Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Physical Security_Example v0.1

ali
by

Faham Usman

on 22 May 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Physical Security_Example v0.1

You keep your system updated
You backup your data
You have latest security software
Information Security
Physical Security
Awareness Campaign
Agenda
Salim is your Cyber Security Advisor.
Aims at promoting, building and ensuring a safer & secure cyber environment and culture in the UAE.
About aeCERT
One of the initiatives of the UAE Telecommunications Regulatory Authority.
aeCERT is the United Arab Emirates Computer Emergency Response Team.
aeCERT
Salim (aeCERT)
@salim_aecert
For more information
www.aecert.ae
info@aecert.ae
Questions
Physical Security
How to Ensure Physical Security
Employees should only be
able to use their access
cards during official
work hours
A physical security policy
should be enforced in the
organization
Sensitive areas should be
monitored and have restricted access
Every employ or visitor
should have an
Identification card/badge
Data Breach Stats
2013
29%
35%
36%
Source: http://www.symantec.com/content/en/us/about/media/pdfs/b-cost-of-a-data-breach-global-report-2013.en-us.pdf
Scenario 2: Strangers
Crime Prevention Through Environmental Design
Aim is to limit unauthorized access to the vicinity and minimize chances of criminal activity that might affect business.
Such controls give sense of security to people at the building.
Natural access control refers to the controls placed for people entering and leaving a space.
Natural Access Control
Perimeter Security
Perimeter security prevents unauthorized access to a location.
Perimeter security should be implemented in a facility in two modes i.e. during office hours and after office hours (the protocols for both will be different).
Perimeter security works best if it
is implemented using layered defense
approach.
Crime Prevention Through Environmental Design
Natural Territorial Reinforcement
The purpose of using this strategy is to give users of that particular vicinity, a sense of ownership and sense of belonging.
Natural territorial reinforcement refers to a strategy in which physical designs are used to draw border that differentiates public and private property.
Crime Prevention Through Environmental Design
The purpose of using natural surveillance is to give less room to criminals to carry out malicious activities. To carry out a criminal activity, a person needs to be at a place where no one can see him/her. High visibility decreases chances of criminal activity.
Natural surveillance refers to the use of physical and environmental features, people and activities in a way that enhances visibility around a vicinity.
01
Natural Surveillance
Scenario 1: Dumpster Diving
Throws confidential documents
in trash
How to Protect your Organization
Be careful from “piggybacking” or “tailgating “, this is when someone follows you closely through a locked door.
Keep confidential documents off your desk
Question people that don’t have an identification card, ask for their identification before you let them access sensitive areas.
Securely dispose off any media (papers, devices, systems, etc.) containing confidential information.
Tailgating Attack
You are entering your organization through the locked door using your access card
That was a stranger that just followed you to have access to the organization.
This person had access to the organization without using his access card
Someone is behind you and just followed you in
Real Incident
http://www.theregister.co.uk/Print/2013/09/20/barclays_cyber_cops_make_arrests/
Stole £1.3m
Attached KVM switch and 3g dongle to a computer in branch
No, you need to consider the
physical security
of your information.
Does that mean your information is secured and protected?
Physical Security
Scenario 1: Dumpster Diving
04
03
02
01
Those documents contained sensitive information and unauthorized person got access to it
Someone came and looked at your trash and took those documents
You throw these documents in the trash
You have some documents that you no longer need
Scenario 2: Strangers
These documents went to a competitor company
That person wasn’t the janitor but a spy from a competitor company
The janitor has access to your sensitive documents, and he took some important
documents
You leave your office unattended
The janitor is cleaning the office as usual, so you don’t think he is harmful
Perimeter Security
Facility Access Control
Security Officers
Intrusion Detection Systems
External Boundary Protection Mechanisms
Personnel Access Controls
Perimeter security contains following controls:
Crime Prevention Through Environmental Design
Natural Territorial Reinforcement
Sidewalks
Clearly marked addresses
Light fixtures
Landscaping
Fences
Walls
01
Crime Prevention Through Environmental Design
Natural Territorial Reinforcement
Natural Surveillance
Natural Access Control
CPTED implements three major protection strategies which are:
03
The CPTED model helps organizations devise a plan to create security zones with different security levels.
02
Crime Prevention Through Environmental Design (CPTED) is an approach enforced by organizations to minimize the chances of crime.
01
Physical Security Threats
Unlocked computers, devices, doors, cabinets
Documents left on a desk
Documents left at the scanner or the printer
People we consider trusted, such as Janitors, Repairmen.
Trash
05
04
03
02
01
Aspects we don’t usually consider as threats to the organization
Crime Prevention Through Environmental Design
Landscaping
Fences
Barriers
Doors
These controls can be
Natural Access Control
Sidewalks
Lighted bollards
Gates
Physical Security Threats
Human Physical Threats
Internal Physical Threats
External Physical Threats
Errors
Espionage
Sabotage
Theft
Earthquake
Flooding
Fire
Crime Prevention Through Environmental Design
Open Areas
Large
Windows
Bicycle paths
Parking Lots
Sidewalks
Stairways
Bench
1
Natural Surveillance
Data Breach Stats
Source: http://www.symantec.com/content/en/us/about/media/pdfs/b-cost-of-a-data-breach-global-report-2013.en-us.pdf
Employee leaves office and janitor accesses her sensitive files
Electrical Interruption
Searches trash and finds confidential
information
Security Alarms
Security Officials
Bicycle Paths
Sidewalks
Biometric Devices
Walls
CCTV Cameras
Windows
02
6
7
2
3
4
5
About aeCERT
Physical Security
Physical Security threats
How to Ensure Physical Security
Protection
02
03
04
05
06
Don’t leave our laptops and devices unattended and unlocked
Don’t leave sensitive documents on the scanner or the printer
Lock your computer when you are away from your desk
Full transcript