Discussion and Replies

profileCyberSter
Information_Security_Fundamentals_----_6_Physical_Security.pdf

Chapter 6

Physical Security

John A. Blackley

Contents

Data Center Requirements

Physical Access Controls

Assets to Be Protected

Potential Threats

Attitude to Risk

Sample Controls

Fire Prevention and Detection

Fire Prevention

Fire Detection

Firefighting

Verified Disposal of Documents

Collection of Documents

Document Destruction Options

Choosing Services

Agreements

Duress Alarms

Intrusion Detection Systems

Purpose

Planning

Elements

Procedures

Summary

Peltier, Thomas R.. Information Security Fundamentals, Auerbach Publishers, Incorporated, 2013. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1375200. Created from apus on 2025-05-15 01:59:54.

Copyright © 2013. Auerbach Publishers, Incorporated. All rights reserved. Ebook pages 131-143 | Printed page 1 of 13

Data Center Requirements

The nature of physical security for a data center should be one of concentric rings of defense—with requirements for entry getting more difficult the closer we get to the center of the rings. Although company employees, authorized visitors, and vendors might be allowed inside the outermost ring, for example, only data center employees and accompanied vendors might be allowed within the innermost ring (see for illustration).Figure 6.1

The reason for this is obvious—if we take a number of precautions to protect information accessed at devices throughout the organization, then we must at least make sure that no damage or tampering can happen to the hardware on which the information is stored and processed.

To take this idea of concentric rings of protection a little further, we should start by considering the data center itself. Is the building that houses the data center standing by itself or is the data center in a building that houses other functions? If the data center is in a dedicated building, what approaches are open to the building and how well-protected are staff as they enter and leave the building? We may want to start building a picture of the exterior of the building to show the “outer ring” of protection—including entrances and exits, car parking facilities, and lighting. This picture of the outer ring might look like the example in .Figure 6.2

Having said all that, the principle of consistency must still be applied. There is no point in building physical access controls at a cost of several million dollars if the potential damage that could be done to a data center is less than several tens of millions of dollars. Remember, the cost of controls must be consistent with the value of the asset being protected and the definition of “consistent” depends on what risks your organization’s management decides to accept.

Concentric rings of protectionFigure 6.1 .

Peltier, Thomas R.. Information Security Fundamentals, Auerbach Publishers, Incorporated, 2013. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1375200. Created from apus on 2025-05-15 01:59:54.

Copyright © 2013. Auerbach Publishers, Incorporated. All rights reserved. Ebook pages 131-143 | Printed page 2 of 13

Outer ring of protectionFigure 6.2 .

Physical Access Controls

When considering the physical access controls that are appropriate for (and consistent with) your organization, we must take into account a number of variables— including the assets to be protected, the potential threat to those assets, and your organization’s attitude to risk.

Assets to Be Protected

Some organizations may decide to centralize operations and, in the course of doing so, build large, expensive “server farms” on their premises. On the other end of the scale, an organization might decide to take a decentralized approach and distribute their computers and computing equipment around the organization’s many buildings.

The amount of effort put into protecting physical assets in both of the above scenarios might well come to the same total amount but would be spent on different forms of protection. For a large server farm, several concentric rings of technology-based protection and access control might be appropriate, whereas for the distributed version, simply keeping individual servers in locked rooms might be sufficient. This is one variation to be considered when choosing appropriate physical access controls.

Potential Threats

Peltier, Thomas R.. Information Security Fundamentals, Auerbach Publishers, Incorporated, 2013. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1375200. Created from apus on 2025-05-15 01:59:54.

Copyright © 2013. Auerbach Publishers, Incorporated. All rights reserved. Ebook pages 131-143 | Printed page 3 of 13

When assessing potential threats, a large dose of common sense is often our best tool. The threats that exist for high-profile commercial or politically sensitive operations differ very much from those faced by, say, a biscuit manufacturer. Likewise, an operations center located in the middle of a turbulent city will face a much greater threat than one sited in an industry park in a semirural setting.

We must also take into account the nature and recent history of the organization itself. For example, if the organization is a stable and long-established one with no history of employee strife, then the threat countermeasures (in the form of physical security measures) to be taken will be a lot fewer than if the organization does have a reputation for disgruntled employees and disruptive activity on the premises. his is a second variation to be considered when choosing physical access controls.

