KEMBAR78
Secure physical infrastructure | PPTX
Pallavi Agarwal, profile picture
Uploaded byPallavi Agarwal
PPTX, PDF2,733 views

Secure physical infrastructure

The document discusses the importance of physical infrastructure for enterprise systems, emphasizing that faults in this area often cause system downtime. It outlines key security measures involving the security of the premise, equipment, and secure behavior to prevent unauthorized access and protect information integrity. Additionally, it introduces the PPT methodology, which integrates people, policy, and technology as essential components to create a comprehensive security framework.

Education
In this document
Powered by AI

Presentation introduction by Pallavi Agarwal.

Physical infrastructure is foundational for enterprise systems. Faults lead to significant downtime.

Discusses multi-layer security measures focusing on premises, equipment, and secure behaviors.

Outlines components for securing premises including physical perimeters, entry controls, and working securely.

Highlights the importance of isolated delivery areas to minimize risks to secure office areas.

Focuses on securing equipment including physical protection, power supply, cabling, maintenance, and secure disposal.

Introduces policies like clear desk and screen along with authorized removal of property to enhance security.

Introduction to the concept of an enterprise-wide security framework.

The need for organizations to adapt their security policies with evolving technology and systems.

Introduction to the People, Policy, and Technology (PPT) methodology in security processes.

Discusses the importance of personnel and their roles in executing security measures within organizations.

Defines the policy aspect as the written guide for security measures and protocols in organizations.

Discusses the technological tools and systems supporting security processes within an organization.

Downloaded 41 times
Presented by: Pallavi Agarwal
What is Physical Infrastructure ● The physical infrastructure is the foundation on which all enterprise systems operate – power, communication, computing, control and security. Research shows that faults within the physical infrastructure cause a majority of system downtime.
Secure physical infrastructure ● Security can be best achieved by ensuring multiple layers of security and not depending on a single measure. The controls for physical and environmental security are defined in three areas: – Security of the premise – Security of the equipment – Secure behavior
Security Of The Premise Components:- ● Physical security perimeter ● Physical entry controls ● Securing offices, rooms and facilities ● Isolated delivery and loading areas ● Working in secure areas
Physical security perimeter  boundary of the premise  entry points  protective wall  doors strong enough  Entry gates controlled by cards  watchmen, guards or receptionist monitoring the entry points
Physical entry controls  Only authorized persons should be allowed access to the secure areas.  This objective could be achieved by having a clear access control policy defining the access rights.  These measures may take the form of access controlled devices like swipe card controlled doors, logging information about visitors and visible identification badges.
Securing offices, rooms and facilities  Support facilities like photocopier, fax machines, which are constantly accessed by everyone, should be located away from the secure area.  Suitable intruder detection systems like CCTV, motion sensors etc. should be installed and regularly tested.
Working in secure areas  Location of the secure office within the physically secure perimeter should be chosen with care.  All the risks pertaining to fire, flood, explosion, civil unrest and other forms of natural or man made disaster should be considered.  There could also be threat from neighboring premises caused by leakage of water, spreading of fire or storage of toxic/inflammable/explosive material.  Even bulk supplies like stationery should not be stored within the secure premises.
Isolated delivery and loading areas  In industrial premises there could be constant movement of incoming and outgoing material.  All this traffic needs to be isolated from the secure office area so that it does not pose a threat.
Security Of The Equipment Components: ● Equipment sitting and protection ● Power supplies ● Cabling Security ● Equipment Maintenance ● Security of equipment off-premises ● Secure disposal or re-use of equipment
Equipment sitting and protection  Information processing equipment needs to be handled carefully.  It reduce the risk from environmental threats and hazards.  Reduce opportunity for unauthorized access.
Power supplies  Information processing will come to a halt in the absence of a suitable power supply.  So equipment should be protected from power failure.
Cabling Security  Power and telecommunication cabling carrying data or supporting information services shall be protected from interception or damage
Equipment Maintenance  It is normally expected that due care is taken for equipment maintenance and proper records are maintained.  One is to maintain record of faults that were noticed and the second step is to maintain records of all equipment sent off the premises for maintenance.
Security of equipment off-premises  Security procedures and controls shall be used to secure equipment used outside any company’s premies
Secure disposal or re-use of equipment  Every such device should be subjected to a thorough erasing and overwriting to destroy the data.  Since some reports claim that the data could be recovered even after multiple overwriting and formatting, it may be desirable to physically destroy the media containing top secret information.
Secure Behaviour Components ● Clear desk and clear screen policy ● Removal of property
Clear desk and clear screen policy  Lock up all documents and media when not used.  Protect the computers and terminals through use of key locks, passwords, and screen savers.  Fax and telex machines used for confidential information should not be left unattended.  Access to photocopiers and scanners is restricted after office hours.  Printing of classified information should be supervised and all printouts must be removed immediately.
Removal of property  Any movement of equipment, information or software should be only with proper authorization.  All these movements should be logged and records maintained for all outgoing and incoming items.
Enterprise-wide security framework
Introduction  Traditionally, organizations have relied on policies.  These documents, once issued, provide top down influence for everyone in the company—from business units to departments to individual employees.  One of the major challenges for an organization in this area is the continued growth and adaptation of the policies to mirror the transformation within the organization.
Contd…  The fastest area of growth and change within an organization is Information Systems. With the rapid development and push toward new technologies, organizations find themselves striving to maintain current technical environments with outdated policies.  Secondly, with the emergence of new technology strategies such as Intranets and Extranets, security and the protection of informational assets has become paramount.
Contd…  The first step is an enterprise-wide Information Systems Security Policy that is consistently enforced even as business needs change.  Unfortunately, most companies have only bits and pieces of security scattered throughout the organization. These may make some departments or individuals feel safe, but they do little to protect the enterprise as a whole.
What is PPT methodology?  PPT stands for People, Policy, & Technology. The security process is a mixture of these three elements. Each element depends in some manner on the other elements.
People  This core element is the most important. The people element comprises the people and various roles and responsibilities within the organization.  These are the people that are put in place to execute and support the process.  A few key roles include senior management, security administrators, system and IT administrators, end users, and auditors.
Policy  This element comprises the security vision statement, security policy and standards, and the control documentation.  This is basically the written security environment— the bible that the security process will refer to for direction and guidance.
Technology  This element includes tools, methods, and mechanisms in place to support the process.  These are core technologies—the operating systems, the databases, the applications, the security tools— embraced by the organization.  The technology then is the enforcement, monitoring, and operational tool that will facilitate the process.
Secure physical infrastructure

