CISSP Review Course Domain 7 - ISSA Las Vegaslvissa.org/mentor_slides/LVISSA CISSP Review...
Transcript of CISSP Review Course Domain 7 - ISSA Las Vegaslvissa.org/mentor_slides/LVISSA CISSP Review...
CISSP Review CourseDomain 7
Physical Security
Domain Objective
The objective of the domain is to understand:
Protect and control information processing assets in centralized and distributed environments.
Execute the daily tasks required to keep security services operating reliably and efficiently.
Domain Summary
The information for the Security Operations domain represents 15% of the CISSP exam content.
This domain covers the protection and control of information assets in centralized and distributed environments. Security operations are primarily concerned with the daily tasks required to keep security services operating reliably and efficiently.
Topics to Be Covered
Physical Security Threats
Site Design and Configuration
Physical Security Requirements
For Centralized Computing Facilities
For Distributed Processing Facilities
Physical Security Threats
Threat Components Agents - who
Motives - why
Results - (how)
External Threats - environmental Wind/Tornado
Flooding
Lightning
Earthquake / Liquefaction
Cold and Ice
Fire (adjacent / power)
Chemical
Threat Identification
Internal Physical Threats Fire – intentional / accidental / malfunction – cause / fuel
Environmental Failure
Liquid Leakage
Electrical Interruption
Human Threats – the greatest threat Theft
Vandalism
Sabotage
Espionage
Errors
Physical Security Truths
People (personnel)
Procedure (practice)
+ Equipment (technology)
= Security System
Every Security Measure fits into one of 3 categories• Detect• Delay• Respond
Domain 7 adds 2 more categories• Deter - Deter is a feeling and immeasurable• Assess
Controls
Guards/Officers – detect / delay / respond / assess / deter
Fences – delay (7’ minimum) / deter
Barriers – delay / deter
Lighting – detect / deter
Keys and Locks – delay / deter
Badges - detect
Escorts – detect / delay / respond / deter
Property Controls - detect
Monitoring/Detection Systems - detect
Defense in Depth
Example
Layer 1 – Perimeter Exterior
Layer 2 – Perimeter Interior
Layer 3 – Interior Fencing for CI/KR
Layer 4 – Customer & Vendor Accessible Mantraps, Office Areas, Pathways
Layer 5 – Customer Cages in Data Center
Layer 6 – High Security Areas, Employee Areas, & Areas requiring Switch Escort.
Increases discoverability
Delay
Response
Access Control
Function – ensure authorized personnel are grated access to a controlled area
Regulating flow of materials, employees, vendors, customers, etc.
Components Readers
Electric locks
Alarms
ACSystem
Cards – Magnetic Stripe / Proximity / Smart Card
Additional• Access Control Panels• Power Supplies• Communications
CCTV (Surveillance)
Function – record, view, playback, alert.
Components Cameras / Lenses
Recorders
Monitors
Software
Additional• Thermal imagers• Outdoor camera housing• Pan/Tilt/Zoom• Dome Cameras• IP / Analog Cameras• Communication / wire / switches / etc.• Monitors single / split / matrix
Terms• Resolution• Light requirements• Frames/Images per second• Compression
Exterior Monitoring
Function – alert personnel to an intrusion at the perimeter to allow for adequate response
Systems Infrared Passive / Active
Microwave
Coaxial Strain-sensitive CableAKA Leaky coax
Lighting“should enable viewing for 75’ or more and to identify a face at 33’Types Continuous / Standby / Movable / Emergency / Egress-Exit
• Entrances 5fc• Walkways 1.5fc• Parking 5fc• Landscape .5fc• Around building 1fc• Roadway .5fc• For CCTV 1-2fc
Guards (Officers)
Provides a reasoned, discriminating and measured response
Issues Selection
Training
Motivated
Attentive
Professionals
Provides• Response• “Deterrence”• “Possible Liability”
Alarms
CCTV / Access Control / Detectors report to central location for dispatch and response
UL 1981 – a standard requirements for a central station
Internal Security
Function – closer to the prize requires higher level of security – layered approach – security in-depth
Systems Card Readers
Balance Magnetic Switch (BMS) (door contact)
Acoustic Sensors
Infrared beam
Passive Infrared
Request to Exit (REX)
Dual Technology Sensors
Escort and Visitor Control
Escort must know their responsibilities
Sign in – sign out
Verification of access
Badging
Doors / Turnstiles / Mantraps
Doors Isolation / indirect path / CPTED
Lighting
Door contact
Protection of human life is priority
“Solid Core” Steel stiffened
Swing out for exterior and code requirements only
Door hinges (3 per door – welded pins – close pin)
Door frames of welded steel
Fire rated as appropriate
Emergency egress path well marked
Fail-safe / Fail-secure
Turnstile / Mantraps Limit flow
Minimize tailgating/piggybacking
Anti-passback
Mantrap – one door at a timeProcess drivenRelay logic
Keys , Locks , Safes
Fail-safe / Fail-secure
Type Something you have
Key/Card
Something you knowPIN / combination
Something you areBiometric
Components Lock Body
Strike / strike plate
Key
Cylinder
Fingerprint/Thumbprint ScanBlood Vein Pattern Scan
RetinaWristHand
Hand GeometryFacial RecognitionVoice VerificationKeystroke RecordersProblems
CostSpeedAccuracy – false positive / false negative
Security Must Be
Real
Joe McDonald, CPP, PSP, CMASChief Security Officer
702‐204‐[email protected]