488  Chapter 10  ■  Physical Security Requirements

Know about physical perimeter security controls.   Control access to a facility can be accomplished using fences, gates, turnstiles, access control vestibules, bollards, and barricades.

Understand lighting.   Lighting is the most commonly used form of perimeter security control, providing the security benefit of deterrence.

Know about security guards and guard dogs.   Guards can be posted around a perimeter or inside to monitor access points or watch detection and surveillance monitors. The real benefit of guards is that they are able to adapt and react to various conditions or situations. Guards can learn and recognize attack and intrusion activities and patterns, can adjust to a changing environment, and can make decisions and judgment calls. Guard dogs can be an alternative to security guards. They can often be deployed as a perimeter security control. As a detection and deterrent, dogs are extremely effective.

Understand how to handle visitors in a secure facility.   If a facility employs restricted areas to control physical security, then a mechanism to handle visitors is required. Often an escort is assigned to visitors, and their access and activities are monitored closely. Failing to track the actions of outsiders when they are granted access to a protected area can result in malicious activity against the most protected assets.

Understand internal security controls.   There are many physical security mechanisms for internal control, including locks, badges, protective distribution systems (PDSs), motion detectors, intrusion alarms, and secondary verification mechanisms.

Understand personnel privacy and safety.   In all circumstances and under all conditions, the most important aspect of security is protecting people. Thus, preventing harm to people is the most important goal for all security solutions.

Know about KPIs of physical security.   Key performance indicators (KPIs) of physical security should be determined, monitored, recorded, and evaluated. KPIs are metrics or measurements of the operation of or the failure of various aspects of physical security.

Written Lab

1.What kind of device helps to define an organization’s perimeter and also serves to deter casual trespassing?

2.What is the problem with halon-based fire suppression technology?

3.What kinds of potential issues can an emergency visit from the fire department leave in its wake?

4.What is CPTED?

5.What are the three main types of proximity devices and how do they work?

Review Questions

1.Your organization is planning on building a new facility to house a majority of on-site workers. The current facility has had numerous security issues, such as loitering, theft, graffiti, and even a few physical altercations between employees and nonemployees. The CEO has asked you to assist in developing the facility plan to reduce these security concerns. While researching options you discover the concepts of CPTED. Which of the following is not one of its core strategies?

A.Natural territorial reinforcement

B.Natural access control

C.Natural training and enrichment

D.Natural surveillance

2.What method is a systematic effort to identify relationships between mission-critical applications, processes, and operations and all the necessary supporting elements when evaluating the security of a facility or designing a new facility?

A.Log file audit

B.Critical path analysis

C.Risk analysis

D.Taking inventory

3.Which of the following is a true statement in regard to security cameras? (Choose all that apply.)

A.Cameras should be positioned to watch exit and entry points allowing any change in authorization or access level.

B.Cameras are not needed around valuable assets and resources as well as to provide additional protection in public areas such as parking structures and walkways.

C.Cameras should be positioned to have clear sight lines of all exterior walls, entrance and exit points, and interior hallways.

D.Security cameras should only be overt and obvious in order to provide a deterrent benefit.

E.Security cameras have a fixed area of view for recording.

F.Some camera systems include a system on a chip (SoC) or embedded components and may be able to perform various specialty functions, such as time-lapse recording, tracking, facial recognition, object detection, or infrared or color-filtered recording.

G.Motion detection or sensing cameras can always distinguish between humans and animals.

490  Chapter 10  ■  Physical Security Requirements

4.Your organization is planning on building a new primary headquarters in a new town. You have been asked to contribute to the design process, so you have been given copies of the proposed blueprints to review. Which of the following is not a security-focused design element of a facility or site?

A.Separation of work and visitor areas

B.Restricted access to areas with higher value or importance

C.Confidential assets located in the heart or center of a facility

D.Equal access to all locations within a facility

5.A recent security audit of your organization’s facilities has revealed a few items that need to be addressed. A few of them are related to your main data center. But you think at least one of the findings is a false positive. Which of the following does not need to be true in order to maintain the most efficient and secure server room?

A.It must be optimized for workers.

B.It must include the use of nonwater fire suppressants.

C.The humidity must be kept between 20 and 80 percent.

D.The temperature must be kept between 59 and 89.6 degrees Fahrenheit.

6.A recent security policy update has restricted the use of portable storage devices when they are brought in from outside. As a compensation, a media storage management process has been implemented. Which of the following is not a typical security measure implemented in relation to a media storage facility containing reusable removable media?

A.Employing a media librarian or custodian

B.Using a check-in/check-out process

C.Hashing

D.Using sanitization tools on returned media

7.The company’s server room has been updated with raised floors and MFA door locks. You want to ensure that updated facility is able to maintain optimal operational efficiency. What is the ideal humidity range for a server room?

