Page 726 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 726

Know the common threats to physical access controls. No
               matter what form of physical access control is used, a security guard or

               other monitoring system must be deployed to prevent abuse,
               masquerading, and piggybacking. Abuses of physical access control
               include propping open secured doors and bypassing locks or access
               controls. Masquerading is using someone else’s security ID to gain
               entry to a facility. Piggybacking is following someone through a
               secured gate or doorway without being identified or authorized
               personally.


               Understand the need for audit trails and access logs. Audit
               trails and access logs are useful tools even for physical access control.
               They may need to be created manually by security guards. Or they can
               be generated automatically if sufficiently automated access control
               mechanisms are in place (in other words, smartcards and certain
               proximity readers). You should also consider monitoring entry points
               with CCTV. Through CCTV, you can compare the audit trails and

               access logs with a visually recorded history of the events. Such
               information is critical to reconstructing the events of an intrusion,
               breach, or attack.

               Understand the need for clean power. Power supplied by electric
               companies is not always consistent and clean. Most electronic
               equipment demands clean power in order to function properly.

               Equipment damage because of power fluctuations is a common
               occurrence. Many organizations opt to manage their own power
               through several means. A UPS is a type of self-charging battery that
               can be used to supply consistent clean power to sensitive equipment.
               UPSs also provide continuous power even after the primary power
               source fails. A UPS can continue to supply power for minutes or hours

               depending on its capacity and the draw by equipment.

               Know the terms commonly associated with power issues.
               Know the definitions of the following: fault, blackout, sag, brownout,
               spike, surge, inrush, noise, transient, clean, and ground.

               Understand how to control the environment. In addition to
               power considerations, maintaining the environment involves control
               over the HVAC mechanisms. Rooms containing primarily computers
   721   722   723   724   725   726   727   728   729   730   731