Need for Security – CISSP Course



Choosing a Secure Site

n  Visibility – what kind of neighbors, external markings, low visibility is the key

n  Local Considerations – near hazards, high crime areas

n  Natural Disaster – on a fault line, in a flood plain

n  Transportation – excessive air or highway and road traffic

n  Joint Tenancy – are environmental controls shared

n  External Services – proximity of local emergency services

 

Designing a Secure Site

Walls – acceptable fire rating, media rooms should have a high fire rating

Ceilings – weight bearing and fire rating

Floors:

Slab – Physical weight the concrete slab can bear and its fire rating

Raised – fire rating, electrical conductivity, non conducting surface material

Windows – not acceptable in the data center, if so translucent and shatterproof

Doors – must resist forcible entry, clear emergency exits, doors should open in an emergency (fail-soft)

Sprinkler System – location and type of suppression system

Liquid and gas lines – shutoff locations, water drains should be “positive” carry away from the building

Air Conditioning – AC should have dedicated power circuits, Location of Emergency Power Off (EPO) switch, should provide outward positive air pressure to prevent contaminants

Electrical Requirements – backup alternate power, dedicated circuits, access controls over panels

 

Facility Security Management

Audit Trails and Emergency Procedures

 

Audit Trails – log of events, systems may have many audit logs each capturing specific information

n  Access logs should contain:

n  Date and Time Access attempted

n  Whether the attempt was successful or not

n  Where was access granted (which door)

n  Who attempted Access

n  Who modified access privileges at the supervisor level

n  Some trails can send alerts

n  Audit Trails are detective not preventative

 

Emergency Procedures

Clearly documented, readily accessible and updated periodically

n  Should include:

n  Emergency Shutdown procedures

n  Evacuation procedures

n  Employee training, awareness and periodic drills

n  Periodic System tests

 

Administrative Personnel Controls

Implemented commonly by the HR department during hiring and firing

n  Pre-employment screening

n  Employment references, educational history

n  Background checks, credit

n  On going employee checks

n  Security clearances – if required

n  Ongoing evaluations and reviews

n  Post-employment

n  Exit interview

n  Removal of network access

n  Return of computer inventory, laptops

 

Environmental and Life Safety

Sustain computer and personnel operating environment

Three focus areas:

n  Electrical power

n  Fire detection and suppression

n  Heating Ventilation and Air Conditioning

Leave a Reply

Your email address will not be published. Required fields are marked *