CISSP LnL - Physical Security
-
Upload
lkjdfisajsh2 -
Category
Documents
-
view
227 -
download
0
Transcript of CISSP LnL - Physical Security
8/3/2019 CISSP LnL - Physical Security
http://slidepdf.com/reader/full/cissp-lnl-physical-security 1/17
C I S S P L U N C H & L E A R N S E S S I O N
A p r i l 1 6 2 0 0 9
Physical Security
8/3/2019 CISSP LnL - Physical Security
http://slidepdf.com/reader/full/cissp-lnl-physical-security 2/17
Overview
C I S S P E X A M
8/3/2019 CISSP LnL - Physical Security
http://slidepdf.com/reader/full/cissp-lnl-physical-security 3/17
CISSP Lunch & Learn Overview
Peer supported study
Weekly sessions conducted by peers and subject matter experts
Not a substitute for self-study
Focus self-study activities to the correct depth and breadth for CISSP
Presenter Background – Mark Millar• TRM&IS since 2004
• Certified CISSP August 2005
• Other certifications: IMITI Leader designation
• Degree: Honours B.Sc. Computer Science from University of WesternOntario
8/3/2019 CISSP LnL - Physical Security
http://slidepdf.com/reader/full/cissp-lnl-physical-security 4/17
CISSP Overview
Certified Information Systems Security Professional (CISSP)
Established by the (ISC)2 – International Information Systems Security Certification Consortium to certify information security professionalsknowledge against a common body of knowledge (CBK)
Exam covers knowledge and skills in 10 CBK domains Access Control Systems and Methodology
Application and Systems Development Security
Business Continuity and Disaster Recovery Planning
Cryptography
Law, Investigations, and Ethics
Operations Security Physical Security
Security Architecture and Models
Security Management Practices
Telecommunications & Network Security
8/3/2019 CISSP LnL - Physical Security
http://slidepdf.com/reader/full/cissp-lnl-physical-security 5/17
CISSP Overview
Exam consists of 250 English language multiple choice questions of which 25 are not counted
A Maximum of 6 hours is allocated for writing the exam
No penalty for answering questions wrong
After passing the exam a candidate has 90 days to submit theendorsement form which must be signed by another CISSP, youremployer, or any licensed, certified, or commissioned CISSP
A percentage of passing candidates who submit the endorsement formare randomly selected for an audit of their background. A resume must
be submitted for formal review by (ISC)2
US focused content!
CISSP world NOT the real world!
8/3/2019 CISSP LnL - Physical Security
http://slidepdf.com/reader/full/cissp-lnl-physical-security 6/17
ACCESS CONTROL SYSTEMS AND METHODOLOGY APPLICATION AND SYSTEMS DEVELOPMENT SECURITY
BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING
CRYPTOGRAPHY
LAW, INVESTIGATIONS, AND ETHICS
OPERATIONS SECURITY
PHYSICAL SECURITY
SECURITY ARCHITECTURE AND MODELS
SECURITY MANAGEMENT PRACTICES
TELECOMMUNICATIONS & NETWORK SECURITY
Physical Security
8/3/2019 CISSP LnL - Physical Security
http://slidepdf.com/reader/full/cissp-lnl-physical-security 7/17
Ice Breaker
What is the most effective control listed below thatshould be used to protect a site?
a) Razor wire fence at least 8 feet
b) Biometrical authentication
c) Infrared security cameras
d) Security guard
Think:
Deterrence,
Detection, and
Response
8/3/2019 CISSP LnL - Physical Security
http://slidepdf.com/reader/full/cissp-lnl-physical-security 8/17
Physical Security
The physical security domain provides protectiontechniques for the entire facility, from the outsideperimeter to the inside office space, including all of the information system resources.
Topics: Buildings, technical controls, supportingfacilities, fire safety, electrical security, HVAC,
perimeter security, physical facility, physical accesscontrols, theft, and intrusion detection
8/3/2019 CISSP LnL - Physical Security
http://slidepdf.com/reader/full/cissp-lnl-physical-security 9/17
Physical Security
8/3/2019 CISSP LnL - Physical Security
http://slidepdf.com/reader/full/cissp-lnl-physical-security 10/17
Physical Security
Information Protection Requirements
Information Protection Environment
Security Technology & Tools
Assurance, Trust, and Confidence Mechanisms Information Protection and Management Services
8/3/2019 CISSP LnL - Physical Security
http://slidepdf.com/reader/full/cissp-lnl-physical-security 11/17
Physical Security
Information Protection Requirements Perimeter and Building Grounds
Building entry points
Inside building (access points, office areas)
Data Centres or server room security Computer Equipment protection
Object protection
Information Protection Environment
Security Technology & Tools Assurance, Trust, and Confidence Mechanisms
Information Protection and Management Services
8/3/2019 CISSP LnL - Physical Security
http://slidepdf.com/reader/full/cissp-lnl-physical-security 12/17
Physical Security
Information Protection Requirements
Information Protection Environment Types of threats: natural/environmental or human-made/political
events
Environmental Design (location, layered defense model) Physical Elements
Power (outage, degradation)
Interference & Electrical Support systems
HVAC issues
Security Technology & Tools Assurance, Trust, and Confidence Mechanisms
Information Protection and Management Services
8/3/2019 CISSP LnL - Physical Security
http://slidepdf.com/reader/full/cissp-lnl-physical-security 13/17
Physical Security
Information Protection Requirements
Information Protection Environment
Security Technology & Tools Elements of Physical Security
Fire prevention, detection, and suppression
Functions of Physical Security • Deter, Delay, Detect, Assess, Respond
Components of Physical Security
• Perimeter protection, surveillance/monitoring, lighting, guards,access controls, controlled areas, additional tools
Assurance, Trust, and Confidence Mechanisms
Information Protection and Management Services
8/3/2019 CISSP LnL - Physical Security
http://slidepdf.com/reader/full/cissp-lnl-physical-security 14/17
Physical Security
Information Protection Requirements
Information Protection Environment
Security Technology & Tools
Assurance, Trust, and Confidence Mechanisms Drills & Testing
Checklist, Maintenance, & Services
Information Protection and Management Services
8/3/2019 CISSP LnL - Physical Security
http://slidepdf.com/reader/full/cissp-lnl-physical-security 15/17
Physical Security
Information Protection Requirements
Information Protection Environment
Security Technology & Tools
Assurance, Trust, and Confidence Mechanisms Information Protection and Management Services
Security Manager
8/3/2019 CISSP LnL - Physical Security
http://slidepdf.com/reader/full/cissp-lnl-physical-security 16/17
Physical Security
Review: make sure you understand the following:
Definitions: physical security, threat,
vulnerability, criticality; Types of threats; HVAC,power; Elements of Physical Security; Functions of Physical security; Security in depth; Fences, Gates,Bollards; IDS, CCTV; Lighting, Doors, Windows;
Locks, Access Control, Security force; Supportsystems; Testing & training.
8/3/2019 CISSP LnL - Physical Security
http://slidepdf.com/reader/full/cissp-lnl-physical-security 17/17
Thank You!
Good Luck
Additional Resources CISSP SharePoint
http://w3.trmisworkspace.td.com/Collaborations/Teams/CISSP/default.aspx
Email DL [email protected]
CISSP Website www.isc2.org
SANS Perimeter Protection In-Depth http://www.sans.org/mentor/details.php?nid=17879
SANS Mentor Program
Shameless Plug to captive audience