CISSP Exam Notes - Physical Security
CISSP Exam Notes - Physical Security
1
CISSP Exam Notes - Physical Security
1. Introduction
1.1 Physical security addresses the physical protection of the resources of an organization, which include people, data, facilities, equipment, systems, etc. It concerns with people safety, how people can physically enter an environment and how the environmental issues affect equipment and systems. People safety always takes precedence over the other security factors.
1.2 Physical security is the first line of defense.
1.3 Major sources of physical security threats are:
Ÿ Weather, e.g. temperature, humidity, water, flood, wind, snow, lightening, etc.
Ÿ Fire and Chemical, e.g. explosion, smoke, toxic material, industrial pollution, etc.
Ÿ Earth movement, e.g. earthquake, volcano, slide, etc.
Ÿ Object movement, e.g. building collapse, falling object, car, truck, plane, etc.
Ÿ Energy, e.g. electricity, magnetism, radio wave anomalies, etc.
Ÿ Equipment , e.g. mechanical or electronic component failure, etc.
Ÿ Organism, e.g. virus, bacteria, animal, insect, etc.
Ÿ Human, e.g. strike, war, sabotage, etc.
1.4 There are three major types of control mechanisms for physical security:
Ÿ Administrative controls, e.g. facility selection, facility construction and management, personnel control, evacuation procedure, system shutdown procedure, fire suppression procedure, handling procedures for other exceptions such as hardware failure, bomb threats, etc.
Ÿ Physical controls, e.g. facility construction material, key and lock, access card and reader, fence, lighting, etc.
Ÿ Technical controls, e.g. physical access control and monitoring system, intrusion detection and alarm system, fire detection and suppression system, uninterrupted power supply, heating / ventilation / air conditioning system (HVAC), disk mirroring, data backup, etc.
1.5 Some physical security controls are required by laws, e.g. fire exit door, fire alarm, etc.
CISSP Exam Notes -
1
CISSP Exam Notes - Physical Security
1. Introduction
1.1 Physical security addresses the physical protection of the resources of an organization, which include people, data, facilities, equipment, systems, etc. It concerns with people safety, how people can physically enter an environment and how the environmental issues affect equipment and systems. People safety always takes precedence over the other security factors.
1.2 Physical security is the first line of defense.
1.3 Major sources of physical security threats are:
Ÿ Weather, e.g. temperature, humidity, water, flood, wind, snow, lightening, etc.
Ÿ Fire and Chemical, e.g. explosion, smoke, toxic material, industrial pollution, etc.
Ÿ Earth movement, e.g. earthquake, volcano, slide, etc.
Ÿ Object movement, e.g. building collapse, falling object, car, truck, plane, etc.
Ÿ Energy, e.g. electricity, magnetism, radio wave anomalies, etc.
Ÿ Equipment , e.g. mechanical or electronic component failure, etc.
Ÿ Organism, e.g. virus, bacteria, animal, insect, etc.
Ÿ Human, e.g. strike, war, sabotage, etc.
1.4 There are three major types of control mechanisms for physical security:
Ÿ Administrative controls, e.g. facility selection, facility construction and management, personnel control, evacuation procedure, system shutdown procedure, fire suppression procedure, handling procedures for other exceptions such as hardware failure, bomb threats, etc.
Ÿ Physical controls, e.g. facility construction material, key and lock, access card and reader, fence, lighting, etc.
Ÿ Technical controls, e.g. physical access control and monitoring system, intrusion detection and alarm system, fire detection and suppression system, uninterrupted power supply, heating / ventilation / air conditioning system (HVAC), disk mirroring, data backup, etc.
1.5 Some physical security controls are required by laws, e.g. fire exit door, fire alarm, etc.
CISSP Exam Notes -