Information Security assignment
Q1. How does physical access control differ from the logical access control describe in
earlier chapters? How is it similar?
Physical access controls prevent people from entering places or things they should note enter or
places that have been physically locked. Logical access controls offers technological ways that
control the privacy of material that another person can see while each person can have their
settings different than others. Both of these controls keep unwanted people from seeing
information that is private or from entering places that are private; they were created as means of
privacy from others.
Q2. List and describe the four categories of locks. In which situation is each type of lock
preferred? (Hint: manual key, programmable key, electronic and biometric key.)
A manual key is used to open things such as doors, cars, office buildings, mailboxes, and much
more. A programmable key is something that would be used to help people clock in and out of
work easily and also allows people to use their car keys to lock their vehicle. An electronic key is
an electronic key that allows people to move from one part of a building to another by swiping the
key in front of an electronic reader and also allows people into their hotel rooms with the swipe of a
card. A biometric key is created for people to use with their finger prints or facial features like many
smart phones use now.
Q3. Describe a physical firewall that is used in buildings. List the reasons why an
organization might need firewalls for physical security controls.
A physical firewall that is used in buildings creates a fire-proof barricade that is utilized to stop a fire
at each wall in case of a fire. These physical firewalls are used in large buildings to separate
organizations from one another. The firewalls are used for physical security controls to keep fire
only in the section in which it started. They are also used to keep costs down in case of a fire so
not as much is lost.
Q4. List and describe the three fundamental ways that data can be intercepted. How does a
physical security program protect against each of these data interception methods?
Hackers can crack codes and steal information that is not supposed to be for them to see.
Virus can attack your information and make it disappear before you have a chance to catch it and
remove it. Human error is also another fundamental way data can be intercepted accidentally. A
physical security program such as a password can protect a person from any of these three
threats.
Q5. What can you do to reduce the risk of laptop theft?
There are a number of things a person can do to control the theft of a laptop computer such as
keep it with you at all times, keep it password protected, and never allow anyone to use or borrow
it.
Principles of Information Security, 4th Edition
Chapter 9
Review Questions
1. What is physical security? What are the primary threats to physical security? How
are they manifested in attacks against the organization?
Physical security addresses the design, implementation, and maintenance of
countermeasures that protect the physical resources of an organization. This means the
physical protection of the people, hardware, and the supporting system elements and
resources associated with the management of information in all its states: transmission,
storage, and processing.
The primary threats to physical security include the following: inadvertent acts - potential
acts of human error or failure, potential deviations in quality of service by service
providers, and power irregularities; deliberate acts – acts of espionage or trespass, acts of
information extortion, acts of sabotage or vandalism, acts of theft, software attacks, and
compromises to intellectual property; acts of God – forces of nature; technical failures –
technical hardware failures or errors and technical software failures or errors; and
management failures – technical obsolescence.
In the physical environment a potential act of human error or failure can be represented
by an employee accidentally spilling coffee on his or her laptop computer. A
compromise to intellectual property can include an employee without an appropriate
security clearance copying a classified marketing plan. A deliberate act of espionage or
trespass could be exemplified by a competitor sneaking into a facility with a camera.
Deliberate acts of sabotage or vandalism can be physical attacks on individuals or
property with the intent to sabotage or deface; deliberate acts of theft are perhaps the
most common of these threats. Examples include employees stealing computer
equipment, credentials, passwords, and laptops. Acts of God include lightning hitting a
building and causing a fire. Quality of service deviations from service providers,
especially power and water, also represent physical security threats. Technical hardware
failures or errors and technological obsolescence both have common examples in
physical security.
2. What are the roles of IT, security, and general management with regard to physical
security?
Physical security is designed and implemented in several layers. Each community of
interest in the organization is responsible for components within these layers.
General management: Responsible for the security of the facility in which the
organization is housed and the policies and standards for secure operation. This
includes exterior security, building access, as well as other controls.