How does physical access control differ from logical access control which is described in earlier chapters How are they similar?

Information Security assignment

Q1. How does physical access control differ from the logical access control describe in

earlier chapters? How is it similar?

Physical access controls prevent people from entering places or things they should note enter or

places that have been physically locked. Logical access controls offers technological ways that

control the privacy of material that another person can see while each person can have their

settings different than others. Both of these controls keep unwanted people from seeing

information that is private or from entering places that are private; they were created as means of

privacy from others.

Q2. List and describe the four categories of locks. In which situation is each type of lock

preferred? (Hint: manual key, programmable key, electronic and biometric key.)

A manual key is used to open things such as doors, cars, office buildings, mailboxes, and much

more. A programmable key is something that would be used to help people clock in and out of

work easily and also allows people to use their car keys to lock their vehicle. An electronic key is

an electronic key that allows people to move from one part of a building to another by swiping the

key in front of an electronic reader and also allows people into their hotel rooms with the swipe of a

card. A biometric key is created for people to use with their finger prints or facial features like many

smart phones use now.

Q3. Describe a physical firewall that is used in buildings. List the reasons why an

organization might need firewalls for physical security controls.

A physical firewall that is used in buildings creates a fire-proof barricade that is utilized to stop a fire

at each wall in case of a fire. These physical firewalls are used in large buildings to separate

organizations from one another. The firewalls are used for physical security controls to keep fire

only in the section in which it started. They are also used to keep costs down in case of a fire so

not as much is lost.

Q4. List and describe the three fundamental ways that data can be intercepted. How does a

physical security program protect against each of these data interception methods?

Hackers can crack codes and steal information that is not supposed to be for them to see.

Virus can attack your information and make it disappear before you have a chance to catch it and

remove it. Human error is also another fundamental way data can be intercepted accidentally. A

physical security program such as a password can protect a person from any of these three

threats.

Q5. What can you do to reduce the risk of laptop theft?

There are a number of things a person can do to control the theft of a laptop computer such as

keep it with you at all times, keep it password protected, and never allow anyone to use or borrow

it.

Principles of Information Security, 4th Edition

Chapter 9

Review Questions

1. What is physical security? What are the primary threats to physical security? How

are they manifested in attacks against the organization?

Physical security addresses the design, implementation, and maintenance of

countermeasures that protect the physical resources of an organization. This means the

physical protection of the people, hardware, and the supporting system elements and

resources associated with the management of information in all its states: transmission,

storage, and processing.

The primary threats to physical security include the following: inadvertent acts - potential

acts of human error or failure, potential deviations in quality of service by service

providers, and power irregularities; deliberate acts – acts of espionage or trespass, acts of

information extortion, acts of sabotage or vandalism, acts of theft, software attacks, and

compromises to intellectual property; acts of God – forces of nature; technical failures –

technical hardware failures or errors and technical software failures or errors; and

management failures – technical obsolescence.

In the physical environment a potential act of human error or failure can be represented

by an employee accidentally spilling coffee on his or her laptop computer. A

compromise to intellectual property can include an employee without an appropriate

security clearance copying a classified marketing plan. A deliberate act of espionage or

trespass could be exemplified by a competitor sneaking into a facility with a camera.

Deliberate acts of sabotage or vandalism can be physical attacks on individuals or

property with the intent to sabotage or deface; deliberate acts of theft are perhaps the

most common of these threats. Examples include employees stealing computer

equipment, credentials, passwords, and laptops. Acts of God include lightning hitting a

building and causing a fire. Quality of service deviations from service providers,

especially power and water, also represent physical security threats. Technical hardware

failures or errors and technological obsolescence both have common examples in

physical security.

2. What are the roles of IT, security, and general management with regard to physical

security?

Physical security is designed and implemented in several layers. Each community of

interest in the organization is responsible for components within these layers.

 General management: Responsible for the security of the facility in which the

organization is housed and the policies and standards for secure operation. This

includes exterior security, building access, as well as other controls.

How does physical security or physical access control differ from logical access control described in earlier chapters How are they similar?

What is the difference between physical and logical security?

What is physical access controls?

Why is physical access control important?