Physical Security Threats

Previous page
Table of content
Next page

Threats to physical security come in many forms including natural disasters, emergency situations, and man-made threats. All possible threats must be identified in order to perform a complete and thorough risk analysis and to develop an appropriate and effective control strategy. Some of the more common threats to physical security include

  • Fire: Threats from fire can be potentially devastating and lethal. Proper precautions, preparation, and training not only help limit the spread of fire and damage but, more important, can also save lives. Saving human lives is the first priority in any life-threatening situation. Other hazards associated with fires include smoke, explosions, building collapse, release of toxic materials or vapors, and water damage.

    Fire requires three elements to burn: heat, oxygen, and fuel. These three elements are sometimes referred to as the fire triangle. (See Figure 13-1.) Fire suppression and extinguishing systems fight fires by removing one of these three elements or by temporarily breaking up the chemical reaction between these three elements: that is, separating the fire triangle. Fires are classified according to the fuel type, as listed in Table 13-1.

    image from book
    Figure 13-1: A fire needs these three elements to burn.

    Table 13-1: Fire Classes and Suppression/Extinguishing Methods
    Open table as spreadsheet

    Class

    Description (Fuel)

    Extinguishing Method

    A

    Common combustibles, such as paper, wood, furniture, and clothing

    Water or soda acid

    B

    Burnable fuels, such as gasoline or oil

    CO2, soda acid, or Halon. (We discuss this in the later section “Detection systems”)

    C

    Electrical fires, such as computers or electronics

    CO2 or Halon. ( Note: Most important step to avoid a fire in this class: Turn off electricity first!)

    D

    Special fires, such as chemical or grease fires

    May require total immersion or other special techniques

     Instant Answer   Saving human lives is the first priority in any life-threatening situation.

    You must be able to describe Class A, B, and C fires and their primary extinguishing methods. Class D is less common and is not relevant to the CISSP exam.

  • Water: Water damage (and damage from liquids in general) can occur from many different sources including pipe breakage, firefighting efforts, leaking roofs, spilled drinks, flooding, and tsunamis. Wet computers and other electrical equipment pose a potentially lethal hazard.

  • Vibration and movement: Causes may include earthquakes, landslides, and explosions. Equipment may also be damaged by sudden or severe vibrations, falling objects, or equipment racks tipping over. More seriously, vibrations or movement may weaken structural integrity, causing a building collapse.

  • Severe weather: This includes hurricanes, tornadoes, high winds, severe thunderstorms and lightning, rain, snow, sleet, and ice. Such forces of nature may cause fires, water damage and flooding, structural damage, loss of communications and utilities, and personnel hazards.

  • Electricity: Sensitive equipment can be damaged or affected by various electrical hazards and anomalies, including

    • Electrostatic discharge (ESD): The ideal humidity range for computer equipment is 40–60 percent. Higher humidity causes condensation and corrosion. Lower humidity increases the potential for ESD (static electricity). A static charge of as little as 40V (volts) can damage sensitive circuits, and 2,000V can cause a system shutdown. The minimum discharge that can be felt by humans is 3,000V, and discharges of over 25,000V are possible.

       Instant Answer   The ideal humidity range for computer equipment is 40–60 percent.

    • Electrical noise: This includes Electromagnetic Interference (EMI) and Radio Frequency Interference (RFI). EMI is generated by the different charges between the three electrical wires (hot, neutral, and ground) and can be common-mode noise (caused by hot and ground) or traverse mode noise (caused by hot and neutral). RFI is caused by electrical components, such as fluorescent lighting and electric cables. A transient is a momentary line noise disturbance.

    • Electrical anomalies: These include the following, as listed in Table 13-2.

      Table 13-2: Electrical Anomalies
      Open table as spreadsheet

      Electrical Event

      Definition

      Blackout

      Total loss of power

      Fault

      Momentary loss of power

      Brownout

      Prolonged drop in voltage

      Sag

      Short drop in voltage

      Inrush

      Initial power rush

      Spike

      Momentary rush of power

      Surge

      Prolonged rush of power

       Tip   You may want to come up with some meaningless mnemonic for the above list such as “Bob Frequently Buys Shoes In Shoe Stores” because you will need to know these terms for the CISSP exam.

    • Lightning strikes: Approximately 10,000 fires are started every year by lightning strikes in the United States alone, despite the fact that only 20 percent of all lightning ever reaches the ground. Lightning can heat the air in immediate contact with the stroke to 54,000° Fahrenheit (F), which translates to 30,000° Celsius (C), and lightning can discharge 100,000 amperes of electrical current. Now that is an inrush!

    • Magnetic fields: Monitors and storage media (including floppy diskettes and hard drives) can be permanently damaged or erased by magnetic fields.

  • Sabotage/terrorism/war/theft/vandalism: Both internal and external threats must be considered. A heightened security posture is prudent during certain situations, including labor disputes, corporate downsizing, hostile terminations, bad publicity, demonstrations/protests, and civil unrest.

  • Equipment failure: Equipment failures are inevitable. Maintenance and support agreements, ready spare parts, and redundant systems can mitigate the effects.

  • Loss of communications and utilities: These include voice and data, electricity, and heating, ventilation, and air conditioning (HVAC). Loss of communications and utilities may be due to any of the above factors, as well as to human errors and mistakes.

  • Personnel loss: This can be due to illness, injury, death, transfer, labor disputes, resignations, and terminations. The effects of a personnel loss can be mitigated through good security practices, such as documented procedures, job rotations, cross-training, and redundant functions.



Previous page
Table of content
Next page
CISSP For Dummies
CISSP For Dummies
ISBN: 0470537914
EAN: 2147483647
Year: 2004
Pages: 242
Authors: Lawrence C. Miller, Peter H. Gregory CISA CISSP
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Image Processing with LabVIEW and IMAQ Vision
Adobe After Effects 7.0 Studio Techniques
Java for RPG Programmers, 2nd Edition
Managing Enterprise Systems with the Windows Script Host
Programming Microsoft ASP.NET 3.5
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy