Physical Security

Administrative, technical, and physical controls
Facility location, construction, and management
Physical security risks, threats, and countermeasures
Electrical power issues and countermeasures
Fire prevention, detection, and suppression
Intrusion detection systems

Introduction to Physical Security

• Natural environmental threats - Floods, eathquakes, storms and tornadoes, fires extreme temperature conditions, and so forth
• Supply system threats - Power distribution outages, communications, interruptions, and interruption to other natural energy resources such as water, steam, and gas, and so forth
• Manmade threats - Unauthorized access, explosions, damage by angry employees, employee errors and accidents, vandalism, fraud, theft, and so forth
• Politically motivated threats - Strikes, riots, civil disobedience, terrorist attacks and bombings, and so forth

Planning Process
Crime and disruption prevention through deterrence; Reduction of damage through the use of delaying mechanisms; Crime or disruption detection; Incident assessment; Response procedures

For an effective physical security program, the following steps must be taken

1. Identify a team of people who will build the physical security program through the following steps.
2. Carry our a risk analysis
   
3. Work with management to define acceptable risk level
4. Derive the required performance baselines
5. Create countermeasure performance metrics
6. Develop criteria from the results of analysis
7. Identify and implement countermeasures
8. Continuously evaluate countermeasures

Crime Prevention Through Environmental Design (CPTED)
Natural Access Control - the guidance of people entering and leaving a space by the placement of doors, fences, lighting, and even landscaping
Natural Surveillance
Territorial Reinforcement - creates physical designs that emphasize or extend the company's physical sphere of influence.

Designing a Physical Security Program

Facility

• Visibility
• Surrounding area and external entities
• Accessibility
• Natural disasters

Construction

• Walls
• Doors
• Ceilings
• Windows
• Flooring
• Heating, ventilation, and air conditioning
• Electronic power supplies
• Water and gas lines
• Fire detection and suppression

Entry Points - doors and windows. Types of windows include: Standard, Tempered, Acrylic, Wired, Laminated, Solar window film, Security film
Internal Compartments with partitions are used to create barriers between one area and another. Computer and Equipment Rooms.

Protecting Assets
Tips

• Inventory all laptops
• Harden the OS
• Password protect BIOS
• Register all laptops with the vendor and file a report when stolen
• Do not check laptop as luggage when flying
• Never leave a laptop unattended and carry it in an non descriptive carrying case
• Engrave the laptop with a symbol or number for proper identification
  
• Use a slot lock with a cable to connect a laptop to a stationary object
• Back up the data from the data and store it on a stationary PC or backup media
• Use specialized safes if storing laptops in vehicles
• Encrypt all sensitive data

Internal Support Systems
Electric Power
Power Protection
Electric Power Issues - Power excess, power loss, power degration
Surge, blackout, brownout, noise
Preventive measures and good practices Page 369-370
Environmental Issues
Ventilation
Fire Prevention, Detection and Suppression
Types of Fire Detection - Smoke activated or heat activated
Fire suppression - water sprinklers (wet pipe or dry pipe), preaction, deluge
Perimeter Security
Facility Access Control
Locks - mechanical locks (pin tumbler, wafer tumbler, combination locks, cipher locks
Personal Access Controls - piggybacking - this occurs when an individual gains unauthorized access by using someone else's legitimate credentials or access rights.
Fencing
Bollards - usually look like small concrete pillars outside a building.
Lighting
Surveillance Devices
Visual Recording Devices - Closed-circuit TV (CCTV)

• Purpose of CCTV - detect, assess, and/or identify intruders
• Types of environment the CCTV camera will work in - internal or external areas
• Field of view that is required - large or small area that needs to be monitored
• Amount of illumination of the environment - lit areas, unlit areas, area affected by sunlight
• Integration with other security controls

Intrusion Detection Systems
Electro-mechanical systems, photoelectric systems, passive infrared system, acoustical detection systems, wave-pattern motion detectors, and proximity detectors.
Patrol Force and Guards
Dogs
Auditing Physical Access

• Date and time of access attempt
• Entry point in which access was attempted
• User ID used when access was attempted
• Unsuccessful access attempts, especially if during unauthorized hours