More Related Content

PDF
INTRODUCTION TO SAFETY.pdf
byBimal Chandra Das
 
PPTX
Access Control for Physical Security and
byoniakyle4
 
PPTX
Presentation 1 - Different Stages of Audit
byMarzanur Rahman
 
PPTX
Advantages and limitations of cost accounting
byUday Teke
 
PPTX
Auditing
byAnita Tongli
 
PDF
Sample of report of theft
bypjiahui
 
PDF
Steps For Preventing Road Accidents Hindi
byRoad Safety
 
PPTX
MIS IN INDIAN RAILWAYS
bySayali Randive
 
INTRODUCTION TO SAFETY.pdf
byBimal Chandra Das
 
Access Control for Physical Security and
byoniakyle4
 
Presentation 1 - Different Stages of Audit
byMarzanur Rahman
 
Advantages and limitations of cost accounting
byUday Teke
 
Auditing
byAnita Tongli
 
Sample of report of theft
bypjiahui
 
Steps For Preventing Road Accidents Hindi
byRoad Safety
 
MIS IN INDIAN RAILWAYS
bySayali Randive
 

What's hot

PPTX
Types of auditing.pptx
byRanjithaKA2
 
PPTX
Structure of mis
byArti Parab Academics
 
PDF
OHS MY POWER POINT.pdf
byMaclenny
 
PPT
HSE-BMS-007 Security Management.ppt
byAsifHussain654789
 
PPTX
Executive support system (ess)
bySaumya Singh
 
PPTX
Engineering hazards
byNc Das
 
PDF
HSE Training & Employee Awareness in Data Centers.pdf
byASK EHS Engineering & Consultants
 
