Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Physical Security(Third Video)

No description
by

Sandeep Sakinala

on 19 August 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Physical Security(Third Video)

Physical Security
Access Controls
Manual
Electronic
Hybrid

Manual
Electronic
Hybrid
Guards are used to check the credentials
Non forgeable credentials such as Drivers license
less chance of stolen or forged credentials
Uses passwords, biometrics, Magnetic-strip cards, smart cards, RFID
Combination of Human guards and Electronic Access Controls
Biometric scanners.
Access Tracking
Process of tracking the entry and exit of personnel who have access to secure areas
Can be done
Manually
Electronically
Guard is the means of access Sign in log is the means of access control.
Systems maintain electronic log file for auditing

Log files are kept secure
Electronic access
Manual Access
Illegal Entry Alarms
Illegal entry alarm is triggered when any access point is used without an authorization.
Physical Isolation of assets
Physical materials needed to be protected in storage
Queue of backups
Backups must be kept secure
Electronic Vaulting
: Process of sending the critical digital information on leased encrypted communication circuit
Fire Suppression
Smoke Detectors and Sprinklers
Halon substitute as a fire suppressant
Telecom room
Operational Security
Security must be a top down objective, supported at highest levels of organization
Issues addressed by Policies
• Protection of critical and confidential information.
• IM, email and Internet access
• Use of cell phones, PDA's and mobile devices
• Information access control and categorization
• Personnel physical and electronic surveillance
• Software updating, testing and patching
Policies must be made as simple as possible
Procedure
Procedural Validation
This is a process of walking through the procedure, to make sure that it includes every necessary step
done by members who are not involved in developing the procedure
Critical Procedure Sets

Employment initiation and Termination
: procedures regarding the requirement of drug tests and financial and police background checks on prospective employees.

Credentials, password and account management:
Procedures for issuance and cancellation of accounts and credentials, upgrading and downgrading of access rights as duties change
• SCADA System Restoration:
This is used when system is crashed or system is disabled. Procedures including unit tests of equipment, replacement of damaged equipment, overwriting of damaged software, restoration of configuration etc.

SCADA Systems Start up and Shut down
: These procedures are provided by SCADA system vendor and includes sequence of steps to bring system up or down
Security-patch/virus scanning management
: procedures for installing and testing security patches, distribution of patched software. Procedures for routine virus scanning and updating of virus scanning software

Employee Security Training
: This addresses the types of training needed for given levels of access and the frequency at which re-training will be required.
Operational Differences
Once a SCADA System is fully operational, operators tend not to make changes to the system
Training
SCADA Personnel are the first line of defense against former insider
Employees need to know
• Cyber threats and threat sources.
• Means used by attackers to plan and stage attacks.
•Basic practices that support and enable an effective security policy
• Damage/impact both to the organization and to the outside world on a
successful attack.
• Management support for necessary policies and procedures.

Policy states beliefs and objectives
Security
Summary
Access control
Electronic
Manual
Hybrid
Access tracking
Manually
Electronically
Policy states beliefs and objectives
Procedure says how policies are to be implemented
Full transcript