Physical Security Risks

Physical threats have existed for as long as man has inhabited Earth. In ancient times, a castle simply was not built at any indiscriminate location; careful planning was required. Exterior defenses (such as motes, channels, walls, and barricades) were needed to hold back the marauding hordes. Guards and towers had to be strategically placed to ensure the safety of the castle's inhabitants. As strangers approached, procedures and policies were needed to distinguish between friend or foe and then to pursue the appropriate action with that friend or foe. You had to know when to lower the gate or to boil a pot of hot oil.

In the modern world, a variety of threats to premises security exists. These can be divided into three broad categories: natural disasters, man-made threats, and emergency situations.

Natural Disasters

Natural disasters can come in many forms. Although natural disasters are not something we can prevent, we can develop plans that detail how we would deal with them. As an example, organizations planning to establish a facility in Houston, Texas, might not need to worry about earthquakes; however, hurricanes are an imminent possibility. Therefore, a good understanding of the region and its associated weather-related issues are an important security consideration. These are some of the natural disasters organizations must deal with:

  • Hurricanes, typhoons, and tropical cyclones These products of Mother Nature are products of the tropical ocean and atmosphere. They are powered by heat from the sea. As they progress across the ocean, they grow in velocity. When they move ashore, they spawn tornadoes and cause high winds and floods.
  • Tidal waves/tsunamis The word tsunami is based on a Japanese word meaning "harbor wave." This natural phenomenon consists of a series of widely dispersed waves that cause massive damage when they come ashore.
  • Floods Floods can result when the soil has poor retention properties or when the amount of rainfall exceeds the ground's ability to absorb water. Floods are also caused when creeks and rivers overflow their banks.
  • Earthquakes These are caused from movement of the earth along the fault lines. Areas such as California and Alaska are especially vulnerable because they are on top of a major fault line.
  • Tornados Tornados are violent storms that form from a thunderstorm. They descend to the ground as a violent rotating column of air. Tornados leave a path of destruction that can extend from the width of a football field to about a mile wide. If you ever see one, steer a wide path around it.
  • Fire This one leads the list in damage and potential for loss of life. As an example, statistics show that fires in the United States killed more than 4,500 people in 1993. That's a greater loss of life than all other natural disasters that year, including floods, hurricanes, tornadoes, and earthquakes.

Man-Made Threats

Man-made threats are another big concern when thinking about physical security. Not much can be done to prevent floods, hurricanes, or tornados, but man-made threats can be reduced. Man-made threats include terrorism, vandalism, theft, and destruction of company property.

  • Terrorism To many of us, the actions of terrorists might seem like random acts of violence, but that is not the case. Terrorism is a deliberate use of violence against civilians for political or religious means.
  • Vandalism Since the Vandals sacked Rome in 455 A.D., the term vandalism has been synonymous with the willful destruction of another's property.
  • Theft Theft of company assets can range from annoying to detrimental. Sure, the CEO's stolen laptop can be replaced, but what about the data on the laptop? What happens if the company's competitors end up with that information?
  • Destruction A former employee thought he would get even with the company by wiping out an important company database. What will it cost to recover? Did anyone implement that backup policy?
  • Criminal activities This includes a wide range of problems. Maybe your company thought it was getting a real tax break by moving into a lower-income area. Now, employees don't feel safe walking to their cars at night. Maybe your web administrator didn't think it would be a problem setting up a music and movie peer-to-peer download site on the company networkafter all, it's just for fun and a little added pocket money.

Emergency Situations

Unlike natural disasters or man-made threats, these are the events that just seem to happen, often at highly inopportune times. Although they're inconvenient, these situations don't usually lead to loss of life. Emergency situations include communication loss, utility loss, and equipment failure.

  • Communication loss Voice and data communication systems play a critical role in today's organizations. Communication loss can be the outage of voice communication systems or data networks. Sure you leased a redundant T1? How were you supposed to know that both were terminated at the same junction point across the street? That was, until someone smashed into that telephone pole on a Saturday night and all WAN access was lost!
  • Utility loss Utilities include water, gas, communications systems, and electrical power. The loss of utilities can bring business to a standstill. Generators and backup can prevent these problems if they are used. If you don't think this is a priority, you must not be one of the 50 million people left without power on August 14, 2003, when the United States suffered its largest-ever power outage.
  • Equipment failure Equipment will fail over time. That is why maintenance is so important. A Fortune 1000 study found that 65% of all businesses that failed to become operational after 1 week never became operational.

Service-level agreements (SLAs) are one good way to plan for equipment failure. With an SLA in place, the vendor agrees to repair or replace the covered equipment within a given period of time.


The CISSP Cram Sheet

A Note from Series Editor Ed Tittel

About the Author

Acknowledgments

We Want to Hear from You!

Introduction

Self-Assessment

The CISSP Certification Exam

Physical Security

Security-Management Practices

Access-Control Systems and Methodology

System Architecture and Models

Telecommunications and Network Security

Applications and Systems-Development Security

Operations Security

Business Continuity Planning

Law, Investigations, and Ethics

Cryptography

Practice Exam 1

Answers to Practice Exam 1

Practice Exam 2

Answers to Practice Exam 2



CISSP Exam Cram 2
CISSP Exam Cram 2
ISBN: 078973446X
EAN: 2147483647
Year: 2003
Pages: 204
Authors: Michael Gregg

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net