Introduction to Physical Security
Summary
TLDRThis video introduces the key concepts of physical security, focusing on three main control types: physical access, technical, and administrative. Physical access controls include fences, man-traps, security guards, and biometric systems, designed to restrict unauthorized access. Technical controls such as CCTV and alarms enhance security measures, while administrative controls enforce policies and procedures like employee background checks and emergency preparedness. The video emphasizes the importance of understanding these systems for CISSP candidates and provides insights into balancing security technologies with human judgment for effective protection.
Takeaways
- 🔐 Physical security controls are divided into three main categories: physical access, technical, and administrative controls.
- 🛡️ Physical access controls include visible systems like fencing, man-traps, security guards, guard dogs, locks, and biometric access.
- 🚧 Fencing heights matter: 3-4 feet for deterring casual intruders, 6-7 feet to make climbing difficult, and 8 feet to deter determined intruders.
- 🚪 Man-traps control the flow of individuals to prevent piggybacking, using two doors where only one person can enter at a time.
- 👮 Security guards are still essential, offering sound judgment and serving as visible deterrents alongside modern technology.
- 🐕 Guard dogs enhance security with acute senses, though they lack the judgment of human security guards.
- 🔒 Locks are inexpensive and simple physical controls; types include preset, programmable, and electronic locks.
- 🖐️ Biometric access controls use unique physical traits like fingerprints and retina scans, providing a very accurate method of identification.
- 📉 Important biometric metrics for CISSP: False Reject Rate (FRR) and False Accept Rate (FAR), with the Cross Error Rate occurring when both are equal.
- 📹 Technical controls involve systems like CCTV, alarms, and intrusion detection, providing surveillance and complementing physical security measures.
Q & A
What are the three main types of physical security controls mentioned in the video?
-The three main types of physical security controls are physical access controls, technical controls, and administrative controls.
What is the purpose of physical access controls?
-Physical access controls are systems used to restrict access to a particular area and provide protection. Examples include fencing, man-traps, security guards, locks, and biometric access controls.
What height of fencing is used to deter casual intruders?
-Fences that are 3 to 4 feet tall are used to deter casual intruders.
How does a man-trap work, and what security function does it serve?
-A man-trap consists of two doors where one person must enter, close the first door behind them before opening the second door to access the area. It helps control the flow of individuals and prevents unauthorized access through piggybacking.
What is piggybacking, and how do man-traps help prevent it?
-Piggybacking occurs when an unauthorized person follows an authorized person into a secure area. Man-traps help prevent this by controlling individual access and ensuring only one person passes through at a time.
Why are security guards still needed despite modern surveillance equipment?
-Security guards are needed because they provide human judgment, which technology cannot. They also serve as a visible deterrent and can perform tasks such as escorting visitors.
What are the advantages and limitations of using guard dogs for physical security?
-Guard dogs have highly developed senses of smell and hearing, making them effective for detecting threats. However, they have limited judgment ability compared to human security guards.
What is the significance of the cross-error rate (CER) in biometric access controls?
-The cross-error rate (CER) is the point where the false reject rate (FRR) and false accept rate (FAR) are equal. It is important because it indicates the balance between denying authorized users and granting access to unauthorized users in biometric systems.
What is an example of a technical control in physical security?
-An example of a technical control is closed-circuit television (CCTV) systems, which provide surveillance and can be used to record events for later analysis.
What are administrative controls, and how do they support physical security?
-Administrative controls are policies and procedures that ensure the proper implementation of physical and technical controls. They include things like recording ingress and egress, conducting fire drills, and ensuring background checks for employees.
Outlines
🔐 Introduction to Physical Security Controls
In this section, Liz Vanderheiden introduces physical security controls, a key domain of the CISSP Common Body of Knowledge. She explains that these controls are divided into three categories: physical access, technical, and administrative controls. Physical access controls include measures like fencing, security guards, and biometric access systems. She highlights the varying effectiveness of different fence heights, explaining that taller fences provide better deterrence. Man-traps are discussed as a means to prevent unauthorized access, while security guards and guard dogs serve as visible deterrents. Locks, simple yet essential, are mentioned as affordable tools, while biometric systems are noted for their accuracy in restricting access through unique identifiers like fingerprints and retinal scans.
📊 False Reject and False Accept Rates in Biometric Controls
This paragraph focuses on the concepts of the false reject rate (FRR) and false accept rate (FAR) in biometric security systems. FRR occurs when an authorized person is wrongly denied access, while FAR occurs when an unauthorized person gains access, posing a higher risk. The ideal balance between these two rates is known as the cross-error rate, where FRR and FAR are equal. This balance is crucial for maintaining system integrity. Technical controls, like surveillance cameras (CCTV), are also introduced as a second layer of defense, complementing physical security by providing real-time monitoring and evidence collection.
📝 Administrative Security Controls and Conclusion
This paragraph delves into administrative controls, which include policies and procedures that support physical and technical security measures. Companies must have procedures for securing restricted areas, tracking access, conducting emergency drills, and enforcing pre- and post-employment checks, such as background investigations. The summary concludes with a recap of the three main domains of physical security: physical access, technical, and administrative controls, each playing a crucial role in maintaining overall security. The speaker ends by inviting viewers to explore more CISSP resources for further learning.
Mindmap
Keywords
💡Physical Access Controls
💡Man-Traps
💡Security Guards
💡Locks
💡Biometric Access Controls
💡False Reject Rate (FRR)
💡False Accept Rate (FAR)
💡Technical Controls
💡Administrative Controls
💡Piggybacking
Highlights
Physical security controls consist of three main types: physical access, technical, and administrative.
Physical access controls include fencing, man-traps, security guards, guide dogs, locks, and biometric access controls.
