Page 695 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 695

unbroken physical barrier between more and less secure areas).

               Each work area should be evaluated and assigned a classification just
               as IT assets are classified. Only people with clearance or classifications

               corresponding to the classification of the work area should be allowed
               access. Areas with different purposes or uses should be assigned
               different levels of access or restrictions. The more access to assets the
               equipment within an area offers, the more important become the
               restrictions that are used to control who enters those areas and what

               activities they are allowed to perform.
               Your facility security design process should support the

               implementation and operation of internal security. In addition to the
               management of workers in proper work spaces, you should address
               visitors and visitor control. Should there be an escort requirement for
               visitors, and what other forms of visitor control should be
               implemented? In addition to basic physical security tools such as keys

               and locks, mechanisms such as mantraps, video cameras, written logs,
               security guards, and RFID ID tags should be implemented.

               An example of a secure or restricted work area is that of the Sensitive
               Compartmented Information Facility (SCIF). A SCIF is often used by
               government and military contractors to provide a secure environment
               for highly sensitive data storage and computation. The purpose of a
               SCIF is to store, view, and update sensitive compartmented

               information (SCI), which is a type of classified information. A SCIF
               has restricted access to limit entrance to those individuals with a
               specific business need and authorization to access the data contained
               within. This is usually determined by the individual’s clearance level
               and SCI approval level. In most cases, a SCIF has restrictions against
               using or possessing photography, video, or other recording devices
               while in the secured area. A SCIF can be established in a ground-based

               facility, an aircraft, or floating platform. A SCIF can be a permanent
               installation or a temporary establishment. A SCIF is typically located
               within a structure, although an entire structure can be implemented as
               a SCIF.


               Utilities and HVAC Considerations
   690   691   692   693   694   695   696   697   698   699   700