Is it possible to secure an asset with securing Physical perimeter of your building? – answer is “No”.
If a malicious person can gain physical access to your facility or equipment, they can do just about anything they want, from destruction to disclosure or alteration. Physical controls are your first line of defense, and people are your last.
All physical security should be based in a layered defense model.
Crime Prevention Through Environmental Design (CPTED) refers to designing a facility from the ground up to support security. It is actually a broad concept that can be applied to any project. Some of key points mentioned in CPTED are as below.
Physical Security Plan
Another important aspect of site and facility design is the proper convergence between the physical layout and the physical security plan. Achieving all the goals of CPTED is not always possible, and in cases where gaps exist, the physical security plan should include policies and/or procedures designed to close any gaps. The plan should address the following issues.
The security controls implemented to manage physical security can be divided into three groups: administrative, technical, and physical.
Administrative Physical Security Control
For selection of site, a number of decision has to be made such as
- Will the site be externally marked as a data center?
- Is there shared tenancy in the building?
- Where is the telecom demarc (the telecom demarcation point)?
Site selection should be based on the security needs of the organization. Below figure explain some of common questions which can help in Decision making.
Once site is selected; The support systems built into the building play critical role in overall physical security posture. Hence, there are multiple factors we need to look into while designing security.
Refer to below picture for all the physical controls used in an Organization
Technical Physical Control
Other Physical Security Requirements
In addition to the above mentioned control; there are few controls which are required for a specific area types such as Wiring closet, Data center, Server room, Media room etc.
In below figure we have discussed multiple controls for such special areas.
QUIZ TIME * – Practicing questions along with Concepts is Best way to Maintain Interest in Study. Hence, Please take some time for a small Quiz on Physical Security? – Please click on below image for quiz to start.
* The questions in these practice tests are listed to help you study information and concepts that are likely to be tested on CISSP certification and do not represent questions from any actual test. Your score on these practice tests is not meant to and will not correlate to any particular score on any test.
No matter the quality of the equipment your organization chooses to purchase and install, eventually it will fail.
Most IT professionals are used to talking about uptime, downtime, and system failure. But not everyone is entirely clear on the definition of the terms widely used in the industry. What exactly differentiates “mean time to failure” from “mean time between failures”? And how does “mean time to repair” play into it? Let’s get some definitions straight!
An SLA clearly defines the response time a vendor will provide in the event of an equipment failure emergency.
MTTF is the expected typical functional lifetime of the device given a specific operating environment.
MTTR is the average length of time required to perform a repair on the device.
MTBF is an estimation of the time between the first and any subsequent failures.
Refer to below picture for clear differences among MTTR, MTTF, MTBF
Make sure to schedule all devices to be replaced before their MTTF expires