area can have several different light beams extending across it, which is usually carried out by using hidden mirrors to bounce the beam from one place to another until it hits the light receiver. These are the most commonly used systems in the movies. You have probably seen James Bond and other noteworthy movie spies or criminals use night-vision goggles to see the invisible beams and then step over them.

3

High security

Pick resistance protection through many different mechanisms (only used in grade 1 and 2 locks)

4

Natural Territorial Reinforcement

This is my neighborhood and I will protect it.

The third CPTED strategy is natural territorial reinforcement, which creates physical designs that emphasize or extend the company’s physical sphere of influence so legitimate users feel a sense of ownership of that space. Territorial reinforcement can be implemented through the use of walls, fences, landscaping, light fixtures, flags, clearly marked addresses, and decorative sidewalks. The goal of territorial reinforcement is to create a sense of a dedicated community. Companies implement these elements so employees feel proud of their environment and have a sense of belonging, which they will defend if required to do so. These elements are also implemented to give potential offenders the impression that they do not belong there, that their activities are at risk of being observed, and that their illegal activities will not be tolerated or ignored.

5

Perimeter Intrusion Detection and Assessment System (PIDAS)

Perimeter Intrusion Detection and Assessment System (PIDAS) is a type of fencing that has sensors located on the wire mesh and at the base of the fence. It is used to detect if someone attempts to cut or climb the fence. It has a passive cable vibration sensor that sets off an alarm if an intrusion is detected. PIDAS is very sensitive and can cause many false alarms.

6

passive infrared system (PIR)

A passive infrared system (PIR) identifies the changes of heat waves in an area it is configured to monitor. If the particles’ temperature within the air rises, it could be an indication of the presence of an intruder, so an alarm is sounded.

7

Laminated

The plastic layer between two outer glass layers. The plastic layer helps increase its strength against breakage.

8

Wave-pattern motion detectors

Wave-pattern motion detectors differ in the frequency of the waves they monitor. The different frequencies are microwave, ultrasonic, and low frequency. All of these devices generate a wave pattern that is sent over a sensitive area and reflected back to a receiver. If the pattern is returned undisturbed, the device does nothing. If the pattern returns altered because something in the room is moving, an alarm sounds.

9

Crime Prevention Through Environmental Design

This place is so nice and pretty and welcoming. No one would want to carry out crimes here.

Crime Prevention Through Environmental Design (CPTED) is a discipline that outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. It provides guidance in loss and crime prevention through proper facility construction and environmental components and procedures.

10

Incident assessment

Response of security guards to detected incidents and determination of damage level

11

Water detectors can help prevent damage to

  • Equipment
  • Flooring
  • Walls
  • Computers
  • Facility foundations

12

13. What discipline combines the physical environment and sociology issues that surround it to reduce crime rates and the fear of crime?

A. Layered defense model

B. Target hardening

C. Crime Prevention Through Environmental Design

D. Natural access control

Extended Questions:

CORRECT C. Crime Prevention Through Environmental Design (CPTED) is a discipline that outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. It provides guidance in loss and crime prevention through proper facility construction and environmental components and procedures. The crux of CPTED is that the physical environment can be manipulated to create behavioral effects that will reduce crime and the fear of crime. It looks at the components that make up the relationship between humans and their environment. This encompasses the physical, social, and psychological needs of the users of different types of environments and predictable behaviors of these users and offenders. For example, CCTV cameras should be mounted in full view so that criminals know their activities will be captured and other people know the environment is well monitored and thus safer.

WRONG A is incorrect because a layered defense model is a tiered architecture of physical, logical, and administrative security controls. The concept is that if one layer fails, other layers will protect the valuable asset. Layers should be implemented moving from the perimeter toward the asset. For example, you would have a fence, then your facility walls, then an access control card device, then a guard, then an IDS, and then locked computer cases and safes. This series of layers will protect the company’s most sensitive assets, which would be placed in the innermost control zone of the environment. So if the bad guy were able to climb over your fence and outsmart the security guard, he would still have to circumvent several layers of controls before getting to your precious resources and systems.

WRONG B is incorrect because target hardening focuses on denying access through physical and artificial barriers (alarms, locks, fences, and so on). Traditional target hardening can lead to restrictions on the use, enjoyment, and aesthetics of an environment. Remember that security entails maintaining a delicate balance between ease of use and protection. A Parks and Recreation department could implement fences, intimidating signs, and barriers around its parks and green areas to discourage gangs from congregating, but who would want to play or have a picnic there? The same goes for an office building. You must provide the necessary levels of protection, but your protection mechanisms should be more subtle and unobtrusive.

WRONG D is incorrect because natural access control is the guidance of people entering and leaving a space by the placement of doors, fences, lighting, and even landscaping. For example, an office building may have external bollards with lights in them. These bollards carry out different safety and security services. The bollards themselves protect the facility from physical destruction by preventing people from driving their cars into the building. The light emitted helps ensure that criminals do not have a dark place to hide. And the lights and bollard placement guides people along the sidewalk to the entrance, instead of using signs or railings.

13

Perimeter Intrusion Detection and Assessment System (PIDAS)

Perimeter Intrusion Detection and Assessment System (PIDAS) is a type of fencing that has sensors located on the wire mesh and at the base of the fence. It is used to detect if someone attempts to cut or climb the fence. It has a passive cable vibration sensor that sets off an alarm if an intrusion is detected. PIDAS is very sensitive and can cause many false alarms.

14

passive infrared system (PIR)

A passive infrared system (PIR) identifies the changes of heat waves in an area it is configured to monitor. If the particles’ temperature within the air rises, it could be an indication of the presence of an intruder, so an alarm is sounded.

15

PIDAS Fencing

Perimeter Intrusion Detection and Assessment System (PIDAS) is a type of fencing that has sensors located on the wire mesh and at the base of the fence. It is used to detect if someone attempts to cut or climb the fence. It has a passive cable vibration sensor that sets off an alarm if an intrusion is detected. PIDAS is very sensitive and can cause many false alarms.

16

In-rush current

Initial surge of current required to start a load

17

Facility Access Control

Access control needs to be enforced through physical and technical components when it comes to physical security. Physical access controls use mechanisms to identify individuals who are attempting to enter a facility or area. They make sure the right individuals get in and the wrong individuals stay out, and provide an audit trail of these actions. Having personnel within sensitive areas is one of the best security controls because they can personally detect suspicious behavior. However, they need to be trained on what activity is considered suspicious and how to report such activity.

18

Peripheral switch controls

Secure a keyboard by inserting an on/off switch between the system unit and the keyboard input slot

19

Responsive area illumination

Responsive area illumination takes place when an IDS detects suspicious activities and turns on the lights within a specific area. When this type of technology is plugged into automated IDS products, there is a high likelihood of false alarms. Instead of continuously having to dispatch a security guard to check out these issues, a CCTV camera can be installed to scan the area for intruders.

20

Class II

Commercial usage, where general public access is expected; examples include a public parking lot entrance, a gated community, or a self-storage facility

21

18. Which of the following is not true of IDSs?

A. They can be hindered by items within the room.

B. They are expensive and require human intervention to respond to the alarms.

C. They usually come with a redundant power supply and emergency backup power.

D. They should detect, and be resistant to, tampering.

Extended Questions:

CORRECT C. Intrusion detection systems do not commonly come with a redundant power supply and emergency backup power. However, these things are necessary. Without them, an IDS will be inoperable if the main source of power becomes unavailable, leaving assets at risk.

WRONG A is incorrect because IDSs can be hindered by items within a room. In fact, the items within the room, as well as the size and shape of the room, may cause barriers, in which case more detectors are needed to provide the necessary level of coverage.

WRONG B is incorrect because IDSs are relatively expensive and they do require human intervention to respond to the alarms. IDSs are used to detect unauthorized entries and alert a responsible entity to respond. These systems can monitor entries, doors, windows, devices, or removable coverings of equipment. Many work with magnetic contacts or vibration-detection devices that are sensitive to certain types of changes in the environment. When a change is detected, the IDS device sounds an alarm either in the local area, or in both the local area and a remote police or guard station.

WRONG D is incorrect because IDSs should detect, and be resistant to, tampering. Intruders like to cover their tracks to avoid detection. Obviously, if the IDS can be disabled or tampered with so that an alarm does not trigger or evidence of an intrusion is destroyed, then the IDS cannot do its job. So an IDS worth its salt should have its own intrusion prevention mechanisms.

22

The purpose of CCTV

To detect, assess, and/or identify intruders

23

Deluge

A deluge system has its sprinkler heads wide open to allow a larger volume of water to be released in a shorter period. Because the water being released is in such large volumes, these systems are usually not used in data processing environments.

24

Brownout

Prolonged power supply that is below normal voltage

25

Politically motivated threats

Strikes, riots, civil disobedience, terrorist attacks, bombings, and so forth

26

Laminated glass

Laminated glass has two sheets of glass with a plastic film in between. This added plastic makes it much more difficult to break the window. As with other types of glass, laminated glass can come in different depths. The greater the depth (more glass and plastic), the more difficult it is to break.

27

Mike is the new CSO of a large pharmaceutical company. He has been asked to revamp the company’s physical security program and better align it with the company’s information security practices. Mike knows that the new physical security program should be made up of controls and processes that support the following categories: deterrent, delaying, detection, assessment, and response.

27. Mike’s team has decided to implement new perimeter fences and warning signs against trespassing around the company’s facility. Which of the categories listed in the scenario do these countermeasures map to?

A. Deterrent

B. Delaying

C. Detection

D. Assessment

Extended Questions:

CORRECT A. Fences, warning signs, and security guards are examples of countermeasures that can be put into place to deter unauthorized entry. A physical security program should contain controls in each of the following categories: deterrent, delaying, detection, assessment, and response.

WRONG B is incorrect because reinforced walls, rebar, locks, and the use of double walls can be used as delaying mechanisms. The idea is that it will take the bad guy longer to get through these types of controls, which gives the response force sufficient time to arrive at the scene and stop the attacker. Deterrent controls reduce the likelihood of a vulnerability being exploited; a delaying control tries to ensure that if a bad thing happens, it will slow down the intruder.

WRONG C is incorrect because detection tools are implemented not to deter malicious individuals but to detect their activities. Detection tools can be intrusion detection systems, sensors, and PIDAS fencing.

WRONG D is incorrect because assessment controls pertain to how different situations will be identified and assessed. The most common control in this category is a security guard because he can connect the pieces of a situation together and determine what next steps should take place. It is important that there are controls in place that will carry out incident assessment and procedures that will be followed depending upon the outcome of the assessment.

28

Amount of illumination of the environment

Lit areas, unlit areas, areas affected by sunlight

29

Doors Different door types for various functionalities include the following:

  • Vault doors
  • Personnel doors
  • Industrial doors
  • Vehicle access doors
  • Bullet-resistant doors

30

Electric Power

We don’t need no stinkin’ power supply. Just rub these two sticks together.

Because computing and communication have become so essential in almost every aspect of life, power failure is a much more devastating event than it was 10 to 15 years ago. The need for good plans to fall back on is crucial to ensure that a business will not be drastically affected by storms, high winds, hardware failure, lightning, or other events that can stop or disrupt power supplies. A continuous supply of electricity assures the availability of company resources; thus, a security professional must be familiar with the threats to electric power and the corresponding countermeasures.

