ISA 400 Management Information Security
Week #1 Becoming a CISSP & Physical and Environmental Security
Philip Robbins January 17, 2015 Information Security &
Assurance Program University of Hawai'i West Oahu Becoming a CISSP
& Physical and Environmental Security
Topics Introductions Syllabus Review Becoming a Certified
Information Systems Security Professional Domain #1: Physical &
Environmental Security Review Questions, Q&A Quiz #1 Assignment
#1 Introductions Who am I? Information Systems Authorizing Official
Representative United States Pacific Command (USPACOM) Risk
Management Field Assessments to USPACOM Authorizing Official / CIO
Former Electronics & Environmental Engineer Bachelor of Science
in Electrical Engineering Master of Science in Information Systems
Certified Information Systems Security Professional (CISSP) and
Project Management Professional (PMP) 3 Syllabus Recommended Class
Textbook 4 Syllabus Recommended Textbook for CISSP Exam OUT OF
PRINT 5 Syllabus Management Information Security What this class IS
about:
A 400-level course in the management of security for information
and information systems.This class exposes the student to
fundamental concepts through the CISSP CBK, and its ten information
security domains, preparing the student for a career / management
role in the field of Information Systems Security. What this class
IS NOT about: An introductory course in security. Examination crash
course (boot camp) for CISSP certification. 6 Becoming a CISSP Who
is a CISSP? 7 Becoming a CISSP Professional Certifications
Cisco Certified Network Associate (CCNA) Project Management
Professional (PMP) Certified Information Systems Security
Professional (CISSP) 8 Becoming a CISSP What does it mean to have a
CISSP? 9 Becoming a CISSP IC2 CISSP 10 CBK Domains 10 Becoming a
CISSP Three Step Process Step 1: CISSP Examination
Submit Examination Application & Pay required fees ($599) Have
5 years experience in two or more of the 10 Domains (or 4 years
plus a degree) Complete Candidate Agreement Adhere to the (ISC)2
Code of Ethics Answer 4 questions related to criminal history and
background Take the supervised exam from (ISC)2 11 Becoming a CISSP
Three Step Process Step 1: CISSP Examination
https://www1.pearsonvue.com/testtaker/signin/SignInPage/ISC2 12
Becoming a CISSP Three Step Process Step 2: Certification
Congrats you scored 700 points or higher on the exam Submit Rsum
Submit Endorsement Form validated by another (ISC) credential
holder Pass audit if randomly selected 13 Becoming a CISSP Three
Step Process Step 3: Maintenance
Annual Maintenance fee of $85 Continuing Professional Education
(CPE) Credits 120 CPEs are needed every 3 years 40 CPEs per year
MUST be submitted 14 Becoming a CISSP The Exam CISSP Examination
Specifics 250 questions
25 questions do not count 6 hours to complete the exam Multiple
choice (4 choices) Mixed questions (not by domain) Questions are
weighted The (ISC)2 Code of Ethics is testable Both a mental and
physical test 15 Becoming a CISSP The Exam CISSP Test Taking Tips
Think like a manager
Think about Risk Management Keep Confidentiality, Integrity and
Availability in mind Answer easy questions immediately, skip others
and return to them later Eliminate wrong answers Be sure you
understand what the question is asking 16 Becoming a CISSP The Exam
CISSP Post Exam Syndrome
You will have no clue how you did until you get your results Many
feel they are underperforming during the test Remember 25 questions
dont count & questions are weighted You will feel all questions
you are getting are within a single domain 17 Physical and
Environmental Security
18 Physical and Environmental Security
What is it? Addresses the threats & vulnerabilities, including
the countermeasures that can be implemented to physically protect
an enterprises resources (sensitive information). Measures designed
to deny access to unauthorized personnel from physically accessing
a building, facility, resources, or stored information. 19 Physical
and Environmental Security
What do I need to know? Understand the considerations for site and
facility design Perimeter Defenses System Defenses Physical &
Environmental Controls 20 Physical and Environmental Security
Goals of a Physical (Environmental) Security Program Priority #1:
Human Safety (most important) Physical security procedures should
focus on protecting human life first then on restoring the safety
of the environment, and then restoring the utilities necessary for
the IT infrastructure to function. 21 Physical and Environmental
Security
Goals of a Physical (Environmental) Security Program Priority #1:
Human Safety (most important) Priority #2: Assurance of our
Information Security Services Prevention of crime and disruption
through deterrence Reduction of damage through the use of delaying
mechanisms Assess, Protect, Detect, and Respond Strategy 22
Physical and Environmental Security
Defense-in-Depth Multi-layered approach towards security Physical
Security is the first layer of protection (or is it?). Physical
Security Layer Perimeter Defense Layer Network Defense Layer Host
Defense Layer Application Defense Layer Data Defense Layer Onion
Model 23 Physical and Environmental Security Threats and
Vulnerabilities
Challenges Threats and Vulnerabilities Threat Types Natural and
Environmental Threats Manmade Threats Malicious Threats Accidental
Threats Politically Motivated Threats Vulnerabilities Inadequate or
lapse in security 24 Physical and Environmental Security
Physical Controls The non-technical environment, such as locks,
fire management, gates, and guards. Network Segregation:Carried out
through physical and logical means. Perimeter Security:Mechanisms
that provide physical access control by providing protection for
individuals, facilities and the components within facilities.
Computer Control:Physical controls installed and configured. Work
Area Separation:Controls that are used to support access control
and the overall security policy of the company. Data Backups:Ensure
access to information in case of an emergency or a disruption of
the network or a system. Cabling:All cables need to be routed
throughout the facility in a manner that is not in peoples way or
that could be exposed to any danger of being cut, burnt, crimped or
eavesdropped upon. 25 Physical and Environmental Security
Perimeter Defenses Fences Gates Bollards Lights CCTV Locks Motion
Detectors/Perimeter Alarms Doors and Windows Walls, Floors, and
Ceilings Guards Dogs Restricted Areas and Escorts 26 Physical and
Environmental Security
Boundary Protection Perimeter Intrusion Detection and Assessment
Systems Fence Construction Perimeter Walls and Fences 3 to 4
ft:Deters casual trespassers 6 to 7 ft:Too hard to climb easily 8
ft w/ 3 strands barbed wire:Deters intruders Most fencing is
largely a psychological deterrent 27 Physical and Environmental
Security
Vehicular Gates Class I: residential gate operation Class II:
commercial (parking lot or garage) Class III: industrial or limited
access (warehouse, factory, loading dock) Class IV: restricted
access requiring security personnel (prison, airport) 28 Physical
and Environmental Security
Boundary Protection Vehicle and Personnel Entries and Exits -
Turnstile (one at a time) - Bollards (small concrete pillars) -
Mantraps (controlled access) Lighting - 2 candle feet at 8 ft of
height (NIST) - Do not illuminate guard positions - Overlap lights
- Glare protection - See individuals at 75 feet or more - See
facial features at about 33 feet 29 Physical and Environmental
Security
Boundary Protection Mantrap Entry with two doors First door must
close and log prior to the second door opening Each door must
require a different form of authentication to open Turnstile
Designed to prevent tailgating Allow only one person at a time to
access Both must allow safe egress in case of an emergency No
system should require authentication in order to exit during an
emergency (safety first) 30 Physical and Environmental
Security
Boundary Protection Tailgating / Piggybacking - Bypass an access
control method by following an authorized person through the entry
point. - Policies should include language prohibiting the practice.
