Page 719 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 719

and the risks that unauthorized access could pose, human follow-

                  up may or may not be warranted. But any time Elise (or somebody
                  who uses that identity) logs onto a system or anytime Francis’s key
                  card is used, a floating or roving security guard could be
                  dispatched to ensure that everything is on the up-and-up. Of
                  course, it’s probably also a good idea to have Elise’s and Francis’s
                  managers counsel them on the appropriate use (and storage) of
                  passwords and key cards, just to make sure they understand the

                  potential risks involved too.



               Environment and Life Safety

               An important aspect of physical access control and maintaining the

               security of a facility is protecting the basic elements of the
               environment and protecting human life. In all circumstances and
               under all conditions, the most important aspect of security is
               protecting people. Thus, preventing harm to people is the most
               important goal for all security solutions.

               Part of maintaining safety for personnel is maintaining the basic

               environment of a facility. For short periods of time, people can survive
               without water, food, air conditioning, and power. But in some cases,
               the loss of these elements can have disastrous results, or they can be
               symptoms of more immediate and dangerous problems. Flooding,
               fires, release of toxic materials, and natural disasters all threaten
               human life as well as the stability of a facility. Physical security
               procedures should focus on protecting human life and then on
               restoring the safety of the environment and restoring the utilities

               necessary for the IT infrastructure to function.

               People should always be your top priority. Only after personnel are
               safe can you consider addressing business continuity. Many
               organizations adopt occupant emergency plans (OEPs) to guide and
               assist with sustaining personnel safety in the wake of a disaster. The
               OEP provides guidance on how to minimize threats to life, prevent

               injury, manage duress, handle travel, provide for safety monitoring,
               and protect property from damage due to a destructive physical event.
               The OEP does not address IT issues or business continuity, just
   714   715   716   717   718   719   720   721   722   723   724