Attitude to Risk

Perhaps the most common complaint among information security professionals is that “they” don’t understand the need for protective controls—“they” most often being management and senior management of the organization. Leaving aside the obvious rejoinder about it being the Information Security Professional’s job to teach “them” about the need for protective controls, we must point out that it is the function of any organization’s senior management to assess risk.

Daily business activities involve constant risk assessment. Every decision that is taken and that will influence how an organization does business involves a form of risk assessment in the act of making the decision.

It is no different with information security decisions. When facts and opinions have been made available to management and senior management, it is their function to decide on how risks will be managed. It is a fact of life that some organizations are very risk-averse and some are not. It is also a fact of life that individual managers have equally variable attitudes to risk. This is the third set of variation to consider when choosing physical access controls.

Sample Controls

Having looked at the complications involved in choosing appropriate physical access controls, it becomes clear that no “one-size-fits-all” solution exists. Each organization must examine its own particular assets, risks, and attitudes to risk before deciding on appropriate physical access controls. When that examination has been done, the organization will want to consider the following list of items when designing controls over physical access:

Physical security protection for IT equipment and systems should be established—based on

defined perimeters through strategically located barriers throughout the organization (already

discussed at the start of this chapter).

The security of the protection given must be consistent with the value of the assets or services

being protected (already discussed at the start of this chapter).

Peltier, Thomas R.. Information Security Fundamentals, Auerbach Publishers, Incorporated, 2013. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1375200. Created from apus on 2025-05-15 01:59:54.

Copyright © 2013. Auerbach Publishers, Incorporated. All rights reserved. Ebook pages 131-143 | Printed page 4 of 13

Support functions and equipment are sited to minimize the risks of unauthorized access to

secure areas or compromise of sensitive information— for example, network engineers who

will be called on often to enter the data center should not have their workplace located away

from the data center.

Physical barriers, where they are necessary, are extended from floor to ceiling to prevent

unauthorized entry and environmental contamination. In other words, walls that are meant to

prevent access, slow the spread of fire, or exclude dusty or polluted air must go all the way

from the actual ceiling of the building to the solid floor of the building and not just from false

ceiling to raised floor.

Personnel other than those working in a secure area are not informed of the activities within

the secure area. Although no one expects a cloak of secrecy to be hung over the existence of a

data center or other sensitive operation, details of the business conducted inside a protected

perimeter need not be known to anyone who does not have access inside the perimeter.

Working alone and unsupervised in sensitive areas must be prohibited (both for safety and to

prevent opportunities for malicious activities).

Computer equipment managed by the organization is housed in dedicated areas separate from

third party—managed computer equipment. Where a process or part of the organization’s

computing activity is carried out by a third party—that third party’s equipment should be

housed in an area that lets their engineers access the equipment without having access to the

organization’s computer equipment. This can usually be satisfied by keeping the two entities’

equipment in separate cages in the same room.

Secure areas, when vacated, must be physically locked and periodically checked.

Personnel supplying or maintaining support services are granted access to secure areas only

when required and authorized, their access restricted, and their activities monitored.

Unauthorized photography, recording, or video equipment must be prohibited within the

security perimeters.

Entry controls over secure areas must be established to ensure only authorized personnel can

gain access and a rigorous, auditable procedure for authorizing access must be put in place.

Visitors to secure areas must be supervised and their date and time of entry and departure will

be recorded.

Visitors to secure areas are granted access only for specific, authorized purposes.

Peltier, Thomas R.. Information Security Fundamentals, Auerbach Publishers, Incorporated, 2013. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1375200. Created from apus on 2025-05-15 01:59:54.

Copyright © 2013. Auerbach Publishers, Incorporated. All rights reserved. Ebook pages 131-143 | Printed page 5 of 13

All personnel must be required to wear visible identification within the secure area. The

necessary addition to this is that we must foster a culture in which employees feel

comfortable in challenging anyone who is in a secure area without visible identification.

Access rights to secure areas are to be revoked immediately for staff members who leave

employment.

Fire Prevention and Detection

Fire prevention and detection standards vary according to the premises—whether the premises also house materials or processes that increase the risk of fire and whether the premises themselves are located in an area where fire risk is higher or lower.

Generally, the local fire authority (Fire Marshall in the United States) can be consulted for advice on fire prevention and detection measures, and architects and vendors of data center equipment are also ready to give advice.

There are, however, some fire prevention and detection precautions that should be judged as standard and a minimum requirement for premises that house computers and critical information.

