CISSP Quiz: Physical And Environmental Security!

Biometric devices rely on measurements of biological characteristics of an individual, such as a fingerprint, hand geometry, voice, or iris patterns. 

The primary function of an access control system (ACS) is to ensure that only authorized personnel are permitted inside the controlled area. This can also include the regulation and flow of materials into and out of specific areas. Persons subject to control can include employees, visitors, customers, vendors, and the public. Access control measures should be different for each application to fulfill specific security, cost, and operational objectives.

These days, all businesses face new and complex physical security challenges across the full spectrum of operations. Although security technologies are not the answer to all organizational security problems, if applied appropriately, they can enhance the security envelope and, in the majority of cases, will save the organization money. 

A well-designed system provides protection-in-depth, minimizes the consequences of component failures, and exhibits balanced protection. The system itself typically has some elements that fall into the essence of deter–detect—delay–respond. 

When using a piece of portable computer equipment or media, regardless if it is being used inside the facility or is being removed for legitimate business outside of the facility, simple protection methods need to be employed to maintain the security of the equipment: use a cable lock, do not leave the equipment unattended or unsecured, use strong passwords, and encrypt data. 

The primary goal of a physical protection program is to control access into the facility. In the concept of defense-in-depth, barriers are arraigned in layers, with the level of security growing progressively higher as one comes closer to the center or the highest protective area. Defending an asset with a multiple postures can reduce the likelihood of a successful attack; if one layer of defense fails, another layer of defense will hopefully prevent the attack, and so on. 

Crime prevention through environmental design (CPTED) is a crime reduction technique that has several key elements applicable to the analysis of the building function and site design against physical attack. It is used by architects, city planners, landscapers, interior designers, and security professionals with the objective of creating a climate of safety in a community by designing a physical environment that positively influences human behavior. 

Uses of CCTV systems for security services include several diff erent functions: surveillance, assessment, deterrence, and evidentiary archives. 

The assessment of any facility or building's vulnerability should be done within the context of the defined threats and the value of the organization’s assets. Each element of the facility should be analyzed for vulnerabilities to each threat, and a vulnerability rating should be assigned. A vulnerability assessment may change the value rating of assets due to identifying critical nodes or some other factor that makes the organization’s assets more valuable.

Gates exist to facilitate and control access. Gates need to be controlled to ensure that only authorized persons and vehicles pass through. It is best to minimize the number of gates and access points because any opening is always a potential vulnerability. Each gate requires resources whether it uses electronic access control or a guard. The fewest number of entry points, the better the control of the facility. 

In the concept of defense-in-depth, barriers are arraigned in layers with the level of security growing progressively higher as one comes closer to the center or the highest protective area. Defending an asset with a multiple postures can reduce the likelihood of a successful attack; if one layer of defense fails, another layer of defense will hopefully prevent the attack, and so on. 

A common and frustrating loophole in an otherwise secure access control systems can be the ability of an unauthorized person to follow through a checkpoint behind an authorized person, called “piggybacking” or “tailgating.” One solution is an airlock-style arrangement called a mantrap, in which a person opens one door and waits for it to close before the next door opens. Another available system is a turnstile, which can be used as a supplemental control to assist a guard or receptionist while controlling access into a protected area. 

Glass-break sensors are a good intrusion detection device for buildings with a lot of glass windows and doors with glass panes. The use of dual-technology glass break sensors—acoustic and shock wave—is most effective. The reason is that if the only acoustic is used and an employee pulls the window blinds up, it can set off a false alarm; but if it is set to a dual-alarm system both acoustic and shock sensors will need to be activated before an alarm is triggered. 

All visitors entering the facility should sign in and out on a visitor’s log to maintain accountability of who is in the facility, the timeframe of the visit, who they visited, and in the case of an emergency have the accountability of everyone for safety purposes.

The key to a successful system is the integration of people, procedures, and equipment into a system that protects the targets from the threat. A well-designed system provides protection-in-depth, minimizes the consequences of component failures, and exhibits balanced protection. 

Before any project begins there must be an assessment made in order to put together an operational plan and a practical approach to securing the facility. This security assessment can also be called a security survey, vulnerability assessment, or risk analysis. 

Tamper protection is the means of protecting the physical devices associated with the alarm system through line supervision, encryption or tamper alarming of enclosures and components. 

Lights used for CCTV monitoring generally require at least one to two footcandles of illumination, whereas the lighting needed for safety considerations in exterior areas such as parking lots or garages substantially greater (at least 5 fc).

In the beginning, a good assessment requires the security professional to determine specific protection objectives. These objectives include threat definition, target identification, and facility characteristics. 

Laminated glass is recommended for installation in street-level windows, doorways, and other access areas.