31

Noise

Electromagnetic or frequency interference that disrupts the power flow and can cause fluctuations

32

Response procedures

Fire suppression mechanisms, emergency response processes, law enforcement notification, and consultation with outside security professionals

33

Hostage alarm

If an individual is under duress and/or held hostage, a combination he enters can communicate this situation to the guard station and/or police station.

34

Access control mechanisms

Locks and keys, an electronic card access system, personnel awareness

35

Master keying

Enables supervisory personnel to change access codes and other features of the cipher lock.

36

Lock bumping

Lock bumping is a tactic that intruders can use to force the pins in a tumbler lock to their open position by using a special key called a bump key. The stronger the material that makes up the lock, the smaller the chance that this type of lock attack would be successful.

37

The following are some of the EPA-approved replacements for halon:

  • FM-200
  • NAF-S-III
  • CEA-410
  • FE-13
  • Inergen
  • Argon
  • Argonite

38

Port controls

Block access to disk drives or unused serial or parallel ports

39

Preaction

Preaction systems are similar to dry pipe systems in that the water is not held in the pipes, but is released when the pressurized air within the pipes is reduced. Once this happens, the pipes are filled with water, but it is not released right away. A thermal-fusible link on the sprinkler head has to melt before the water is released. The purpose of combining these two techniques is to give people more time to respond to false alarms or to small fires that can be handled by other means. Putting out a small fire with a handheld extinguisher is better than losing a lot of electrical equipment to water damage. These systems are usually used only in data processing environments rather than the whole building, because of the higher cost of these types of systems.

40

Intrusion Detection Systems Characteristics : IDSs are very valuable controls to use in every physical security program, but several issues need to be understood before implementing them:

  • They are expensive and require human intervention to respond to the alarms.
  • A redundant power supply and emergency backup power are necessary.
  • They can be linked to a centralized security system.
  • They should have a fail-safe configuration, which defaults to "activated."
  • They should detect, and be resistant to, tampering.

41

32. Which of the following is a control that Greg’s team could implement to address the network administrators’ issue?

A. Secondary feeder line

B. Insulated grounded wiring

C. Line conditioner

D. Generator

Extended Questions:

CORRECT C. Because these and other occurrences are common, mechanisms should be in place to detect unwanted power fluctuations and protect the integrity of data processing environments. Voltage regulators and line conditioners can be used to ensure a clean and smooth distribution of power. The primary power runs through a regulator or conditioner. They have the capability to absorb extra current if there is a spike, and to store energy to add current to the line if there is a sag.

WRONG A is incorrect because a secondary feeder line from a transformer does not address the issue outlined in this scenario. A secondary line would be put into place for redundancy and failover purposes.

WRONG B is incorrect because an insulated grounded wire does not address the issue outlined in the scenario. The issue in the scenario has to do with in-rush currents, which means that the voltage of the power supply is uneven and potentially damaging. Wires are grounded to ensure that an excessive current goes to the ground and not to a piece of equipment or person. Grounding wires does not address voltage and current fluctuation.

WRONG D is incorrect because a generator is implemented in case there is a power outage. A generator does not have any effect on power voltage changes.

42

Cable traps

Prevent the removal of input/output devices by passing their cables through a lockable unit

43

Electromechanical systems

Electromechanical systems work by detecting a change or break in a circuit. The electrical circuits can be strips of foil embedded in or connected to windows. If the window breaks, the foil strip breaks, which sounds an alarm. Vibration detectors can detect movement on walls, screens, ceilings, and floors when the fine wires embedded within the structure are broken. Magnetic contact switches can be installed on windows and doors. If the contacts are separated because the window or door is opened, an alarm will sound.

44

Class IV

Restricted access; this includes a prison entrance that is monitored either in person or via closed circuitry

45

plenum areas

Wiring and cables are strung through plenum areas, such as the space above dropped ceilings, the space in wall cavities, and the space under raised floors. Plenum areas should have fire detectors. Also, only plenum-rated cabling should be used in plenum areas, which is cabling that is made out of material that does not let off hazardous gases if it burns.

46

auto iris lens

CCTV lenses have irises, which control the amount of light that enters the lens. Manual iris lenses have a ring around the CCTV lens that can be manually turned and controlled. A lens with a manual iris would be used in areas that have fixed lighting, since the iris cannot self-adjust to changes of light. An auto iris lens should be used in environments where the light changes, as in an outdoor setting. As the environment brightens, this is sensed by the iris, which automatically adjusts itself. Security personnel will configure the CCTV to have a specific fixed exposure value, which the iris is responsible for maintaining. On a sunny day, the iris lens closes to reduce the amount of light entering the camera, while at night, the iris opens to capture more light—just like our eyes.

47

Reduction of damage through the use of delaying mechanisms

Layers of defenses that slow down the adversary, such as locks, security personnel, and barriers

48

Wafer tumbler

Wafer tumbler locks (also called disc tumbler locks) are the small, round locks you usually see on file cabinets. They use flat discs (wafers) instead of pins inside the locks. They often are used as car and desk locks. This type of lock does not provide much protection because it can be easily circumvented.

49

Construction

We need a little more than glue, tape, and a stapler.

Physical construction materials and structure composition need to be evaluated for their appropriateness to the site environment, their protective characteristics, their utility, and their costs and benefits. Different building materials provide various levels of fire protection and have different rates of combustibility, which correlate with their fire ratings. When making structural decisions, the decision of what type of construction material to use (wood, concrete, or steel) needs to be considered in light of what the building is going to be used for. If an area will be used to store documents and old equipment, it has far different needs and legal requirements than if it is going to be used for employees to work in every day.

50

Patrol Force and Guards

One of the best security mechanisms is a security guard and/or a patrol force to monitor a facility’s grounds. This type of security control is more flexible than other security mechanisms, provides good response to suspicious activities, and works as a great deterrent. However, it can be a costly endeavor, because it requires a salary, benefits, and time off. People sometimes are unreliable. Screening and bonding is an important part of selecting a security guard, but this only provides a certain level of assurance. One issue is if the security guard decides to make exceptions for people who do not follow the organization’s approved policies. Because basic human nature is to trust and help people, a seemingly innocent favor can put an organization at risk.

51

Types of Fire Detection

Fires present a dangerous security threat because they can damage hardware and data and risk human life. Smoke, high temperatures, and corrosive gases from a fire can cause devastating results. It is important to evaluate the fire safety measurements of a building and the different sections within it.

52

Crime Prevention Through Environmental Design (CPTED)

Crime Prevention Through Environmental Design (CPTED) is a discipline that outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. It provides guidance in loss and crime prevention through proper facility construction and environmental components and procedures.

53

21. What type of fence detects if someone attempts to climb or cut it?

A. Class IV

B. PIDAS

C. CPTED

D. PCCIP

Extended Questions:

CORRECT B. Perimeter Intrusion Detection and Assessment System (PIDAS) is a type of fencing that has sensors located on the wire mesh and at the base of the fence. It is used to detect if someone attempts to cut or climb the fence. It has a passive cable vibration sensor that sets off an alarm if an intrusion is detected. PIDAS is very sensitive and can cause many false alarms. PIDAS fencing serves as a detective control. It is used in high-security areas, such as around military and prison facilities, and is also useful in areas that cannot be easily observed.

WRONG A is incorrect because fencing is not classified in this manner. Classes are used to refer to gates. A Class IV gate means that it provides restricted access. This includes a prison entrance that is monitored in person or via closed circuitry. Each gate classification has its own long list of implementation and maintenance guidelines in order to ensure the necessary level of protection. These classifications and guidelines are developed by Underwriters Laboratory (UL), a nonprofit organization that tests, inspects, and classifies electronic devices, fire protection equipment, and specific construction materials.

WRONG C is incorrect because CPTED is not a type of fencing. CPTED stands for Crime Prevention Through Environmental Design. It is a discipline that describes how to design a physical environment to affect human behavior, thereby reducing crime. CPTED has been used to develop physical security programs, as well as neighborhoods, towns, and cities. It addresses landscaping, entrances, facility and neighborhood layouts, lighting, road placement, and traffic circulation patterns—all in an effort to discourage criminal activity.

WRONG D is incorrect because the PCCIP is the President’s Commission on Critical Infrastructure Protection. PCCIP is an executive order that requires organizations that are part of the national critical infrastructure to have adequate protection mechanisms in place. This includes the technical protection of systems and data, as well as the physical protection of the facilities themselves. It outlines that power systems, emergency services, water supply systems, gas and oil transportation, and government services must be evaluated to ensure that proper physical security is implemented.

54

Low security

No pick or drill resistance provided (can fall within any of the three grades of locks)

55

Introduction to Physical Security

The physical security of computers and their resources in the 1960s and 1970s was not as challenging as it is today because computers were mostly mainframes that were locked away in server rooms, and only a handful of people knew what to do with them anyway. Today, a computer sits on almost every desk in every company, and access to devices and resources is spread throughout the environment. Companies have several wiring closets and server rooms, and remote and mobile users take computers and resources out of the facility. Properly protecting these computer systems, networks, facilities, and employees has become an overwhelming task to many companies.

56

Proximity protection components are usually put into place to provide one or more of the following services:

  • Control pedestrian and vehicle traffic flows
  • Various levels of protection for different security zones
  • Buffers and delaying mechanisms to protect against forced entry attempts
  • Limit and control entry points

57

15. Paisley is helping her company identify potential site locations for a new facility. Which of the following is not an important factor when choosing a location?

A. Distance to police and fire stations

B. Lighting

C. Natural disaster occurrence

D. Crime rate

Extended Questions:

CORRECT B. Lighting is an important issue for physical security, but not a component that is evaluated during site location. The necessary lighting can be installed while the facility is built or later. Indeed, a security professional should understand that the right illumination needs to be in place, that no dead spots (unlit areas) should exist between the lights, and that all areas where individuals may walk should be properly lit. A security professional should also understand the various types of lighting available and where they should be used. If an organization does not implement the right types of lights and ensure they provide proper coverage, it increases the probability of criminal activity, accidents, and lawsuits.

WRONG A is incorrect because a location’s distance from police and fire stations is an important factor to consider when evaluating potential site locations. Many times, the proximity of these entities raises the real estate value of properties, but for good reason. Each of these issues—police station, fire station, and even medical facility proximity—can also reduce insurance rates and must be looked at carefully. Remember that the ultimate goal of physical security is to ensure the safety of personnel. Always keep that in mind when implementing any sort of physical security control.

WRONG C is incorrect because when evaluating a location for a facility, it is critical to take into account the risk of natural disasters. Decision makers should consider the likelihood of floods, tornadoes, earthquakes, or hurricanes, as well as hazardous terrain (mudslides, falling rock from mountains, or excessive rain or snow). The likelihood of these risks will affect the organization’s business continuity and disaster recovery programs.

WRONG D is incorrect because it is important to consider the area’s crime rate when evaluating site locations for a facility. It is also wise to consider the likelihood of riots and terrorism attacks, and other possible hazards from the surrounding area.

58

Solar window film

Provides extra security by being tinted and offers extra strength due to the film’s material.

59

4. Brad is installing windows on the storefront of a bank in an area known to be at risk of fires in the dry season. Which of the following is least likely to be true of the windows he is installing?

A. The glass has embedded wires.

B. They are made of glass-clad polycarbonate.

C. The window material is acrylic glass.

D. A solar window film has been added to them.

Extended Questions:

CORRECT C. It is not likely that the windows Brad is installing are made of acrylic glass. Acrylic glass is made out of polycarbonate acrylic, and while it’s stronger than standard glass, it is also combustible. When it burns, acrylic glass forms carbon dioxide, water, carbon monoxide, and compounds such as formaldehyde. Because of its toxicity, it is likely that the fire codes for the bank’s location prohibit the use of acrylic glass. However, acrylic glass does have its uses. It is preferred as an alternative to glass in some cases because it is easy to handle and process, and comes at a low cost. You can find acrylic glass at your local aquarium or pet shop. It is often used to build residential and commercial aquariums. It is also used for aircraft windows, motorcycle helmet visors, and as spectator protection around ice hockey rinks.

WRONG A is incorrect because embedded wires is a safety feature that is intended to reduce the likelihood of the window being broken or shattering. Windows with embedded wires consist of two sheets of glass with the wiring in between. It is unlikely that the bank’s storefront windows have embedded wires. These windows are not typically used in storefronts for aesthetic reasons. However, of the answer options available, this is not the least likely characteristic.

WRONG B is incorrect because it is very likely that the windows Brad is installing are made of glass-clad polycarbonate. Glass-clad polycarbonate is the strongest window material available and is resistant to fire, making it a good choice for a bank at risk of going up in flames during the dry season. Be careful not to confuse glass-clad polycarbonate with polycarbonate acrylic, which not only burns but produces toxic fumes while it does so.

WRONG D is incorrect because it is likely that a solar window film has been added to the bank’s storefront windows. A lot of window types have a film on them that provides efficiency in heating and cooling. They filter out UV rays and are usually tinted, which can make it harder for the bad guy to peep in and monitor internal activities. Some window types have a different kind of film applied that makes it more difficult to break them, whether by explosive, storm, or intruder.

60

Manmade threats

Unauthorized access (both internal and external), explosions, damage by disgruntled employees, employee errors and accidents, vandalism, fraud, theft, and others

61

Ground

The pathway to the earth to enable excessive voltage to dissipate

62

Preventive Steps Against Static Electricity : The following are some simple measures to prevent static electricity:

  • Use antistatic flooring in data processing areas.
  • Ensure proper humidity.
  • Have proper grounding for wiring and outlets.
  • Don’t have carpeting in data centers, or have static-free carpets if necessary.
  • Wear antistatic bands when working inside computer systems.

63

Smart Grid

Most of our power grid today is not considered "smart." There are power plants that turn something (i.e., coal) into electricity. The electricity goes through a transmission substation, which puts the electricity on long-haul transmission lines. These lines distribute the electricity to large areas. Before the electricity gets to our home or office, it goes through a power substation and a transformer, which changes the electrical current and voltage to the proper levels, and the electricity travels over power lines (usually on poles) and connects to our buildings. So our current power grid is similar to a system of rivers and streams—electricity gets to where it needs to go without much technological intelligence involved. This "dumb" system makes it hard to identify disruptions when they happen, deal with high-peak demands, use renewable energy sources, react to attacks, and deploy solutions that would make our overall energy consumption more efficient.

64

Heavy timber construction material

Heavy timber construction material is commonly used for office buildings. Combustible lumber is still used in this type of construction, but there are requirements on the thickness and composition of the materials to provide more protection from fire. The construction materials must be at least four inches in thickness. Denser woods are used and are fastened with metal bolts and plates. Whereas light frame construction material has a fire survival rate of 30 minutes, the heavy timber construction material has a fire rate of one hour.

65

1. Robert has been given the responsibility of installing doors that provide different types of protection. He has been told to install doors that provide failsafe, fail-secure, and fail-soft protection. Which of the following statements is true about secure door types?

A. Fail-soft defaults to the sensitivity of the area.

B. Fail-safe defaults to locked.

C. Fail-secure defaults to unlocked.

D. Fail-secure defaults to double locked.

Extended Questions:

CORRECT A. Doorways with automatic locks can be configured to be failsecure, failsafe, or fail-soft. Fail-soft means that locks need to default to being locked or unlocked, depending on the sensitivity of the data and systems in an area, and if people are working in specific areas of the building. The objective of a fail-soft system is to fail in a way that preserves as much data and capability as possible.

WRONG B is incorrect because fail-safe does not default to locked. A fail-safe setting means that if a power disruption occurs that affects the automated locking system, the doors default to being unlocked. Fail-safe deals directly with protecting people. If people work in an area and there is a fire or the power is lost, it is not a good idea to lock them in.

WRONG C is incorrect because fail-secure does not default to unlocked. A fail-secure configuration means that the doors default to being locked if there are any problems with the power. Be careful not to confuse fail-secure with fail-safe. You can think of it this way: If a fail-secure lock fails, the door is secure; i.e., the door is locked. If a fail-safe lock fails, then the people it protects are safe because they can leave through the door.

WRONG D is incorrect because fail-secure does not default to double locked. The doors simply lock if there are problems with the power in a fail-secure configuration.

66

6. Which of the following describes the type of construction materials most commonly used to build a bank’s exterior walls?

A. Dense woods fastened with metal bolts and plates

B. Steel rods encased inside of concrete walls and support beams

C. Untreated lumber

D. Steel

Extended Questions:

CORRECT B. Risk analysis results help the physical security team determine the type of construction material that should be used when constructing a new facility. Several grades of building construction are available. The team should choose its construction material based on the identified threats of the organization and the fire codes to be complied with. The construction material can be fire-retardant and have steel rods encased inside of concrete walls and support beams. This provides the most protection against fire and forced entry attempts. Facilities for government organizations, which are under threat by domestic and foreign terrorists, would be built with fire-resistant materials. A financial institution would also use fire-resistant and reinforcement material within its building. This is especially true for its exterior walls, through which thieves may attempt to drive vehicles to gain access to the vaults.

WRONG A is incorrect because dense woods fastened with metal bolts and plates are used in heavy timber construction material, which is commonly used for office buildings. Combustible lumber is used in this type of construction, but there are requirements on the thickness and composition of the materials to provide more protection from fire. The construction materials must be at least four inches in thickness. Whereas light frame construction material has a fire survival rate of 30 minutes, the heavy timber construction material has a fire survival rate of one hour.

WRONG C is incorrect because untreated lumber is used as light frame construction material, which provides the least amount of protection against fire and forcible entry attempts. The untreated lumber is combustible during a fire. Light frame construction is usually used to build homes, primarily because it is cheap but also because homes typically are not under the same types of fire and intrusion threats that office buildings are.

WRONG D is incorrect because steel, an example of an incombustible material, provides a higher level of fire protection than the previously mentioned materials but loses its strength under extreme temperatures, something that may cause the building to collapse. So, although steel will not burn, it may melt and weaken.

67

2. Windows can have different glazing materials. What type of window may be prohibited by fire codes because of its combustibility?

A. Tempered

B. Polycarbonate acrylic

C. Glass-clad polycarbonate

D. Laminated

Extended Questions:

CORRECT B. When designing and building a facility, windows are among the items that need to be addressed from a physical security point of view. In addition to their placement and accessibility to intruders, the following issues should be considered: translucent or opaque requirements, alarms, and whether they are shatterproof. Windows should be properly placed (this is where security and aesthetics can come to blows) and should have frames of the proper strengths, the necessary glazing material, and possibly a protective covering. The glazing material, which is applied to the windows as they are being made, may be standard, tempered, acrylic, wire, or laminated on glass. Polycarbonate acrylics are stronger than standard glass, tempered glass, and regular acrylic glass. Like regular acrylics, polycarbonate is made out of a type of transparent plastic. However, because of their combustibility, their use may be prohibited by fire codes. Don’t confuse polycarbonate acrylics with glass-clad polycarbonate, which is the strongest window material available and is resistant to fire, chemicals, breakage, and other threats.

WRONG A is incorrect because tempered glass is not combustible. Tempered glass is made by heating the glass and then suddenly cooling it. This increases its mechanical strength, which means it can handle more stress and is harder to break. It is usually five to seven times stronger than standard glass. When it does break, tempered glass usually shatters into small pieces instead of sharp shards. This way tempered glass is less likely to cause severe injury than standard glass. Because of its safety and strength, it is used for vehicle windows, glass doors and tables, and cookware.

WRONG C is incorrect because glass-clad polycarbonate is resistant to a wide range of threats, including fire. Thus, they differ from polycarbonate acrylic windows, which may be prohibited by fire codes because of their combustibility and because they are made out of plastic. Glass-clad polycarbonate is the strongest window material, and as such is much more expensive than other glazing options. Glass-clad polycarbonate windows would be used in areas that are under the greatest threat.

WRONG D is incorrect because laminated glass windows are not combustible. Laminated glass has two sheets of glass with a plastic film in between. This added plastic makes it much more difficult to break the window. When the glass is impacted it produces a cracking pattern that resembles a spider web. As with other types of glass, laminated glass can come in different depths. The greater the depth (more glass and plastic), the more difficult it is to break. Laminated glass windows are often used for car windshields, exterior storefronts, and skylights.

68

28. Mike’s team has decided to implement stronger locks on the exterior doors of the new company’s facility. Which of the categories listed in the scenario does this countermeasure map to?

A. Deterrent

B. Delaying

C. Detection

D. Assessment

Extended Questions:

CORRECT B. Locks, defense-in-depth measures, and access controls are commonly used to delay potential intruders. A physical security program should contain controls in each of the following categories: deterrent, delaying, detection, assessment, and response.

WRONG A is incorrect because fences, warning signs, and security guards are examples of countermeasures that can be put into place to deter unauthorized entry. The goal of these types of controls is for a potential attacker to not carry out his activities in the first place.

WRONG C is incorrect because detection tools are implemented not to deter malicious individuals but to detect their activities. Detection tools can be intrusion detection systems, sensors, and PIDAS fencing.

WRONG D is incorrect because assessment controls pertain to how different situations will be identified and assessed. The most common control in this category is a security guard because he can connect the pieces of a situation together and determine what next steps should take place. It is important that there are controls in place that will carry out incident assessment and procedures that will be followed depending upon the outcome of the assessment.

69

Crime Prevention Through Environmental Design (CPTED)

Crime Prevention Through Environmental Design (CPTED) is a discipline that outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. It provides guidance in loss and crime prevention through proper facility construction and environmental components and procedures.

70

Class III

Industrial usage, where limited access is expected; an example is a warehouse property entrance not intended to serve the general public

71

When dealing with electric power issues, the following items can help protect devices and the environment:

  • Employ surge protectors to protect from excessive current.
  • Shut down devices in an orderly fashion to help avoid data loss or damage to devices due to voltage changes.
  • Employ power line monitors to detect frequency and voltage amplitude changes.
  • Use regulators to keep voltage steady and the power clean.
  • Protect distribution panels, master circuit breakers, and transformer cables with access controls.
  • Provide protection from magnetic induction through shielded lines.
  • Use shielded cabling for long cable runs.
  • Do not run data or power lines directly over fluorescent lights.
  • Use three-prong connections or adapters if using two-prong connections.
  • Do not plug outlet strips and extension cords into each other.

72

17. David is preparing a server room at a new branch office. What locking mechanisms should he use for the primary and secondary server room entry doors?

