Chat with us, powered by LiveChat Use the information found at Protecting Your System: Physical Security to research how determining possible physical threats may affect the choice of physical security - Writingforyou

Use the information found at Protecting Your System: Physical Security to research how determining possible physical threats may affect the choice of physical security

Use the information found at Protecting Your System: Physical Security to research how determining possible physical threats may affect the choice of physical security countermeasures while planning new or updated security systems. Summarize your findings.

Fully address the question(s) in this discussion; provide valid rationale or a citation for your choices; and respond to at least two other students’ views.

Initial post should be at least 350 words in length. Each reply post should be at least 150 words in length.

CHAPTER 5 Protecting Your System: Physical Security

 

  Illustration of the Cover of Safeguarding Your Technology

 

 

CHAPTER 5 IN A NUTSHELL:

Introduction to Physical Security Commonly Asked Questions Policy Issues Physical Security Countermeasures Physical Security Checklist

 

 

Introduction to Physical Security

Most people think about locks, bars, alarms, and uniformed guards when they think about security. While these  countermeasures are by no means the only precautions that need to be considered when trying to secure an information  system, they are a perfectly logical place to begin. Physical security is a vital part of any security plan and is fundamental to all security efforts–without it, information security ( Chapter 6 ), software security ( Chapter 7 ), user access security ( Chapter 8 ), and network security ( Chapter 9 ) are considerably more difficult, if not impossible, to initiate. Physical security refers to the protection of building sites and equipment (and all  information and  software contained therein) from theft, vandalism, natural disaster, manmade catastrophes, and accidental damage (e.g., from electrical surges, extreme temperatures, and spilled coffee). It requires solid building construction, suitable emergency preparedness, reliable power supplies, adequate climate control, and appropriate protection from intruders.

 

 

back to top back to home page

Commonly Asked Questions

 

Commonly Asked Questions

Q. How can I implement adequate site security when I am stuck in an old and decrepit facility? A. Securing your site is usually the result of a series of compromises– what you need versus what you can afford and implement. Ideally, old and unusable buildings are replaced by modern and more serviceable facilities, but that is not always the case in the real world. If you find yourself in this situation, use the  risk assessment process described in  Chapter 2  to identify your  vulnerabilities and become aware of your preferred security solutions. Implement those solutions that you can, with the understanding that any steps you take make your system that much more secure than it had been. When it comes time to argue for new facilities, documenting those vulnerabilities that were not addressed earlier should contribute to your evidence of need.

Q. Even if we wanted to implement these physical security guidelines, how would we go about doing so? A. Deciding which recommendations to adopt is the most important step. Your risk assessment results should arm you with the information required to make sound decisions. Your findings might even show that not every guideline is required to meet the specific needs of your site (and there will certainly be some variation based on need priorities). Once decided on, however, actually initiating a strategy is often as simple as raising staff awareness and insisting on adherence to regulations. Some strategies might require basic "'handyman"' skills to install simple equipment (e.g., key locks, fire extinguishers, and surge protectors), while others definitely demand the services of consultants or contractors with special expertise (e.g., window bars, automatic fire equipment, and alarm systems). In any case, if the organization determines that it is necessary and feasible to implement a given security strategy, installing equipment should not require effort beyond routine procedures for completing internal work orders and hiring reputable contractors.

Determining countermeasures often requires creativity: don't limit yourself to traditional solutions.

 

Q. What if my budget won't allow for hiring full-time security guards? A. Hiring full-time guards is only one of many options for dealing with security monitoring activities. Part-time staff on watch during particularly critical periods is another. So are video cameras and the use of other staff (from managers to receptionists) who are trained to monitor security as a part of their duties. The point is that by brainstorming a range of possible  countermeasure solutions you can come up with several effective ways to monitor your workplace. The key is that the function is being performed. How it is done is secondary–and completely up to the organization and its unique requirements.

 

 

back to top back to home page

Guidelines for security policy development can be found in  Chapter 3 .

 

Policy Issues

Physical security requires that building site(s) be safeguarded in a way that minimizes the  risk of  resource theft and destruction. To accomplish this, decision-makers must be concerned about building construction, room assignments, emergency procedures, regulations governing equipment placement and use, power supplies, product handling, and relationships with outside contractors and agencies.

The physical plant must be satisfactorily secured to prevent those people who are not authorized to enter the site and use equipment from doing so. A building does not need to feel like a fort to be safe. Well-conceived plans to secure a building can be initiated without adding undue burden on your staff. After all, if they require access, they will receive it–as long as they were aware of, and abide by, the organization's stated security policies and guidelines (see  Chapter 3 ). The only way to ensure this is to demand that before any person is given  access to your system, they have first signed and returned a valid Security Agreement. This necessary  security policy is too important to permit exceptions.