PPTX
Unit3
byAlanda Fuller
 
PPTX
Basic Security Concepts JMSupan 2019 Edition
byJOEL JESUS SUPAN
 
PPT
Financial management scope, elements, functions and importance
byAMALDASKH
 
PPTX
Business Value of Security and Control
bySyama Raveendran
 
PPT
Security training module
bypagare_c
 
PPT
Implementing security
byDhani Ahmad
 
PPTX
EMERGENCY RESPONSE TEAM (ERT).pptx
byssuserd19c3e
 
PDF
Security t raining for security guard
byPasilo Drango
 
PDF
Mis
bySachin MK
 
PPTX
Perimeter security systems
byRoundabout Technologies
 
DOC
Example of resume writing for freshers
bysanthose menon
 
PPTX
Physical access control
byAhsin Yousaf
 
PPT
Systems development and program change activities
bykristine manzano
 
Types of auditing.pptx
byRanjithaKA2
 
Structure of mis
byArti Parab Academics
 
OHS MY POWER POINT.pdf
byMaclenny
 
HSE-BMS-007 Security Management.ppt
byAsifHussain654789
 
Executive support system (ess)
bySaumya Singh
 
Engineering hazards
byNc Das
 
HSE Training & Employee Awareness in Data Centers.pdf
byASK EHS Engineering & Consultants
 
Unit3
byAlanda Fuller
 
Basic Security Concepts JMSupan 2019 Edition
byJOEL JESUS SUPAN
 
Financial management scope, elements, functions and importance
byAMALDASKH
 
Business Value of Security and Control
bySyama Raveendran
 
Security training module
bypagare_c
 
Implementing security
byDhani Ahmad
 
EMERGENCY RESPONSE TEAM (ERT).pptx
byssuserd19c3e
 
Security t raining for security guard
byPasilo Drango
 
Mis
bySachin MK
 
Perimeter security systems
byRoundabout Technologies
 
Example of resume writing for freshers
bysanthose menon
 
Physical access control
byAhsin Yousaf
 
Systems development and program change activities
bykristine manzano
 

Similar to Secure physical infrastructure

PDF
🏢 Is your organization physically secure?
byAzpirantz Technologies
 
PDF
Ch08 8 Information Security Process it-slideshares.blogspot.com
byphanleson
 
PPTX
Physical security
byTariq Mahmood
 
PPTX
Chapter 7: Physical & Environmental Security
byNada G.Youssef
 
PPS
Physical security.ppt
byFaheem Ul Hasan
 
PPTX
Lecture 02-Principles and practices.pptx
byDngKhnh39
 
PPSX
Mandatory requirements for physical security 2
byRobin Patras
 
PPTX
Paper review: Information Security; Physical and Environmental Security Proce...
byIsraa_alnami
 
PPTX
Sec+ Organizational Security
byDavid Meltzer
 
PPT
DataSecurity Presentation to help people be safe
bywafulajoosh
 
PPTX
Data Information and Security Unit-1.pptx
bysbrainyajay
 
PDF
Ceh v5 module 17 physical security
byVi Tính Hoàng Nam
 
PPT
ch16computer sceurity chapter four and Managing Communication and Network Sec...
byhaymanottaddess2015m
 
PPT
Integrated Security management final.ppt
byBhavdeep5
 
PPTX
Information Security Blueprint
byZefren Edior
 
PPT
Development of security architecture
byImran Khan
 
PPTX
PSM NOTES.pptx FOR BEGINNERS WANTING TO UNDERSTAND PHYSICAL SECURITY
byMajor K. Subramaniam Kmaravehlu
 
PPT
MIS chap # 9.....
bySyed Muhammad Zeejah Hashmi
 
PPTX
Database development and security certification and accreditation plan pitwg
byJohn M. Kennedy
 
PDF
News letter June 11
bycaptsbtyagi
 
🏢 Is your organization physically secure?
byAzpirantz Technologies
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
byphanleson
 