- Beware the social engineer. 31 Physical and Environmental
Security
Security Lighting Systems Continuous lighting (most common) Standby
lighting (automatically or manually turned on) Movable lighting
(movable searchlights or lighting) Emergency lighting (backup to
any of the previous) 32 Physical and Environmental Security
Security Lighting Systems (Consider the Types of Lights) -
Fluorescent (efficient and cost effective, temperature sensitive,
not so good for outdoors) - Mercury vapor (bluish cast, preferred,
extended life, takes time to warm up) - Sodium vapor (soft yellow,
more efficient than mercury, good for fog) - Quartz lamps (produce
daylight quality for high visibility 33 Physical and Environmental
Security
Closed-Circuit Television (CCTV) For blind areas Point camera
downwards (away from the sky) Have cameras tie into the alarm
systems Lenses (fixed or zoom) for PTZ (Pan Tilt Zoom) Ability to
be recorded (DVR) Human interaction / monitoring required Color
cameras offer more information 34 Physical and Environmental
Security
Keys and Locking Systems Key and Deadbolt Locks Combination Locks
Electric/magnetic locks Keypad/Pushbutton Locks Smart Locks
-Mechanical locks Warded Tumbler 35 Physical and Environmental
Security
Key Control Lack of key control is one of the biggest security
risks faced by business or property owners. Know who has the keys.
Protect against unauthorized duplication. Appoint a key control
manager. Create policy and method for issuing and collecting keys.
Issue only for official use; by authorized individuals. All keys
should remain the property of the issuing facility. Employees must
ensure keys are safeguarded and properly used. 36 Physical and
Environmental Security
Perimeter Intrusion Detection Systems - Electrical Circuit - Light
Beam - Energy Fields Passive Infrared Sensors Measures light energy
level Detects heat and movement Microwave and Ultrasonic Systems
(invisible) Electro-static - Sounds and Vibration (microphones) -
Motion Detectors - Coaxial Strain-Sensitive Cable - Balanced
Magnetic Switch (BMS) 37 Physical and Environmental Security
Walls Fire standards call for computer rooms to be separated by
fire resistant walls, floor & ceiling constructed of
noncombustible or limited combustible materials, rated at not less
than one hour of protection (Passive Fire Protection). Wall
thickness protections Thickness of gypsum plaster can refer to how
long the wall keeps the area opposite the fire, below the
boilingpoint (100 degrees Celsius). The rule of thumb is 1 inch of
gypsum = 1 hour of protection 38 Physical and Environmental
Security
Walls, Doors, and Windows Hollow Doors & Glass Windows are the
weakest link in a wall. Door Security Designs: Fail Secure: locks
Fail Safe: unlocks Fail Soft: operates at reduced capacity. (i.e.
elevator door) Window Glass Types: Standard Tempered (breaks into
little pieces) Reflective or shatter-proof security film Wire mesh
or polycarbonate (embedded) Acrylics Bullet resistant (1.25 stops
9mm round) 39 Physical and Environmental Security
Safes, Vaults, and Containers Safes are defined as fireproof and
burglarproof iron or steel chests. Vaults are defined as a room or
compartment designed for storage and safekeeping of valuables and
has a size and shape that permits entrance and movement within by
one or more persons. Containers are reinforced filing cabinets that
can be used to store property. 40 Physical and Environmental
Security
Safes, Vaults, and Containers Tool Resistant Safes come in various
classes TRTL-15 (takes 15 minutes to break into with proper tools)
TRTL-30 (takes 30 minutes to break into with proper tools) Vault
door ratings (how long to gain entry with tools) Class M (one
quarter hour) Class 1 (one half hour) Class 2 (one hour) Class 3
(two hours) Containers get their standards from the government.A
Class 6 container is required for the storage of secret, top
secret, and confidential information.It must meet protection
requirements of 30 man-minutes against covert entry and 20
man-hours against surreptitious (clandestine/stealthy) entry with
no forced entry. Physical and Environmental Security
Other Procedural Controls / Design Considerations Security Guards /
Officers:dynamic control method used to enhance gatecontrol, patrol
perimeters, building, staff, perform vehicle inspections,
andmonitor CCTV. Checking and escorting visitors on Site: Identify
and account for visitors onsite. Design and configuration of work
areas and visitor areas: There should notbe equal access to all
locations within a facility. Valuable and confidential assets
should be located in the heart or center ofthe building. Managing
deliveries to the Site: individual buildings on the site may
require unique levels of security. Physical and Environmental
Security
Dogs Provides enhanced perimeter defense in a controlled area.
