pace-it, security+2.7: physical security and enviornmental controls

Physical security and environmental controls.

Instructor, PACE-IT Program – Edmonds Community College

Areas of expertise Industry Certifications PC Hardware Network

Administration IT Project

Management

Network Design User Training IT Troubleshooting

Qualifications Summary

Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.

Physical security and environmental controls.PACE-IT.

– Control types.

– Physical security.

– Environmental controls.

Control types.Physical security and environmental controls.

There are three main types of controls that can be used to mitigate security risks.

Administrative (management): written documentation that is used to help secure systems from risks.Technical: the security measures used to control access or reduce risk to any particular resource or asset. They may be digital in nature (e.g., a firewall) or they may be physical in nature (e.g., a door lock on a server room).Operational: procedures that are put in place to help ensure that day-to-day operations can occur—even after a risk event has happened (e.g., implementing the recovery procedure after a hard drive failure).



– Classification of control types.» The categories of control types can be further

broken down into what they are designed to achieve.

• Deterrent: used to deter an action from being performed (e.g., the threat of discipline for breaking a security policy).

• Preventative: used to prevent a security threat from occurring (e.g., locking server rooms to prevent unauthorized access).

• Detective: used to detect the occurrence of a risk event (e.g., a NIDS detecting a firewall breach).

• Compensating: used to compensate for any residual risk that may remain after another classification of control has been put in place (e.g., purchasing insurance to safeguard against loss resulting from a data loss event due to a network breach).

Physical security.Physical security and environmental controls.

Physical security measures can be used for multiple purposes, including keeping people safe in the workplace.

The use of proper lighting and signage can direct employees to emergency exits and/or keep them safe at night in the parking lot. Fences and barricades can be used to secure sensitive areas, while guards (used in conjunction with access lists) ensure that only authorized personnel are present, creating a safer work environment.Physical security measures can also be used to restrict access to sensitive resources through the use of alarms (e.g., motion sensors or closed-circuit sensors) or video surveillance.



Hardware locks.

Keeping assets where they belong.

A technical preventative control that can be used to keep resources secure. Locks may simple (e.g., use a key) or they be more complex (e.g., electronic locks).

Biometrics.

Making people prove who they are.

An authentication method that is based on a person’s physical attributes (e.g., fingerprint or voice pattern) or on physical actions (using typing style to authenticate a user).

Proximity readers.

Tracking movement within a facility.

Radio frequency ID badges or tokens can be used to determine the exact location of personnel within a facility. As an added benefit, they can be used to activate electronic door locks.

Some work environments require more security than others. One example is the wiring distribution point of IT networks.

Allowing unlimited access to the wiring distribution room is an extreme example of a security risk. Anybody would have access to all of the network’s communication and/or equipment, thus making them the “owner” of the network.In a highly sensitive, risk intolerant environment, it may be necessary to implement a mantrap to control access to specific areas of an organization. A mantrap often involves two locking doors with a space between them. A person is allowed through the first door, but not the second, until after additional verification, trapping the person until authorization is granted.


Environmental controls.Physical security and environmental controls.

A network’s health and safety can be affected by more than just a network interface failing or a possible security breach.

Network and systems administrators also need to be concerned about environmental factors. Some of those factors include electrical power, heat, and humidity.A properly designed HVAC (heating ventilation and air conditioning) system can aid in protecting critical components from damage (or loss of functionality). This is especially true when they are designed with a hot and cold aisle approach (the equipment’s air intakes are pointed toward AC vents, while the equipment’s exhaust fans are pointed toward the AC system’s cold air intake).



– Power monitoring.» Systems and tools can be used to evaluate the amount

of, and the quality of, the electrical power being delivered to the system.

• Power monitoring is often deployed with, or alongside, an uninterruptable power supply (UPS).

– Humidity monitors.» Humidity monitoring.

• Monitors allow administrators to control humidity levels.

– Fire suppression systems.» Need to be specifically designed for the resources they

protect.

– Electromagnetic interference shielding.

» In some work environments, it may be necessary to use shielded cabling to protect networks from electromagnetic interference (EMI).

What was covered.Physical security and environmental controls.

There are three main types of controls used to mitigate security risks. They are management controls, technical controls, and operational controls. These can be broken down into different classifications. These classification include: deterrent, preventative, detective, and compensating.

Topic

Control types.

Summary

Physical security measures can be used for multiple purposes, including keeping people safe in the workplace. Some of the physical security controls that can be put in place include: lighting and signage, fencing and barricades, guards, alarms, locks, biometrics, and proximity readers. Additionally, a mantrap can be used for highly secure areas in order to control access.

Physical security.

A network’s health and safety can be affected by more than just a network’s interface failing or a possible security breach. A properly designed HVAC system can aid in protecting critical components. Additional environmental monitoring should be done on electrical power systems and humidity levels. Fire suppression systems need to be specifically designed for the resources they protect. In some environments, shielded cabling may be required to negate the effects of EMI.

Environmental controls.

THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.