Physical security
byTariq Mahmood
 
Chapter 7: Physical & Environmental Security
byNada G.Youssef
 
Physical security.ppt
byFaheem Ul Hasan
 
Lecture 02-Principles and practices.pptx
byDngKhnh39
 
Mandatory requirements for physical security 2
byRobin Patras
 
Paper review: Information Security; Physical and Environmental Security Proce...
byIsraa_alnami
 
Sec+ Organizational Security
byDavid Meltzer
 
DataSecurity Presentation to help people be safe
bywafulajoosh
 
Data Information and Security Unit-1.pptx
bysbrainyajay
 
Ceh v5 module 17 physical security
byVi Tính Hoàng Nam
 
ch16computer sceurity chapter four and Managing Communication and Network Sec...
byhaymanottaddess2015m
 
Integrated Security management final.ppt
byBhavdeep5
 
Information Security Blueprint
byZefren Edior
 
Development of security architecture
byImran Khan
 
PSM NOTES.pptx FOR BEGINNERS WANTING TO UNDERSTAND PHYSICAL SECURITY
byMajor K. Subramaniam Kmaravehlu
 
MIS chap # 9.....
bySyed Muhammad Zeejah Hashmi
 
Database development and security certification and accreditation plan pitwg
byJohn M. Kennedy
 
News letter June 11
bycaptsbtyagi
 

More from Pallavi Agarwal

PPTX
Smoothing in Digital Image Processing
byPallavi Agarwal
 
PPTX
Facial Recognition
byPallavi Agarwal
 
PPTX
Presentation on Software Piracy
byPallavi Agarwal
 
PDF
Technical Review on Different Applications, Challenges and Security in VANET
byPallavi Agarwal
 
PDF
VANET for Security using Cryptography
byPallavi Agarwal
 
PPTX
Introduction of VANET
byPallavi Agarwal
 
PDF
VANET: Trust and Hashing
byPallavi Agarwal
 
PDF
Overview of Trust and Cryptography in VANET
byPallavi Agarwal
 
PDF
Security and Trust Management in VANET
byPallavi Agarwal
 
PDF
Review Paper on VANET
byPallavi Agarwal
 
Smoothing in Digital Image Processing
byPallavi Agarwal
 
Facial Recognition
byPallavi Agarwal
 
Presentation on Software Piracy
byPallavi Agarwal
 
Technical Review on Different Applications, Challenges and Security in VANET
byPallavi Agarwal
 
VANET for Security using Cryptography
byPallavi Agarwal
 
Introduction of VANET
byPallavi Agarwal
 
VANET: Trust and Hashing
byPallavi Agarwal
 
Overview of Trust and Cryptography in VANET
byPallavi Agarwal
 
Security and Trust Management in VANET
byPallavi Agarwal
 
Review Paper on VANET
byPallavi Agarwal
 

Recently uploaded

PDF
Slit lamp parts 2/ppt/notes/download.pdf
byAnmol Singh
 
PDF
BD1TL - TNTEU - Teaching and Learning - Unit - 2.pdf
byDr Raja Mohammed T
 
PDF
The Minority Caucus in Parliament has called on government to take immediate ...
bynservice241
 
PPTX
Safety Needs and Prevention of environmental hazards.pptx
byAneetaSharma15
 
PPTX
Hudson Vitale "AI Essentials: From Tools to Strategies: A 2025 NISO Training ...
byNational Information Standards Organization (NISO)
 
PDF
Admin Slides for Oct'25 semester (Progression)
byGreat Files
 
PPTX
psychoanalytic Theory.pptx, MSc. Nursing
byKomalJaiswal46
 
PPTX
🧪“Blood Chemistry Tests in Pharmacy Practice: Clinical Laboratory Guide for P...
byBanny S.V
 
PDF
Learning English by Project Based Learning: How to Make Foreign Friends
bysilvianalevana
 
PPTX
THERAPEUTIC ENVIORNMENT.............pptx
byAneetaSharma15
 
PDF
1.1 Historical background & development of Profession of Pharmacy.pdf
byMr. SAKHARE R. S.
 
PDF
Admin Slides for Oct'25 semester - PB1_MC5.pdf
byGreat Files
 
PPTX
How to Create a Manifest File in Odoo 18
byCeline George
 
PDF
Who Owns the Narrative? Data, Disinformation, and the Missing Voice of Academia
byIsmail Fahmi
 
PDF
BUSINESS ETHICS – UNIT V: Ethical Insights from Thirukkural and Modern Thought
byD NANEE
 
DOCX
PRESS STATEMENT - Response to Minority_ Press Ready.docx
bynservice241
 
PPTX
Capitol Webinar October 2025 Dr. Jha.pptx
byCapitolTechU
 
PPTX
PECTORAL REGION.pptx Human anatomy,Bmls,
byKISMAT ALI
 
PPTX
Exploring Entrepreneurial Qualities: A Curated Presentation for Grade 11 Busi...
bySamanthaNkoana
 
PPTX
Common problems or challenges faced by Indian adolescents
byDr. Harpal Kaur
 
Slit lamp parts 2/ppt/notes/download.pdf
byAnmol Singh
 
BD1TL - TNTEU - Teaching and Learning - Unit - 2.pdf
byDr Raja Mohammed T
 
The Minority Caucus in Parliament has called on government to take immediate ...
bynservice241
 
Safety Needs and Prevention of environmental hazards.pptx
byAneetaSharma15
 
Hudson Vitale "AI Essentials: From Tools to Strategies: A 2025 NISO Training ...
byNational Information Standards Organization (NISO)
 
Admin Slides for Oct'25 semester (Progression)
byGreat Files
 
psychoanalytic Theory.pptx, MSc. Nursing
byKomalJaiswal46
 
🧪“Blood Chemistry Tests in Pharmacy Practice: Clinical Laboratory Guide for P...
byBanny S.V
 
Learning English by Project Based Learning: How to Make Foreign Friends
bysilvianalevana
 
THERAPEUTIC ENVIORNMENT.............pptx
byAneetaSharma15
 
1.1 Historical background & development of Profession of Pharmacy.pdf
byMr. SAKHARE R. S.
 
Admin Slides for Oct'25 semester - PB1_MC5.pdf
byGreat Files
 
How to Create a Manifest File in Odoo 18
byCeline George
 
Who Owns the Narrative? Data, Disinformation, and the Missing Voice of Academia
byIsmail Fahmi
 
BUSINESS ETHICS – UNIT V: Ethical Insights from Thirukkural and Modern Thought
byD NANEE
 
PRESS STATEMENT - Response to Minority_ Press Ready.docx
bynservice241
 
Capitol Webinar October 2025 Dr. Jha.pptx
byCapitolTechU
 
PECTORAL REGION.pptx Human anatomy,Bmls,
byKISMAT ALI
 
Exploring Entrepreneurial Qualities: A Curated Presentation for Grade 11 Busi...
bySamanthaNkoana
 
