Unlock the full potential of your projects.
Exibir mapa completo
Copiar e editar mapa Copiar

Physical and Environmental Security

Outro
SA
Samar Al.nahdi
Começar. É Gratuito
ou inscrever-se com seu endereço de e-mail
Mapas mentais semelhantes Esboço do mapa mental
Physical and Environmental Security por Mind Map: Physical and Environmental Security

1. How Is Physical Access Controlled?

1.1. Physical entry and exit controls:

1.1.1. Authorizing Entry (building access)

1.1.1.1. Access control rules should be designed for

1.1.1.1.1. Employees

1.1.1.1.2. Third-party

1.1.1.1.3. Visitors

1.1.1.2. Physical entry/access controls (rules)

1.1.1.2.1. Authorized users should be authorized prior to gaining access to protected area

1.1.1.2.2. Visitors should be identified, labeled, and authorized prior to gaining access to protected area

1.1.1.2.3. Visitors should be required to wear identification that can be evaluated from a distance, such as a badge

1.1.1.2.4. Identification should start as soon as a person attempts to gain entry

1.1.2. Securing Offices, Rooms, and Facilities (within the building)

1.1.2.1. Workspaces should be classified based on the level of protection required

1.1.2.1.1. Some internal rooms and offices as well as parts of individual rooms (cabinets and closets) may also require different levels of protection

1.1.2.2. Classification system should address

1.1.2.2.1. personnel security

1.1.2.2.2. Information system security

1.1.2.2.3. Documents security

1.1.2.3. Secure design controls within the building include

1.1.2.3.1. Alarm, monitored activity, and unbreakable windows etc.

1.1.3. Working in Secure Areas

1.1.3.1. It is not enough to just physically secure an area but, close attention should be paid to

1.1.3.1.1. who is allowed to access the area

1.1.3.1.2. what they are allowed to do

1.1.3.2. The area should be

1.1.3.2.1. continually monitored

1.1.3.2.2. access control lists should be review frequently

1.1.3.3. Based on the circumstances devices are restricted from entering certain areas

1.1.3.3.1. cameras, smartphones, tablets, and USB drives

1.1.4. Ensuring clear desks and screens

1.1.4.1. Companies have a responsibilities to protect physical and digital information (during the workday and non-business hours)

1.1.4.2. Protected or confidential documents should never be viewable to unauthorized personnel

1.1.4.2.1. Document should be locked in file rooms, desk drawers and cabinets when not in use

1.1.4.2.2. Copiers, scanners, and fax machines should be located in nonpublic areas and require the use of codes

2. Protecting Equipment

2.1. Hardware assets must be protected from:

2.1.1. Power surges: Prolonged increase in voltage

2.1.2. Power spikes: momentary increase in voltage

2.1.3. Blackouts: Prolonged periods of power loss

2.1.4. Fault: momentary loss if power

2.1.5. Sag: Momentary periods of low voltage

2.1.6. Brownout: Prolonged period of low voltage

2.2. Protective devices can be installed to help protect the area and assets such as

2.2.1. Voltage regulators

2.2.2. Isolation transformers

2.2.3. Line filters

3. How Dangerous Is Fire?

3.1. Three elements of fire protection:

3.1.1. 1. Fire prevention controls

3.1.1.1. Hazard assessments, inspections, and following construction codes

3.1.2. 2. Fire detection

3.1.2.1. Smoke, heat, and flame activated (detection devices)

3.1.3. 3. Fire containment and suppression

3.1.3.1. Class A (materials: wood, paper)

3.1.3.2. Class B (liquids: oils, gas)

3.1.3.3. Class C (electrical equipment)

3.1.3.4. Class D (metals)

4. How secure the Site

4.1. Physical protection is required for information-processing facilities

4.1.1. A closet of one server

4.1.2. A complex of buildings with thousands of computers

4.2. In addressing site physical security, we must consider

4.2.1. Theft

4.2.2. Malicious destruction

4.2.3. Accidental damage

4.2.4. Damage that results from natural disasters

4.3. The design of a secure site starts with the location

4.4. Evaluating location-based threats

4.4.1. Political stability

4.4.2. Susceptibility to terrorism

4.4.3. Crime rate in the area

4.4.4. Roadways and flight paths

4.4.5. Utility stability

4.4.6. Vulnerability to natural disasters

4.5. Critical information processing facilities should be inconspicuous and unremarkable

4.6. The physical perimeter can be protected using

4.6.1. Obstacles

4.6.1.1. Berms, Fences, Gates, and Bollards

4.6.1.2. Illuminated entrances, exits, pathways, and parking areas

4.6.2. Detection systems

4.6.2.1. Cameras, closed-circuit TV, alarms, motion sensors, and security guards

4.6.3. Response system

4.6.3.1. Locking gates and doors, personnel notification and direct communication with police

5. What About Disposal?

5.1. Removing data from drives

5.1.1. Formatting a hard drive or deleting files does not mean that the data located on that drive cannot be retrieved

5.1.2. Two methods for permanently removing data from drives before their disposal:

5.1.2.1. Disk wiping (overwriting the hard drive with 0 and 1)

5.1.2.2. Degaussing (exposing the hard drive to high magnetic field)

5.2. Destroying materials

5.2.1. Making devices/media unreadable and unusable through destruction (crushing, shredding or drilling through devices)