Fences vary by height to deter different levels of intruders: 3-4 feet fences deter casual intruders, 6-7 feet fences are too high to climb, and 8 feet fences deter serious intruders.
Man-traps control the flow of individuals in restricted areas, preventing piggybacking and ensuring only authorized personnel gain access.
Security guards provide a visible deterrent and judgment-based decision-making, enhancing the effectiveness of security technology.
Guard dogs, while limited in judgment, offer heightened sensory detection for security purposes.
Locks are an inexpensive and simple method of physical access control, including preset, programmable, and electronic types.
Biometric access controls are highly accurate due to their reliance on unique physical attributes, such as fingerprints, retina scans, and voice recognition.
False Reject Rate (FRR) and False Accept Rate (FAR) are key metrics in biometric systems, with the Cross/Over Error Rate (CER) representing the point where FRR equals FAR.
Technical controls include surveillance, alarms, and intrusion detection systems, such as closed-circuit TVs (CCTVs), which offer deterrence and detection.
CCTVs complement security guards and can record events for later analysis.
Administrative controls consist of policies, procedures, training, and emergency drills, ensuring the proper implementation of security controls.
Pre- and post-employment procedures, such as background checks, are part of administrative controls to ensure personnel reliability.
Administrative controls also cover the tracking of personnel entering and exiting secure areas, ensuring accountability.
The three domains of physical security—physical access, technical controls, and administrative controls—are critical for securing facilities and protecting sensitive areas.
Transcripts
welcome to the introduction to physical
security my name is Liz Vanderheiden
physical security controls is one of the
domains of the CISSP common body of
knowledge and they consist of three main
controls physical access technical and
administrative controls physical access
controls our systems are used to
restrict access to a particular area
they provide protection including
fencing man-traps
security guards guide dogs locks and
biometric access controls these are the
things that are visible and transparent
fencing provides physical access control
and could be in the form of fences gates
turnstiles
and man traps for those of you are
studying for this CISSP you have to know
the following information fences that
are 3 feet to 4 feet tall are used to
deter casual intruders fences there are
six feet to 7 feet tall are too high to
climb and fences that are 8 feet tall
are used to determine intruders man
traps are another example of a physical
access control they consist of a toothed
obey set up two doors as you can see
from this graph one person must enter
the man trap and shut the door behind
him before he could open the door in
front of him to enter the room man trap
controls the flow of individuals in and
out of areas to prevent piggybacking and
piggybacking happens when an an
authorized person
enters the building and then a person
that is now authorized follows that
person and gains access to the system
man-traps have sensors that could tell
if there's more than one person passing
through the man tap at the same time
security guards so you would think with
all this modern surveillance equipment
that we would not need the services of
security guards right no on the contrary
more than ever we need security guards
to implement the technology and provide
a sound judgment and having the ability
to apply judgment is one of the biggest
advantage in hiring security guards in
addition security guards provides a
visible deterrent and not only could
security guards secure your facilities
they could also perform different
functions such as escorting the visitors
to the designated areas guard dog like
their human counterparts
guard dogs provide a highly visible
deterrent and they have more acute and
smell and hearing
senses however Allah unlike their human
counterpart they have a limited
judgement ability so let's not forget
about locks locks are one example of a
physical access control they are simple
to use and very inexpensive they provide
access point to secure areas and for
cissp candidates you have to know that
the different types of locks preset
programmable and electronic pipes the
last one is the biometric access
controls biometric access controls are
called a type
two factors something you are they are
very accurate because it is based on a
person's unique characteristics and
physical attributes such as fingerprint
retina and voice so they are very
accurate in for use for identification
for more information on biometric access
control please see our video
introduction to access control for cissp
candidates you have to know the
difference between an F R R and an F er
f RR is called the false reject rate
this is when authorized persons deny are
denied access to the system and an FA R
is called the false accept rate it means
that people that are not authorised are
granted access to the system so this is
more critical because you don't want an
authorized person gaining access to your
system right so when F IR is equal to f
AR this is what is called cross / error
rate
the second control is the technical
controls they consist of a surveillance
alarms and intrusion detection systems
these are technical in nature for
example one of the example of a
technical control is the closed-circuit
TVs CCTVs provide the turrent and
detective controls and they also
complement the security guards you can
use it in conjunction of your security
guards and you could record events for
later analysis
the last main control is administrative
controls these are the policies and
procedures that accompany develop
properly to ensure that the physical
access control and the technical
controls are implemented
so companies must secure the restricted
areas and also companies must have a way
of recording the ingress and out the ink
the out the incoming and outgoing people
who are gaining access to the system and
companies must make sure that the
emergent emergency controls are in place
and that they routinely conduct training
and fire drills and administrative
controls is also about pre and post
employment procedures for personnel that
are working in the company there should
have a background investigation prior to
their employment in conclusion we have
discussed the three domains of physical
security these are the physical access
control technical controls and
administrative controls and we have also
discussed the services that are
associated with this control thank you
very much for listening for more CISSP
videos please visit us as leave a group
comm
تصفح المزيد من مقاطع الفيديو ذات الصلة
CompTIA Security+ SY0-701 Course - 1.1 Compare and Contrast Various Types of Security Controls
Physical Security - CompTIA SY0-701 Security+ - 1.2
CompTIA Security+ SY0-701 Course - 1.2 Compare & Contrast Various Types of Security Controls Part B
Access Controls Part 1: Computer Security Lectures 2014/15 S2
Security Controls - CompTIA Security+ SY0-701 - 1.1
Enterprise Computing Preliminary Course Unit 3: Principals Of Cybersecurity
5.0 / 5 (0 votes)