Fire Prevention

“No smoking” is the first rule. Although this is a common requirement throughout the United States at the time of writing, it is neither a Federal law nor a universally implemented State law. However, the use of smoking materials anywhere within a building that houses or processes critical information must be prohibited.

All flammable material—such as printer paper, plastic wrapping, and tapes— should be stored in an area separated from the main server or computer room by a fire-rated wall. Supplies for 1 day’s processing can be kept in the server or computer room but larger supplies must be stored separately.

Flammable or highly combustible materials must also be kept out of such premises. Where an organization produces, uses, or transports hazardous materials, all such materials must be stored away from premises where critical information is stored or processed. Where janitorial staff use flammable or combustible cleaning solvents, they should also be stored off-site. If that is not possible, they should be stored in an area that is behind a fireproof door and that has its own smoke- detecting equipment.

Many organizations now find it prudent to limit the amount of electrical power used in each cabinet and cage in the data center. High use of electrical power creates a buildup of heat and creates the potential for the buildup of static electricity—both fire hazards. Ventilation and grounding are the keys, of course, to limiting the risk from these, but limiting the amount of electrical power used in any physical area also reduces the chance of a heat or static electricity buildup. Most designers of data centers recommend that the ambient temperature in data centers should not exceed 74°F (23°C) because that reduces the risk of such buildups and also eases the control of humidity within the room.

Of course, when controlling the temperature and humidity in an enclosed space, it is necessary to monitor them, and the system used to monitor temperature and humidity in a data center must have the following characteristics:

Peltier, Thomas R.. Information Security Fundamentals, Auerbach Publishers, Incorporated, 2013. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1375200. Created from apus on 2025-05-15 01:59:54.

Copyright © 2013. Auerbach Publishers, Incorporated. All rights reserved. Ebook pages 131-143 | Printed page 6 of 13

The data gathered must be representative of the room being monitored. In other words, if

only one sensor is used in the room, it is unlikely that a true picture of temperature and

humidity will be available. Fluctuations from one part of the room to the next will not be

detected and “hot spots”—unless they happen to occur under the sensor—will go unnoticed.

The monitoring system must be capable of storing and presenting historical data. Seasonal

and event-based fluctuations provide important indicators to how to manage temperature and

humidity.

The monitoring system must be able to provide alarms when temperature and humidity fall

outside acceptable parameters. Fire, flood, or failure of the heating or cooling systems are all

critical events and the monitoring system must be able to alert staff to their occurrence.

Fire Detection

The most common sources of fires in data centers are the electrical system or the hardware. Breakdowns in insulation and the resultant short-circuiting can lead to intense heat that can melt materials or cause a fire. Data center fires are often small or smoldering, with little effect on the temperatures in the room. Because the smoke itself can affect the computer hardware, it is necessary to employ a detection system that is sensitive to smoke and other products of combustion rather than temperature. The specific detection and extinguishing system is dependent on the specific design and exposures of the individual data center area. In the United States, National Fire Prevention Association (NFPA) 75 states that automatic detection equipment must be installed to provide early warning of fire. The equipment used has to be a listed smoke detection type and every installation of smoke detection equipment must be engineered for the specific area to be protected (giving due consideration to air currents and patterns within the space to be monitored).

Smoke and fire detectors should be wired to a central alarm panel that is continuously monitored and, ideally, is constructed so that any alarm given is repeated instantly at the nearest firehouse. Where permanent connection to the firehouse is not possible, an external alarm should be installed to allow people outside the building to be notified and to raise the alarm with the emergency services.

Firefighting

In data centers, as much damage can be done by the fire suppression equipment as by the fire itself. Nonetheless, effective fire suppression systems must be installed in data centers.

A passive system reacts to smoke and fire without manual intervention. The most common forms of passive suppression are sprinkler systems or chemical suppression systems. Sprinkler systems can be flooded (wet pipe) or pre-action (dry pipe). A flooded system means that the pipes are full at all times, which allows the system to discharge immediately upon detection. A pre-action system will fill the sprinkler pipes upon an initial detection, but will delay discharging until a second detection criterion has been met. Chemical total flooding systems work by suffocating the fire within the controlled zone. The suppression chemical most often found in data centers is halon 1301. Halon is being eliminated in favor of the more environmentally friendly FM200 or various forms of water suppression. Carbon dioxide suppression systems are also used, but can be a concern

Peltier, Thomas R.. Information Security Fundamentals, Auerbach Publishers, Incorporated, 2013. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1375200. Created from apus on 2025-05-15 01:59:54.

