A Collection of Resources on How to Respond and Act on Breaches in Security
written by: Chris Orr•edited by: Jean Scheid•updated: 10/31/2011
Organizations have a responsibility to protect the data of their customers, employees or other stakeholders. Many must comply with industry requirements or government regulations to protect facilities and assets. This guide provides resources to protect your organization from security breaches.
slide 1 of 2
Physical security is an often overlooked component of an organizations' security posture. While much of the effort around security involves firewalls, network intrusion detection, and antivirus applications, organizations face an often much greater threat from breaches of the data center itself.
Social engineering is an often used tactic to get physical access to critical parts of a company. A phone call to the help desk pretending to be an employee, or showing up at the front door with a package can get the attacker or a penetration tester to the front door and even into the data center.
What follows is a series of helpful resource articles that illustrates why attention must be paid to these types of security breaches, how they work and how to respond to them.
This great piece discusses how to audit or test the physical security of a building. How to determine the scope of the audit, the things to test for and what the subsequent criteria should be. A very detailed checklist of items designed to mitigate the risk of an unauthorized person gaining access to a building or room.
In the first part of this series, the author introduces you to all of the major elements of physical security and asset protection. It is not just centered around the protection of assets from hackers but also from disasters that can cripple an organization. Preventive controls and policies are analyzed and their role in security explained.
In part two of this series, the author discusses the technologies that allow organizations to detect physical security breaches. A discussion of the need for properly trained guards and the need for fire protection is included.
A description of how someone seeking access to a room or building might trick staff members into giving it to them. Social engineering and how it works is discussed. Getting someone to give up their password, or getting close enough to a computer to insert a CD are part of the tactics someone breaching a building might perform.
This article details the reasons why organizations need separation of duties. Who needs to gain access to buildings and rooms? How do you control their access? What are the benefits of having physical access controls? While most articles discuss keeping the bad guy out, this one discusses the need to also control the people who are already on the inside.
A short checklist of items to perform to physically secure a facility from breaches. Four basic steps to increasing the level of security around a data center, the need for disaster recovery plans and how to handle visitors to ensure your organization and technology remains safe.
An informative post discussing social engineering and other means of gaining access to cyber assets. Social engineering is a common method for hackers and penetration testers to physically access data centers and here, you'll learn how this is done to avoid the same happening in your organization.
A discussion of both authorized and unauthorized access to critical systems in a data center. Insider threats by employees are just as big a concern as the hacker penetrating from the outside and this must-read post outlines these threats and what you need to implement to avoid them.
Similar to a penetration test, a physical security audit reviews both the policies and the actual controls organizations build around their physical infrastructure to protect their assets. What makes up a physical security audit? Who should perform the audit? All of these questions are answered along with must-have tips.
Physical security does not only consist of controlling access to a building or room but also the contents. Many security breaches involve the theft of laptops or other mobile devices that contain critical data. Learn how to keep these off-the-network items safe from possible attacks.
In addition to controlling access to buildings and rooms, biometric devices can be added to IT infrastructures to control access to the servers and computers containing sensitive information. This piece takes a look at using biometric devices to ensure the data you want to keep safe, stays safe by using biometric techniques.
One layer of physical security to prevent breaches is biometrics. Using fingerprints, retina scans and other parts of the body in addition to a password phrases to authenticate access into a building. The authentication techniques have been successful for many large companies but can also be used on a smaller scale.
Power over Ethernet or PoE reduces the infrastructure requirements for physical security controls. This article discusses the new standards around this technology being developed and how they can deliver added physical security for building access controls.
Have a question on physical security breaches not found in this collection of posts? If so, feel free to drop us a comment below and we'll do our absolute best to find the answers you seek and lead you in the right direction.