Fundamentals of Information Systems Security/Physical and Environmental Security

Physical Threat Types
Natural Disasters Man-Made Threats Emergency Situations
 * Hurricanes, typhoons, and tropical cyclones—These products of Mother Nature are products of the tropical ocean and atmosphere. They are powered by heat from the sea. As they progress across the ocean, they grow in velocity. When they move ashore, they spawn tornadoes and cause high winds and floods.
 * Tidal waves/tsunamis—The word tsunami is based on a Japanese word meaning “harbor wave.” This natural phenomenon consists of a series of widely dispersed waves that cause massive damage when they come ashore.
 * Floods—Floods can result when the soil has poor retention properties or when the amount of rainfall exceeds the ground’s ability to absorb water. Floods are also caused when creeks and rivers overflow their banks.
 * Earthquakes—These are caused from movement of the earth along the fault lines.
 * Tornados—Tornados are violent storms that form from a thunderstorm. They descend to the ground as a violent rotating column of air. Tornados leave a path of destruction that can extend from the width of a football field to about a mile wide.
 * Fire—This one leads the list in damage and potential for loss of life.
 * Terrorism—Terrorism is a deliberate use of violence against civilians for political or religious means.
 * Vandalism—The willful destruction of another’s property.
 * Theft—Theft of company assets can range from annoying to detrimental.
 * Destruction—A former employee thought he would get even with the company by wiping out an important company database. What will it cost to recover? Did anyone implement that backup policy?
 * Criminal activities
 * Communication loss- Communication loss can be the outage of voice communication systems or data networks.
 * Utility loss—Utilities include water, gas, communications systems, and electrical power. The loss of utilities can bring business to a standstill. Generators and backup can prevent these problems if they are used.
 * Equipment failure—Equipment will fail over time. That is why maintenance is so important. A Fortune 1000 study found that 65% of all businesses that failed to become operational after 1 week never became operational.Service-level agreements (SLAs) are one good way to plan for equipment failure. With an SLA in place, the vendor agrees to repair or replace the covered equipment within a given period of time.

The Layered Defense Model
Physical Considerations Working with Others to Achieve Physical and Procedural Security Physical and Procedural Security Methods, Tools, and Techniques Procedural Controls Infrastructure Support Systems Fire Prevention, Detection, and Suppression Boundary Protection Building Entry Points Keys and Locking Systems Walls, Doors, and Windows Access Controls Closed-Circuit Television (CCTV) Intrusion Detection Systems Portable Device Security Asset and Risk Registers

Information Protection and Management Services
Managed Services Audits, Drills, Exercises, and Testing Vulnerability and Penetration Tests Maintenance and Service Issues Education, Training, and Awareness