Page 694 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 694

Secure evidence storage is likely to involve the following:

                    A dedicated storage system distinct from the production network


                    Potentially keeping the storage system offline when not actively
                    having new datasets transferred to it

                    Blocking Internet connectivity to and from the storage system

                    Tracking all activities on the evidence storage system

                    Calculating hashes for all datasets stored on the system

                    Limiting access to the security administrator and legal counsel

                    Encrypting all datasets stored on the system

               There may be additional security requirements for an evidence storage
               solution based on your local regulations, industry, or contractual
               obligations.



               Restricted and Work Area Security

               The design and configuration of internal security, including work areas
               and visitor areas, should be considered carefully. There should not be
               equal access to all locations within a facility. Areas that contain assets
               of higher value or importance should have more restricted access. For

               example, anyone who enters the facility should be able to access the
               restrooms and the public telephone without going into sensitive areas,
               but only network administrators and security staff should have access
               to the server room. Valuable and confidential assets should be located
               in the heart or center of protection provided by a facility. In effect, you
               should focus on deploying concentric circles of physical protection.

               This type of configuration requires increased levels of authorization to
               gain access into more sensitive areas inside the facility.

               Walls or partitions can be used to separate similar but distinct work
               areas. Such divisions deter casual shoulder surfing or eavesdropping
               (shoulder surfing is the act of gathering information from a system by
               observing the monitor or the use of the keyboard by the operator).
               Floor-to-ceiling walls should be used to separate areas with differing

               levels of sensitivity and confidentiality (where false or suspended
               ceilings are present, walls should cut these off as well to provide an
   689   690   691   692   693   694   695   696   697   698   699