CISSP LnL - Physical Security

8/3/2019 CISSP LnL - Physical Security

http://slidepdf.com/reader/full/cissp-lnl-physical-security 1/17

C I S S P L U N C H & L E A R N S E S S I O N

A p r i l 1 6 2 0 0 9

Physical Security



Overview

C I S S P E X A M



CISSP Lunch & Learn Overview

Peer supported study

Weekly sessions conducted by peers and subject matter experts

Not a substitute for self-study

Focus self-study activities to the correct depth and breadth for CISSP

Presenter Background – Mark Millar• TRM&IS since 2004

• Certified CISSP August 2005

• Other certifications: IMITI Leader designation

• Degree: Honours B.Sc. Computer Science from University of WesternOntario



CISSP Overview

Certified Information Systems Security Professional (CISSP)

Established by the (ISC)2 – International Information Systems Security Certification Consortium to certify information security professionalsknowledge against a common body of knowledge (CBK)

Exam covers knowledge and skills in 10 CBK domains Access Control Systems and Methodology

Application and Systems Development Security

Business Continuity and Disaster Recovery Planning

Cryptography

Law, Investigations, and Ethics

Operations Security Physical Security

Security Architecture and Models

Security Management Practices

Telecommunications & Network Security



CISSP Overview

Exam consists of 250 English language multiple choice questions of which 25 are not counted

A Maximum of 6 hours is allocated for writing the exam

No penalty for answering questions wrong

After passing the exam a candidate has 90 days to submit theendorsement form which must be signed by another CISSP, youremployer, or any licensed, certified, or commissioned CISSP

A percentage of passing candidates who submit the endorsement formare randomly selected for an audit of their background. A resume must

be submitted for formal review by (ISC)2

US focused content!

CISSP world NOT the real world!



ACCESS CONTROL SYSTEMS AND METHODOLOGY APPLICATION AND SYSTEMS DEVELOPMENT SECURITY

BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING

CRYPTOGRAPHY

LAW, INVESTIGATIONS, AND ETHICS

OPERATIONS SECURITY

PHYSICAL SECURITY

SECURITY ARCHITECTURE AND MODELS

SECURITY MANAGEMENT PRACTICES

TELECOMMUNICATIONS & NETWORK SECURITY

Physical Security



Ice Breaker

What is the most effective control listed below thatshould be used to protect a site?

a) Razor wire fence at least 8 feet

b) Biometrical authentication

c) Infrared security cameras

d) Security guard

Think:

Deterrence,

Detection, and

Response



Physical Security

The physical security domain provides protectiontechniques for the entire facility, from the outsideperimeter to the inside office space, including all of the information system resources.

Topics: Buildings, technical controls, supportingfacilities, fire safety, electrical security, HVAC,

perimeter security, physical facility, physical accesscontrols, theft, and intrusion detection



Physical Security



Physical Security

Information Protection Requirements

Information Protection Environment

Security Technology & Tools

Assurance, Trust, and Confidence Mechanisms Information Protection and Management Services



Physical Security

Information Protection Requirements Perimeter and Building Grounds

Building entry points

Inside building (access points, office areas)

Data Centres or server room security Computer Equipment protection

Object protection


Security Technology & Tools Assurance, Trust, and Confidence Mechanisms

Information Protection and Management Services



Physical Security


Information Protection Environment Types of threats: natural/environmental or human-made/political

events

Environmental Design (location, layered defense model) Physical Elements

Power (outage, degradation)

Interference & Electrical Support systems

HVAC issues

Security Technology & Tools Assurance, Trust, and Confidence Mechanisms




Physical Security



Security Technology & Tools Elements of Physical Security

Fire prevention, detection, and suppression

Functions of Physical Security • Deter, Delay, Detect, Assess, Respond

Components of Physical Security

• Perimeter protection, surveillance/monitoring, lighting, guards,access controls, controlled areas, additional tools

Assurance, Trust, and Confidence Mechanisms




Physical Security




Assurance, Trust, and Confidence Mechanisms Drills & Testing

Checklist, Maintenance, & Services




Physical Security




Assurance, Trust, and Confidence Mechanisms Information Protection and Management Services

Security Manager



Physical Security

Review: make sure you understand the following:

Definitions: physical security, threat,

vulnerability, criticality; Types of threats; HVAC,power; Elements of Physical Security; Functions of Physical security; Security in depth; Fences, Gates,Bollards; IDS, CCTV; Lighting, Doors, Windows;

Locks, Access Control, Security force; Supportsystems; Testing & training.



Thank You!

Good Luck

Additional Resources CISSP SharePoint

http://w3.trmisworkspace.td.com/Collaborations/Teams/CISSP/default.aspx

Email DL [email protected]

CISSP Website www.isc2.org

SANS Perimeter Protection In-Depth http://www.sans.org/mentor/details.php?nid=17879

SANS Mentor Program

Shameless Plug to captive audience



http://www.isc2.org/

http://www.sans.org/mentor/details.php?nid=17879

http://www.sans.org/mentor/details.php?nid=17879

http://www.isc2.org/



CISSP LnL - Physical Security

Documents

Transcript of CISSP LnL - Physical Security