Introduction to Physical Security

livogroup
8 Jan 201108:49

Summary

TLDRThis video introduces the key concepts of physical security, focusing on three main control types: physical access, technical, and administrative. Physical access controls include fences, man-traps, security guards, and biometric systems, designed to restrict unauthorized access. Technical controls such as CCTV and alarms enhance security measures, while administrative controls enforce policies and procedures like employee background checks and emergency preparedness. The video emphasizes the importance of understanding these systems for CISSP candidates and provides insights into balancing security technologies with human judgment for effective protection.

Takeaways

  • 🔐 Physical security controls are divided into three main categories: physical access, technical, and administrative controls.
  • 🛡️ Physical access controls include visible systems like fencing, man-traps, security guards, guard dogs, locks, and biometric access.
  • 🚧 Fencing heights matter: 3-4 feet for deterring casual intruders, 6-7 feet to make climbing difficult, and 8 feet to deter determined intruders.
  • 🚪 Man-traps control the flow of individuals to prevent piggybacking, using two doors where only one person can enter at a time.
  • 👮 Security guards are still essential, offering sound judgment and serving as visible deterrents alongside modern technology.
  • 🐕 Guard dogs enhance security with acute senses, though they lack the judgment of human security guards.
  • 🔒 Locks are inexpensive and simple physical controls; types include preset, programmable, and electronic locks.
  • 🖐️ Biometric access controls use unique physical traits like fingerprints and retina scans, providing a very accurate method of identification.
  • 📉 Important biometric metrics for CISSP: False Reject Rate (FRR) and False Accept Rate (FAR), with the Cross Error Rate occurring when both are equal.
  • 📹 Technical controls involve systems like CCTV, alarms, and intrusion detection, providing surveillance and complementing physical security measures.

Q & A

  • What are the three main types of physical security controls mentioned in the video?

    -The three main types of physical security controls are physical access controls, technical controls, and administrative controls.

  • What is the purpose of physical access controls?

    -Physical access controls are systems used to restrict access to a particular area and provide protection. Examples include fencing, man-traps, security guards, locks, and biometric access controls.

  • What height of fencing is used to deter casual intruders?

    -Fences that are 3 to 4 feet tall are used to deter casual intruders.

  • How does a man-trap work, and what security function does it serve?

    -A man-trap consists of two doors where one person must enter, close the first door behind them before opening the second door to access the area. It helps control the flow of individuals and prevents unauthorized access through piggybacking.

  • What is piggybacking, and how do man-traps help prevent it?

    -Piggybacking occurs when an unauthorized person follows an authorized person into a secure area. Man-traps help prevent this by controlling individual access and ensuring only one person passes through at a time.

  • Why are security guards still needed despite modern surveillance equipment?

    -Security guards are needed because they provide human judgment, which technology cannot. They also serve as a visible deterrent and can perform tasks such as escorting visitors.

  • What are the advantages and limitations of using guard dogs for physical security?

    -Guard dogs have highly developed senses of smell and hearing, making them effective for detecting threats. However, they have limited judgment ability compared to human security guards.

  • What is the significance of the cross-error rate (CER) in biometric access controls?

    -The cross-error rate (CER) is the point where the false reject rate (FRR) and false accept rate (FAR) are equal. It is important because it indicates the balance between denying authorized users and granting access to unauthorized users in biometric systems.

  • What is an example of a technical control in physical security?

    -An example of a technical control is closed-circuit television (CCTV) systems, which provide surveillance and can be used to record events for later analysis.

  • What are administrative controls, and how do they support physical security?

    -Administrative controls are policies and procedures that ensure the proper implementation of physical and technical controls. They include things like recording ingress and egress, conducting fire drills, and ensuring background checks for employees.

Outlines

00:00

🔐 Introduction to Physical Security Controls

In this section, Liz Vanderheiden introduces physical security controls, a key domain of the CISSP Common Body of Knowledge. She explains that these controls are divided into three categories: physical access, technical, and administrative controls. Physical access controls include measures like fencing, security guards, and biometric access systems. She highlights the varying effectiveness of different fence heights, explaining that taller fences provide better deterrence. Man-traps are discussed as a means to prevent unauthorized access, while security guards and guard dogs serve as visible deterrents. Locks, simple yet essential, are mentioned as affordable tools, while biometric systems are noted for their accuracy in restricting access through unique identifiers like fingerprints and retinal scans.

05:02

📊 False Reject and False Accept Rates in Biometric Controls

This paragraph focuses on the concepts of the false reject rate (FRR) and false accept rate (FAR) in biometric security systems. FRR occurs when an authorized person is wrongly denied access, while FAR occurs when an unauthorized person gains access, posing a higher risk. The ideal balance between these two rates is known as the cross-error rate, where FRR and FAR are equal. This balance is crucial for maintaining system integrity. Technical controls, like surveillance cameras (CCTV), are also introduced as a second layer of defense, complementing physical security by providing real-time monitoring and evidence collection.

📝 Administrative Security Controls and Conclusion

This paragraph delves into administrative controls, which include policies and procedures that support physical and technical security measures. Companies must have procedures for securing restricted areas, tracking access, conducting emergency drills, and enforcing pre- and post-employment checks, such as background investigations. The summary concludes with a recap of the three main domains of physical security: physical access, technical, and administrative controls, each playing a crucial role in maintaining overall security. The speaker ends by inviting viewers to explore more CISSP resources for further learning.

Mindmap

Keywords

💡Physical Access Controls

Physical access controls are security measures that restrict entry to specific areas or facilities using physical barriers. In the video, examples include fences, man-traps, security guards, locks, and biometric systems. These controls are critical to ensuring that only authorized individuals can access sensitive areas, thus safeguarding assets from unauthorized access.

💡Man-Traps

Man-traps are secure entry systems involving two sets of doors, where one door must be closed before the other can open. This setup prevents unauthorized access by controlling the flow of individuals and preventing 'piggybacking,' where an unauthorized person follows an authorized one. Man-traps are highlighted as a crucial component of physical access controls in high-security environments.

💡Security Guards

Security guards are personnel who enforce physical security by providing judgment and oversight, complementing modern surveillance systems. They act as a visible deterrent, escort visitors, and ensure that security protocols are followed. The video emphasizes the importance of human judgment, which technology alone cannot provide.

💡Locks

Locks are basic physical access controls that restrict access to specific areas. They come in various types, such as preset, programmable, and electronic locks. In the context of the video, locks are mentioned as simple, inexpensive, yet effective tools for securing access points in conjunction with other physical controls.

💡Biometric Access Controls

Biometric access controls rely on unique physical attributes such as fingerprints, retina scans, or voice recognition to grant or deny access. These systems are highly accurate because they are based on personal characteristics. The video also introduces the terms 'false reject rate' (FRR) and 'false accept rate' (FAR), which measure the system's accuracy in identifying authorized versus unauthorized users.

💡False Reject Rate (FRR)

The false reject rate (FRR) refers to the frequency at which authorized individuals are mistakenly denied access by a biometric system. This is an important concept for CISSP candidates, as the FRR must be minimized to ensure efficient system operation without inconveniencing legitimate users. The video discusses FRR in the context of balancing it with FAR (false accept rate).

💡False Accept Rate (FAR)

The false accept rate (FAR) measures how often unauthorized individuals are mistakenly granted access by a biometric system. This is a critical security concern because granting access to unauthorized users can lead to breaches. The video stresses that minimizing the FAR is crucial to maintaining system integrity.

💡Technical Controls

Technical controls involve security measures that use technology to detect and monitor access, such as CCTV, alarms, and intrusion detection systems. These controls complement physical security by providing real-time surveillance and recording events for later analysis. In the video, technical controls are described as a necessary layer of security alongside physical measures.

💡Administrative Controls

Administrative controls are policies and procedures put in place to ensure that physical and technical security measures are effectively implemented. This includes developing security policies, conducting training, and performing background checks on personnel. The video emphasizes that administrative controls are necessary to ensure all other security measures function as intended.