As discussed more completely in  Chapter 2 , a threat is any action, actor, or event that contributes to risk

 

Physical Threats (Examples)

Examples of physical  threats include:

· Natural events (e.g., floods, earthquakes, and tornados)

· Other environmental conditions (e.g., extreme temperatures, high humidity, heavy rains, and lightning)

· Intentional acts of destruction (e.g., theft, vandalism, and arson)

· Unintentionally destructive acts (e.g., spilled drinks, overloaded electrical outlets, and bad plumbing)

 

 

back to top back to home page

A countermeasure is a strp planned and taken in opposition to another act or potential act.

 

Physical Security Countermeasures

The following countermeasures address physical security concerns that could affect your site(s) and equipment. These strategies are recommended when risk assessment identifies or confirms the need to counter potential breaches in the physical security of your system.

excerpt icon

 

Countermeasures come in a variety of sizes, shapes, and levels of complexity. This document endeavors to describe a range of strategies that are potentially applicable to life in education organizations. In an effort to maintain this focus, those countermeasures that are  unlikely to be applied in education organizations are  not included here. If after your risk assessment, for example, your security team determines that your organization requires high-end countermeasures like retinal scanners or voice analyzers, you will need to refer to other security references and perhaps even need to hire a reliable technical consultant.

something you should do (icon)

 

Create a Secure Environment: Building and Room Construction: 17

· Don't arouse unnecessary interest in your critical facilities: A secure room should have "low" visibility (e.g., there should not be signs in front of the building and scattered throughout the hallways announcing "expensive equipment and  sensitive information this way").

Select only those countermeasures that meet percuived needs as indentified during risk assessment ( Chapter 2 ) and support security policy ( Chapter 3 ).

 

· Maximize structural protection: A secure room should have full height walls and fireproof ceilings.

· Minimize external access (doors): A secure room should only have one or two doors–they should be solid, fireproof, lockable, and observable by assigned security staff. Doors to the secure room should never be propped open.

· Minimize external access (windows): A secure room should not have excessively large windows. All windows should have locks.

· Maintain locking devices responsibly: Locking doors and windows can be an effective security strategy as long as appropriate authorities maintain the keys and combinations responsibly. If there is a breach, each compromised lock should be changed.

· Investigate options other than traditional keyhole locks for securing areas as is reasonable: Based on the findings from your risk assessment (see  Chapter 2 ), consider alternative physical security strategies such as window bars, anti-theft  cabling (i.e., an alarm sounds when any piece of equipment is disconnected from the system), magnetic key cards, and motion detectors.

excerpt icon

 

Recognize that some countermeasures are ideals and may not be feasible if, for example, your organization is housed in an old building.

· Be prepared for fire emergencies: In an ideal world, a secure room should be protected from fire by an automatic fire-fighting system. Note that water can damage electronic equipment, so carbon dioxide systems or halogen agents are recommended. If implemented, staff must be trained to use gas masks and other protective equipment. Manual fire fighting equipment (i.e., fire extinguishers) should also be readily available and staff should be properly trained in their use.

· Maintain a reasonable climate within the room: A good rule of thumb is that if people are comfortable, then equipment is usually comfortable–but even if people have gone home for the night, room temperature and humidity cannot be allowed to reach extremes (i.e., it should be kept between 50 and 80 degrees Fahrenheit and 20 and 80 percent humidity). Note that it's not freezing temperatures that damage  disks, but the condensation that forms when they thaw out.

· Be particularly careful with non-essential materials in a secure computer room: Technically, this guideline should read "no eating, drinking, or smoking near  computers," but it is quite probably impossible to convince staff to implement such a regulation. Other non-essential materials that can cause problems in a secure environment and, therefore, should be eliminated include curtains, reams of paper, and other flammables.

Security is measured not by its effect on theory, but by its effect on reality!

 

A blue paper with white text  Description automatically generated

Don't say it if you don't mean it–instituting policies that you don't bother to enforce makes users wonder whether you're serious about other rules as well.

                             something you should do (icon)

  Locking critical equipment in secure closet can be an excellent security strategy findings establish that it is warranted.

 

Guard Equipment:

· Keep  critical systems separate from  general systems:  Prioritize equipment based on its criticality and its role in processing sensitive information (see  Chapter 2 ). Store it in secured areas based on those priorities.

· House computer equipment wisely: Equipment should not be able to be seen or reach