Serves both as a deterrent and a detective measure. Dogs present a
legal liability. Most trained dogs will not attack if the suspect
is stationary. Physical and Environmental Security
Identification for Restricted Areas Beware of attempts to reuse old
badges, stolen badges, fabricated badges, or use of social
engineering. Mitigation methods: Time based badges Color coded
badges for different days of the week Electronic badges Provide
guards to escort visitors Physical and Environmental Security
Site Security Survey American Institute of Architects have
established some key security questions to be addresses during a
security assessment: 1. What do we want to protect? 2. What are we
protecting against? 3. What are the current or expected asset
vulnerabilities? 4. What are the consequences of loss? 5. What
specific level of protection do we wish to achieve? 5. What types
of protection measures are appropriate? 7. What are our protection
constraints? 8. What are the specific security design requirements?
9. How does our integrated system of personnel, technologies, and
procedures respond to security incidents? Physical and
Environmental Security
Site Development Considerations Start with an undeveloped lot of
land as a starting point for development: Visibility Surrounding
terrain Building markings Types of neighbors and population
Surrounding area and external entities Crime rate, riots, terrorism
attacks (primary concern is employee safety) Proximity to police,
medical and fire stations Accessibility Road access and traffic
Proximity to airports, train stations, and highways Natural
Disasters Likelihood of floods, tornadoes, earthquakes, or
hurricanes Hazardous terrain (mudslides, falling rocks, excessive
snow) Physical and Environmental Security
Facility Design Review Visibility (most data centers are not
externally marked so as not toattract attention) Construction of
Walls:combustibility of material, fire rating,reinforcements for
secure areas. Doors:combustibility of material, fire rating,
resistance to forcibleentry, emergency marking, placement, locks or
controlled entrances,alarms, secure hinges, directional opening,
electric door locks thatrevert to unlocked state for safe
evacuation, type of glass (shatterproofor bulletproof).
Windows:translucent or opaque requirements, shatterproof, alarms,
placement, accessibility to intruders (shared tenancy presents
security issues).Physically close neighbors impact wireless.
Physical and Environmental Security
Facility Design Ceilings: Combustibility, fire rating, weight
bearing rating, drop ceilingconsiderations. Flooring:weight bearing
rating, combustibility, fire rating, raisedflooring, non-conducting
surface and material. HVAC:positive air pressure, protected intake
vents, dedicated power lines, emergency shut off valves and
switches, placement (Electrical power supplies) backup and
alternative, clean and steady power, dedicated feeders, placement
and access (water and gas lines), labeled shutoff valves, positive
flow, placement (fire detection and suppression) placement of
sensors and detection, placement of suppression systems, type of
detectors and suppression agents. Physical and Environmental
Security
Utility Concerns Utilities Where possible: keep underground,
concealed, protected. Provide quick connects for portable back up
systems. Protect drinking water from contaminants and access.
Minimize signs identifying critical utilities. Locate petroleum,
oil, and lubricants on a downward slope from all occupied buildings
(fuel at least 100 feet from buildings). Identify utility systems
that are at least 50 feet from loading docks, front entrances, and
parking areas. Electrical Separate emergency and normal electric
panels and conduits. Consider emergency generators. Location of
main fuel storage. Communications Consider a second phone system in
case of an incident. Physical and Environmental Security
Data Centers & Server Rooms Located in core area of facility.