💡Piggybacking

Piggybacking occurs when an unauthorized person gains access to a secure area by following an authorized individual through a controlled entry point. This is considered a breach of security, and measures such as man-traps are designed to prevent it. The video mentions piggybacking as a common vulnerability in physical security systems that must be addressed.

Highlights

Physical security controls consist of three main types: physical access, technical, and administrative.

Physical access controls include fencing, man-traps, security guards, guide dogs, locks, and biometric access controls.

Fences vary by height to deter different levels of intruders: 3-4 feet fences deter casual intruders, 6-7 feet fences are too high to climb, and 8 feet fences deter serious intruders.

Man-traps control the flow of individuals in restricted areas, preventing piggybacking and ensuring only authorized personnel gain access.

Security guards provide a visible deterrent and judgment-based decision-making, enhancing the effectiveness of security technology.

Guard dogs, while limited in judgment, offer heightened sensory detection for security purposes.

Locks are an inexpensive and simple method of physical access control, including preset, programmable, and electronic types.

Biometric access controls are highly accurate due to their reliance on unique physical attributes, such as fingerprints, retina scans, and voice recognition.

False Reject Rate (FRR) and False Accept Rate (FAR) are key metrics in biometric systems, with the Cross/Over Error Rate (CER) representing the point where FRR equals FAR.

Technical controls include surveillance, alarms, and intrusion detection systems, such as closed-circuit TVs (CCTVs), which offer deterrence and detection.

CCTVs complement security guards and can record events for later analysis.

Administrative controls consist of policies, procedures, training, and emergency drills, ensuring the proper implementation of security controls.

Pre- and post-employment procedures, such as background checks, are part of administrative controls to ensure personnel reliability.

Administrative controls also cover the tracking of personnel entering and exiting secure areas, ensuring accountability.

The three domains of physical security—physical access, technical controls, and administrative controls—are critical for securing facilities and protecting sensitive areas.

