Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Physical Security(Third Video)
Transcript of Physical Security(Third Video)
Guards are used to check the credentials
Non forgeable credentials such as Drivers license
less chance of stolen or forged credentials
Uses passwords, biometrics, Magnetic-strip cards, smart cards, RFID
Combination of Human guards and Electronic Access Controls
Process of tracking the entry and exit of personnel who have access to secure areas
Can be done
Guard is the means of access Sign in log is the means of access control.
Systems maintain electronic log file for auditing
Log files are kept secure
Illegal Entry Alarms
Illegal entry alarm is triggered when any access point is used without an authorization.
Physical Isolation of assets
Physical materials needed to be protected in storage
Queue of backups
Backups must be kept secure
: Process of sending the critical digital information on leased encrypted communication circuit
Smoke Detectors and Sprinklers
Halon substitute as a fire suppressant
Security must be a top down objective, supported at highest levels of organization
Issues addressed by Policies
• Protection of critical and confidential information.
• IM, email and Internet access
• Use of cell phones, PDA's and mobile devices
• Information access control and categorization
• Personnel physical and electronic surveillance
• Software updating, testing and patching
Policies must be made as simple as possible
This is a process of walking through the procedure, to make sure that it includes every necessary step
done by members who are not involved in developing the procedure
Critical Procedure Sets
Employment initiation and Termination
: procedures regarding the requirement of drug tests and financial and police background checks on prospective employees.
Credentials, password and account management:
Procedures for issuance and cancellation of accounts and credentials, upgrading and downgrading of access rights as duties change
• SCADA System Restoration:
This is used when system is crashed or system is disabled. Procedures including unit tests of equipment, replacement of damaged equipment, overwriting of damaged software, restoration of configuration etc.
SCADA Systems Start up and Shut down
: These procedures are provided by SCADA system vendor and includes sequence of steps to bring system up or down
Security-patch/virus scanning management
: procedures for installing and testing security patches, distribution of patched software. Procedures for routine virus scanning and updating of virus scanning software
Employee Security Training
: This addresses the types of training needed for given levels of access and the frequency at which re-training will be required.
Once a SCADA System is fully operational, operators tend not to make changes to the system
SCADA Personnel are the first line of defense against former insider
Employees need to know
• Cyber threats and threat sources.
• Means used by attackers to plan and stage attacks.
•Basic practices that support and enable an effective security policy
• Damage/impact both to the organization and to the outside world on a
• Management support for necessary policies and procedures.
Policy states beliefs and objectives
Policy states beliefs and objectives
Procedure says how policies are to be implemented