Copyright © 2013. Auerbach Publishers, Incorporated. All rights reserved. Ebook pages 131-143 | Printed page 7 of 13

due to operator safety issues in the instance of a discharge. These can be used independently, or in combination depending on the exposures in the room, local ordinances, and insurance requirements.

The ideal system would incorporate both a gas system and a pre-action water sprinkler system. The gas suppression systems are friendlier to computing equipment. Water sprinklers often cause catastrophic and irreparable damage to the hardware, whereas the hardware in a room subjected to a gas discharge can often be brought back online soon after the room is purged.

Gas systems are, however, “one-shot” designs. If the fire is not put out in the initial discharge, there is no second chance. The gas system cannot be reused until it is recharged or connected to a back-up source. Water systems can continue to address the fire until it has been brought under control. Although this is more likely to damage the hardware, it is also a more secure means of protecting the building structure.

Water suppression systems are often preferred or mandated by building owners or insurance companies. Water systems are also highly recommended in areas containing a high level of combustible materials use or storage. The decision of what means of fire suppression to utilize must incorporate numerous factors, including the mission and criticality of the data center operations.

Verified Disposal of Documents

Although security precautions and fire prevention and suppression systems can ensure the safety of information within data centers, often little is done to protect information when it leaves the data center. Printed documents and documents on electronic media all leave the data center and, hopefully, fall under policies and standards for the protection of data throughout the workplace. But when documents are disposed of, all too often, the commonsense rules for protecting information are left behind.

We see documents clearly marked “Confidential” (or which, according to the content of the documents, should be clearly marked as such but aren’t) tossed into garbage cans and set out with the rest of the office rubbish. Where paper documents are collected, they are often left unattended— a convenient place for a wrongdoer to browse through a company’s paper output. In one facility I visited, the facility owners thoughtfully provided containers in which to dispose of confidential documents—large garbage cans clearly marked “Confidential Documents Only.” Once again, a convenient receptacle for wrongdoers to search.

It makes sense, does it not, that if we are to spend any money or effort to protect information, then the “circle of protection” ought to surround the information all the way to its destruction—and yet it so often does not.

Collection of Documents

The procedures for the collection of documents before their disposal should be documented and taught to all employees—and should avoid using large receptacles clearly marked “Confidential Documents Only.”

Every single department in the organization must have easy access to the containers used to dispose of documents. Where it involves more than a minute of time to properly dispose of a document, confidential documents will be put in garbage cans next to desks. Documents should be collected at fixed points in receptacles lined with opaque bags—so that, when the bags are taken away for disposal, the documents cannot be read through the bags themselves.

Peltier, Thomas R.. Information Security Fundamentals, Auerbach Publishers, Incorporated, 2013. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1375200. Created from apus on 2025-05-15 01:59:54.

Copyright © 2013. Auerbach Publishers, Incorporated. All rights reserved. Ebook pages 131-143 | Printed page 8 of 13

Where documents are collected in bins, we have to make a decision on whether or not to lock the bins. For locked bins, the advantages are that paper is secure (relatively) once deposited in the bin and we can demonstrate—to clients and auditors—that our information security circle of protection encompasses documents ready for disposal. Disadvantages include the procedures necessary to track keys, the extra expense, and the added attraction, for wrongdoers, of a locked (versus unlocked) document bin.

Clearly, every organization must make its own decisions on how to collect information destined for disposal and those decisions will be based on criteria already discussed in this book. One thing is certain, however, and that is this: If a secure document disposal process does not exist, then sooner or later, confidential documents will end up in the hands of someone who can use them to cause trouble for the company.

Document Destruction Options

There are three basic options for destruction of documents—recycling (commonly called pulping), shredding, and burning (although some organizations use a combination of one or more of these).

When considering recycling or pulping as an option, these factors must be taken into account:

Recycling with a bonded service usually means contracting with a service to have the paper

hauled to a bonded recycler or directly to a bonded paper mill. All of the paper sent to the

recycler should be documented with shipping information and a Certificate of Destruction

should be received to certify that the paper was sent directly to a specified locale on a specific

date and was destroyed on a specific date.

Where bonded recycling service is not available or is prohibitively expensive to use, we can

perform an assessment of the recycler’s procedures and facilities. If we find that recyclers

handle and process paper in a manner that meets confidentiality standards for security, then

we may use them instead of the more expensive, bonded alternative.

Shredding paper increases its volume and sometimes produces a false sense of security. Less- expensive shredders in fact only cut paper into ribbons that can be easily pieced together again and read. Even when we opt for a more expensive shredding option, we must consider these points:

Although shredding can be an effective way of disposing of documents, it is also expensive

and labor intensive, and if other options are available, it might not be necessary. Some

organizations do their own shredding with small, departmental shredders whereas others

choose to do it in a centralized fashion using a large, industrial centralized shredder.

Some organizations also decide to minimize shredding on-site by working with a recycling

hauler that provides secure services such as off-site shredding. These companies pick up the

Peltier, Thomas R.. Information Security Fundamentals, Auerbach Publishers, Incorporated, 2013. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1375200. Created from apus on 2025-05-15 01:59:54.

Copyright © 2013. Auerbach Publishers, Incorporated. All rights reserved. Ebook pages 131-143 | Printed page 9 of 13

paper from a central point and either shred it on-site in mobile units or transport it to a bulk

shredding facility. These firms come under the category of destruction firms, and they should

always be able to provide a certificate of destruction.

Choosing Services

Document disposal and recycling functions are most often contracted services. However, the organization’s responsibility for security of the documents does not end when they are removed from the facility. Making sure that the documents are subject to secure and reasonable processes until the information is destroyed is still the responsibility of the organization’s facilities.

Agreements

Everyone outside the organization (which owns the documents) who is involved in the destruction of the documents (including waste haulers, recycling facilities, landfill, and incinerator owners) should sign an agreement that states that they know that they will be handling confidential information from the organization and they agree to maintain the confidentiality of the information. The agreement must limit the vendor to use and disclosure of documents and the information contained in the documents to those uses stated by a contract.

Contractual language protecting the confidentiality of the waste should be built into all contracts with solid waste and recycling haulers and include the following elements:

Specify the method of destruction/disposal

Specify the time that will elapse between acquisition and destruction/disposal of documents

(or electronic media, if that is also to be disposed of)

Establish safeguards against breaches in confidentiality

Indemnify the organization from loss due to unauthorized disclosure

Require that the vendor maintain liability insurance in specified amounts at all times the

contract is in effect

Provide proof of destruction/disposal

One final point to consider when deciding how to dispose of documents is their collection in a loading dock area. We must secure our solid waste compactors and containers by locking all accessible openings to the compactor. Metal doors can be welded on the compactors to allow for them to be easily locked. Ensure that the loading dock is secure at all times. The container for the documents and the loading dock itself must be designed to minimize or eliminate the risk of documents blowing around in the wind before or while they are being collected for disposal.

Duress Alarms

In many facilities, certain operations are carried out that place staff in positions of heightened vulnerability. For example, in a bank, tellers are at risk from criminals who rob the bank during

Peltier, Thomas R.. Information Security Fundamentals, Auerbach Publishers, Incorporated, 2013. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1375200. Created from apus on 2025-05-15 01:59:54.

Copyright © 2013. Auerbach Publishers, Incorporated. All rights reserved. Ebook pages 131-143 | Printed page 10 of 13

business hours. In data centers, employees who handle negotiable instruments (checks, stock certificates, etc.) may also be at risk.

Where employees are performing jobs that increase the risk of their being vulnerable to coercion or attack, each employee’s workspace must be provided with a duress alarm. The alarm activator (button or switch) should be placed so that it can be used without its use being noticed by others (a footswitch, for example, can be used without anyone watching being aware of its use).

The choice of whether the alarm should sound locally or not will be made on the assessment of the type of risk the alarm is meant to indicate. In other words, if sounding the alarm locally is likely to increase the risk to the employee setting off the alarm, then the alarm should not sound locally. By the same token, if a local alarm might bring help more quickly or alleviate the situation, then one should be installed.

Whether local or remote, all employees who might be called upon to respond to the alarm must be trained in response techniques and the response procedures must be kept up-to-date and stored at the place where responding employees normally work.

Intrusion Detection Systems

In the context of physical security, intrusion detection systems means tools used to detect activity on the boundaries of a protected facility. When we commit to physically protecting the premises on which our staff work and which house our information processing equipment, we should carry out an exhaustive risk analysis and, where the threat requires, consider installing a perimeter intrusion detection system.

The simplest intrusion detection system is a guard patrol. Guards who walk the corridors and perimeter of a facility are very effective at identifying attempts to break into the facility and either raising the alarm or ending the attempt by challenging the intruder. Of course, the most obvious shortcoming of a guard patrol is that the patrol cannot be at all points of the facility at the same time.