A. The primary and secondary entrance doors should have access controlled through a swipe card or cipher lock.

B. The primary entrance door should have access controlled through a security guard. The secondary doors should be secured from the inside and allow no entry.

C. The primary entrance door should have access controlled through a swipe card or cipher lock. The secondary doors should have a security guard.

D. The primary entrance door should have access controlled through a swipe card or cipher lock. Secondary doors should be secured from the inside and allow no entry.

Extended Questions:

CORRECT D. Data centers, server rooms, and wiring closets should be located in the core areas of a facility, near wiring distribution centers. Strict access control mechanisms and procedures should be implemented for these areas. The access control mechanisms may be smart card readers, biometric readers, or combination locks. These restricted areas should have only one access door, but fire code requirements typically dictate there must be at least two doors to most data centers and server rooms. Only one door should be used for daily entry and exit and the other door should be used only in emergency situations. This second door should not be an access door, which means people should not be able to come in through this door. It should be locked, but it should have a panic bar that will release the lock if pressed from inside and used as an exit.

WRONG A is incorrect because entrance should not be permitted through the secondary door—even with identification, authentication, and authorization processes. There should only be one entry point into a server room. Other doors should not provide entrance but can be used for emergency exits. Thus, the secondary doors should be secured from the inside to prevent entry.

WRONG B is incorrect because the primary entrance door to a server room needs to carry out identification, authentication, and authorization processes. A swipe card or cipher lock fulfills these functions. A server room, ideally, should not be directly accessible from public areas like stairways, corridors, loading docks, elevators, and restrooms. This helps prevent foot traffic from casual passersby. Those who are by the doors to secured areas should have a legitimate reason for being there, as opposed to being on their way to a meeting room, for example.

WRONG C is incorrect because the secondary door should not have a security guard. The door should simply be secured from the inside so that it cannot be used as an entry. The secondary door should serve as an emergency exit.

73

31. Which of the following best describes the situation that the network administrators are experiencing?

A. Brownouts

B. Surges

C. In-rush current

D. Power line interference

Extended Questions:

CORRECT C. When a heavy electrical device is turned on, it can draw a large amount of current, which is referred to as in-rush current. If the device sucks up enough current, it can cause a sag in the available power for surrounding devices. This could negatively affect their performance. It is a good idea to have the data processing center and devices on a different electrical wiring segment from that of the rest of the facility, if possible, so the devices will not be affected by these issues.

WRONG A is incorrect because when power companies are experiencing high demand, they frequently reduce the voltage in an electrical grid, which is referred to as a brownout. Constant-voltage transformers can be used to regulate this fluctuation of power. They can use different ranges of voltage and only release the expected 120 volts of alternating current to devices. Brownouts are not usually associated with HVAC systems.

WRONG B is incorrect because a surge is a quick rise in voltage from a power source. Surges can cause a lot of damage very quickly. A surge is one of the most common power problems and is controlled with surge protectors. These protectors use a device called a metal oxide varistor, which moves the excess voltage to ground when a surge occurs.

WRONG D is incorrect because when clean power is being provided, the power supply contains no interference or voltage fluctuation. The possible types of interference (line noise) are electromagnetic interference (EMI) and radio frequency interference (RFI), which is disturbance to the flow of electric power while it travels across a power line. This question does not address interference issues like these.

74

Electronic access control (EAC) tokens

NOTE Electronic access control (EAC) tokens is a generic term used to describe proximity authentication devices, such as proximity readers, programmable locks, or biometric systems, which identify and authenticate users before allowing them entrance into physically controlled areas.

75

Personnel Access Controls

Proper identification needs to verify whether the person attempting to access a facility or area should actually be allowed in. Identification and authentication can be verified by matching an anatomical attribute (biometric system), using smart or memory cards (swipe cards), presenting a photo ID to a security guard, using a key, or providing a card and entering a password or PIN.

76

Physical barriers

Fences, gates, walls, doors, windows, protected vents, vehicular barriers

77

So, before an effective physical security program can be rolled out, the following steps must be taken:

  • Identify a team of internal employees and/or external consultants who will build the physical security program through the following steps.
  • Carry out a risk analysis to identify the vulnerabilities and threats and to calculate the business impact of each threat.
  • Identify regulatory and legal requirements that the organization must meet and maintain.
  • Work with management to define an acceptable risk level for the physical security program.
  • Derive the required performance baselines from the acceptable risk level.
  • Create countermeasure performance metrics.
  • Develop criteria from the results of the analysis, outlining the level of protection and performance required for the following categories of the security program:
  • Deterrence
  • Delaying
  • Detection
  • Assessment
  • Response
  • Identify and implement countermeasures for each program category.
  • Continuously evaluate countermeasures against the set baselines to ensure the acceptable risk level is not exceeded.

78

Entry Points

Understanding the company needs and types of entry points for a specific building is critical. The various types of entry points may include doors, windows, roof access, fire escapes, chimneys, and service delivery access points. Second and third entry points must also be considered, such as internal doors that lead into other portions of the building and to exterior doors, elevators, and stairwells. Windows at the ground level should be fortified, because they could be easily broken. Fire escapes, stairwells to the roof, and chimneys are many times overlooked as potential entry points.

79

Wired

A mesh of wire is embedded between two sheets of glass. This wire helps prevent the glass from shattering.

80

Access control should be in place to control and restrict individuals from going from one security zone to the next. Access control should also be in place for all facility entrances and exits. The security program development team needs to consider other ways in which intruders can gain access to buildings, such as by climbing adjacent trees to access skylights, upper-story windows, and balconies. The following controls are commonly used for access controls within different organizations:

  • Limit the number of entry points.
  • Force all guests to go to a front desk and sign in before entering the environment.
  • Reduce the number of entry points even further after hours or during the weekend, when not as many employees are around.
  • Implement sidewalks and landscaping to guide the public to a main entrance.
  • Implement a back driveway for suppliers and deliveries, which is not easily accessible to the public.
  • Provide lighting for the pathways the public should follow to enter a building to help encourage that only one entry is used for access.
  • Implement sidewalks and grassy areas to guide vehicle traffic to only enter and exit through specific locations.
  • Provide parking in the front of the building (not the back or sides) so people will be directed to enter the intended entrance.

81

19. Before an effective physical security program can be rolled out, a number of steps must be taken. Which of the following steps comes first in the process of rolling out a security program?

A. Create countermeasure performance metrics.

B. Conduct a risk analysis.

C. Design the program.

D. Implement countermeasures.

Extended Questions:

CORRECT B. Of the steps listed, the first in the process of rolling out an effective physical security program is to carry out a risk analysis to identify the vulnerabilities and threats, and calculate the business impact of each threat. But before this is done, a team of internal employees and/or external consultants needs to be identified to build the physical security program. The team presents the risk analysis findings to management and works with them to define an acceptable risk level for the physical security program. From there, the team must develop baselines and metrics in order to evaluate and determine if the baselines are being met by the implemented countermeasures. Once the team identifies and implements the countermeasures, the performance of these countermeasures should be continually evaluated and expressed in the previously created metrics. These performance values are compared to the set baselines. If the baselines are continually maintained, then the security program is successful because the company’s acceptable risk level is not being exceeded.

WRONG A is incorrect because of the steps listed, creating countermeasure performance metrics is not the first step in creating a physical security program. It is, however, a very important one because it is only possible to determine how beneficial and effective the program is if it is monitored through a performance-based approach. This means you should devise measurements and metrics to measure the effectiveness of the chosen countermeasures. This enables management to make informed business decisions when investing in the protection of the organization’s physical security. The goal is to increase the performance of the physical security program and decrease the risk to the company in a cost-effective manner. You should establish a baseline of performance and thereafter continually evaluate performance to make sure that the company’s protection objectives are being met. Examples of possible performance metrics include number of successful crimes, number of successful disruptions, and the time it took for a criminal to defeat a control.

WRONG C is incorrect because designing the program should take place after the risk analysis. Once the level of risk is understood then the design phase can take place to protect from the threats identified in the risk analysis. The design will incorporate the controls required for each category of the program: deterrence, delaying, detection, assessment, and response.

WRONG D is incorrect because implementing countermeasures is of one of the last steps in the process rolling out a physical security program. Before countermeasures can be identified and implemented, it is important to conduct a risk analysis and work with management to define an acceptable level of risk. From the acceptable risk level, the team should derive the required performance baselines, and then create countermeasure performance metrics. Next, the team should develop criteria from the results of the analysis, outlining the level of protection and performance required for deterrence, delaying, detection, assessment, and response. Only after these steps are completed should the team identify and implement countermeasures for each of these categories.

82

8. John is installing a sprinkler system that makes use of a thermal-fusible link for a data center located in Canada. Which of the following statements is true of the system he’s installing?

A. The pipes of a dry pipe system are filled with water when pressurized air within the pipes is reduced.

B. The pipes of a preaction system are filled with water when pressurized air within the pipes is reduced.

C. The sprinkler heads of a deluge system are wide open to allow a larger volume of water to be released in a shorter period.

D. The pipes in a wet pipe system always contain water.

Extended Questions:

CORRECT B. Preaction systems and dry pipe systems are similar in that the water is not held in the pipes but is released when the pressurized air within the pipes is reduced. Once this happens, the pipes are filled with water, but it is not released right away. In a preaction system, a thermal-fusible link on the sprinkler head has to melt before the water is released. The purpose of combining these two techniques is to give people more time to respond to false alarms or to small fires that can be handled by other means. Putting out a small fire with a handheld extinguisher is better than losing a lot of electrical equipment to water damage. Due to their higher cost, these systems are usually used only in data processing environments rather than the whole building.

WRONG A is incorrect because dry pipe systems do not use a thermal-fusible link. Like preaction systems, water is not held in the pipes. The water is contained in a "holding tank" until it is released. The pipes hold pressurized air, which is reduced when a fire or a smoke alarm is activated, allowing the water valve to be opened by the water pressure. Water is not allowed into the pipes that feed the sprinklers until an actual fire is detected. First, a heat or smoke sensor is activated; then, the water fills the pipes leading to the sprinkler heads, the fire alarm sounds, the electric power supply is disconnected, and finally water is allowed to flow from the sprinklers. These pipes are best used in colder climates because the pipes will not freeze.

WRONG C is incorrect because deluge systems are not usually used in data processing environments because the water being released is in such large volumes. Instead, deluge systems are used in environments where a fire could spread quickly. The pipes of a deluge system do not have water in them until a deluge valve is tripped by a fire alarm system. However, the deluge valve is nonresetting, so once the valve is tripped, it stays open.

WRONG D is incorrect because a wet pipe system should not be used in a colder climate or a data processing environment, nor does it use a thermal-fusible link. Wet pipe systems always contain water in the pipes and are usually discharged by temperature control level sensors. One disadvantage of wet pipe systems is that the water in the pipes may freeze in colder climates. Also, if there is a nozzle or pipe break, it can cause extensive water damage. These types of systems are also called closed-head systems.

83

Tempered

Glass is heated and then cooled suddenly to increase its integrity and strength.

84

Heat Activated

Heat Activated Heat-activated detectors can be configured to sound an alarm either when a predefined temperature (fixed temperature) is reached or when the temperature increases over a period of time (rate-of-rise). Rate-of-rise temperature sensors usually provide a quicker warning than fixed-temperature sensors because they are more sensitive, but they can also cause more false alarms. The sensors can either be spaced uniformly throughout a facility, or implemented in a line type of installation, which is operated by a heat-sensitive cable.

