2 cissp ® Official Study Guide Eighth Edition

Implement and Manage Physical Security 
429
CCTV is a security mechanism related to motion detectors, sensors, and alarms. 
However, CCTV is not an automated detection-and-response system. CCTV requires 
personnel to watch the captured video to detect suspicious and malicious activities and 
to trigger alarms. Security cameras can expand the effective visible range of a security 
guard, therefore increasing the scope of the oversight. In many cases, CCTV is not used as 
a primary detection tool because of the high cost of paying a person to sit and watch the 
video screens. Instead, it is used as a secondary or follow-up mechanism that is reviewed 
after a trigger from an automated system occurs. In fact, the same logic used for auditing 
and audit trails is used for CCTV and recorded events. A CCTV is a preventive measure, 
whereas reviewing recorded events is a detective measure.
Secondary verification
As illustrated in the previous real-world scenario, Gino was at constant risk of security 
breaches because Elise is constantly forgetting (and therefore writes down) every pass-
word, whereas Francis is habitually forgetful about the location of his key card. What 
happens when someone else comes into possession of either of these items and has 
knowledge of how or where to use them?
Gino’s biggest advantage will be any secondary verification mechanisms he has estab-
lished in the workplace. This may include a CCTV system that identifies the face of the 
person who uses a key card for access or inputs a combination in some area designated 
under surveillance. Even videotape logs of ingress and egress through checkpoints can 
be helpful when it comes to chasing down accidental or deliberate access abuses.
With known “problem users” or “problem identities,” many security systems can issue 
notifications or alerts when those identities are used. Depending on the systems that are 
available, and the risks that unauthorized access could pose, human follow-up may or 
may not be warranted. But any time Elise (or somebody who uses that identity) logs onto 
a system or anytime Francis’s key card is used, a floating or roving security guard could 
be dispatched to ensure that everything is on the up-and-up. Of course, it’s probably also 
a good idea to have Elise’s and Francis’s managers counsel them on the appropriate use 
(and storage) of passwords and key cards, just to make sure they understand the potential 
risks involved too.

Download 19,3 Mb.

Do'stlaringiz bilan baham: