Chapter 9 & 10 Review
thermal detector
An alarm sensor designed to detect a defined rate of change in the ambient temperature within a defined space.
contact and weight sensor
An alarm sensor designed to detect increased pressure or contact at a specific location, such as a floor pad or a window.
vibration sensor
An alarm sensor designed to detect movement of the sensor rather than movement in the environment.
fail-safe lock
An electromechanical device that automatically releases the lock protecting a control point if a power outage occurs. This type of lock is used for fire safety locations.
fail-secure lock
An electromechanical device that stays locked and maintains the security of the control point if a power outage occurs.
proximity reader
An electronic signal receiver used with an electromechanical lock that allows users to place their cards within the reader's range and release the locking mechanism.
standby (or offline) UPS
An offline battery backup that detects the interruption of power to equipment and activates a transfer switch that provides power from batteries through a DC to AC converter until normal power is restored or the computer is shut down.
delta conversion online UPS
An uninterruptible power supply (UPS) that is similar to a double conversion online UPS except that it incorporates a delta transformer, which assists in powering the inverter while outside power is available.
fire suppression systems
Devices that are installed and maintained to detect and respond to a fire, potential fire, or combustion danger.
NIST SP 800-37
Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
triboelectrification
The exchange of electrons between two materials when they make contact, resulting in one object becoming more positively charged and the other more negatively charged.
tailgating
The process of gaining unauthorized entry into a facility by closely following another person through an entrance and using the credentials of the authorized person to bypass a control point.
TEMPEST
a U.S. government program designed to protect computers from electronic remote eavesdropping by reducing EMR emissions
thermal detection system
a category of fire detection systems that focuses on detecting the heat from a fire
smoke detection system
a category of fire detection systems that focuses on detecting the smoke from a fire
deliverable
a completed document or program module that can either serve as the beginning point for a later task or become an element in the finished poject
fixed- temperature sensor
a fire detection sensor that works by detecting the point at which the ambient temperature in an area reaches a predetermined level
flame detector
a fire detection system that works by detecting the infrared or ultraviolet light produced by an open flame
water mist sprinkler
a fire suppression sprinkler system that relies on ultra-fine mists to reduce the ambient temperature below that needed to sustain a flame
sprinkler system
a fire suppression system designed to apply a liquid, usually water, to all areas in which a fire has been detected
virtual organization
a group of people brought together for a specific task, usually from different organizations, divisions, or departments
biometric lock
a lock that reads a unique biological attribute such as a fingerprint, iris, retina, or palm and then uses that input as a key
secure facility
a physical location that has controls in place to minimize the risk of attacks from physical threats
mechanical lock
a physical lock that may rely on either a key or numerical combination to rotate tumblers and release the hasp. Also known as a manual lock
project wrap-up
a process of bringing a project to conclusion, addressing any pending issues and the overall project effort, and identifying ways to improve the process in the future
ground fault circuit interruption
a special circuit device designed to immediately disconnect a power supply when a sudden discharge (ground fault) is detected
milestone
a specific point in the project plan when a task that has a noticeable impact on the plan's progress is complete
telecommuting
a work arrangement in which employees work from an off-site location and connect to an organization's equipment electronically. Also known as telework
closed-circuit television
also known as CCT. A video capture and recording system used to monitor a facility
CBA (cost- benefit analysis)
also known as economic feasibility study, the formal assessment and presentation of the economic expenditures needed for a particular security control, contrasted with its projected value to the organization CBA= ALE(prior) - ALE(post) - ACS
motion detector
an alarm sensor designed to detect movement within a defined space
name badge
an identification card typically worn in a visible location to quickly verify an authorized member
static electricity
an imbalance of electrical charges in the atmosphere or on the surface o a material, caused by triboelectrification
resources
components required for the completion of a project, which could include skills, personnel, time, money, and material
gaseous (or chemical gas) emission systems
fire suppression systems that operate through the delivery of gases rather than water
certification
in information security, the comprehensive evaluation of an IT system's technical and nontechnical security controls that establishes the extent to which a particular design and implementation meets a set of predefined security requirements, usually in support of an accreditation process
successors
tasks or action steps that come after the specific task at hand
predecessors
tasks or action steps that come before the specific task at hand
humidity
the amount of moisture in the air
facilities management
the aspect organization management focused on the development and maintenance of is buildings and physical infrastructure
phased implementation
the conversion strategy that involves a measured rollout of the planned system; only part of the system is brought out and disseminated across an organization before the next piece is implemented
pilot implementation
the conversion strategy that involves implementing the entire system into a single office, department, or division, and dealing with issues that arise before expanding to the rest of the organization
parallel operations
the conversion strategy that involves running the new system concurrently with the old system
direct changeover
the conversion strategy that involves stopping the old system and starting the new one without any overlap
project plan
the documented instructions for participants and stakeholders of a project that provide details on goals, objectives, tasks, scheduling, and resource management
noise
the presence of additional and disruptive signals in network communications or electrical power delivery
gap analysis
the process of comparing measured results against expected results, then using the resulting "gap" as a measure of project success and as feedback for project management
accreditation
the process that authorizes an IT system to process, store, or transmit information
physical security
the protection of physical items, objects, or areas from unauthorized access and misuse
electrostatic discharge (ESD)
the release of ambient static electricity into a ground
electromagnetic radiation (EMR)
the transmission of radiant energy through space, commonly referred to as radio waves
Class C fires
these fires are caused by energized electrical equipment or appliances. Carbon dioxide, multipurpose dry chemical, and halon fire extinguishers are ideal for these type of fires. Never use a water fire extinguisher
Class K fires
these fires are fueled by combustible cooking oil and fats in commercial kitchens. These fires require special water mist, dry powder, or CO2 agents to extinguish
Class B fires
these fires are fueled by combustible liquids or gases, such as solvents, gasoline, paint, lacquer, and oil. Carbon dioxide, multipurpose dry chemical, and Halon fire extinguishers are ideal for these types of fires
Class D fires
these fires are fueled by combustible metals, such as magnetism, lithium, and sodium. They require special extinguishing agents and techniques
Class A fires
these fires involve ordinary combustible fuels such as wood, paper, textiles, rubber, cloth, and trash. Water and multipurpose dry chemical fire extinguishers are ideal for these type of fires
ISO 27000
these standards were originally created to provide a foundation for British certification of information security management systems (ISMSs)
Types of fires:
- Class A - Class B - Class C - Class D - Class K
Major steps in project plans:
- planning the project - supervising tasks and action steps - wrapping up
Rings of the Bull's eye model
1. Policies 2. Networks 3. Systems 4. Applications
What are the 7 major sources of physical loss?
