Page 722 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 722

Summary


               If you don’t have control over the physical environment, no amount of
               administrative or technical/logical access controls can provide
               adequate security. If a malicious person gains physical access to your

               facility or equipment, they own it.

               Several elements are involved in implementing and maintaining
               physical security. One core element is selecting or designing the
               facility to house your IT infrastructure and the operations of your
               organization. You must start with a plan that outlines the security
               needs for your organization and emphasizes methods or mechanisms
               to employ to provide such security. Such a plan is developed through a

               process known as critical path analysis.

               The security controls implemented to manage physical security can be
               divided into three groups: administrative, technical, and physical.
               Administrative physical security controls include facility construction
               and selection, site management, personnel controls, awareness
               training, and emergency response and procedures. Technical physical

               security controls include access controls, intrusion detection, alarms,
               CCTV, monitoring, HVAC, power supplies, and fire detection and
               suppression. Examples of physical controls for physical security
               include fencing, lighting, locks, construction materials, mantraps,
               dogs, and guards.

               There are many types of physical access control mechanisms that can
               be deployed in an environment to control, monitor, and manage

               access to a facility. These range from deterrents to detection
               mechanisms. They can be fences, gates, turnstiles, mantraps, lighting,
               security guards, security dogs, key locks, combination locks, badges,
               motion detectors, sensors, and alarms.

               The technical controls most often employed as access control
               mechanisms to manage physical access include smart/dumb cards and
               biometrics. In addition to access control, physical security

               mechanisms can take the form of audit trails, access logs, and
               intrusion detection systems.
   717   718   719   720   721   722   723   724   725   726   727