A.20–40 percent

B.20–80 percent

C.80–89.6 percent

D.70–95 percent

8.You are mapping out the critical paths of network cables throughout the building. Which of the following items do you need to make sure to include and label on your master cabling map as part of crafting the cable plant management policy? (Choose all that apply.)

A.Access control vestibule

B.Entrance facility

C.Equipment room

D.Fire escapes

E.Backbone distribution system

F.Telecommunications room

G.UPSs

H.Horizontal distribution system

I.Loading dock

9.What is the best type of water-based fire suppression system for a computer facility?

A.Wet pipe system

B.Dry pipe system

C.Preaction system

D.Deluge system

10.Your company has a yearly fire detection and suppression system inspection performed by the local authorities. You start up a conversation with the lead inspector and they ask

you, “What is the most common cause of a false positive for a water-based fire suppression system?” So, what do you answer?

A.Water shortage

B.People

C.Ionization detectors

D.Placement of detectors in drop ceilings

11.A data center has had repeated hardware failures. An auditor notices that systems are stacked together in dense groupings with no clear organization. What should be implemented to address this issue?

A.Visitor logs

B.Industrial camouflage

C.Gas-based fire suppression

D.Hot aisles and cold aisles

12.Which of the following are benefits of a gas-based fire suppression system? (Choose all that apply.)

A.Can be deployed throughout a company facility

B.Will cause the least damage to computer systems

C.Extinguishes the fire by removing oxygen

D.May be able to extinguish the fire faster than a water discharge system

13.When designing physical security for an environment, it is important to focus on the functional order in which controls should be used. Which of the following is the correct order of the six common physical security control mechanisms?

A.Decide, Delay, Deny, Detect, Deter, Determine

B.Deter, Deny, Detect, Delay, Determine, Decide

492  Chapter 10  ■  Physical Security Requirements

C.Deny, Deter, Delay, Detect, Decide, Determine

D.Decide, Detect, Deny, Determine, Deter, Delay

14.Equipment failure is a common cause of a loss of availability. When deciding on strategies to maintain availability, it is often important to understand the criticality of each asset and business process as well as the organization’s capacity to weather adverse conditions. Match the term to the definition.

I.MTTF

II.MTTR

III. MTBF

IV. SLA

1.Clearly defines the response time a vendor will provide in the event of an equipment failure emergency

2.An estimation of the time between the first and any subsequent failures

3.The expected typical functional lifetime of the device given a specific operating environment

4.The average length of time required to perform a repair on the device

A.I - 1, II - 2, III - 4, IV - 3

B.I - 4, II - 3, III - 1, IV - 2

C.I - 3, II - 4, III - 2, IV - 1

D.I - 2, II - 1, III - 3, IV - 4

15.You have been placed on the facility security planning team. You’ve been tasked to create a priority list of issues to address during the initial design phase. What is the most important goal of all security solutions?

A.Prevention of disclosure

B.Maintaining integrity

C.Human safety

D.Sustaining availability

16.While reviewing the facility design blueprints, you notice several indications of a physical security mechanism being deployed directly into the building’s construction. Which of the following is a double set of doors that is often protected by a guard and is used to contain a subject until their identity and authentication are verified?

A.Gate

B.Turnstile

C.Access control vestibule

D.Proximity detector

17.Due to a recent building intrusion, facility security has become a top priority. You are on the proposal committee that will be making recommendations on how to improve the organization’s physical security stance. What is the most common form of perimeter security devices or mechanisms?

A.Security guards

B.Fences

C.CCTV

D.Lighting

18.Your organization has just landed a new contract for a major customer. This will involve increasing production operations at the primary facility, which will entail housing valuable digital and physical assets. You need to ensure that these new assets receive proper protections. Which of the following is not a disadvantage of using security guards?

A.Security guards are usually unaware of the scope of the operations within a facility.

B.Not all environments and facilities support security guards.

C.Not all security guards are themselves reliable.

D.Prescreening, bonding, and training do not guarantee effective and reliable security guards.

19.While designing the security plan for a proposed facility, you are informed that the budget was just reduced by 30 percent. However, they did not adjust or reduce the security requirements. What is the most common and inexpensive form of physical access control device for both interior and exterior use?

A.Lighting

B.Security guard

C.Key locks

D.Fences

20.While implementing a motion detection system to monitor unauthorized access into a secured area of the building, you realize that the current infrared detectors are causing numerous false positives. You need to replace them with another option. What type of motion detector senses changes in the electrical or magnetic field surrounding a monitored object?

A.Wave

B.Photoelectric

C.Heat

D.Capacitance

■■4.2.3 Network Access Control (NAC) devices

■■4.2.4 Endpoint security

Domain 7: Security Operations

■■7.7 Operate and maintain detective and preventative measures

■■7.7.1 Firewalls (e.g., next generation, web application, network)