85

Testing and Drills

Having fire detectors, portable extinguishers, and suppressions agents is great, but people also need to be properly trained on what to do when a fire (or other type of emergency) takes place. An evacuation and emergency response plan must be developed and actually put into action. The plan needs to be documented and to be easily accessible in times of crisis. People who are assigned specific tasks must be taught and informed how to fulfill those tasks, and dry runs must be done to walk people through different emergency situations. The drills should take place at least once a year, and the entire program should be continually updated and improved.

86

Similarities in Approaches

The risk analysis steps that need to take place for the development of a physical security program are similar to the steps outlined in Chapter 2 for the development of an organizational security program and the steps outlined in Chapter 8 for a business impact analysis, because each of these processes (development of an information security program, a physical security program, or a business continuity plan) accomplishes goals that are similar to the goals of the other two processes, but with different focuses. Each process requires a team to carry out a risk analysis to determine the company’s threats and risks. An information security program looks at the internal and external threats to resources and data through business processes and technological means. Business continuity looks at how natural disasters and disruptions could damage the organization, while physical security looks at internal and external physical threats to the company resources.

87

IDSs can be used to detect changes in the following:

  • Beams of light
  • Sounds and vibrations
  • Motion
  • Different types of fields (microwave, ultrasonic, electrostatic)
  • Electrical circuit

88

Legal Requirements

In physical security there are some regulatory and high-level legal requirements that must be met, but many of them just have high-level statements, as in "protect personnel" or "implement lifesaving controls." It is up to the organization to figure out how to actually meet these requirements in a practical manner. In the United States there is a lot of case law that pertains to physical security requirements, which is built upon precedence. This means that there have been lawsuits pertaining to specific physical security instances and a judgment was made on liability. For example, there is no law that dictates that you must put up a yellow sign indicating that a floor is wet. Many years ago someone somewhere slipped on a wet floor and sued the company and the judge ruled that the company was negligent and liable for the person’s injuries. Now it is built into many company procedures that after a floor is mopped or there is a spill, this yellow sign is put in place so no one will fall and sue the company. It is hard to think about and cover all of these issues since there is no specific checklist to follow. This is why it is a good idea to consult with a physical security expert when developing a physical security program.

89

Water Sprinklers

I’m hot. Go pull that red thingy on the wall. I need some water.

Water sprinklers typically are simpler and less expensive than halon and FM-200 systems, but can cause water damage. In an electrical fire, the water can increase the intensity of the fire, because it can work as a conductor for electricity—only making the situation worse. If water is going to be used in any type of environment with electrical equipment, the electricity must be turned off before the water is released. Sensors should be used to shut down the electric power before water sprinklers activate. Each sprinkler head should activate individually to avoid wide-area damage, and there should be shutoff valves so the water supply can be stopped if necessary.

90

Protecting Assets

The main threats that physical security components combat are theft, interruptions to services, physical damage, compromised system and environment integrity, and unauthorized access.

91

security zones

The CPTED model shows how security zones can be created. An environment’s space should be divided into zones with different security levels, depending upon who needs to be in that zone and the associated risk. The zones can be labeled as controlled, restricted, public, or sensitive. This is conceptually similar to information classification, as described in Chapter 2. In a data classification program, different classifications are created, along with data handling procedures and the level of protection that each classification requires. The same is true of physical zones. Each zone should have a specific protection level required of it, which will help dictate the types of controls that should be put into place.

92

Slot locks

Secure the system to a stationary component by the use of steel cable that is connected to a bracket mounted in a spare expansion slot

93

Security film

Transparent film is applied to the glass to increase its strength.

94

7. Which of the following is a light-sensitive chip used in most of today’s CCTV cameras?

A. Digital Light Processing

B. Cathode ray tube

C. Annunciator

D. Charged-coupled devices

Extended Questions:

CORRECT D. Most of the CCTV cameras in use today employ light-sensitive chips called charged-coupled devices (CCD). The CCD is an electrical circuit that receives input light from the lens and converts it into an electronic signal, which is then displayed on the monitor. Images are focused through a lens onto the CCD chip surface, which forms the electrical representation of the optical image. It is this technology that allows for the capture of extraordinary detail of objects and precise representation, because it has sensors that work in the infrared range, which extends beyond human perception. The CCD sensor picks up this extra "data" and integrates it into the images shown on the monitor to allow for better granularity and quality in the video. In addition to CCTV, CCDs are used in fax machines, photocopiers, bar code readers, and even telescopes.

WRONG A is incorrect because Digital Light Processing (DLP) is a trademarked technology owned by Texas Instruments that is used in DLP front projectors and DLP rear projection television. Images are created by tiny mirrors that are organized as a matrix on a semiconductor chip. The mirrors are toggled to reflect light, thereby producing grayscales. Color is produced by a single-chip projector via a color wheel placed between the lamp and DLP chip or via individual light sources, such as LEDs or LASERs. A three-chip DLP projector splits light from the lamp with a prism. Individual primary colors of light are routed to their own DLP chip. They are then recombined and sent through the lens.

WRONG B is incorrect because a cathode ray tube (CRT) uses electrons to display an image. The CRT is a vacuum tube that contains an electron emitter and a fluorescent screen. An electron beam is accelerated and deflected to create an image in the form of light given off by the fluorescent screen. Most of today’s CCTVs use charged-coupled devices (CCDs) to allow for more granular information within an environment to be captured and shown on the monitor when compared to the older CCTV technology that relied upon CRTs. CRTs have also been replaced in other applications by technologies that are lighter and less fragile.

WRONG C is incorrect because an annunciator system can either "listen" for noise and activate electrical devices, such as lights, sirens, or CCTV cameras, or detect movement. Instead of expecting a security guard to stare at a CCTV monitor for eight hours straight, the guard can carry out other activities and be alerted by an annunciator if movement is detected on the screen. While monitor watching is a mentally deadening activity, the CCTV monitors must be watched to be effective. An annunciator system is a solution to that.

95

Vaults

Safes that are large enough to provide walk-in access

96

Greg is the security facility officer of a financial institution. His boss has told him that visitors need a secondary screening before they are allowed into sensitive areas within the building. Greg has also been told by the network administrators that after the new HVAC system was installed throughout the facility, they have noticed that power voltage to the systems in the data center sags.

30. Which of the following is the best control that Greg should ensure is implemented to deal with his boss’s concern?

A. Access and audit logs

B. Mantrap

C. Proximity readers

D. Smart card readers

Extended Questions:

CORRECT B. Mantraps can be used so unauthorized individuals entering a facility cannot get in or out if it is activated. A mantrap is a small room with two doors. The first door is locked; a person is identified and authenticated by a security guard, biometric system, smart card reader, or swipe card reader. Once the person is authenticated and access is authorized, the first door opens and allows the person into the mantrap. The first door locks and the person is trapped. The person must be authenticated again before the second door unlocks and allows him into the facility. This requires two different authentication and authorization processes to complete successfully before someone is allowed entrance.

WRONG A is incorrect because access and audit logs are not controls that can be used to carry out secondary screening activities. These are detective controls that are commonly reviewed after an incident has occurred.

WRONG C is incorrect because it is not necessarily the best answer to this question. Proximity cards are most commonly used to gain physical access to a facility or location. The question specifically points out a requirement of secondary authentication to take place before someone can enter a sensitive area within a facility, and this is the reason that mantraps exist.

WRONG D is incorrect because it is not necessarily the best answer to this question. Smart cards can be used for authentication purposes in many different situations. The question specifically points out a requirement of secondary authentication to take place before someone can enter a sensitive area within a facility, and this is the reason that mantraps exist. The mantrap might use smart cards as one of its authentication steps.

97

facility safety officer

Every organization should have a facility safety officer, whose main job is to understand all the components that make up the facility and what the company needs to do to protect its assets and stay within compliance. This person should oversee facility management duties day in and day out, but should also be heavily involved with the team that has been organized to evaluate the organization’s physical security program.

98

Bollards

Bollards usually look like small concrete pillars outside a building. Sometimes companies try to dress them up by putting flowers or lights in them to soften the look of a protected environment. They are placed by the sides of buildings that have the most immediate threat of someone driving a vehicle through the exterior wall. They are usually placed between the facility and a parking lot and/or between the facility and a road that runs close to an exterior wall. Within the United States after September 11, 2001, many military and government institutions, which did not have bollards, hauled in huge boulders to surround and protect sensitive buildings. They provided the same type of protection that bollards would provide. These were not overly attractive, but provided the sense that the government was serious about protecting those facilities.

99

Computer and Equipment Rooms

It used to be necessary to have personnel within the computer rooms for proper maintenance and operations. Today, most servers, routers, switches, mainframes, and other equipment housed in computer rooms can be controlled remotely. This enables computers to live in rooms that have fewer people milling around and spilling coffee. Because the computer rooms no longer have personnel sitting and working in them for long periods, the rooms can be constructed in a manner that is efficient for equipment instead of people.

100

11. A number of factors need to be considered when buying and implementing a CCTV system. Which of the following is the primary factor in determining whether a lens should have a manual iris or an auto-iris?

A. If the camera must be able to move in response to commands

B. If the environment has fixed lighting

C. If objects to be viewed are wide angle, such as a parking lot, or narrow, such as a door

D. The amount of light present in the environment

Extended Questions:

CORRECT B. CCTV lenses have irises, which control the amount of light that enters the lens. If the environment has fixed lighting, then a lens with a manual iris can be used. Manual iris lenses cannot self-adjust to changes in light. They have to be manually turned and controlled by moving a ring around the lens. If the environment has changing light, as in an outdoor setting, then an auto-iris lens should be used. As the environment brightens, this is sensed by the iris, which automatically adjusts itself. Security personnel will configure the CCTV to have a specific fixed exposure value, which the iris is responsible for maintaining. On a sunny day, the iris lens closes to reduce the amount of light entering the camera, while at night, the iris opens to capture more light—just like our eyes.

WRONG A is incorrect because a camera’s ability to move in response to security personnel commands determines its mounting requirements. Cameras can be implemented in a fixed mounting or a mounting that allows the cameras to move when necessary. A fixed camera cannot move in response to security personnel commands, whereas cameras that provide PTZ capabilities can pan, tilt, or zoom as necessary.

WRONG C is incorrect because the angle of items to be viewed influences the focal length required of the lens. The focal length of a lens defines its effectiveness in viewing objects from a horizontal and vertical view. The focal length value relates to the angle of view that can be achieved. Short focal length lenses provide wider-angle views, while long focal length lenses provide a narrower view. The size of the images shown on a monitor, along with the area covered by one camera, is defined by the focal length. For example, if a company implements a CCTV camera in a warehouse, the focal length lens should be between 2.8 and 4.3 millimeters (mm) so that the whole area can be captured. If the company implements another CCTV camera that monitors an entrance, then the lens value should be around 8 mm, which allows a smaller area to be monitored.

WRONG D is incorrect because the amount of light present in the environment does not determine the type of iris that should be used. The iris is determined by whether the light is fixed (the amount of light in the area is constant) or changes. The amount of light present in the environment helps determine the illumination requirements that must be met by the CCTV system. Illumination measurements must be taken within the environment itself because characteristics of the environment, such as exposure to outside light, the paint on the walls, etc., can affect illumination.

