2 cissp ® Official Study Guide Eighth Edition


Regulatory Requirements



Download 19,3 Mb.
Pdf ko'rish
bet407/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   403   404   405   406   407   408   409   410   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

431
Regulatory Requirements
Every organization operates within a certain industry and jurisdiction. Both of these enti-
ties (and possibly additional ones) impose legal requirements, restrictions, and regulations 
on the practices of organizations that fall within their realm. These 
legal requirements
can 
apply to licensed use of software, hiring restrictions, handling of sensitive materials, and 
compliance with safety regulations.
Complying with all applicable legal requirements is a key part of sustaining security. 
The legal requirements for an industry and a country (and often also a state and city) must 
be considered a baseline or foundation on which the remainder of the security infrastruc-
ture is built.
Summary
If you don’t have control over the physical environment, no amount of administrative or 
technical/logical access controls can provide adequate security. If a malicious person gains 
physical access to your facility or equipment, they own it.
Several elements are involved in implementing and maintaining physical security. One 
core element is selecting or designing the facility to house your IT infrastructure and the 
operations of your organization. You must start with a plan that outlines the security needs 
for your organization and emphasizes methods or mechanisms to employ to provide such 
security. Such a plan is developed through a process known as critical path analysis.
The security controls implemented to manage physical security can be divided into three 
groups: administrative, technical, and physical. Administrative physical security controls 
include facility construction and selection, site management, personnel controls, aware-
ness training, and emergency response and procedures. Technical physical security controls 
include access controls, intrusion detection, alarms, CCTV, monitoring, HVAC, power sup-
plies, and fire detection and suppression. Examples of physical controls for physical security 
include fencing, lighting, locks, construction materials, mantraps, dogs, and guards.
There are many types of physical access control mechanisms that can be deployed in an 
environment to control, monitor, and manage access to a facility. These range from deterrents to 
detection mechanisms. They can be fences, gates, turnstiles, mantraps, lighting, security guards, 
security dogs, key locks, combination locks, badges, motion detectors, sensors, and alarms.
The technical controls most often employed as access control mechanisms to manage 
physical access include smart/dumb cards and biometrics. In addition to access control
physical security mechanisms can take the form of audit trails, access logs, and intrusion 
detection systems.
Wiring closets and server rooms are important infrastructure elements that require pro-
tection. They often house core networking devices and other sensitive equipment. Protections 
include adequate locks, surveillance, access control, and regular physical inspections.
Media storage security should include a library checkout system, storage in a locked 
cabinet or safe, and sanitization of reusable media.


432
Chapter 10 

Physical Security Requirements
An important aspect of physical access control and maintaining the security of a facil-
ity is protecting the basic elements of the environment and protecting human life. In all 
circumstances and under all conditions, the most important goal of security is protecting 
people. Preventing harm is the utmost goal of all security solutions. Providing clean power 
sources and managing the environment are also important.
Fire detection and suppression must not be overlooked. In addition to protecting people, 
fire detection and suppression is designed to keep damage caused by fire, smoke, heat, and 
suppression materials to a minimum, especially in regard to the IT infrastructure.
People should always be your top priority. Only after personnel are safe can you con-
sider addressing business continuity.
Exam Essentials

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   403   404   405   406   407   408   409   410   ...   881




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish