Presentation on theme: "Principles of Information Security, Fifth Edition"— Presentation transcript: 1 Principles of Information Security, Fifth Edition Show
2 Learning Objectives Upon completion of this material, you should be able to: Discuss the relationship between information security and physical security Describe key physical security
considerations, including fire control and surveillance systems Identify critical physical environment considerations for computing facilities, including uninterruptible power supplies Learning Objectives Upon completion of this material, you should be able to: Discuss the relationship between information security and physical security Describe key physical security considerations, including fire control and surveillance
systems Identify critical physical environment considerations for computing facilities, including uninterruptible power supplies Principles of Information Security, Fifth Edition
3 Introduction Physical security involves the protection of physical items, objects, or areas from unauthorized access
and misuse. Most technology-based controls can be circumvented if an attacker gains physical access. Physical security is as important as logical security. Introduction Physical security involves protection of physical items, objects, or areas from unauthorized access and misuse Most technology-based controls can be circumvented if an attacker gains physical access Physical security is as important as logical
security Principles of Information Security, Fifth Edition 4 Introduction (cont’d) 5 Introduction
(cont’d) 6 Physical Access Controls 7 Physical Security Controls 8 Physical Security Controls (cont’d) 9 Physical Security Controls (cont’d) 10 Principles of Information Security, Fifth Edition 11 Physical Security Controls (cont’d) 12 Principles of Information
Security, Fifth Edition 13 Physical Security Controls (cont’d) 14 Principles of Information Security, Fifth Edition
15 Physical Security Controls (cont’d) 16 Physical Security Controls (cont’d) 17 Physical Security Controls
(cont’d)
18 Physical Security Controls (cont’d)
19 Fire Security and Safety
20 Fire Detection and Response 21 Fire Detection and Response (cont’d) 22 Fire Detection and Response (cont’d) 23 Principles of
Information Security, Fifth Edition 24 Fire Detection and Response (cont’d) 25 Principles of Information Security, Fifth Edition
26 Failure of Supporting Utilities and Structural Collapse 27 Heating, Ventilation, and Air Conditioning
28 Principles of Information Security, Fifth Edition
29 Heating, Ventilation, and Air Conditioning (cont’d)
30 Heating, Ventilation, and Air Conditioning (cont’d)
31 Heating, Ventilation, and Air Conditioning (cont’d) 32 Heating, Ventilation, and Air Conditioning (cont’d) 33 Principles of Information Security, Fifth Edition
34 Heating, Ventilation, and Air Conditioning (cont’d)
35 Water Problems Lack of water poses problem to systems, including fire suppression and air-conditioning systems. Surplus of water, or
water pressure, poses a real threat (flooding, leaks). Very important to integrate water detection systems into alarm systems that regulate overall facility operations Water Problems Lack of water poses problem to systems, including fire suppression and air-conditioning systems Surplus of water, or water pressure, poses a real threat (flooding, leaks) Very important to integrate water detection systems into alarm systems that
regulate overall facility operations Principles of Information Security, Fifth Edition 36 Structural
Collapse Unavoidable environmental factors/forces can cause failures in structures that house an organization. Structures are designed and constructed with specific load limits; overloading these limits results in structural failure and potential injury or loss of life. Periodic inspections by qualified civil engineers assist in identifying potentially dangerous structural conditions. Structural Collapse Unavoidable environmental
factors/forces can cause failures in structures that house organization Structures designed and constructed with specific load limits; overloading these limits results in structural failure and potential injury or loss of life Periodic inspections by qualified civil engineers assist in identifying potentially dangerous structural conditions Principles of Information Security, Fifth Edition
37 Maintenance of Facility Systems 38 Interception of Data Three methods of data interception:
39 Securing Mobile and Portable Systems 40 Securing Mobile and Portable Systems (cont’d)
41 Principles of Information Security, Fifth Edition 42 Remote Computing
Security 43 Special Considerations for Physical Security Threats
44 Inventory Management Computing equipment should be inventoried and inspected on a regular basis. Classified information should also be inventoried and managed.
Physical security of computing equipment, data storage media, and classified documents varies for each organization. Inventory Management As with other organizational resources, computing equipment should be inventoried and inspected on a regular basis. Similarly classified information should also be inventoried and managed. Whenever a classified document is reproduced, a stamp should be placed on the original before it is copied. This
stamp states the document’s classification level and document number for tracking. Each classified copy is issued to its receiver, who signs for the document. Principles of Information Security, Fifth Edition 45 Summary Threats to information security that are unique to physical security Key physical security considerations in a facility site Physical security monitoring components Essential elements of access control Fire safety, fire detection, and response Importance of supporting
utilities, especially use of uninterruptible power supplies Countermeasures to physical theft of computing devices Principles of Information Security, Fifth Edition What is the type of security that addresses the issues needed to protect items objects or areas?135 Cards in this Set. Is an instance of an information asset suffering damage or destruction unintended or unauthorized modification or disclosure or denial of use?Loss being a single instance of an information asset, suffering damage or destruction, unintended or unauthorized modification. Or disclosure or denial of use. The assets are at risk from multiple threats.
Which type of security addresses the protection of all communications/media technology and content?Cybersecurity primarily addresses technology-related threats, with practices and tools that can prevent or mitigate them. Another related category is data security, which focuses on protecting an organization's data from accidental or malicious exposure to unauthorized parties.
What is a technique used to compromise a system?ExploitA technique used to compromise a system. This term can be a verb or a noun. Threat agents may attempt to exploit a system or other information asset by using it illegally for their personal gain.
|