Which leads to the next-simplest intrusion detection system and that is video monitoring. We can place video cameras at locations in the facility in which all points in the perimeter can be monitored simultaneously and, when an intrusion attempt is detected, the person charged with monitoring the video surveillance can raise an alarm.

Purpose

Our first task in defining the requirements of an intrusion detection system is to define what is to be protected and what the level and the nature of the threat is. For general threats, we might ask: How does anything from the outside get to the inside? Are the parking lots secure? What is the mail delivery system? What is the environmental system exposure? What are the loading dock procedures? What building access controls exist?

Other questions to be asked in defining the purpose of the intrusion detection system relate to the history of the facility. For example, has there been a specific parking lot incident, grounds incident, or a property/facility trespassing incident? Are there general vulnerability concerns that may include trespass, assault, or intimidation? When was the last occurrence and what were the circumstances? Are the authorities aware and involved? Is there documentation available for review?

Answering these questions will help define what the purpose of our intrusion detection system is (and what it needs to achieve). The next task is planning the system itself.

Peltier, Thomas R.. Information Security Fundamentals, Auerbach Publishers, Incorporated, 2013. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1375200. Created from apus on 2025-05-15 01:59:54.

Copyright © 2013. Auerbach Publishers, Incorporated. All rights reserved. Ebook pages 131-143 | Printed page 11 of 13

Planning

Of course, both of the examples given above should have been chosen as the result of a need identified by a risk assessment plus careful planning. The planning should have been carried out with an objective to provide a solution that addresses

Surveillance

Control

Maintenance

Training

During planning, the nature of the facility and the contents of the facility themselves should be taken into account. For example, the intrusion detection systems’ requirements for a dedicated data center campus, set in its own grounds and surrounded by a perimeter fence, differ greatly from those for a data center housed on the warehouse floor of a multistorey building in a city center.

Elements

The planning should produce a draft design that addresses the requirements of the premises. The elements of intrusion detection required will depend on the facilities—for example, the dedicated data center might require a perimeter fence, lighting on that fence and in the space between the fence and the walls of the facility, video cameras, and then the perimeter system for the building itself. On the other hand, a facility contained in a multiuse building will require intrusion detection systems on the doors, windows, floors, walls, and ceilings of only the part of the facility that contains the data center.

Elements to be considered when installing an intrusion detection system include

Video surveillance

Illumination

Motion detection sensors

Heat sensors

Alarm systems for windows and doors

“Break-glass” sensors (these are noise sensors that can detect the sound made by broken

glass)

Pressure sensors for floors and stairs

Procedures

Whatever tools or technologies are used in the intrusion detection system, the system will fail to provide security unless adequate procedures are put in place, and training on those procedures is given to staff expected to monitor and react to alarms created by the intrusion detection system.

Peltier, Thomas R.. Information Security Fundamentals, Auerbach Publishers, Incorporated, 2013. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1375200. Created from apus on 2025-05-15 01:59:54.

Copyright © 2013. Auerbach Publishers, Incorporated. All rights reserved. Ebook pages 131-143 | Printed page 12 of 13

Staff should be trained twice a year on what intrusion detection system alarms mean and how to respond to them. Those staff responsible for monitoring intrusion detection systems must be taught to recognize intrusion attempts and how to respond according to a response scale (i.e., when it is appropriate to respond in person, when to respond with assistance from facility personnel, and when law enforcement should be called for assistance).

Sample physical security policyFigure 6.3 .

Procedures should also include logging procedures that allow for all events— not just events requiring responses—to be logged for audit purposes or for purposes of follow-up ( ).Figure 6.3

Summary

The nature of physical security for a data center should be one of concentric rings of defense—with requirements for entry getting more difficult the closer we get to the center of the rings. The reason for this is obvious—if we take a number of precautions to protect information accessed at devices throughout the organization, then we must at least make sure that no damage or tampering can happen to the hardware on which the information is stored and processed. Having said that, the principle of consistency must still be applied. There is no point in building physical access controls at a cost of several million dollars if the potential damage that could be done to a data center is less than several tens of millions of dollars.

Peltier, Thomas R.. Information Security Fundamentals, Auerbach Publishers, Incorporated, 2013. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/apus/detail.action?docID=1375200. Created from apus on 2025-05-15 01:59:54.

Copyright © 2013. Auerbach Publishers, Incorporated. All rights reserved. Ebook pages 131-143 | Printed page 13 of 13