Principles of Information Security (6th. Ed) - Chapter 9 Review Questions

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

A physical firewall is one that limits the spread of damage should a fire break out in an office; it isolates the physical spaces of the offices. Reasons: To keep fire from spreading and to keep intruders from climbing through plenum found above standard interior walls or sledge-hammering through the walls.

10. Describe a physical firewall that is used in buildings. List reasons that an organization might need a firewall for physical security controls.

Fire is considered to be the most serious threat to physical security. This reasoning is valid because fire causes "more property damage, personal injury, and death than any other threat" (Whitman 514).

11. What is considered the most serious threat withing the realm of physical security. Why is it valid to consider this threat the most serious?

The three elements are: Temperature, fuel, and oxygen Water and water mist systems work to reduce the temperature and saturate fuels. Carbon dioxide (kill people too) and Halon (don't kill people) systems reduce the oxygen.

12. What three elements must be present for a fire to ignite and continue to burn? How do fire suppression systems manipulate the three elements to quell fires?

Thermal detection: Detects the heat from a fire; includes fixed-temperature and rate-of-rise sensors; inexpensive and easy to maintain; don't catch the problem until it's already in progress; not used for important items Smoke detection: Detects the smoke from a fire; includes photoelectric sensors, ionization sensors, and air-aspirating detectors; more expensive but better at early detection; used where extremely valuable materials are stored Flame detection: Detects infrared/ultraviolet light produced by an open flame; sensitive and expensive; not used in areas where human lives are at stake. Most commonly used: SMOKE DETECTION SYSTEMS

13. List and describe the three fire detection technologies covered in the chapter. Which is the most commonly used?

> Class A: Combustible fuels such as wood, paper, textiles, rubber, cloth, and trash. Extinguished by fuel-depleting agents like water and multipurpose dry chemical fire extinguishers. > Class B: Combustible liquids or gases such as solvents, gasoline, paint, lacquer, and oil. Extinguished by oxygen-depleting agents like carbon dioxide, dry chemical, and Halon fire extinguishers > Class C: Energized electrical equipmnt or appliances. Extinguished by nonconducting agents like carbon dioxid, dry chemical, and Halon extinguishers - NEVER USE WATER. > Class D: Combustible metals such as magnesium, lithium, and sodium. Extinguished by special extinguishing agents and techniques. > Class K: Combustible cooking oil and fats in commercial kitchens. Extinguished by special water mist, dry powder, or CO2 agents

14. List and describe the four classes of fire described in the text. Does the class of the fire dictate how to control it?

Halon is a clean agent, gas-based system that relies on a chemical reaction with the flame to extinguish it - much safer than carbon dioxide. It's restricted because the EPS classified Halon as an ozone-depleting substance.

15. What is Halon and why is its use restricted?

The operation of HVAC systems have a dramatic impact on information, info systems, and their protection.

16a. What is the relationship between HVAC and physical security?

Temperature, filtration, humidity, and static electricity

16b. What four physical characteristics of the indoor environment are controlled by a properly designed HVAC system?

Optimal temperature: 70- 74 degrees Optimal humidity: 40-60%

16c. What are the optimal temps and humidity ranges for computing systems?

1. Standby (offline) UPS: Detests the interruption of power to equipment and activates a transfer switch that provides power from the batteries through a DC to AC converter until normal power is restored/computer is shut down. - not truly uninterruptible, but a SPS - most cost-effective - suffers switching time - no power conditioning - best suited for home and light office use 2. Line-interactive UPS: a UPS in which a pair of inverters and converters draw power from the outside source to both charge the battery and provide power to the internal protected device. - the primary power source = power utility - faster response time - power conditioning - line filtering 3. Double conversion online UPS: a UPS in which the protected device draws power from an output inverter. The inverter is powered by the UPS battery, which is constantly recharged from the outside power. - allows use while eliminating power fluctuation - MOST expensive - generates lots of heat - improved model: Delta conversion online UPS 4. Standby ferroresonant UPS: a UPS in which the outside power source directly feeds the internal protected device. The UPS serves as a battery backup, incorporating a ferrorresonant transformer instead of a converter switch, providing line filtering and reducing the effect of some power problems, and reducing noise that maybe present in the power as it is delivered. - primary power source = electrical service - ferroresonant transformer replaces UPS transfer switch - stores energy in its coils - many have abandoned this design

17. List and describe the four primary types of UPS systems. Which is the most effective and the most expensive, and why?

1. Fire suppression: This is important to stopping fires... 2. Air conditioning systems: This is needed to cool systems (and people!) to prevent fires and static electricity.

18.. What two critical factors are affected when water is not available to the facility? Why are they important to the operation of the org's info systems?

1. Direct observation: A person is close enough o the information to breach confidentiality; shoulder surfing, for ex. Physical security limits the possibility of a person accessing authorized areas and directly observing info. Emps can be prohibited from removing sensitive info from the office or required to implement strong home security. 2. Interception of data transmissions: accessing media transmitting the data; using sniffer software, tapping into a LAN, eavesdropping Network admin can conduct periodic physical inspections of all data ports to ensure no unauthorized taps have occurred; use fiber-optic cables to prevent direct wiretaps 3. Electromagnetic interception: Eavesdropping on electromagnetic signals and determining the data carried on the cables without tapping into them. TEMPEST ensures computers are placed far away from outside perimeters, installs special shielding inside CPU case, implements other restrictions (distance from plumbing and other infra components that carry radio waves).

19. List and describe the there fundamental ways that data can be intercepted. How does a physical security program protect against each of these data interception methods?

> Physical securty is the protection of physical items, object, or areas from unauthorized access and misuse. > Just as important as logical security

1a. What is physical security?

> Donn B. Parker's 7 Major Sources of Physical Loss 1. Extreme temperature: heat, cold 2. Gases: war gases, commercial vapors, humid/dry air, suspended particles 3. Liquids: water, chemicals 4. Living organisms: viruses, bacteria, people, animals, insects 5. Projectiles: tangible objects in motions, powered objects 6. Movement: collapse, shearing, shaking, vibration, liquefaction, flow waves, separation, slide 7. Energy anomalies: electrical surge or failure, magnetism, static electricity, aging circuity; radiation: sound, light, radio, microwave, electromagnetic, atomic

1b. What are the primary threats to physical security?How are the primary threats manifested in attacks against the organization

> General management: facility security > IT management and professionals: environmental and access security > Information security management and professionals: perform risk assessments and implementation reviews

2. What are the roles of an organization's IT, security, and general management with regard to physical security?

- Configure them to send their location if reported lost or stolen, wipe themselves of all user data, or disable themselves completely. - Install software like CompuTrace (laptops) - Install laptop burglar alarms that contain motion detector, GPS tranceiver, and/or RFID tag - Don't leave devices in an unlocked vehicle - Carry devices in nondescript carrying case - Don't leave a meeting room without electronics - Lock device in a safe place when not in use - Apply distinctive paint markings to ID electronics - Maybe buy theft alarm system - Don't use auto logins - Back up info using cloud-based storage or CD, DVD, flash drive, other backup media

20. What can you do to reduce the risk of theft of portable computing devices, such as smartphones, tablets, and notebooks?

> Differ: Physical access controls control physical access to company resources, while logical access controls control access to information systems. > Similar: They are both of critical importance

3. How does physical access control differ from logical access control? How are they similar?

> Secure facility is a physical location that has controls in place to minimize the risk of attacks from physical threats.

4a. Define a secure facility.

> Primary objective: Minimize the risk of attacks from physical threats

4b. What is the primary objective of designing such a facility?

- Can evaluate each situation - Can make reasoned decisions - Have SOPs to guide actions Guards can evaluate each situation as it arises and make reasoned responses. Most have clear SOPs that help them act decisively in unfamiliar situations.

5a. Why are guards considered the most effective form of control for situations that require decisive action in the face of unfamiliar stimuli?

They are usually the most expensive because it requires staffing of human resources. Plus, human life is PRECIOUS.

5b. Why are guards usually the most expensive controls to deploy?

> Boredom > Distraction

5c. What is another issue with human guards, beyond the high cost?

> For orgs protecting valuable resources > When keen sense of smell and hearing are needed > Placed in harm's way They should be used in situations where scent and sound are important to pick up to detect an intrusion. They can also be placed in harm's way when necessary to avoid risking the life of a person.

5d. When should dogs be used for physical security?

1. Manual (padlocks/combination locks) --opened with key/combination -- preset and unchangeable 2. Programmable (push-button) --changeable -- computer rooms and wiring closets 3. Electronic --integrated with alarm systems, fire systems, sensor sysems --used where they can be activated/deactivated by a switch 4. Biometric --most sophisticated --reads finger, palm, iris, etc.

6. List and describe the four categories of locks. In which situation is each type of lock preferred?

The two possible modes are fail-safe and fail-secure. Fail-safe means it RELEASES in case of a power outage, and is used for fire safety location to secure an exit. Fail-secure means the lock LOCKS in case of a power outage, and is used for safes or nuclear weapons, things like that. Fail-safe = "You'll be safe even if the power goes out" Fail-secure = "These high-value items will be secure even if the power goes out."

7. What are two possible modes of locks when they fail? What implication do these modes have for human safety? In which situation is each preferred?

A mantrap is a small room or enclosure with separate entry and exit points. It should be used when restraining a person who fails an access authorization attempt.

8. What is a mantrap? When should it be used?

> Most common form: Burglar alarms. They detect intrusions into unauthorized areas and notify either a local or remote security agency to react. The sensors used are motion detectors, thermal detectors, glass breakage detectors, weight sensors, and contact sensors.

9. What is the most common form of alarm? What does it detect? What types of sensors are commonly used in this type of alarm system?


Ensembles d'études connexes

Gen Bio 100: Chapter 6.5 Enzymes

View Set

Ch. 3 The costs of production and profit maximization

View Set

Microbiology Exam 2 HW Questions (Chp 8-14)

View Set