PSCW Physical Security Project

1. PSCW Physical Security Project Supervised by: Ms. Faten Al-kahtani. Done by: IS 370 Students, 2011.

2. Scope Team • Diana Al-Omari • Donia Mohamad • Arwa Abu Shmais • EnasYaghi

3. Outline

4. Introduction • We decided to do a project that will benefit our university "Prince Sultan University for Women“. • The idea rose when we were discussing the security issues of the university in one of the Project Management classes and based on that we decided to make a project that will help our university to be secured more and more.

5. Project initiation • Project Leader: MS. Faten Al-Kahtani. • Teams leaders: • Scope Team: Diana Al-Omari. • Cost Team: Faten Al-Harthi • Quality Team: Alhanouf Al-Nasser • Time Team: Arwa Al-Tuwaijri • Communication Team: Haifa AlShami. • Procurement Team: AlanoudAlhenaki. • Integration Team: Arwa Abu-Shmais. • Human Resources Team: Abeer El-Sa'adi • Risk Team: Aya Aswad.

6. Scope Statement Our scope is about the physical security of PSCW buildings to protect the buildings from unauthorized access, the misuse of PSCW resources, and to keep the fundamental documents secure. The main goals will be to protect the PSU's physically from the misuse of resources ,and to keep the fundamental documents secure and also ensure that only authorized people can enter specific places like faculty offices and labs.

7. Scope Details • Building 1: • 25 rooms • 12 labs • 4 studios • 46 faculty offices • 2 gym • 1 library • 13 stores • 6 bathrooms • 17 administrator offices

8. Building 2: Building 3: • 9 rooms • 4 studios • 4 faculty offices • 1 meeting room • 13 stores • 5 bathrooms • 10 administrator offices • 1 prayer room • 29 rooms • 2 studios • 4 faculty offices • 4 stores • 1 bathrooms • 10 labs

9. What to protect ? • We have 600 computers in the three buildings, • and there are 15 switches (all switches in building 1). • There are also 92 projectors in the three buildings, one in each lab, room, studio.

10. Current security situation in PSU The already available security management in PSU consists of only key locks on doors, some of the labs have pin code & finger print security machines but they are not implemented yet.

11. The Physical Security Plan that will be implemented in PSCW • The plan starts with securing the main entrances and the three buildings of PSCW campus. • Add new main keys, alarms, and entrance checking devices to ensure that PSCW members are secure from any threat. • For the buildings, the level of security will be changed according to the types of rooms and divisions. • We decided to secure buildings sequentially so that the next building will not be started before the prior building is completely secured and successfully tested. By doing that, we would be able to reduce the risk and cut off the cost of workers since some workers could be used repeatedly. We prioritized the buildings according to their importance and to the number of critical rooms that need to be secured.

12. We will secure the labs by adding the missing pin code & finger print security devices which are six in the first building. The labs that already have pin code & finger print security devices will only require activation of those devices. • We will use digital locks to secure the administrative and faculty offices. • We will buy new file cabinets to secure the sensitive documents since they are part of PSCW assets. We will install alarms and smoke and fire detectors in each and every room of the three buildings. The portable fire extinguishers will be distributed in corridors.

13. An important point to consider is that before we install and test any of these devices, we will move the network switches in building (1) labs to a protected room. Moreover, training the users on using those devices is out of our scope and will not be the responsibility of the teams. It is considered the responsibility of PSCW.

14. Scope Control Any required change should go through these steps in order to be approved: • The required change should be written by the team that requests it. • Then, it should be distributed through the communication team. • A meeting with the scope team should be conducted, and discuss the required change, and by that the change will be clearly understood. • If the scope approves it, the communication team should prepare a meeting between all groups to discuss the feasibility of the change. • If the change is approved, the change request will turn into a change action.

15. References • Interview with the Head of the IT Department • University of Glasgow :: IT Services :: Information Security Management System Scope." University of Glasgow :: Glasgow, Scotland, UK. Web. 07 Mar. 2011. <http://www.gla.ac.uk/services/it/regulationscommitteesandpolicies/securitypolicies/informationsecuritymanagementsystemscope/>. • "University Policies." Queen's University. Web. 07 Mar. 2011. <http://www.queensu.ca/secretariat/senate/policies/InfoSystem.html#1>. • "In Depth Security: Using a Layered Approach to Network Security." Internet / Network Security - Tips, Advice and Tutorials About Internet Security and Network Security. 27 Feb. 2009. Web. 07 Mar. 2011. <http://netsecurity.about.com/od/newsandeditorial1/a/indepth.htm>. • "Security Implementation Mechanisms - The Java EE 5 Tutorial." Automatic Redirection. Web. 07 Mar. 2011. <http://download.oracle.com/javaee/5/tutorial/doc/bnbwy.html>. • "Authentication and Accounts Security." File Redirection. Web. 07 Mar. 2011. <http://www.softpanorama.org/Authentication/index.shtml>. • Moens, A. (2011). Physical and environmental security. Retrieved March 4, 2011, from TUDelft: https://intranet.tudelft.nl/live/pagina.jsp?id=74aeca25-a655-42df-b893-ea881f8a88b4&lang=en • https://online.penson.com/PensonBusinessContinuityPlan.pdf