Transcripts

play00:01

welcome to the introduction to physical

play00:04

security my name is Liz Vanderheiden

play00:09

physical security controls is one of the

play00:12

domains of the CISSP common body of

play00:15

knowledge and they consist of three main

play00:18

controls physical access technical and

play00:25

administrative controls physical access

play00:30

controls our systems are used to

play00:33

restrict access to a particular area

play00:38

they provide protection including

play00:41

fencing man-traps

play00:43

security guards guide dogs locks and

play00:48

biometric access controls these are the

play00:51

things that are visible and transparent

play00:57

fencing provides physical access control

play01:00

and could be in the form of fences gates

play01:03

turnstiles

play01:04

and man traps for those of you are

play01:07

studying for this CISSP you have to know

play01:11

the following information fences that

play01:15

are 3 feet to 4 feet tall are used to

play01:18

deter casual intruders fences there are

play01:23

six feet to 7 feet tall are too high to

play01:25

climb and fences that are 8 feet tall

play01:30

are used to determine intruders man

play01:36

traps are another example of a physical

play01:39

access control they consist of a toothed

play01:44

obey set up two doors as you can see

play01:50

from this graph one person must enter

play01:52

the man trap and shut the door behind

play01:54

him before he could open the door in

play01:56

front of him to enter the room man trap

play02:00

controls the flow of individuals in and

play02:03

out of areas to prevent piggybacking and

play02:06

piggybacking happens when an an

play02:09

authorized person

play02:11

enters the building and then a person

play02:14

that is now authorized follows that

play02:18

person and gains access to the system

play02:21

man-traps have sensors that could tell

play02:24

if there's more than one person passing

play02:28

through the man tap at the same time

play02:32

security guards so you would think with

play02:36

all this modern surveillance equipment

play02:39

that we would not need the services of

play02:42

security guards right no on the contrary

play02:45

more than ever we need security guards

play02:48

to implement the technology and provide

play02:51

a sound judgment and having the ability

play02:55

to apply judgment is one of the biggest

play02:58

advantage in hiring security guards in

play03:04

addition security guards provides a

play03:06

visible deterrent and not only could

play03:11

security guards secure your facilities

play03:14

they could also perform different

play03:16

functions such as escorting the visitors

play03:19

to the designated areas guard dog like

play03:25

their human counterparts

play03:26

guard dogs provide a highly visible

play03:29

deterrent and they have more acute and

play03:34

smell and hearing

play03:37

senses however Allah unlike their human

play03:43

counterpart they have a limited

play03:46

judgement ability so let's not forget

play03:49

about locks locks are one example of a

play03:54

physical access control they are simple

play03:58

to use and very inexpensive they provide

play04:02

access point to secure areas and for

play04:06

cissp candidates you have to know that

play04:09

the different types of locks preset

play04:12

programmable and electronic pipes the

play04:15

last one is the biometric access

play04:17

controls biometric access controls are

play04:23

called a type

play04:25

two factors something you are they are

play04:28

very accurate because it is based on a

play04:32

person's unique characteristics and

play04:37

physical attributes such as fingerprint

play04:42

retina and voice so they are very

play04:45

accurate in for use for identification

play04:50

for more information on biometric access

play04:53

control please see our video

play04:56

introduction to access control for cissp

play05:01

candidates you have to know the

play05:03

difference between an F R R and an F er

play05:08

f RR is called the false reject rate

play05:14

this is when authorized persons deny are

play05:18

denied access to the system and an FA R

play05:21

is called the false accept rate it means

play05:26

that people that are not authorised are

play05:30

granted access to the system so this is

play05:34

more critical because you don't want an

play05:36

authorized person gaining access to your

play05:39

system right so when F IR is equal to f

play05:45

AR this is what is called cross / error

play05:48

rate

play05:56

the second control is the technical

play06:01

controls they consist of a surveillance

play06:06

alarms and intrusion detection systems

play06:12

these are technical in nature for

play06:17

example one of the example of a

play06:19

technical control is the closed-circuit

play06:22

TVs CCTVs provide the turrent and

play06:28

detective controls and they also

play06:33

complement the security guards you can

play06:35

use it in conjunction of your security

play06:38

guards and you could record events for

play06:42

later analysis

play06:45

the last main control is administrative

play06:49

controls these are the policies and

play06:53

procedures that accompany develop

play06:59

properly to ensure that the physical

play07:03

access control and the technical

play07:05

controls are implemented

play07:14

so companies must secure the restricted

play07:21

areas and also companies must have a way

play07:26

of recording the ingress and out the ink

play07:31

the out the incoming and outgoing people

play07:35

who are gaining access to the system and

play07:39

companies must make sure that the

play07:42

emergent emergency controls are in place

play07:44

and that they routinely conduct training

play07:48

and fire drills and administrative

play07:52

controls is also about pre and post

play07:54

employment procedures for personnel that

play07:59

are working in the company there should

play08:03

have a background investigation prior to

play08:05

their employment in conclusion we have

play08:13

discussed the three domains of physical

play08:18

security these are the physical access

play08:21

control technical controls and

play08:24

administrative controls and we have also

play08:26

discussed the services that are

play08:29

associated with this control thank you

play08:34

very much for listening for more CISSP

play08:40

videos please visit us as leave a group

play08:43

comm

Weitere ähnliche Videos ansehen

CompTIA Security+ SY0-701 Course - 1.1 Compare and Contrast Various Types of Security Controls

Physical Security - CompTIA SY0-701 Security+ - 1.2

CompTIA Security+ SY0-701 Course - 1.2 Compare & Contrast Various Types of Security Controls Part B

Access Controls Part 1: Computer Security Lectures 2014/15 S2

Security Controls - CompTIA Security+ SY0-701 - 1.1

Enterprise Computing Preliminary Course Unit 3: Principals Of Cybersecurity

Rate This

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Ähnliche Tags
Physical SecurityCISSPAccess ControlBiometric AccessTechnical ControlsAdministrative ControlsSurveillanceSecurity GuardsMan TrapsFencing
Benötigen Sie eine Zusammenfassung auf Englisch?