Whitman, M. and Mattord, H. (2011). Principles of Information Security, 5th Edition. Independence, KY: Cengage Learning.
Chapter 9 Review Questions
- What is physical security? What are the primary threats to physical security? How are they made manifest in attacks against the organization?
Physical security refers to the security of the physical assets of an organization like the human resource and the hardware of the network system. Human errors, information extortion and technical failures are some of the physical security threats. These physical security lapses are used by wrong doers by hacking the information from these system or by damaging the hardware.
- What are the roles of IT, security, and general management with regard to physical security?
IT department is responsible primarily for the security of the software. The security department is responsible for making and implementing security policies. General management is responsible to facilitate the IT and Security departments.
- How does physical access control differ from the logical access control described in earlier chapters? How is it similar?
Physical and logical access control are both responsible to protect the important information from being damaged or hacked. The physical access control protects the physical resources like hardware and logical control protects the information present in the soft form.
- Define a secure facility. What is the primary objective of the design of such a facility? What are some of the secondary objectives of the design of a secure facility?
Secure facility is in the form of a physical location like a room or a building to protect from physical threats. Its primary objective is to protect the physical assets. The secondary objective could be directing user’s information asset utilization in an appropriate manner.
- Why are guards considered the most effective form of control for situations that require decisive action in the face of unfamiliar stimuli? Why are they usually the most expensive controls to deploy? When should dogs be used for physical security?
Guard are considered the most effective control because they involve the effective use of human intellect. They are usually the most expensive because it requires staffing of human resources. Dogs can be used for physical security when human senses cannot overcome the situation. Dogs have a superior smelling than human in some security situations.
- List and describe the four categories of locks. In which situation is each type of lock preferred?
Manual locks are used to lock physical doors, programmable locks are electronic locks used in setting off alarms systems, electronic locks can be integrated with alarm systems to secure computer rooms and biometric locks use human unique physical attributes like retina scans and fingerprints for security purposes.
- What are the two possible modes that locks use when they fail? What implications do these modes have for human safety? In which situation is each mode preferred?
Fail safe and fail secure are the possible modes that locks use when they fail. When power is cutoff, fail safe lock unlocks and secure safe lock automatically. Fail safe locks are used in public areas whereas fail secure locks are used in high security areas.
- What is a mantrap? When should it be used?
Mantrap is a combination of two doors which function alternatively. When one door is unlocked the other is locked and vice versa. They are used for fool-proof security.
- What is the most common form of alarm? What does it detect? What types of sensors are commonly used in this type of alarm system?
The most common form of alarm is burglar alarm. This kinds of alarm detects an unauthorized entry to a secured area. It sensed motion weigh and glass or door breaking.
- Describe a physical firewall that is used in buildings. List the reasons why an organization might need firewalls for physical security controls.
Physical firewalls are used to separate different physical areas in an organization. They main reason could be to make physical spaces for different individuals and other resources.
- What is considered the most serious threat within the realm of physical security? Why is it valid to consider this threat the most serious?
In my opinion fire has caused more damage than any other form of threat in the history of mankind.
- What three elements must be present for a fire to ignite and continue to burn? How do fire suppression systems manipulate the three elements to quell fires?
Three elements that must be present for a fire to ignite and continue to burn are source of ignition, oxygen and fuel. The fire suppression systems prevents the environment from these three elements to quell fires.
- List and describe the three fire detection technologies covered in the chapter. Which is currently the most commonly used?
Flame detection (uses sensors to detect flame), smoke detection (sensors to detect smoke) and thermal detection (sensors to detect heat) are the three basic fire detection strategies. Most commonly used is smoke detection.
- List and describe the four classes of fire described in the text. Does the class of a fire dictate how to control the fire?
Following are the four classes of fire described in the text:
- Ordinary fires caused by wood, paper and textiles types of ingredients.
- Fires fueled by liquids and gases.
- Fires caused by electric appliances and other electrical equipment.
- Fires due to some metals that are highly combustible lie magnesium and sodium.
- What is Halon, and why is its use restricted?
Halon was introduced in the 1960’s which an effective fire extinguisher in gas form. Its use id restricted because it is dangerous to the ozone layer that protects the world’s environment.
- What is the relationship between HVAC and physical security? What four physical characteristics of the indoor environment are controlled by a properly designed HVAC system? What are the optimal temperature and humidity ranges for computing systems?
HVAC or Heating, ventilation and air conditioning are the factors that can influence the quality and functioning of the physical security.
The four characteristics are humidity, static and filtration and temperature.
The optimal temperature in Fahrenheit is 70 to 74 and optimal humidity is from 40 to 60 percent.
- List and describe the four primary types of UPS systems. Which is the most effective and the most expensive, and why?
The four UPS or Uninterruptable Power Supplies are Standby that is activated when there is any interruption, Ferrorensonant standby that utilized the UPS as an electric battery, Line-Interactive that generates electricity through invertors and True Online which works in reverse of a standby.
- What two critical functions are impaired when water is not available in a facility? Why are these functions important to the operation of the organization’s information assets?
Water is important for air conditioning and fire safety procedures. Computer system might require an air conditioning system to operate efficiently. Fire safety is also important for the physical safety of organizational information assets.
- List and describe the three fundamental ways that data can be intercepted. How does a physical security program protect against each of these data interception methods?
Following are the three fundamental ways which can be used to intercept data.
- Direct observation: When employees can observe the data and take soft and hard copies of the data with them. This can be prevented by the use of bodily checks.
- Interception of data transmission: This mechanism is utilized by different hackers to intercept data and steal it. Strong transmission keys and other encryption methods can be utilized to prevent them.
- Electromagnetic Interception: Cables that transfer data have electromagnetic signals coming out of them. Electromagnetic transmission monitoring programs can be used to prevent from such kinds of security breaches
- 20. What can you do to reduce the risk of laptop theft?
The risk of laptop theft can be reduced by keeping the laptop near to you all the times. Laptops can be fitted with GPS signal transmitters to let you know where it is in case it is stolen.