In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization. It is all about the physical security of the of the organization using the information technology and for the purpose of the restricting the access of unauthorized people and unauthorized employees. Saving your organization physically.
3. WHAT IS THE PHYSICAL ACCESS
Physical access is a term in computer security that refers to the
ability of people to physically gain access to a computer system.
According to Gregory White, "Given physical access to an
office, the knowledgeable attacker will quickly be able to find
the information needed to gain access to the organization's
computer systems and network.
4.
5. THREATS
Internal Threats:
Internal threats are from individuals that have legitimate access such as employees, students, and
contractors. Insiders can be extremely difficult to detect or to protect
• access, process, and distribute pornography materials.
• access unauthorized information (salary, secret trade).
External Threats:
Outside intruders can be hackers/crackers, saboteurs and thieves. If the network is compromised,
Intruders can attack or misuse the system.
6. WHAT DO YOU NEED TO DO?
Make sure that doors and windows are kept locked when the area is not in use.
Return any keys when no longer required or when you leave the University.
Report any lost keys to the issuer.
Report any unauthorised access or any alerts (e.g. burglar alarms) to site security.
Make sure that information on your screen cannot be seen by unauthorised individuals – use a privacy
screen if required.
7. CONTINUE
•Ensure that any area where restricted University information is stored or processed has controlled access
or a staffed reception desk.
•Keep a record of key holders.
•Ensure that equipment such as photocopiers, scanners and digital cameras is protected from unauthorised
access.
•Situate faxes so that unauthorised individuals cannot see information sent to the machine. If your fax is
used to send or receive confidential information, ensure you have appropriate procedures and protection in
place to secure the information.
•If you are responsible for a restricted IT space, such as a data centre, telecommunications room, wiring
centre or IT storeroom, make sure that appropriate authorisation processes for access and physical security
measures are in place.
8. SECURITY CONTROLS
Security controls are safeguards or countermeasures to avoid, detect, counteract, or
minimize security risks to physical property, information, computer systems, or other assets.
They can be classified by several criteria.
Before the event, preventive controls are intended to prevent an incident from occurring e.g. by
locking out unauthorized intruders;
During the event, detective controls are intended to identify and characterize an incident in progress
e.g. by sounding the intruder alarm and alerting the security guards or police;
After the event, corrective controls are intended to limit the extent of any damage caused by the
incident e.g. by recovering the organization to normal working status as efficiently as possible
9. PHYSICAL SECURITY
Physical security is the protection of
personnel, hardware, software, networks and data from physical actions and events that
could cause serious loss or damage to an enterprise, agency or institution. This includes
protection from fire, flood, natural disasters, burglary, theft, vandalism and terrorism.
11. CONTROLS
CCTV
A Biometric device
Metal detectors
Locks
Lighting.
Portable device security
Alarm systems
Doors
Windows
Emergency procedure
On-going employee checks
Electrical power
12. CCTV & DEPLOYMENT
A television transmission system that uses cameras to transmit pictures to connected monitors
Detection: The ability to detect the presence of an object
Recognition: The ability to determine the type of object (animal, blowing debris, crawling human)
• Cameras high enough to avoid physical attack
• Cameras distributed to include blind areas
• Appropriate Lenses must be high definition
• Pan, Tilt, Zoom (PTZ) as required
• Ability to be recorded
• Camera system tied to alarm system.
13. A BIOMETRIC DEVICE
It is a security identification and authentication device. Such devices verifying the identity of a living
person based on a physiological or behavioral characteristic.
These characteristics include:
Fingerprint scanners
Face and voice recognition systems
Iris and retinal scans
14. METAL DETECTORS
SECURITY GUARD
A metal detector is an electronic instrument which detects the presence of metal nearby. Metal
detectors are useful for finding metal inclusions hidden within objects, or metal objects buried
underground.
Security guards use the metal detector and check every in going and out going person. That they any
harmful things or not. If they have any kind of these things they investigate on it.
Also check that in going people are authorized or unauthorized.
15. LIGHTING
• Provides a deterrent to intruders
• Makes detection likely if entry attempted
• Should be used with other controls such as fences, patrols, alarm systems, CCTV.
Types of lighting
• Continuous Lighting (Most Common)
– Glare Projection
– Flood Lighting
Trip Lighting , Standby Lighting , Movable (Portable) , Emergency Lighting.
16. PORTABLE DEVICE SECURITY
Laptops, PDAs, Etc.
Protect the device
Protect the data in the device
Examples: –
Locking the cables – Tracing software – Encryption software – PIN Protection for PDAs – Inventory
system
17. ALARM SYSTEMS
• Local alarm systems
– Alarm sounds locally and must be protected from tampering and audible for at least 400 feet
• Central station units
– Monitored 7x24 and signalled over leased lines
– Usually within < 10 minutes travel time
– Private security firms
Proprietary systems
– Similar to central but owned and operated by customer