CISSP Review CourseDomain 7

Physical Security

Domain Objective

The objective of the domain is to understand:

Protect and control information processing assets in centralized and distributed environments.

Execute the daily tasks required to keep security services operating reliably and efficiently.

Domain Summary

The information for the Security Operations domain represents 15% of the CISSP exam content.

This domain covers the protection and control of information assets in centralized and distributed environments. Security operations are primarily concerned with the daily tasks required to keep security services operating reliably and efficiently.

Topics to Be Covered

Physical Security Threats

Site Design and Configuration

Physical Security Requirements

For Centralized Computing Facilities

For Distributed Processing Facilities

Physical Security Threats

Threat Components Agents - who

Motives - why

Results - (how)

External Threats - environmental Wind/Tornado

Flooding

Lightning

Earthquake / Liquefaction

Cold and Ice

Fire (adjacent / power)

Chemical

Threat Identification

Internal Physical Threats Fire – intentional / accidental / malfunction – cause / fuel

Environmental Failure

Liquid Leakage

Electrical Interruption

Human Threats – the greatest threat Theft

Vandalism

Sabotage

Espionage

Errors

Physical Security Truths

People (personnel)

Procedure (practice)

+ Equipment (technology)

= Security System

Every Security Measure fits into one of 3 categories• Detect• Delay• Respond

Domain 7 adds 2 more categories• Deter - Deter is a feeling and immeasurable• Assess

Controls

Guards/Officers – detect / delay / respond / assess / deter

Fences – delay (7’ minimum) / deter

Barriers – delay / deter

Lighting – detect / deter

Keys and Locks – delay / deter

Badges - detect

Escorts – detect / delay / respond / deter

Property Controls - detect

Monitoring/Detection Systems - detect

Defense in Depth

Example

Layer 1 – Perimeter Exterior

Layer 2 – Perimeter Interior

Layer 3 – Interior Fencing for CI/KR

Layer 4 – Customer & Vendor Accessible Mantraps, Office Areas, Pathways

Layer 5 – Customer Cages in Data Center

Layer 6 – High Security Areas, Employee Areas, & Areas requiring Switch Escort.

Increases discoverability

Delay

Response

Access Control

Function – ensure authorized personnel are grated access to a controlled area

Regulating flow of materials, employees, vendors, customers, etc.

Components Readers

Electric locks

Alarms

ACSystem

Cards – Magnetic Stripe / Proximity / Smart Card

Additional• Access Control Panels• Power Supplies• Communications

CCTV (Surveillance)

Function – record, view, playback, alert.

Components Cameras / Lenses

Recorders

Monitors

Software

Additional• Thermal imagers• Outdoor camera housing• Pan/Tilt/Zoom• Dome Cameras• IP / Analog Cameras• Communication / wire / switches / etc.• Monitors single / split / matrix

Terms• Resolution• Light requirements• Frames/Images per second• Compression

Exterior Monitoring

Function – alert personnel to an intrusion at the perimeter to allow for adequate response

Systems Infrared Passive / Active

Microwave

Coaxial Strain-sensitive CableAKA Leaky coax

Lighting“should enable viewing for 75’ or more and to identify a face at 33’Types Continuous / Standby / Movable / Emergency / Egress-Exit

• Entrances 5fc• Walkways 1.5fc• Parking 5fc• Landscape .5fc• Around building 1fc• Roadway .5fc• For CCTV 1-2fc

Guards (Officers)

Provides a reasoned, discriminating and measured response

Issues Selection

Training

Motivated

Attentive

Professionals

Provides• Response• “Deterrence”• “Possible Liability”

Alarms

CCTV / Access Control / Detectors report to central location for dispatch and response

UL 1981 – a standard requirements for a central station

Internal Security

Function – closer to the prize requires higher level of security – layered approach – security in-depth

Systems Card Readers

Balance Magnetic Switch (BMS) (door contact)

Acoustic Sensors

Infrared beam

Passive Infrared

Request to Exit (REX)

Dual Technology Sensors

Escort and Visitor Control

Escort must know their responsibilities

Sign in – sign out

Verification of access

Badging

Doors / Turnstiles / Mantraps

Doors Isolation / indirect path / CPTED

Lighting

Door contact

Protection of human life is priority

“Solid Core” Steel stiffened

Swing out for exterior and code requirements only

Door hinges (3 per door – welded pins – close pin)

Door frames of welded steel

Fire rated as appropriate

Emergency egress path well marked

Fail-safe / Fail-secure

Turnstile / Mantraps Limit flow

Minimize tailgating/piggybacking

Anti-passback

Mantrap – one door at a timeProcess drivenRelay logic

Keys , Locks , Safes

Fail-safe / Fail-secure

Type Something you have

Key/Card

Something you knowPIN / combination

Something you areBiometric

Components Lock Body

Strike / strike plate

Key

Cylinder

Fingerprint/Thumbprint ScanBlood Vein Pattern Scan

RetinaWristHand

Hand GeometryFacial RecognitionVoice VerificationKeystroke RecordersProblems

CostSpeedAccuracy – false positive / false negative

Security Must Be

Real

Joe McDonald, CPP, PSP, CMASChief Security Officer

702‐204‐0155joe@supernap.com