Not (directly) accessible from public areas. Should not be located
on top floors (fires) or basements (flooding), but should be
located well above the ground floor (access). Should be placed on a
different electrical grid from rest of facility. Should be located
near wiring distribution center. Should have strict access control
mechanisms implemented. Should only have one access door with a
second emergency door (no access). Physical and Environmental
Security
Crime Prevention Through Environmental Design A Physical Security
approach that outlines how the proper design of aphysical
environment can reduce crime by affecting human behavior. Physical
and Environmental Security
Crime Prevention Through Environmental Design Outlines how the
proper design of a physical environment can reduce crime by
affecting human behavior. Natural access control:Limit access and
control the flow of access by guidingpeople entering and leaving a
space through the placement of doors, fences, lighting, and even
landscaping.Ex: outlining a walkway with lights. Physical and
Environmental Security
Crime Prevention Through Environmental Design Outlines how the
proper design of a physical environment can reduce crime by
affecting human behavior. Natural surveillance:Surveillance can
take place through organized means (guards), mechanical means
(CCTV) and natural strategies (straight lines, low landscaping,
raised entrances). The Goal of natural surveillance is to make
criminals feel uncomfortable by providing many different ways
observers could potentially see them, while making everyone else
feel safe by providing an open, and well designed environment.
Physical and Environmental Security
Crime Prevention Through Environmental Design Outlines how the
proper design of a physical environment can reduce crime by
affecting human behavior. Territorial reinforcement: Creates
physical designs that emphasize or extend the companys physical
sphere of influence so legitimate users feel a sense of ownership
of that space.Use of walls, fences, landscaping, light fixtures,
flags, The Goal of territorial reinforcement is to create a sense
of dedicated community. People protect territory that is their own.
Physical and Environmental Security
Target Hardening Focuses on denying access through physical and
artificial barriers. CPTED and target hardening are two different
approaches. The best approach is to build an environment from a
CPTED approach and then apply target hardening: Reduce the fear of
crime. Reduce the opportunities for crime. Avoid concealment as
much as possible:Screen visually detractivecomponents such as
transformers, trash compactors, and condensing units. Avoid dense
vegetation close to a building. Thick, ground cover, above 4 inches
in height, can be a security disadvantage. Areas which have single
egress points cause intruders to fear being caught. Physical and
Environmental Security
Shared Tenancy and Adjacent Buildings Difficult for territorial
reinforcement and CPTED. Lax security in one company or building
can impact others. Neighboring wireless systems may cause
interferences. Physical and Environmental Security
Shared Demarcation Points The place where the Internet Service
Provider responsibility endsand the customers begins is called the
demarcation point. Access to the demarc point can jeopardize
confidentiality, integrity, andavailability. Shared demarcs require
strong physical access control on both sides. Segregated demarcs is
advisable for higher security areas. Physical and Environmental
Security
Tracking Assets Records and logs enhances physical security. Useful
in determining loss or theft of physical equipment. Helps audit the
acquisition, movement, and decommission of systems. Supports
regulatory compliance by pinpointing datas location. Tracks the
relationship between customers, and employees to the data,and the
various devices they use. Physical and Environmental Security
Media Concerns Storage and Transportation. Cleaning and
destruction. Shredding. Overwriting. Degaussing. Physical and
Environmental Security
Power & Electricity Complete loss of power Fault: Momentary
loss of power. Blackout: Prolonged loss of power. Degradation of
power Sag/Dip: Momentary low voltage. Brownout: Prolonged low
voltage. Excess of power Spike: Momentary high voltage. Surge:
Prolonged high voltage. Physical and Environmental Security
Power & Electricity Inrush: Initial surge after connection to
power. Noise: Steady interference. EMI (ElectroMagnetic
Interference) RFI (Radio Frequency Interference) Transient: Short
duration interference. Clean: Non-fluctuating power. Ground: The
wire in an electrical circuit that is grounded. Physical and
Environmental Security
Environmental Temperature & Humidity American Society of
Heating, Refrigerating, and Air Conditioning Engineers(ASHRAE) in
2008 set the ideal temperature range to degreeswith 25-60%
humidity.Prior to 2004 it was degrees. The recommended data center
set point is degrees with 40-55% humidity. Material or Component
Damaging Temperature Computer systems and peripheral devices 175 F
Magnetic storage devices 100 F Paper products 350 F Physical and
Environmental Security
Electric / Power Protection and Support Systems Electric Power:
Online UPS use AC line voltage to charge a bank of batteries.
