2 cissp ® Official Study Guide Eighth Edition

Understand why there is no security without physical security

Download 19,3 Mb. Pdf ko'rish bet 408/881 Sana 08.04.2023 Hajmi 19,3 Mb. #925879

Bu sahifa navigatsiya:

• Be able to list administrative physical security controls.
• Be able to name the physical controls for physical security.
• Know the key elements in making a site selection and designing a facility for construction.
• Know how to design and configure secure work areas.

Understand why there is no security without physical security. Without control over the phys- ical environment, no amount of administrative or technical/logical access controls can provide  adequate security. If a malicious person can gain physical access to your facility or equipment,  they can do just about anything they want, from destruction to disclosure and alteration. Be able to list administrative physical security controls. Examples of administrative physi- cal security controls are facility construction and selection, site management, personnel  controls, awareness training, and emergency response and procedures. Be able to list the technical physical security controls. Technical physical security controls  can be access controls, intrusion detection, alarms, CCTV, monitoring, HVAC, power sup- plies, and fire detection and suppression. Be able to name the physical controls for physical security. Physical controls for physical  security are fencing, lighting, locks, construction materials, mantraps, dogs, and guards. Know the functional order of controls. These are deterrence, then denial, then detection,  and then delay. Know the key elements in making a site selection and designing a facility for construction. The key elements in making a site selection are visibility, composition of the surrounding  area, area accessibility, and the effects of natural disasters. A key element in designing a  facility for construction is understanding the level of security needed by your organization  and planning for it before construction begins. Know how to design and configure secure work areas. There should not be equal access  to all locations within a facility. Areas that contain assets of higher value or importance  should have restricted access. Valuable and confidential assets should be located in the  heart or center of protection provided by a facility. Also, centralized server or computer  rooms need not be human compatible. Download 19,3 Mb. Do'stlaringiz bilan baham: