🔒

Overview of Physical Security Controls

Oct 6, 2024

Introduction to Physical Security

Instructor: Liz Vanderheiden
Domain: Physical Security Controls (CISSP)

Main Types of Controls

  1. Physical Access Controls
    • Systems used to restrict access to specific areas.
    • Examples include:
      • Fencing
      • Man-traps
      • Security guards
      • Guard dogs
      • Locks
      • Biometric access controls

Fencing

  • Types of Fences:
    • 3-4 feet tall: Deters casual intruders
    • 6-7 feet tall: Too high to climb
    • 8 feet tall: Used to deter determined intruders

Man-Traps

  • Design: Two doors; one must close before the other can open.
  • Purpose: Prevents piggybacking (unauthorized person following an authorized person).
  • Features: Sensors to detect multiple individuals passing through simultaneously.

Security Guards

  • Importance: Needed more than ever for implementing technology and exercising judgment.
  • Functions:
    • Visible deterrent
    • Escorting visitors

Guard Dogs

  • Features: Highly visible deterrent with acute senses (smell and hearing).
  • Limitations: Less judgment ability compared to humans.

Locks

  • Types:
    • Preset
    • Programmable
    • Electronic
  • Characteristics: Simple to use and inexpensive.

Biometric Access Controls

  • Definition: Type of "something you are" (unique characteristics).
  • Examples: Fingerprint, retina, voice recognition.
  • Accuracy: Highly accurate for identification.

Rates to Know for CISSP Candidates

  • FAR (False Accept Rate): Unauthorized access granted.
  • FRR (False Reject Rate): Authorized access denied.
  • Cross Error Rate: When FAR = FRR.

Technical Controls

  • Definition: Include surveillance, alarms, and intrusion detection systems.
  • Example: Closed-circuit televisions (CCTVs)
    • Use: Deterrent and detective controls, complementing security guards.
    • Function: Record events for later analysis.

Administrative Controls

  • Definition: Policies and procedures to ensure proper implementation of physical and technical controls.
  • Requirements:
    • Secure restricted areas.
    • Record ingress and egress of individuals.
    • Emergency controls and training (fire drills).
    • Background investigations pre-employment.

Conclusion

  • Reviewed three domains of physical security:
    • Physical Access Controls
    • Technical Controls
    • Administrative Controls
  • Thank you for attending the lecture.
  • For more CISSP resources, visit CISSP Videos!

Full transcript