Standby UPS stay inactive until a power line fails. Ventilation:
Most electronic equipment must operate in a climate-controlled
atmosphere. Overheating means that the components can expand and
contract, which causes components to change their electronic
characteristics, reducing their effectiveness or damaging the
system overall. Environmental Issues: Improper environmental
controls can cause damage to services, hardware, and lives. Create
positive drains (flows away from the building). Physical and
Environmental Security
Fire Prevention, Detection, and Suppression Smoke Detection Types
Ionization: reacts to the charged particles in smoke.
Photoelectric: reacts to changes in or blockage of light caused by
smoke. Heat: reacts to changes in or blockage of light caused by
smoke. Rate of rise temperature sensors alarms when temperature
increase over a period of time (10 degrees in less than 5 minutes).
Fixed temperature sensors alarm when a certain temperature is
reached. Remember there are deaf and blind folks out there.Heat,
Flame, Smokedetectors need audible and flashing alarms. Portable
extinguishers should be checked every 6 months. Physical and
Environmental Security
Fire Prevention, Detection, and Suppression Class Type Suppression
Material A Common Combustible (paper, wood, cardboard, most
plastics) Water, Foam B Liquids (gasoline, kerosene, grease, oil)
CO2, Halon, Foam, and Dry Powder C Electrical (electrical
appliances, wiring, circuit breakers) CO2, Halon, Dry Powder (never
use water) D Metal (found in chemical laboratories: magnesium,
titanium, potassium, sodium) Dry Powder Water reduces
temperature(the aim is to reduce temp, oxygen, fuel, or chemical
reaction) Soda acid reduces fuel supply;Dry powders interrupt the
chemical combustion (sodium or potassium bicarbonate; calcium
bicarbonate; sodium chloride);Soda acid can not be used with class
C fires as it conducts electricity Class D is also for special
fires such as chemical fires Beware of the collateral damage of the
suppression material:water can cause a lot of damage but it is the
safest suppression material if electricity is absent. Water and
foamreduce the fire temp below kindling or ignition point Gases
suppress oxygen and stop chemical reactions Dry powders suppress
fuel supply Wet chemicals suppress fire In Europe, flammable gases
are class C; Electrical is class E; Kitchen is class F CO2 is a
dangerous suppression agent Aero-K is an aerosol of microscopic
potassium compounds in a carrier gas in ceiling containers that is
not pressurized until the fire is present.Nothing is released until
two or more detectors confirm the fire.It is non-corrosive and
non-toxic All gas systems should have a visible countdown timer or
Halon Has been found to be an ozone-depleting substance. They do
not deplete oxygen to unsafe levels In 1987, an international
agreement known as the Montreal Protocol mandated the phase out of
halon systems in developed countries by the year 2000 and in
less-developed countries by No new Halon systems after 1994 No new
installations are allowed. Halon fire-suppression systems can be
left in place, but there are strict regulations on reporting
discharges EPA-approved replacements include FM-200, CEA-410,
NAF-S-III, FE-13, argon, water, and aragonite.FE-13 is the newest
and safe to 30% concentration.Others safe to 10-15% concentration
Fire extinguishers should be inspected every 6 months. THREE
ELEMENTS NEEDED FOR FIRE:HEAT, FUEL, OXYGEN Physical and
Environmental Security
Fire Prevention, Detection, and Suppression Water reduces
temperature(the aim is to reduce temp, oxygen, fuel, or chemical
reaction) Soda acid reduces fuel supply;Dry powders interrupt the
chemical combustion (sodium or potassium bicarbonate; calcium
bicarbonate; sodium chloride);Soda acid can not be used with class
C fires as it conducts electricity Class D is also for special
fires such as chemical fires Beware of the collateral damage of the
suppression material:water can cause a lot of damage but it is the
safest suppression material if electricity is absent. Water and
foamreduce the fire temp below kindling or ignition point Gases
suppress oxygen and stop chemical reactions Dry powders suppress
fuel supply Wet chemicals suppress fire In Europe, flammable gases
are class C; Electrical is class E; Kitchen is class F CO2 is a
dangerous suppression agent Aero-K is an aerosol of microscopic
potassium compounds in a carrier gas in ceiling containers that is
not pressurized until the fire is present.Nothing is released until
two or more detectors confirm the fire.It is non-corrosive and
non-toxic All gas systems should have a visible countdown timer or
Halon Has been found to be an ozone-depleting substance. They do
not deplete oxygen to unsafe levels In 1987, an international
agreement known as the Montreal Protocol mandated the phase out of
halon systems in developed countries by the year 2000 and in
less-developed countries by No new Halon systems after 1994 No new
installations are allowed. Halon fire-suppression systems can be
left in place, but there are strict regulations on reporting
discharges EPA-approved replacements include FM-200, CEA-410,
NAF-S-III, FE-13, argon, water, and aragonite.FE-13 is the newest
and safe to 30% concentration.Others safe to 10-15% concentration
Fire extinguishers should be inspected every 6 months. THREE
ELEMENTS NEEDED FOR FIRE:HEAT, FUEL, OXYGEN Physical and
Environmental Security
Fire Prevention, Detection, and Suppression CO2:Colorless, odorless
substance removes oxygen from the air.Best used in unattended
facilities and areas. Halon:Has been found to be an ozone-depleting
substance.In 1987, an international agreement known as the Montreal
Protocol mandated the phase out of Halon systems in developed
countries by the year 2000 and in less-developed countries by No
new installations are allowed.EPA-approved replacements include
FM-200, CEA-410, NAF-S-III, FE-13, argon, water, and
aragonite.FE-13 is the newest and safe to 30% concentration.Others
safe to 10-15% concentration Dry Powder:Interrupts the chemical
combustion of a fire. Foam:Mainly water based, and contains a
foaming agent that allows it to float on top of the burning
material to cut off oxygen. Physical and Environmental
Security
Sprinkler Systems Wet Pipe:Always contains water in the pipes and
is discharged by temperature control level sensors; Not good for
cold weather.A fusible link melts allowing water to flow.Each
sprinkler head is independent.Rates of fusible links in
degrees:Orange 135F; Red 155F; Yellow 175F; Green 200F; Blue 286F.
Dry Pipe:Water is in a holding tank until released.Pipe holds
pressurized air, which is reduced when a fire or smoke alarm is
activated, allowing a water valve to be opened by the water
pressure. Less efficient than a wet pipe system.Used in areas where
water might freeze. Physical and Environmental Security
Sprinkler Systems Dry Powder:similar to dry pipes.Combination of
wet and dry pipes. (1) Water fills up pipes as pressurized air is
reduced. (2) A thermal fusible link on the sprinkler head has to
melt before the water is released. (1) and (2) give people time to
respond to false alarms or extinguish small fires. (single
Interlock) water to pipe at fire alarm, water released when head
opens. (double interlock) water does not fill pipe until alarm
triggers and head opens. Deluge:Sprinkler heads are wide open to
allow a larger volume of water to be released in a shorter
period.Larger sprinkler head and larger tank.Good for warehouses,
etc.In a dry pipe configuration, a fire alarm opens a deluge valve.
Review Questions Question #1
What is the first step that should be taken when a fire has been
detected? Turn off the HVAC system and activate fire door releases.
Determine which type of fire it is. Advise individuals within the
building to leave. Activate the fire suppression system. 70 Review
Questions Question #1
What is the first step that should be taken when a fire has been
detected? Turn off the HVAC system and activate fire door releases.
