Physical Security for Data Centers OWASP July 16, 2015
48
PHYSICAL SECURITY FOR YOUR DATA CENTER Michael E. Marotta, BS, MA. Intentional Privacy www.IntentionalPrivacy.com Austin, Texas
-
Upload
michael-marotta -
Category
Law
-
view
109 -
download
3
Transcript of Physical Security for Data Centers OWASP July 16, 2015
PHYSICAL SECURITY FOR YOUR DATA CENTER
Michael E. Marotta, BS, MA.
Intentional Privacywww.IntentionalPrivacy.com
Austin, Texas
Twelve years of experience in private security. Client sites included corporate settings, and campus safety.
WebEOC virtual emergency operations center standard across many agencies
TMAR annual training Camp Swift
April 11, 2015
Evaluated the dive team against national standards for incident response management.
BSides Austin 2013Jayson Street red hat pen tester takes on information security.
Your InfoSec Team
How InfoSec Sees Themselves
How InfoSec Sees Themselves
Your Front Desk Facilities Patrols
How We See Ourselves
ASIS International is the brand formerly known as the
American Society for Industrial Security
CERTIFICATIONS• Certified Protection Professional (CPP)®-
demonstrated knowledge and experience in all areas of security management
• Professional Certified Investigator (PCI)®- demonstrated education and/or experience in the fields of case management, evidence collection, and case presentation
• Physical Security Professional (PSP)®- demonstrated experience in physical security assessment, the application, design and integration of physical security systems, and implementation of physical security measures
CISO ≠ CSO
Carl begins his distraction.
Lose the balloons. Open the box and take out the briefcase.
“Martin, don’t even kid me. Those things are impossible!”
“This might work.”
ISO 27002
• Human Resources
• Asset Management
• Access
PHYSICAL SAFETY
Developing your own guidelines
VISITORS• Do they have an appointment?
• Are they expected?• Does their contact know that they are
here?• Where do they wait?• Is that area secure?
• Is that area open, closed, on camera?• Who issues the badge?
• Who ensures that the badge is returned?
Domestic Violence in the Workplace
• Research indicates that about 50 percent of battered women who are employed are harassed at work by their abusive partner.
• Over three-quarters of offenders used workplace resources at least once.
• 74% had easy access to their intimate partner's workplace
• 21% of offenders reporting that they contacted her at the workplace in violation of a no contact order.
Site Assessments
Site AssessmentsThreats, Risks and Exposures
PreventionsMitigationsResponsesRecoveries
Access Control
•Curbs•Berms•Hedges•Gates•Doors•Lights
•Locks•Motion Detectors•Alarms•Cameras•Badge Readers
Guards on Patrol Inspect Infrastructure
Guards on Patrol Inspect Infrastructure
$50 billion annually
2 million personnel
$ 100 billion annually
1.1 million personnel760,000 sworn
1960 1970 1980 1985 1990 1993 1998 2000 2003 2007 2010 2015
Private Security
Public Policing
9/11
Recession
Numbers from COPS US DOJ http://www.cops.usdoj.gov/Default.asp?Item=2034
Zero Point 27 Percentof RevenueSpent on PHYSICAL Security
How much is it worth to protect her …
… from them?
Disaster
Enemies are Everywhere
They have powerful friends
The best defense …
… is merely a defense
The firewall cannot always withstand a denial of service attack.
How do you know that I don’t have next year’s designs on this?
Dad, I got sick at school.Can you come pick me up?
Every desk can have one. No one should be out of touch
You probably do not need to go this far in cutting off smart phone access to your most sensitive departments
Independence and Autonomy
C-Level Representation
Recognition of Profession
You got any questions?
THANK YOU