101

Auditing Physical Access : Physical access control systems can use software and auditing features to produce audit trails or access logs pertaining to access attempts. The following information should be logged and reviewed:

  • The date and time of the access attempt
  • The entry point at which access was attempted
  • The user ID employed when access was attempted
  • Any unsuccessful access attempts, especially if during unauthorized hours

102

Star Trek

These access cards can be used with user-activated readers, which just means the user actually has to do something—swipe the card or enter a PIN. System sensing access control readers, also called transponders, recognize the presence of an approaching object within a specific area. This type of system does not require the user to swipe the card through the reader. The reader sends out interrogating signals and obtains the access code from the card without the user having to do anything. Spooky Star Trek magic.

103

Natural environmental threats

Floods, earthquakes, storms and tornadoes, fires, extreme temperature conditions, and so forth

104

Plenum Area

Wiring and cables are strung through plenum areas, such as the space above dropped ceilings, the space in wall cavities, and the space under raised floors. Plenum areas should have fire detectors. Also, only plenum-rated cabling should be used in plenum areas, which is cabling that is made out of material that does not let off hazardous gases if it burns.

105

Medium security

A degree of pick resistance protection provided (uses tighter and more complex keyways [notch combination]; can fall within any of the three grades of locks)

106

capacitance detector

A proximity detector, or capacitance detector, emits a measurable magnetic field. The detector monitors this magnetic field, and an alarm sounds if the field is disrupted. These devices are usually used to protect specific objects (artwork, cabinets, or a safe) versus protecting a whole room or area. Capacitance change in an electrostatic field can be used to catch a bad guy, but first you need to understand what capacitance change means. An electrostatic IDS creates an electrostatic magnetic field, which is just an electric field associated with static electric charges. All objects have a static electric charge. They are all made up of many subatomic particles, and when everything is stable and static, these particles constitute one holistic electric charge. This means there is a balance between the electric capacitance and inductance. Now, if an intruder enters the area, his subatomic particles will mess up this lovely balance in the electrostatic field, causing a capacitance change, and an alarm will sound. So if you want to rob a company that uses these types of detectors, leave the subatomic particles that make up your body at home.

107

Automatic Dial-Up Alarm

Fire detection systems can be configured to call the local fire station, and possibly the police station, to report a detected fire. The system plays a prerecorded message that gives the necessary information so officials can properly prepare for the stated emergency and arrive at the right location. A recording of someone screaming "We are all melting" would not be helpful to fire officials.

108

3. As with logical access controls, audit logs should be produced and monitored for physical access controls. Which of the following statements is correct about auditing physical access?

A. Unsuccessful access attempts should be logged but only need to be reviewed by a security guard.

B. Only successful access attempts should be logged and reviewed.

C. Only unsuccessful access attempts during unauthorized hours should be logged and reviewed.

D. All unsuccessful access attempts should be logged and reviewed.

Extended Questions:

CORRECT D. Physical access control systems can use software and auditing features to produce audit trails or access logs pertaining to access attempts. The following information should be logged and reviewed: the date and time of the access attempt, the entry point at which access was attempted, the user ID employed when access was attempted, and any unsuccessful access attempts, especially if they occur during unauthorized hours.

WRONG A is incorrect because as with audit logs produced by computers, access logs are useless unless someone actually reviews them. A security guard may be required to review these logs, but a security professional or a facility manager should also review these logs periodically. Management needs to know where entry points into the facility exist and who attempts to use them. Audit and access logs are detective controls, not preventive. They are used to piece together a situation after the fact instead of attempting to prevent an access attempt in the first place.

WRONG B is incorrect because unsuccessful access attempts should be logged and reviewed. Even though auditing is not an activity that will deny an entity access to a network, computer, or location, it will track activities so that a security professional can be warned of suspicious activity. This information can be used to point out weaknesses of other controls and help security personnel understand where changes must be made to preserve the necessary level of security in the environment.

WRONG C is incorrect because all unauthorized access attempts should be logged and reviewed, regardless of when they occurred. Attempted break-ins can occur at any time. Operating parameters can be set up for some physical access controls to allow a certain number of failed access attempts to be accepted before a user is locked out; this is a type of clipping level. An audit trail of this information can alert security personnel to a possible intrusion.

109

Acrylic

A type of plastic instead of glass. Polycarbonate acrylics are stronger than regular acrylics.

110

Cipher locks

Cipher locks, also known as programmable locks, are keyless and use keypads to control access into an area or facility. The lock requires a specific combination to be entered into the keypad and possibly a swipe card. They cost more than traditional locks, but their combinations can be changed, specific combination sequence values can be locked out, and personnel who are in trouble or under duress can enter a specific code that will open the door and initiate a remote alarm at the same time. Thus, compared to traditional locks, cipher locks can provide a much higher level of security and control over who can access a facility.

111

26. Electrical power is being provided more through smart grids, which allow for self-healing, resistance to physical and cyberattacks, increased efficiency, and better integration of renewable energy sources. Countries want their grids to be more reliable, resilient, flexible, and efficient. Why does this type of evolution in power infrastructure concern many security professionals?

A. Allows for direct attacks through Power over Ethernet

B. Increased embedded software and computing capabilities

C. Does not have proper protection against common Web-based attacks

D. Power fluctuation and outages directly affect computing systems

Extended Questions:

CORRECT B. We are moving to smart grids, which mean that there is a lot more computing software and technology embedded into the grids and the items that make up the grids to optimize and automate these functions. This means that almost every component of the new power grid has to be computerized in some manner; thus, it can be vulnerable to digital-based attacks. Power grids are considered critical infrastructures to countries and can have negative consequences for a country if it is affected.

WRONG A is incorrect because smart grids do not directly deal with providing Power over Ethernet (PoE). PoE provides both data and power connections on one cable. This means that a company does not need to have one cable for Ethernet and one for power—the power and network data can be converged onto one cable. For equipment that does not already have a power or data connection, PoE can be attractive when the power demand is low.

WRONG C is incorrect because implementing computing capabilities in various power grid components does not have a direct correlation to Web-based attacks. Power grid components are not going to necessarily have direct access to Web servers and sites. The general term for infrastructure types of systems is SCADA (supervisory control and data acquisition) and generally refers to industrial control systems (ICSs). These systems monitor and control industrial, infrastructure, or facility-based processes. An attacker needs to know how to specifically exploit vulnerabilities in these types of systems, which would be different from common Web site vulnerabilities.

WRONG D is incorrect because power fluctuations and outages are not necessarily security issues, and these are not the most critical topics most security professionals would be concerned with as the traditional power grid moves to a smart grid. A smart grid is made up of many embedded systems, which contain software that can have vulnerabilities for exploitation.

The following scenario is to be used for questions 27, 28, and 29.

112

Lighting

Many of the items mentioned in this chapter are things people take for granted day in and day out during our usual busy lives. Lighting is certainly one of those items you would probably not give much thought to, unless it wasn’t there. Unlit (or improperly lit) parking lots and parking garages have invited many attackers to carry out criminal activity that they may not have engaged in otherwise with proper lighting. Breaking into cars, stealing cars, and attacking employees as they leave the office are the more common types of attacks that take place in such situations. A security professional should understand that the right illumination needs to be in place, that no dead spots (unlit areas) should exist between the lights, and that all areas where individuals may walk should be properly lit. A security professional should also understand the various types of lighting available and where they should be used.

113

Crime and disruption prevention through deterrence

Fences, security guards, warning signs, and so forth

114

eight feet high

• Fences eight feet high (possibly with strands of barbed or razor wire at the top) means you are serious about protecting your property. They often deter the more determined intruder.

115

load

The load (how much weight can be held) of a building’s walls, floors, and ceilings needs to be estimated and projected to ensure the building will not collapse in different situations. In most cases, this is dictated by local building codes. The walls, ceilings, and floors must contain the necessary materials to meet the required fire rating and to protect against water damage. The windows (interior and exterior) may need to provide ultraviolet (UV) protection, may need to be shatterproof, or may need to be translucent or opaque, depending on the placement of the window and the contents of the building. The doors (exterior and interior) may need to have directional openings, have the same fire rating as the surrounding walls, prohibit forcible entries, display emergency egress markings, and—depending on placement—have monitoring and attached alarms. In most buildings, raised floors are used to hide and protect wires and pipes, and it is important to ensure any raised outlets are properly grounded.

116

Environmental Issues

Improper environmental controls can cause damage to services, hardware, and lives. Interruption of some services can cause unpredicted and unfortunate results. Power, heating, ventilation, air-conditioning, and air-quality controls can be complex and contain many variables. They all need to be operating properly and to be monitored regularly.

117

Fire Resistant Ratings

Fire resistant ratings are the result of tests carried out in laboratories using specific configurations of environmental settings. The American Society for Testing and Materials (ASTM) is the organization that creates the standards that dictate how these tests should be performed and how to properly interpret the test results. ASTM accredited testing centers carry out the evaluations in accordance with these standards and assign fire resistant ratings that are then used in federal and state fire codes. The tests evaluate the fire resistance of different types of materials in various environmental configurations. Fire resistance represents the ability of a laboratory-constructed assembly to contain a fire for a specific period of time. For example, a 5/8-inch-thick drywall sheet installed on each side of a wood stud provides a one-hour rating. If the thickness of this drywall is doubled, then this would be given a two-hour rating. The rating system is used to classify different building components.

118

Fire detection

Fire detection response systems come in many different forms. Manual detection response systems are the red pull boxes you see on many building walls. Automatic detection response systems have sensors that react when they detect the presence of fire or smoke. We will review different types of detection systems in the next section.

119

Electric Power Issues

Electric power enables us to be productive and functional in many different ways, but if it is not installed, monitored, and respected properly, it can do us great harm.

120

Wet pipe

Wet pipe systems always contain water in the pipes and are usually discharged by temperature control-level sensors. One disadvantage of wet pipe systems is that the water in the pipes may freeze in colder climates. Also, if there is a nozzle or pipe break, it can cause extensive water damage. These types of systems are also called closed head systems.

121

territorial

The third CPTED strategy is natural territorial reinforcement, which creates physical designs that emphasize or extend the company’s physical sphere of influence so legitimate users feel a sense of ownership of that space. Territorial reinforcement can be implemented through the use of walls, fences, landscaping, light fixtures, flags, clearly marked addresses, and decorative sidewalks. The goal of territorial reinforcement is to create a sense of a dedicated community. Companies implement these elements so employees feel proud of their environment and have a sense of belonging, which they will defend if required to do so. These elements are also implemented to give potential offenders the impression that they do not belong there, that their activities are at risk of being observed, and that their illegal activities will not be tolerated or ignored.

122

14. There are several types of volumetric IDSs. What type of IDS emits a measurable magnetic field that it monitors for disruptions?

A. Capacitance detector

B. Passive infrared system

C. Wave-pattern motion detectors

D. Photoelectric system

Extended Questions:

CORRECT A. A capacitance detector, or proximity detector, emits a measurable magnetic field. The detector monitors this magnetic field, and an alarm sounds if the field is disrupted. Capacitance change in an electrostatic field can be used to catch a bad guy, but first you need to understand what capacitance change means. An electrostatic IDS creates an electrostatic magnetic field, which is just an electric field associated with static electric charges. All objects have a static electric charge. They are all made up of many subatomic particles, and when everything is stable and static, these particles constitute one holistic electric charge. This means there is a balance between the electric capacitance and inductance. Now if an intruder enters the area his subatomic particles will mess up this lovely balance in the electrostatic field, causing capacitance change, and an alarm will sound.

WRONG B is incorrect because a passive infrared system (PIR) identifies the changes of heat waves in an area it is configured to monitor. If the particles’ temperature within the air rises, it could be an indication of the presence of an intruder, so an alarm is sounded.

WRONG C is incorrect because wave-pattern motion detectors generate a wave pattern that is one of several frequencies: microwave, ultrasonic, or low frequency. The IDS generates a wave pattern that is sent over a sensitive area and reflected back to a receiver. If the pattern is returned undisturbed, the device does nothing. If the pattern returns altered because something in the room is moving, an alarm sounds.

WRONG D is incorrect because a photoelectric system (or photometric system) detects the change in a light beam and thus can be used only in windowless rooms. These systems work like photoelectric smoke detectors, which emit a beam that hits the receiver. If this beam of light is interrupted, an alarm sounds. The beams emitted can be cross-sectional and can be invisible or visible beams. Cross-sectional means that one area can have several different light beams extending across it, which is usually carried out by using hidden mirrors to bounce the beam from one place to another until it hits the light receiver.

123

fire-resistant material

A building could be made up of incombustible material, such as steel, which provides a higher level of fire protection than the previously mentioned materials, but loses its strength under extreme temperatures, something that may cause the building to collapse. So, although the steel will not burn, it may melt and weaken. If a building consists of fire-resistant material, the construction material is fire-retardant and may have steel rods encased inside of concrete walls and support beams. This provides the most protection against fire and forced entry attempts.

124

9. Which of the following allows security personnel to change the field of view of a CCTV lens to different angles and distances?

A. Depth of field

B. Manual iris

C. Zoom

D. Illumination

Extended Questions:

CORRECT C. Zoom lenses provide flexibility by allowing the viewer to change the field of view to different angles and distances. The security personnel usually have a remote-control component integrated within the centralized CCTV monitoring area that allows them to move the cameras, and zoom in and out on objects as needed. When both wide scenes and closeup captures are needed, a zoom lens is best. This type of lens allows the focal length to change from wide angle to telephoto while maintaining the focus of the image.

WRONG A is incorrect because depth of field refers to the portion of the environment that is in focus when shown on the CCTV monitor. The depth of field varies depending upon the size of the lens opening, the distance of the object being focused on, and the focal length of the lens. The depth of field increases as the size of the lens opening decreases, the subject distance increases, or the focal length of the lens decreases. So, if you want to cover a large area and not focus on specific items, it is best to use a wide-angle lens and a small lens opening.

WRONG B is incorrect because an iris controls the amount of light that enters the lens. Manual iris lenses have a ring around the CCTV lens that can be manually turned and controlled. A lens with a manual iris would be used in areas that have fixed lighting, since the iris cannot self-adjust to changes of light. For example, it may be used in hospital hallways that are always lit.

WRONG D is incorrect because illumination refers to the intensity of light present in an environment. Different CCTV camera and lens products have specific illumination requirements to ensure the best quality images possible. The illumination requirements are usually represented in the lux value, which is a metric used to represent illumination strengths. The illumination can be measured using a light meter. The intensity of light is measured and represented in measurement units of lux or footcandles. (The conversion between the two is one footcandle = 10.76 lux.) The illumination measurement is not something that can be accurately provided by the vendor of a light bulb, because the environment can directly affect the illumination. This is why illumination strengths are most effectively measured where the light source is implemented.

125

Sag/dip

Momentary low-voltage condition, from one cycle to a few seconds

126

Designing a Physical Security Program

Our security guards should wear pink uniforms and throw water balloons at intruders.

127

29. Mike’s team has decided to hire and deploy security guards to monitor activities within the company’s facility. Which of the categories listed in the scenario does this countermeasure map to?

A. Delaying

B. Detection

C. Assessment

D. Recall

Extended Questions:

CORRECT C. The assessment requirement of a physical security program pertains to how various situations will be assessed, triaged, and dealt with. The most common countermeasure to meet this need is the use of security guards.

WRONG A is incorrect because locks, defense-in-depth measures, and access controls are commonly used to delay potential intruders. A physical security program should contain controls in each of the following categories: deterrent, delaying, detection, assessment, and response.

WRONG B is incorrect because detection tools are implemented not to deter malicious individuals but to detect their activities. Detection tools can be intrusion detection systems, sensors, and PIDAS fencing.

WRONG D is incorrect because it is a distracter answer.

The following scenario is to be used for questions 30, 31, and 32.

128

Key override

A specific combination can be programmed for use in emergency situations to override normal procedures or for supervisory overrides.

129

If a team is organized to assess the protection level of an existing facility, it needs to investigate the following:

  • Construction materials of walls and ceilings
  • Power distribution systems
  • Communication paths and types (copper, telephone, fiber)
  • Surrounding hazardous materials
  • Exterior components:
  • Topography
  • Proximity to airports, highways, railroads
  • Potential electromagnetic interference from surrounding devices
  • Climate
  • Soil
  • Existing fences, detection sensors, cameras, barriers
  • Operational activities that depend upon physical resources
  • Vehicle activity
  • Neighbors

130

Natural Surveillance

Please sit on this bench and just watch people walking by. You are cheaper than hiring a security guard.

Surveillance can also take place through organized means (security guards), mechanical means (CCTV), and natural strategies (straight lines of sight, low landscaping, raised entrances). The goal of natural surveillance is to make criminals feel uncomfortable by providing many ways observers could potentially see them and to make all other people feel safe and comfortable by providing an open and well-designed environment.

131

Standby UPS

Standby UPS devices stay inactive until a power line fails. The system has sensors that detect a power failure, and the load is switched to the battery pack. The switch to the battery pack is what causes the small delay in electricity being provided. So an online UPS picks up the load much more quickly than a standby UPS, but costs more, of course.

132

blackout

Blackout A blackout is when the voltage drops to zero. This can be caused by lightning, a car taking out a power line, storms, or failure to pay the power bill. It can last for seconds or days. This is when a backup power source is required for business continuity.

133

20. A number of measures should be taken to help protect devices and the environment from electric power issues. Which of the following is best to keep voltage steady and power clean?

A. Power line monitor

B. Surge protector

C. Shielded cabling

D. Regulator

Extended Questions:

CORRECT D. When clean power is being provided, the power supply contains no interference or voltage fluctuation. Mechanisms should be in place to detect unwanted power fluctuations and protect the integrity of your data processing environment. Voltage regulators and line conditioners can be used to ensure a clean and smooth distribution of power. The primary power runs through a regulator or conditioner. They have the capability to absorb extra current if there is a spike, and to store energy to add current to the line if there is a sag. The goal is to keep the current flowing at a nice, steady level so neither motherboard components nor employees get fried.

WRONG A is incorrect because power line monitors are employed to detect frequency and voltage amplitude changes. Interference interrupts the flow of an electrical current, and fluctuations can actually deliver a different level of voltage than what was expected. Each fluctuation can be damaging to devices and people. In order to effectively monitor frequency and voltage amplitude changes, you should understand what they are. Power excess can be described as a spike, which is momentary high voltage, or a surge, which is prolonged high voltage. Power loss can be experienced as a fault—momentary power outage—or a blackout—prolonged, complete loss of electric power. A sag or dip is a momentary low voltage condition, from one cycle to a few seconds. A brownout, also a type of power degradation, is a prolonged power supply that is below normal voltage. Finally, an in-rush current is an initial surge of current required to start a load.

WRONG B is incorrect because a surge protector is used to move excess voltage to ground when a surge occurs. A surge is a prolonged rise in voltage from a power source. Surges can cause a lot of damage very quickly. A surge is one of the most common power problems and is controlled with surge protectors. A surge can come from a strong lightning strike, a power plant going online or offline, a shift in the commercial utility power grid, and electrical equipment within a business starting and stopping. Most computers have a built-in surge protector in their power supplies, but these are small surge protectors and cannot provide protection against the damage that larger surges (say, from storms) can cause. So, you need to ensure all devices are properly plugged into larger surge protectors, whose only job is to absorb any extra current before it is passed to electrical devices.

WRONG C is incorrect because shielded cabling should be used for long cable runs and cables that run in buildings with fluorescent lighting or other interference mechanisms. Fluorescent lighting gives off radio frequency interference (RFI), which is disturbance to the flow of electric power while it travels across a power line. We could rip out all the fluorescent lighting in our buildings—or we can use shielded cabling where fluorescent lighting could cause a problem. If you were to climb up into your office’s dropped ceiling and look around, you would probably see wires bundled and tied up to the true ceiling. If your office is using fluorescent lighting, the power and data lines should not be running over, or on top of, the fluorescent lights. This is because the radio frequencies being given off can interfere with the data or power current as it travels through these wires.

134

surge

Surge A surge is a prolonged rise in voltage from a power source. Surges can cause a lot of damage very quickly. A surge is one of the most common power problems and is controlled with surge protectors. These protectors use a device called a metal oxide varistor, which moves the excess voltage to ground when a surge occurs. Its source can be from a strong lightning strike, a power plant going online or offline, a shift in the commercial utility power grid, and electrical equipment within a business starting and stopping. Most computers have a built-in surge protector in their power supplies, but these are baby surge protectors and cannot provide protection against the damage that larger surges (say, from storms) can cause. So, you need to ensure all devices are properly plugged into larger surge protectors, whose only job is to absorb any extra current before it is passed to electrical devices.

135

16. Sarah recently learned that the painting she inherited from a relative and hung in her downtown coffee shop is worth a lot of money. She is worried about its protection and wants to install an IDS. Which of the following intrusion detection systems is the most appropriate for protecting the painting?

A. Acoustical detection system

B. Proximity detector

C. Photoelectric system

D. Vibration sensor

Extended Questions:

CORRECT B. Proximity detectors, or capacitance detectors, are usually used to protect specific objects (artwork, cabinets, or a safe) versus protecting a whole room or area. A proximity detector emits and monitors a measurable magnetic field. If the field is disrupted, the detector sounds an alarm to alert a responsible entity of a possible intrusion. All IDSs are support mechanisms that are intended to detect and announce an attempted intrusion. They will not prevent or apprehend intruders, so they should be seen as an aid to the organization’s security forces. While an IDS is a very valuable control, the technology is expensive and the system requires a redundant power supply and emergency backup power.

WRONG A is incorrect because an acoustical detection system, although easy to install, is very sensitive and cannot be used in areas open to sounds of storms or traffic. An acoustical detection system uses microphones installed on floors, walls, or ceilings. The goal is to detect any sound made during a forced entry.

WRONG C is incorrect because a photoelectric system cannot be used in a room with windows. A photoelectric system triggers an alarm when it detects changes in a light beam that is emitted. The beams can be visible or invisible. Photoelectric systems are commonly used in museums to protect works of art. If a visitor attempts to cross a room to steal a priceless sculpture, a beam will be broken and an alarm will sound.

WRONG D is incorrect because, similar to an acoustical detection system, vibration sensors are sensitive to things like traffic and storms that could cause false positives. A vibration sensor senses vibrations in walls and floors. Financial institutions may choose to implement them on exterior walls where bank robbers may attempt to drive a vehicle through. They are also commonly used around the ceiling and flooring of vaults to detect someone attempting to break in.

136

Surveillance Devices

Usually, installing fences and lights does not provide the necessary level of protection a company needs to protect its facility, equipment, and employees. Areas need to be under surveillance so improper actions are noticed and taken care of before damage occurs. Surveillance can happen through visual detection or through devices that use sophisticated means of detecting abnormal behavior or unwanted conditions. It is important that every organization have a proper mix of lighting, security personnel, IDSs, and surveillance technologies and techniques.

137

Internal Support Systems

This place has no air conditioning or water. Who would want to break into it anyway?

Having a fortified facility with secure compartmentalized areas and protected assets is nice, but also having lights, air conditioning, and water within this facility is even better. Physical security needs to address these support services, because their malfunction or disruption could negatively affect the organization in many ways.

138

Depositories

Safes with slots, which allow the valuables to be easily slipped in

139

10. An outline for a physical security design should include program categories and the necessary countermeasures for each. What category do locks and access controls belong to?

A. Assessment

B. Deterrence

C. Response

D. Delay

Extended Questions:

CORRECT D. The physical security program design phase should begin with a structured outline that lists each category of the program: deterrence, delaying, detection, assessment, and response. The outline evolves into a framework, which is fleshed out with the necessary controls and countermeasures. The intent behind the delay category is to stall intruders to help ensure they get caught. Examples of countermeasures that belong to this category are locks, defense-in-depth measures, and access controls. Other types of delaying mechanisms include reinforced walls and rebar. The idea is that it will take a bad guy longer to get through two reinforced walls, which gives the response force sufficient time to arrive at the scene and stop the attacker. Of the categories listed in the answer options, detection is missing. Detection refers to the determination or awareness that an intrusion has occurred. Examples of detection controls include external intruder sensors and internal intruder sensors.

WRONG A is incorrect because assessment countermeasures include security guard procedures and communication structure (calling tree). When an incident occurs, the assessment team (or security guard) is first on the scene to determine what has taken place and what needs to happen next; for example, a call to the police or fire station, management, a security service, etc. The assessment determines what type of response is needed.

WRONG B is incorrect because deterrence refers to those controls that will discourage potential intruders from conducting criminal activity. Examples include fences, warning signs, security guards, and dogs. Another example found in residential areas is a "Neighborhood Crime Watch" sign that is erected in neighborhoods or even in home windows. The idea is that a casual intruder will be less likely to attempt an intrusion if he thinks that the neighborhood is making a concerted effort to watch for criminals and that he may be caught.

WRONG C is incorrect because response refers to an organization’s processes and the personnel it assigns to react to intrusions and disruptions. Controls in this category include a response force, emergency response procedures, and police, fire, and medical personnel.

140

Crime or disruption detection

Smoke detectors, motion detectors, CCTV, and so forth

141

Administrative Responsibilities

Administrative Responsibilities It is important for a company not only to choose the right type of lock for the right purpose, but also to follow proper maintenance and procedures. Keys should be assigned by facility management, and this assignment should be documented. Procedures should be written out detailing how keys are to be assigned, inventoried, and destroyed when necessary, and what should happen if and when keys are lost. Someone on the company’s facility management team should be assigned the responsibility of overseeing key and combination maintenance.

142

Fire Prevention, Detection, and Suppression

We can either try to prevent fires or have one really expensive weenie-roast.

The subject of physical security would not be complete without a discussion on fire safety. A company must meet national and local standards pertaining to fire prevention, detection, and suppression methods. Fire prevention includes training employees on how to react properly when faced with a fire, supplying the right equipment and ensuring it is in working order, making sure there is an easily reachable fire suppression supply, and storing combustible elements in the proper manner. Fire prevention may also include using proper noncombustible construction materials and designing the facility with containment measures that provide barriers to minimize the spread of fire and smoke. These thermal or fire barriers can be made up of different types of construction material that is noncombustible and has a fire-resistant coating applied.

143

External Boundary Protection Mechanisms

Let’s build a fort and let only the people who know the secret handshake inside!

144

12. IDSs can detect intruders by employing electromechanical systems or volumetric systems. Which of the following correctly describes these systems?

A. Because they detect changes in subtle environmental characteristics, electromechanical systems are more sensitive than volumetric.

B. Electromechanical systems are less sensitive than volumetric systems, which detect subtle changes in environmental characteristics.

C. Electromagnetic systems deal with environmental changes such as ultrasonic frequencies, while volumetric systems can employ pressure mats or metallic foil in windows.

D. Electromagnetic systems are more sensitive because they detect a change or break in a circuit, while volumetric systems detect environmental changes.

Extended Questions:

CORRECT B. A physical IDS can employ an electromechanical or volumetric system to detect intruders. An electromechanical system is less sensitive than a volumetric system. An electromechanical system detects a change or break in a circuit. For example, electromechanical detectors can detect movement on walls, screens, ceilings, and floors when the fine wires embedded within the structure are broken. Or magnetic contact switches can be installed on windows and doors. If the contacts are separated because the window or door is opened, an alarm will sound. Volumetric systems can detect changes in vibration, microwaves, ultrasonic frequencies, infrared values, and photoelectric changes.

WRONG A is incorrect because volumetric systems are more sensitive than electromechanical systems. Also, volumetric systems—not electromechanical systems—detect changes in subtle environmental characteristics, such as vibration and ultrasonic frequencies. Electromechanical systems work by detecting a change or break in a circuit.

WRONG C is incorrect because the statement is backward. Electromechanical systems make use of metallic foil in windows or pressure mats to detect a change or break in a circuit. The electrical circuits can be strips of foil embedded or connected to windows. If the window breaks, the foil strip breaks, which sounds an alarm. A pressure pad is another type of electromechanical detector. It is placed underneath a rug or portion of the carpet and is activated after hours. If someone steps on the pad, an alarm activates because no one is supposed to be in the area during this time. Volumetric systems deal with environmental changes, such as ultrasonic frequencies, but also vibration, microwaves, infrared values, and photoelectric changes.

WRONG D is incorrect because volumetric systems are more sensitive, the reason being that they detect subtle changes in environmental characteristics. Electromechanical systems are less sensitive and work by detecting a change or break in a circuit.

145

Supply system threats

Power distribution outages, communications interruptions, and interruption of other resources such as water, gas, air filtration, and so on

146

5. CCTV can use fixed focal length or varifocal lenses. Which of the following correctly describes the lenses used in CCTV?

A. A fixed focal length lens allows you to move between various fields of view with a single lens.

B. To cover a large area and not focus on specific items, use a large lens opening.

C. An auto-iris lens should be used in an area with fixed lighting.

D. A shallow depth of focus allows you to focus on smaller details.

Extended Questions:

CORRECT D. A shallow depth of focus allows you to focus on smaller details as opposed to a larger field. To understand depth of field, think about pictures you might take while on vacation with your family. For example, say you are on the beach on the Hawaiian island of Oahu with your family and you want to take their picture at the shoreline. Because the main object of the picture is your family, your camera will zoom in. This shallow depth of focus provides a softer backdrop, leading the viewer’s eye to the foreground of the photograph. Now you want a scenic picture of Diamond Head. Your camera uses a greater depth of focus, lessening the distinction between objects in the foreground and background.

WRONG A is incorrect because a fixed focal length lens must be changed to get a different field of view. Fixed focal length lenses are available in wide, medium, and narrow fields of view. A lens that provides a "normal" focal length creates a picture that approximates the field of view of the human eye. A wide-angle lens has a short focal length, and a telephoto lens has a long focal length. When a company selects a fixed focal length lens for a particular view of an environment, it should understand that if the field of view needs to be changed (from wide to narrow, for example), the lens must be changed.

WRONG B is incorrect because it is best to use a wide-angle lens and a small lens opening to get the correct depth of field for a large area. It is necessary to understand the depth of field when choosing the correct lenses and configurations for your company’s CCTV. The depth of field refers to the portion of the environment that is in focus when shown on the monitor. The depth of field varies depending upon the size of the lens opening, the distance of the object being focused on, and the focal length of the lens. The depth of field increases as the size of the lens opening decreases, the subject distance increases, or the focal length of the lens decreases.

WRONG C is incorrect because an auto-iris lens should be used in environments where the light changes, as in an outdoor setting. As the environment brightens, this is sensed by the iris, which automatically adjusts itself. A manual iris lens should be used in an area with fixed lighting. Manual iris lenses have a ring around the CCTV lens that can be manually turned and controlled. A lens with a manual iris would be used in areas that have fixed lighting, since the iris cannot self-adjust to changes of light.

147

activity support

CPTED also encourages activity support, which is planned activities for the areas to be protected. These activities are designed to get people to work together to increase the overall awareness of acceptable and unacceptable activities in the area. The activities could be neighborhood watch groups, company barbeques, block parties, or civic meetings. This strategy is sometimes the reason for particular placement of basketball courts, soccer fields, or baseball fields in open parks. The increased activity will hopefully keep the bad guys from milling around doing things the community does not welcome.

148

Acrylic glass

Acrylic glass can be made out of polycarbonate acrylic, which is stronger than standard glass but produces toxic fumes if burned. Polycarbonate acrylics are stronger than regular acrylics, but both are made out of a type of transparent plastic. Because of their combustibility, their use may be prohibited by fire codes. The strongest window material is glass-clad polycarbonate. It is resistant to a wide range of threats (fire, chemical, breakage), but, of course, is much more expensive. These types of windows would be used in areas that are under the greatest threat.

149

Door delay

If a door is held open for a given time, an alarm will trigger to alert personnel of suspicious activity.

150

Location of water detectors should be

  • Under raised floors
  • On dropped ceilings

151

Fire suppression

Fire suppression is the use of a suppression agent to put out a fire. Fire suppression can take place manually through handheld portable extinguishers, or through automated systems such as water sprinkler systems, or halon or CO2 discharge systems. The upcoming "Fire Suppression" section reviews the different types of suppression agents and where they are best used. Automatic sprinkler systems are widely used and highly effective in protecting buildings and their contents. When deciding upon the type of fire suppression systems to install, a company needs to evaluate many factors, including an estimate of the occurrence rate of a possible fire, the amount of damage that could result, the types of fires that would most likely take place, and the types of suppression systems to choose from.

152

Vibration sensors

An acoustical detection system uses microphones installed on floors, walls, or ceilings. The goal is to detect any sound made during a forced entry. Although these systems are easily installed, they are very sensitive and cannot be used in areas open to sounds of storms or traffic. Vibration sensors are similar and are also implemented to detect forced entry. Financial institutions may choose to implement these types of sensors on exterior walls, where bank robbers may attempt to drive a vehicle through. They are also commonly used around the ceiling and flooring of vaults to detect someone trying to make an unauthorized bank withdrawal.

153

closed-circuit TV (CCTV)

Because surveillance is based on sensory perception, surveillance devices usually work in conjunction with guards and other monitoring mechanisms to extend their capabilities and range of perception. A closed-circuit TV (CCTV) system is a commonly used monitoring device in most organizations, but before purchasing and implementing a CCTV, you need to consider several items: