Chapter 9 Flashcards by Serena Chani

Where to focus for Physical Security (4 factors)?

Physical security controls
Protecting people
Protecting data
Protecting equipment

How well did you know this?

Not at all

Perfectly

Physical security: What to protect?

People
Data
Equipment

How well did you know this?

Not at all

Perfectly

Physical threats

oExtreme temperature
oGases
oLiquids
oLiving organisms
oProjectiles
oMovement
oEnergy anomalies
oPeople
oToxins
oSmoke and fire

How well did you know this?

Not at all

Perfectly

Physical security controls are…

The devices, systems, people, and other methods we put in place to ensure our security in a physical sense.

How well did you know this?

Not at all

Perfectly

The 3 types of Physical security controls are…

Deterrent
Detective
Preventive

How well did you know this?

Not at all

Perfectly

Deterrent Physical security controls:

Designed to discourage those who might seek to violate security controls from doing so

How well did you know this?

Not at all

Perfectly

Examples of Deterrent Physical security controls

Signs in public places that indicate that video monitoring is in place
oSigns with alarm company logos that we might find in residential areas
oPolicies and regulations
oSecurity measures: guards, dogs, or fences

How well did you know this?

Not at all

Perfectly

Detective physical security controls:

Serve to detect and report undesirable events that are taking place

How well did you know this?

Not at all

Perfectly

What Detective physical security controls monitor:

oUnauthorized activity: doors or windows opening, glass being broken
oUndesirable environmental conditions: flooding, smoke and fire

How well did you know this?

Not at all

Perfectly

Examples of Detective Physical security controls

Burglar alarms
oPhysical intrusion detection system
oHuman or animal guards

How well did you know this?

Not at all

Perfectly

Preventive physical security controls:

Used to physically prevent unauthorized entities from breaching our physical security

How well did you know this?

Not at all

Perfectly

Examples of Preventive Physical security controls

oLocks
oHigh fences
oBollards (prevent vehicles from driving into building)
oGuards and dogs

How well did you know this?

Not at all

Perfectly

How we use physical access controls in the real world:

Residences: locks

oCommercial facilities: locks, alarm systems, and signs

How well did you know this?

Not at all

Perfectly

An important consideration of physical access controls is :

What to protect?

How well did you know this?

Not at all

Perfectly

The primary concern of physical security is…

protecting people

How well did you know this?

Not at all

Perfectly

Why is protecting people most important?

oRecovering data: backup system
oRecovering equipment: buy new equipment
oRecovering experienced people: ?

How well did you know this?

Not at all

Perfectly

The _____ __ _____ is the first and foremost concern on physical security

safety of people

How well did you know this?

Not at all

Perfectly

When an emergency is taking place, our priority should be the ________

evacuation

How well did you know this?

Not at all

Perfectly

Evacuation:

Where:

How:

Who:

Where: where we will be evacuating too

How: the route we will follow to reach the evacuation meeting place

Who: everyone

How well did you know this?

Not at all

Perfectly

Second only to the safety of our personnel is the safety of our ____.

data

How well did you know this?

Not at all

Perfectly

Second only to the safety of our personnel is the safety of our ____.

data

One of our primary solutions for protecting data:

Encryption

Problem with Encryption: Attacks may render it useless by…

oBreaking encryption algorithm itself

oObtaining the encryption keys

Based on the concept of defense in depth:

oAnother layer: ______ ______

physical element

Physical concerns for data include...

Depending on the type of physical media on which our data is stored. Such media are often sensitive to temperature, humidity, magnetic fields, electricity

Magnetic media:

* hard drives, tapes, or floppy disks * Strong magnetic fields can harm the integrity of data * Jolting such media while it is in motion

Flash media:

* memory chips * Electrical shocks * Humidity or liquid

Optical media:

* CDs and DVDs * Small scratches on the surface may render it unusable * Very temperature sensitive

The availability often depends on both _____ and ______ remaining in functioning condition

equipment and facilities

Not only can we have issues in reading the data, but we may also have problems in...

... getting to where the data is stored. Outage: network, power, computer systems, or other components

Backup:

ensure the availability of data

oRedundant arrays of inexpensive disks (RAID) oReplicate data to another machine Are examples of:

Backing up data

Residual data:

Not only have data available, but also render data inaccessible when it is no longer required

Media that stored sensitive data:

oComputing-related devices: CD, DVD, flash drives, computers •Media or device might contain some sensitive data oOffice equipment: copiers, printers, fax machines •Copies of the documents that have been processed by drive

Last on the list of concerns for physical security is protecting...

equipment It is the easiest and cheapest segment of assets to replace

Even in the case of a major disaster, as long as we sill have the _____ needed to operate and restore or access ___, we can be back in working order shortly.

people data

Physical security in the real world:

``` Physical controls: oLocks oFences oCameras oSecurity guards ``` •Protecting people: oEvacuation maps oBackground checks •Protecting data: oKeeping backups for data •Protecting equipment: oSite selection oAccess control

Protecting people: foremost concern

Best step: remove people from dangerous situation (evacuation)

Protecting data: second only to protecting people

oEnsure availability when it is needed | oEnsure that we can completely delete it when we no longer need it

Protecting equipment: the lowest

oSite selection oAccess control oEnvironmental conditions

Which one is not a major concern for physical security a. Protecting people b. Protecting equipment c. Protecting property d. Protecting data

c.Protecting property

________ controls are used to physically prevent unauthorized entities from breaching our physical security. a. Deterrent b. Detective c. Preventive d. None of the above

c.Preventive

Which one is not an example of detective control a. Locks b. Guards or dogs c. Burglar alarms d. Physical intrusion detection system

a.Locks

Give three examples of a physical control that constitutes a deterrent

Answer: The signs that indicate that video monitoring; The yard sings with alarm company logos; Policies and regulations; guards and dogs; fences

Give three examples that constitute a threat to people

Answer: Extreme temperature; Gases; Liquids; Living organisms; Movement; Energy anomalies; People; Toxins; Smoke and fire

Which one is not a type of physical media that we introduced in lecture a. Magnetic media b. Paper media c. Flash media d. Optical media

b.Paper media

Give three examples that constitute a threat to equipment

Answer:Extreme temperature; Liquids; Living organisms

Which category of physical control might include a lock a. Deterrent b. Detective c. Preventive d. None of the above

c.Preventive

Describe how you design a securing access to an equipment or facility

Answer: Consider the concept of defense in depth. We must provide security measures on multiple areas: inside and outside. We can see measures for securing access outside facility. For example, tress, large boulders, and fences that prevent vehicle entry. We can also see the measures at facility itself, like locks. Once inside the facility, we might use access control

Name the three major concerns for physical security, in order of importance

Answer:Protecting people, Protecting data, Protecting equipment