Page 714 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 714
Using Locks
Keys or combination locks—which do you choose and for what
purposes?
Ultimately, there will always be forgetful users. Elise constantly
forgets her combination, and Francis can never remember to bring
his security key card to work. Gino maintains a pessimistic outlook
in his administrative style, so he’s keen on putting combinations
and key card accesses in all the right places.
Under what circumstances or conditions might you employ a
combination lock, and where might you instead opt for a key or key
card? What options put you at greater risk of loss if someone
discovers the combination or finds the key? Can you be certain that
these single points of failure do not significantly pose a risk to the
protected assets?
Many organizations typically utilize separate forms of key or
combination accesses throughout several areas of the facility. Key
and key card access is granted at select shared entry points
(exterior access into the building, access into interior rooms), and
combination locks control access to individual entry points
(storage lockers, file cabinets, and so on).
Programmable or combination locks offer a broader range of control
than preset locks. Some programmable locks can be configured with
multiple valid access combinations or may include digital or electronic
controls employing keypads, smartcards, or cipher devices. For
instance, an electronic access control (EAC) lock incorporates three
elements: an electromagnet to keep the door closed, a credential
reader to authenticate subjects and to disable the electromagnet, and a
sensor to reengage the electromagnet when the door is closed.
Locks serve as an alternative to security guards as a perimeter
entrance access control device. A gate or door can be opened and
closed to allow access by a security guard who verifies your identity