1. extreme temperature: hot, cold 2. gases: war gases, commercial vapors, humid or dry air, suspended particles 3. liquids: water or chemicals 4. Living organisms: viruses, bacteria, people, animals, insects 5. projectiles: tangible objects in motion, powered objects 6. Movement: collapse, shearing, shaking, vibration, liquefaction, flow waves, separation, slide 7. Energy anomalies: electrical surge or failure, magnetism, static electricity, aging circuitry; radiation: sound, light, radio, microwave, electromagnetic, atomic
How to manage process of change ?
1. improve communication about change across the organization 2. enhance coordination between groups within the organization as change is scheduled and completed 3. reduce unintended consequences by having a process to resolve conflict and disruption that change can introduce 4. improve quality of service as potential failures are eliminated and groups work together 5. assure management that all groups are complying with the organization's policies for technology governance, procurement, accounting, and information security
Lewin Model consists of these stages
1. unfreezing: thawing hard and fast habits and established procedures 2. moving: transitioning between the old way and the new 3. refreezing: the integration of the new methods into the organization culture
line-interactive UPS
A UPS in which a pair of inverters and converters draw power from the outside source both to charge the battery and provide power to the internal protected device.
standby ferroresonant UPS
A UPS in which the outside power source directly feeds the internal protected device. The UPS serves as a battery backup, incorporating a ferroresonant transformer instead of a converter switch, providing line filtering and reducing the effect of some power problems, and reducing noise that may be present in the power as it is delivered.
double conversion online UPS
A UPS in which the protected device draws power from an output inverter. The inverter is powered by the UPS battery, which is constantly recharged from the outside power.
project scope
A description of a project's features, capabilities, functions, and quality level, used as the basis of a project plan.
request for proposal (RFP)
A document specifying the requirements of a project, provided to solicit bids from internal or external contractors.
identification (ID) card
A document used to verify the identity of a member of an organization, group, or domain.
rate-of-rise sensor
A fire detection sensor that works by detecting an unusually rapid increase in the area temperature within a relatively short period of time.
ionization sensor
A fire detection sensor that works by exposing the ambient air to a small amount of a harmless radioactive material within a detection chamber; an alarm is triggered when the level of electrical conductivity changes within the chamber.
photoelectric sensor
A fire detection sensor that works by projecting an infrared beam across an area. If the beam is interrupted, presumably by smoke, the alarm or suppression system is activated.
air- aspirating detector
A fire detection sensor used in high-sensitivity areas that works by taking in air, filtering it, and passing it through a chamber that contains a laser beam. The alarm triggers if the beam is broken.
clean agent
A fire suppression agent that does not leave any residue after use or interfere with the operation of electrical or electronic equipment.
wet-pipe system
A fire suppression sprinkler system that contains pressurized water in all pipes and has some form of valve in each protected area.
pre-action system
A fire suppression sprinkler system that employs a two-phase response to a fire. When a fire is detected anywhere in the facility, the system will first flood all pipes, then activate only the sprinkler heads in the area of the fire.
dry-pipe system
A fire suppression sprinkler system that has pressurized air in all pipes. The air is released in the event of a fire, allowing water to flow from a central area.
deluge system
A fire suppression sprinkler system that keeps all individual sprinkler heads open and applies water to all areas when activated.
work breakdown structure (WBS)
A list of the tasks to be accomplished in the project, the skill sets or individual employees needed to perform the tasks, the start and end dates for tasks, the estimated resources required, and the dependencies among tasks.
electromechanical lock
A lock that can accept a variety of inputs as keys, including magnetic strips on ID cards, radio signals from name badges, personal identification numbers (PINs) typed into a keypad, or some combination of these to activate an electrically powered locking mechanism.
bull's eye model
A method for prioritizing a program of complex change; it requires that issues be addressed from the general to the specific and focuses on systematic solutions instead of individual problems.
change control
A method of regulating the modification of systems within the organization by requiring formal review and approval for each change.
technology governance
A process organizations use to manage the effects and costs of technology implementation, innovation, and obsolescence.
projectitis
A situation in project planning in which the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts in the project management software than accomplishing meaningful project work.
mantrap
A small room or enclosure with separate entry and exit points, designed to restrain a person who fails an access authorization attempt.
plenum
A space between the ceiling in one level of a commercial building and the floor of the level above. This is used for air return.