Common problems or challenges faced by Indian adolescents
byDr. Harpal Kaur
 

Secure physical infrastructure

  • 1.
  • 2.
    What is PhysicalInfrastructure ● The physical infrastructure is the foundation on which all enterprise systems operate – power, communication, computing, control and security. Research shows that faults within the physical infrastructure cause a majority of system downtime.
  • 3.
    Secure physical infrastructure ●Security can be best achieved by ensuring multiple layers of security and not depending on a single measure. The controls for physical and environmental security are defined in three areas: – Security of the premise – Security of the equipment – Secure behavior
  • 4.
    Security Of ThePremise Components:- ● Physical security perimeter ● Physical entry controls ● Securing offices, rooms and facilities ● Isolated delivery and loading areas ● Working in secure areas
  • 5.
    Physical security perimeter boundary of the premise  entry points  protective wall  doors strong enough  Entry gates controlled by cards  watchmen, guards or receptionist monitoring the entry points
  • 6.
    Physical entry controls Only authorized persons should be allowed access to the secure areas.  This objective could be achieved by having a clear access control policy defining the access rights.  These measures may take the form of access controlled devices like swipe card controlled doors, logging information about visitors and visible identification badges.
  • 7.
    Securing offices, roomsand facilities  Support facilities like photocopier, fax machines, which are constantly accessed by everyone, should be located away from the secure area.  Suitable intruder detection systems like CCTV, motion sensors etc. should be installed and regularly tested.
  • 8.
    Working in secureareas  Location of the secure office within the physically secure perimeter should be chosen with care.  All the risks pertaining to fire, flood, explosion, civil unrest and other forms of natural or man made disaster should be considered.  There could also be threat from neighboring premises caused by leakage of water, spreading of fire or storage of toxic/inflammable/explosive material.  Even bulk supplies like stationery should not be stored within the secure premises.
  • 9.
    Isolated delivery andloading areas  In industrial premises there could be constant movement of incoming and outgoing material.  All this traffic needs to be isolated from the secure office area so that it does not pose a threat.
  • 10.
    Security Of TheEquipment Components: ● Equipment sitting and protection ● Power supplies ● Cabling Security ● Equipment Maintenance ● Security of equipment off-premises ● Secure disposal or re-use of equipment
  • 11.
    Equipment sitting andprotection  Information processing equipment needs to be handled carefully.  It reduce the risk from environmental threats and hazards.  Reduce opportunity for unauthorized access.
  • 12.
    Power supplies  Informationprocessing will come to a halt in the absence of a suitable power supply.  So equipment should be protected from power failure.
  • 13.
    Cabling Security  Powerand telecommunication cabling carrying data or supporting information services shall be protected from interception or damage
  • 14.
    Equipment Maintenance  Itis normally expected that due care is taken for equipment maintenance and proper records are maintained.  One is to maintain record of faults that were noticed and the second step is to maintain records of all equipment sent off the premises for maintenance.
  • 15.
    Security of equipmentoff-premises  Security procedures and controls shall be used to secure equipment used outside any company’s premies
  • 16.
    Secure disposal orre-use of equipment  Every such device should be subjected to a thorough erasing and overwriting to destroy the data.  Since some reports claim that the data could be recovered even after multiple overwriting and formatting, it may be desirable to physically destroy the media containing top secret information.
  • 17.
    Secure Behaviour Components ● Cleardesk and clear screen policy ● Removal of property
  • 18.
    Clear desk andclear screen policy  Lock up all documents and media when not used.  Protect the computers and terminals through use of key locks, passwords, and screen savers.  Fax and telex machines used for confidential information should not be left unattended.  Access to photocopiers and scanners is restricted after office hours.  Printing of classified information should be supervised and all printouts must be removed immediately.
  • 19.
    Removal of property Any movement of equipment, information or software should be only with proper authorization.  All these movements should be logged and records maintained for all outgoing and incoming items.
  • 20.
  • 21.
    Introduction  Traditionally, organizationshave relied on policies.  These documents, once issued, provide top down influence for everyone in the company—from business units to departments to individual employees.  One of the major challenges for an organization in this area is the continued growth and adaptation of the policies to mirror the transformation within the organization.
  • 22.
    Contd…  The fastestarea of growth and change within an organization is Information Systems. With the rapid development and push toward new technologies, organizations find themselves striving to maintain current technical environments with outdated policies.  Secondly, with the emergence of new technology strategies such as Intranets and Extranets, security and the protection of informational assets has become paramount.
  • 23.
    Contd…  The firststep is an enterprise-wide Information Systems Security Policy that is consistently enforced even as business needs change.  Unfortunately, most companies have only bits and pieces of security scattered throughout the organization. These may make some departments or individuals feel safe, but they do little to protect the enterprise as a whole.
  • 24.
    What is PPTmethodology?  PPT stands for People, Policy, & Technology. The security process is a mixture of these three elements. Each element depends in some manner on the other elements.
  • 26.
    People  This coreelement is the most important. The people element comprises the people and various roles and responsibilities within the organization.  These are the people that are put in place to execute and support the process.  A few key roles include senior management, security administrators, system and IT administrators, end users, and auditors.
  • 27.
    Policy  This elementcomprises the security vision statement, security policy and standards, and the control documentation.  This is basically the written security environment— the bible that the security process will refer to for direction and guidance.
  • 28.
    Technology  This elementincludes tools, methods, and mechanisms in place to support the process.  These are core technologies—the operating systems, the databases, the applications, the security tools— embraced by the organization.  The technology then is the enforcement, monitoring, and operational tool that will facilitate the process.