Determine which type of fire it is. Advise individuals within the
building to leave. Activate the fire suppression system. 71 Review
Questions Question #2 General steps to maintain building
security, including the securing of server rooms, guards, and the
protection of cables and laptops are examples of what type of
controls? Administrative Logical Technical Physical 72 Review
Questions Question #2 General steps to maintain building
security, including the securing of server rooms, guards, and the
protection of cables and laptops are examples of what type of
controls? Administrative Logical Technical Physical 73 Review
Questions Question #3
According to NIST how far out should critical areas should be
illuminated? 8 ft. high and4 ft. out 8 ft. high and2 ft. out 10 ft.
high and 4 ft. out 10 ft. high and 6 ft. out 74 Review Questions
Question #3
According to NIST how far out should critical areas should be
illuminated? 8 ft. high and4 ft. out 8 ft. high and2 ft. out 10 ft.
high and 4 ft. out 10 ft. high and 6 ft. out 75 Review Questions
Question #4
What standardized fence height will stop a determined intruder? 3
to 4 ft. high 6 to 7 ft. high 8 ft. high and above with strands of
barbed wire No fence can stop a determined intruder 76 Review
Questions Question #4
What standardized fence height will stop a determined intruder? 3
to 4 ft. high 6 to 7 ft. high 8 ft. high and above with strands of
barbed wire No fence can stop a determined intruder 77 Review
Questions Question #5
Which fire class can water be the most appropriate for? Class A
fires Class B fires Class C fires Class D fires 78 Review Questions
Question #5
Which fire class can water be the most appropriate for? Class A
fires Class B fires Class C fires Class D fires 79 Review Questions
Question #6
Which of the following is NOT a precaution you can take to reduce
static electricity? Power line conditioning Anti-static sprays and
bags Anti-static flooring Maintaining proper humidity levels 80
Review Questions Question #6
Which of the following is NOT a precaution you can take to reduce
static electricity? Power line conditioning Anti-static sprays and
bags Anti-static flooring Maintaining proper humidity levels 81
Review Questions Question #7 Prolonged high voltage is known as
what?
surge spike fault blackout 82 Review Questions Question #7
Prolonged high voltage is known as what?
surge spike fault blackout 83 Review Questions Question #8
Which of the following is currently the most recommended water
system for a computer room? Preaction Wet pipe Dry pipe Deluge 84
Review Questions Question #8
Which of the following is currently the most recommended water
system for a computer room? Preaction Wet pipe Dry pipe Deluge 85
Review Questions Question #8 v.s. Review Questions Question
#9
Which of the following floors would be most appropriate to locate
an information processing facility / server room in a 6-story
building? Basement Ground floor Third floor Sixth floor 87 Review
Questions Question #9
Which of the following floors would be most appropriate to locate
an information processing facility / server room in a 6-story
building? Basement Ground floor Third floor Sixth floor 88 Review
Questions Question #10
Which of the following is the preferred way to suppress an
electrical fire in an information center? CO2 Halon Water Dry
Chemical 89 Review Questions Question #10
Which of the following is the preferred way to suppress an
electrical fire in an information center? CO2 Halon Water Dry
Chemical 90 Review Questions Question #11
Which of the following will most likely affect confidentiality,
integrity, and availability? Physical damage Unauthorized
disclosure of information Loss of control over system Physical
theft 91 Review Questions Question #11
Which of the following will most likely affect confidentiality,
integrity, and availability? Physical damage Unauthorized
disclosure of information Loss of control over system Physical
theft 92 Review Questions Question #12 (last one)
Which of the following is the most costly countermeasure in
reducing physical security risks? Procedural controls Hardware
devices Electronic systems Personnel 93 Review Questions Question
#12 (last one)
Which of the following is the most costly countermeasure in
reducing physical security risks? Procedural controls Hardware
devices Electronic systems Personnel 94 [email protected]
Questions? www2.hawaii.edu/~probbins
95
Top Related