1 / 19

Operational and Organizational Security

Operational and Organizational Security. Chapter 3. Objectives. Identify various operational aspects to security in your organization. Describe the physical security components that can protect your computers and network. Identify environmental factors that can affect security.

natalie-romero
Download Presentation

Operational and Organizational Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Operationaland Organizational Security Chapter 3

  2. Objectives Identify various operational aspects to security in your organization. Describe the physical security components that can protect your computers and network. Identify environmental factors that can affect security. Identify factors that affect the security of the growing number of wireless cellular technologies used for data transmission. Prevent disclosure through electronic emanations.

  3. Key Terms Biometrics Bluetooth Guidelines Heating, Ventilation, and Air Conditioning (HVAC) IEEE 802.11 Physical security Policies Procedures Standards TEMPEST Uninterruptible power supply (UPS)

  4. Security Operations in Your Organization • The operational model of security • Protection = Prevention + (Detection + Response) • No matter how secure we attempt to make our systems, some way will always be found to circumvent the safeguards we have in place. • Prevention technologies are static. • Detection and response technologies are dynamic.

  5. Security Operations in Your Organization (continued) • Policies • High-level, broad statements of what the organization wants to accomplish • Procedures • Step-by-step instructions on how to implement policies in the organization • Standards • Mandatory elements regarding the implementation of a policy • Guidelines • Recommendations relating to a policy

  6. The Operational Process and Policy Lifecycle

  7. Is This the Security Perimeter?

  8. A More Complete Diagram

  9. Physical Security • Physical security consists of all mechanisms used to ensure that physical access to the computer systems and networks is restricted to only authorized users. • No matter how good your computer and network security is, if a person has physical access, then can compromise the CIA of your information in some way.

  10. Physical Security (continued) • Access from all six sides should be considered • Is there a false ceiling with tiles that can be removed? • Is there a raised floor? • Do the monitors face away from windows? • Who has access to the facility? • What type of access control is there to the area? • Are there any guards? • Who is allowed unsupervised access to the facility? • Is there an alarm system or security camera set up?

  11. Access Controls • Authentication via • Something you have – key or card • Something you know – combination • Something you are – biometrics • Biometrics • More sophisticated and expensive • Not yet 100 percent foolproof • Two factor authentication • Using two of the methods for authentication • Other controls • Video surveillance, sign-in logs, security guards

  12. Physical Barriers • Principle of layered security • Fences • Guard at the gate • Open space • Walls • Signs denoting public and private areas • Man trap

  13. Environmental Issues • Heating, ventilation and air conditioning (HVAC) • Used to maintain the comfort of an office environment • Also maintained environment for computers • Heat and humidity sensitive devices and network components • Uninterruptable Power Supply (UPS) • Used for critical systems so that a loss of power will not halt processing • The larger the battery, the longer the equipment can operate during a loss of power

  14. Fire Suppression • Fire is a common disaster. • Fire detectors • Smoke detection • Heat detection • Fire suppression • Sprinkler-based • Standard, but will further damage equipment • Gas-based • Halon was used and may still exist in some areas. • Halon displaces oxygen and can asphyxiate people in the area when it is dispersed. • Halon is being replaced with other gases such as argon, nitrogen, and carbon dioxide. Note that the same danger exists.

  15. Wireless • By wireless we mean cellular telephones (“cell phones”) • Cell phone network • Phones • Cells with accompanying base stations • Base stations – antennas, receivers, transmitters, and amplifiers • As a person travels, they enter and exit multiple cells. • Also used for networking • Bluetooth – for short range personal area network (PAN) • IEEE 802.11 – used for local area networks (LAN)

  16. Electromagnetic Eavesdropping • The van Eck phenomenon • Eavesdropping on what is being displayed on monitors by picking up and decoding the electromagnetic interference (EMI) produced by monitors. • This phenomenon also applies to printers and computers.

  17. TEMPEST • Transient Electromagnetic Pulse Emanation STandard • The process for controlling emanations • Term also refers to a military program to control emanations • Three basic ways to protect emanations • Keep equipment at a safe distance. • Provide shielding for equipment. • Provide shielded enclosure, such as a room.

  18. Location • Where equipment is situated can increase or decrease its exposure to risk. • Where will you place access points? • How deep in the building can you place sensitive equipment? • What is the proximity of the building to roads? • Where are the monitors? • Where are your printers?

  19. Chapter Summary • Identify various operational aspects to security in your organization. • Describe the physical security components that can protect your computers and network. • Identify environmental factors that can affect security. • Identify factors that affect the security of the growing number of wireless cellular technologies used for data transmission. • Prevent disclosure through electronic emanations.

More Related