Cissp demo
Páginas: 18 (4314 palabras)
Publicado: 16 de noviembre de 2010
(CISSP) Certified Information Security Systems Professional Demo Guide
Physical Security
Examples of threats to physical security are as follows: -Emergencies -Natural Disasters -Human Intervention 7 major sources of physical loss (Don B. Parker) 1. 2. 3. 4. 5. 6. 7. Temperature-Extreme variations of heat or cold Gases-war gases, commercial vapors etc. LiquidsOrganisms-Viruses,bacteria,people, animals Projectiles-falling objects, rockets, etc.. Movement-Collapse, shearing, shaking, vibration Energy anomalies-electric surges or failure
CONTROLS FOR PHYSICAL SECURITY
(broken down into 2)
(1)-Administrative controls (2)-Physical and Technical Controls
(1)Administrative Controls A-Facility Requirements Planning
B-Facility Security Management C-Administrative PersonnelControls
A: Facility Requirements Planning:
Choosing a Secure Site:
-Visibility-What kind of neighbors will you have? Low visibility is key here -Local Considerations-Is the site near hazards? Crime? -Natural Disasters-Will this location has more natural disasters than others? -Transportation-Does this site have excessive air, highway traffic? -Joint Tenancy-Will we have complete control overHVAC equip? -External Services-Do you know relative proximity of local emergency services? Designing a Secure Site: -Walls-Walls will have acceptable fire rating. Closets must have HIGH fire rating -Ceilings-Concern here is weight bearing rating and the fire rating -Floors-Physical weight, non-conducting surface? -Windows-Must be shatterproof -Doors-Must resist forcible entry and have equal firerating of doors. Electric door locks MUST disable in state of emergency -Sprinkler system-Location must be known -Liquid or gas lines-IS staff must know location of shutoff valves. Water drains should be positive -AC-AC units should have dedicated power circuits. Should have outward positive air pressure and have protected intake vents -Electrical Requirements-Facility should have established backupsources. B: Facility Security Management: Audit trails-Include date and time of access attempt -Whether it was a success or not -where the access was granted -who attempted the access -who modified the access privileges Emergency Procedures -Emergency system shutdown procedures -Evacuation procedures -Employee training, awareness programs, and periodic drills -Periodic Equipment and system tests C:Administrative Personnel Controls -Pre-employment screening -On-going employee checks -Post-employment Procedures
Environmental and Life Safety Controls
1. Electrical Power 2. Fire Detection and suppression 3. HVAC 1. ELECTRICAL POWER
NOISE-Refers to the presence of electrical radiation in the system that interferes with the transmission of clean power. There are several types of noise,most common being EMI and RFI. Some counter-measures: -power line conditioning -Proper grounding -Cable shielding -limit exposure to electric shit, and magnets. Burnout-Prolonged low voltage Surge-Prolonged high voltage Sag-a momentary low voltage Fault-a momentary power outage Blackout-a prolonged power outage Humidity-Ideal operating humidity is between 40 and 60 percent. High humidity causescondensation. Low humidity causes static. Use anti-static sprays when possible, use anti static flooring, use anti static tables and floor mats
2. FIRE DETECTION AND SUPPRESSION
1. The most prevalent cause of computer center fires is electrical distribution systems
Fire classes and Fire Extinguisher types: Class A=common combustibles, use water or soda acid Class B=liquid, use CO2 soda acid, orHalon Class C=Electrical, use C02 or Halon For rapid fire to occur, three elements must be present, O2, HEAT, and FUEL Water-suppresses the temperature required to sustain fire Soda Acid-Suppresses the fuel supply of fire C02-Suppresses the O2 supply Halon-suppresses combustion through a chemical reaction that kills fire. Fire Detectors: Heat sensing-Activates when temp reaches a predetermined...
Physical Security
Examples of threats to physical security are as follows: -Emergencies -Natural Disasters -Human Intervention 7 major sources of physical loss (Don B. Parker) 1. 2. 3. 4. 5. 6. 7. Temperature-Extreme variations of heat or cold Gases-war gases, commercial vapors etc. LiquidsOrganisms-Viruses,bacteria,people, animals Projectiles-falling objects, rockets, etc.. Movement-Collapse, shearing, shaking, vibration Energy anomalies-electric surges or failure
CONTROLS FOR PHYSICAL SECURITY
(broken down into 2)
(1)-Administrative controls (2)-Physical and Technical Controls
(1)Administrative Controls A-Facility Requirements Planning
B-Facility Security Management C-Administrative PersonnelControls
A: Facility Requirements Planning:
Choosing a Secure Site:
-Visibility-What kind of neighbors will you have? Low visibility is key here -Local Considerations-Is the site near hazards? Crime? -Natural Disasters-Will this location has more natural disasters than others? -Transportation-Does this site have excessive air, highway traffic? -Joint Tenancy-Will we have complete control overHVAC equip? -External Services-Do you know relative proximity of local emergency services? Designing a Secure Site: -Walls-Walls will have acceptable fire rating. Closets must have HIGH fire rating -Ceilings-Concern here is weight bearing rating and the fire rating -Floors-Physical weight, non-conducting surface? -Windows-Must be shatterproof -Doors-Must resist forcible entry and have equal firerating of doors. Electric door locks MUST disable in state of emergency -Sprinkler system-Location must be known -Liquid or gas lines-IS staff must know location of shutoff valves. Water drains should be positive -AC-AC units should have dedicated power circuits. Should have outward positive air pressure and have protected intake vents -Electrical Requirements-Facility should have established backupsources. B: Facility Security Management: Audit trails-Include date and time of access attempt -Whether it was a success or not -where the access was granted -who attempted the access -who modified the access privileges Emergency Procedures -Emergency system shutdown procedures -Evacuation procedures -Employee training, awareness programs, and periodic drills -Periodic Equipment and system tests C:Administrative Personnel Controls -Pre-employment screening -On-going employee checks -Post-employment Procedures
Environmental and Life Safety Controls
1. Electrical Power 2. Fire Detection and suppression 3. HVAC 1. ELECTRICAL POWER
NOISE-Refers to the presence of electrical radiation in the system that interferes with the transmission of clean power. There are several types of noise,most common being EMI and RFI. Some counter-measures: -power line conditioning -Proper grounding -Cable shielding -limit exposure to electric shit, and magnets. Burnout-Prolonged low voltage Surge-Prolonged high voltage Sag-a momentary low voltage Fault-a momentary power outage Blackout-a prolonged power outage Humidity-Ideal operating humidity is between 40 and 60 percent. High humidity causescondensation. Low humidity causes static. Use anti-static sprays when possible, use anti static flooring, use anti static tables and floor mats
2. FIRE DETECTION AND SUPPRESSION
1. The most prevalent cause of computer center fires is electrical distribution systems
Fire classes and Fire Extinguisher types: Class A=common combustibles, use water or soda acid Class B=liquid, use CO2 soda acid, orHalon Class C=Electrical, use C02 or Halon For rapid fire to occur, three elements must be present, O2, HEAT, and FUEL Water-suppresses the temperature required to sustain fire Soda Acid-Suppresses the fuel supply of fire C02-Suppresses the O2 supply Halon-suppresses combustion through a chemical reaction that kills fire. Fire Detectors: Heat sensing-Activates when temp reaches a predetermined...
Leer documento completo
Regístrate para leer el documento completo.