Chapter 9. Physical Security and Biometrics


Physical security protects your physical computer and networking facilitiesyour building, your server room, your computers, your backup media, and increasingly, your people. Biometric devices (devices that sample a physical or behavioral traitfor example, a fingerprintand compare it with the traits on file to determine whether you are who you claim to be) provide an important first defense against breakins.

Sound physical security is the basis on which a security policy and its resulting activities must rest. The best computer security activities can easily be negated by careless physical security. The importance of good physical security can be illustrated by referring once again to the two security mnemonics: CIA and IRA. The first refers to the following:


Confidentiality

That which is secret should stay that way.


Integrity

That which is received is identical to what was sent, what is retrieved should be identical to what was stored.


Accessibility

What is stored should be easy to retrieve, what you need or where you wish to go should always be available to you.

The stepping stones to these are in the IRA:


Identification

Being able to prove you are who you say you are.


Reliability

All systems function as they should on demand, even in a crisis.


Authentication

Making sure users can access only those areas for which they are authorized.

To show how these relate to physical security, consider the following story.

In December 2002, social security numbers and other personal information for a half million military personnel, family members, and retirees were stolen by heisting the system's backup devices. The theft occurred on a Saturday and was detected the following Monday. Medical insurance claims data for active military personnel in the western portion of the United States were involved, and the matter was treated seriously, including posting of a reward, providing periodic updates of the case on a web site, and providing information to those affected about what to do if they suspected their stolen information had been misused. From backups (early news reports stated that the stolen drives were in fact "expensive backup devices"), the facility quickly determined which records were compromised and notified those affected with details of the stolen information, including copies of forms they may have filled out, so that the victims could see what data was at risk. No cases of identity theft or other crime have been attributed to this theft and the facility has since increased both electronic and physical security, and in fact has been awarded a contract for a considerably increased service area.

Upon further investigation, it became clear that the IT processes in place at this organization were reasonable. However, with a break-in on a Saturday being reported on Monday, there may have been a breakdown in physical security. It is clear that problems with physical security can undermine the best of intentions with electronic security.




Computer Security Basics
Computer Security Basics
ISBN: 0596006691
EAN: 2147483647
Year: 2004
Pages: 121

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net