A. Hardware segmentation B

Chapter 
10
Physical Security 
Requirements
The CISSP exam ToPICS CoveRed In 
ThIS ChaPTeR InClude:
✓
Domain 3: Security Architecture and Engineering
■
3.10 Apply security principles to site and facility design
■
3.11 Implement site and facility security controls
■
3.11.1 Wiring closets/intermediate distribution facilities
■
3.11.2 Server rooms/data centers
■
3.11.3 Media storage facilities
■
3.11.4 Evidence storage
■
3.11.5 Restricted and work area security
■
3.11.6 Utilities and Heating, Ventilation, and Air
Conditioning (HVAC)
■
3.11.7 Environmental issues
■
3.11.8 Fire prevention, detection, and suppression
✓
Domain 7: Security Operations
■
7.15 Implement and manage physical security
■
7.15.1 Perimeter security controls
■
7.15.2 Internal security controls

The topic of physical and environmental security is referenced in 
several domains. The two primary occurrences are in domain 3,
“Security Architecture and Engineering,” and domain 7, “Security 
Operations.” Several subsections of these two domains of the Common Body of Knowledge 
(CBK) for the CISSP certification exam deal with topics and issues related to facility security, 
including foundational principles, design and implementation, fire protection, perimeter security, 
internal security, and many more.
The purpose of physical security is to protect against physical threats. The following 
physical threats are among the most common: fire and smoke, water (rising/falling), earth 
movement (earthquakes, landslides, volcanoes), storms (wind, lightning, rain, snow, sleet, 
ice), sabotage/vandalism, explosion/destruction, building collapse, toxic materials, utility loss 
(power, heating, cooling, air, water), equipment failure, theft, and personnel loss (strikes, 
illness, access, transport).
This chapter explores these issues and discusses safeguards and countermeasures to 
protect against them. In many cases, you’ll need a disaster recovery plan or a business 
continuity plan should a serious physical threat (such as an explosion, sabotage, or natural 
disaster) occur. Chapter 3, “Business Continuity Planning,” and Chapter 18, “Disaster 
Recovery Planning,” cover those topics in detail.
Apply Security Principles to Site 
and Facility Design
It should be blatantly obvious at this point that without control over the physical environ-
ment, no collection of administrative, technical, or logical access controls can provide ade-
quate security. If a malicious person can gain physical access to your facility or equipment, 
they can do just about anything they want, from destruction to disclosure or alteration. 
Physical controls are your first line of defense, and people are your last.
There are many aspects of implementing and maintaining physical security. A core 
element is selecting or designing the facility to house your information technology (IT) 
infrastructure and your organization’s operations. The process of selecting or designing 
facilities security always starts with a plan.

Apply Security Principles to Site and Facility Design 

Download 19,3 Mb.

Do'stlaringiz bilan baham: